26.1 MB
/srv/reproducible-results/rbuild-debian/r-b-build.eX6vxjdz/b1/scap-security-guide_0.1.65-1_arm64.changes vs.
/srv/reproducible-results/rbuild-debian/r-b-build.eX6vxjdz/b2/scap-security-guide_0.1.65-1_arm64.changes
731 B
Files
    
Offset 1, 6 lines modifiedOffset 1, 6 lines modified
  
1 ·d6416617fad0f985b9a3e54a25bd18b0·181960·admin·optional·ssg-applications_0.1.65-1_all.deb1 ·d6416617fad0f985b9a3e54a25bd18b0·181960·admin·optional·ssg-applications_0.1.65-1_all.deb
2 ·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb2 ·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb
3 ·d25685a1025fbc489f936a51e9fe92c0·3378740·admin·optional·ssg-debderived_0.1.65-1_all.deb 
4 ·5c779913026f82fe951154bf9861896b·828612·admin·optional·ssg-debian_0.1.65-1_all.deb 
5 ·125905bcd3311ac3d259cd8166f14381·40215688·admin·optional·ssg-nondebian_0.1.65-1_all.deb3 ·dea77b39c5e186adcc8f0678e4b52c30·3380276·admin·optional·ssg-debderived_0.1.65-1_all.deb
 4 ·70c3da9449f76a545986e2dcc5b671b2·828508·admin·optional·ssg-debian_0.1.65-1_all.deb
 5 ·9ef0b7b63abc4f4b2bb118c4cfb99a5b·40218700·admin·optional·ssg-nondebian_0.1.65-1_all.deb
3.76 MB
ssg-debderived_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····2784·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····2788·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0··3375764·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0··3377296·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
3.76 MB
data.tar.xz
3.76 MB
data.tar
50.1 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-cis.html
    
Offset 18332, 22 lines modifiedOffset 18332, 22 lines modified
000479b0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr000479b0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
000479c0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000479c0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000479d0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000479d0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000479e0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000479e0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000479f0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac000479f0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac
00047a00:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc00047a00:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc
00047a10:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·00047a10:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·
00047a20:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
00047a30:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
00047a40:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib 
00047a50:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
00047a60:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
00047a70:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
00047a80:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
00047a90:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]00047a20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 00047a30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 00047a40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 00047a50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 00047a60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 00047a70:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 00047a80:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 00047a90:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00047aa0:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc00047aa0:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc
00047ab0:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa00047ab0:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa
00047ac0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl00047ac0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl
00047ad0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=00047ad0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
00047ae0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans00047ae0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans
00047af0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur00047af0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
00047b00:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l00047b00:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l
Offset 18644, 23 lines modifiedOffset 18644, 23 lines modified
00048d30:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c00048d30:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c
00048d40:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····00048d40:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
00048d50:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··00048d50:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
00048d60:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese00048d60:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
00048d70:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys00048d70:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
00048d80:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le00048d80:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
00048d90:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when00048d90:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00048da0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
00048db0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00048dc0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
00048dd0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
00048de0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
00048df0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
00048e00:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
00048e10:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00048da0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 00048db0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00048dc0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00048dd0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00048de0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00048df0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 00048e00:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00048e10:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00048e20:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·00048e20:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
00048e30:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-00048e30:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
00048e40:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.00048e40:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
00048e50:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-80000048e50:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
00048e60:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·00048e60:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·
00048e70:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-100048e70:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
00048e80:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-8000048e80:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
00048e90:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-00048e90:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-
Offset 18944, 22 lines modifiedOffset 18944, 22 lines modified
00049ff0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat00049ff0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat
0004a000:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo0004a000:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
0004a010:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······0004a010:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
0004a020:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·0004a020:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
0004a030:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall0004a030:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
0004a040:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length0004a040:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
0004a050:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··0004a050:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
0004a060:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
0004a070:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0004a080:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
0004a090:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0004a0a0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0004a0b0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0004a0c0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0004a0d0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0004a060:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0004a070:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0004a080:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0004a090:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0004a0a0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 0004a0b0:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 0004a0c0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 0004a0d0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
0004a0e0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=0004a0e0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
0004a0f0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.0004a0f0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
0004a100:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.10004a100:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
0004a110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170004a110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0004a120:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0004a120:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0004a130:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).0004a130:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).
0004a140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0004a140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 22393, 23 lines modifiedOffset 22393, 23 lines modified
00057780:·2063·6f6e·7461·696e·733a·205e·5c73·2a2d···contains:·^\s*-00057780:·2063·6f6e·7461·696e·733a·205e·5c73·2a2d···contains:·^\s*-
00057790:·775c·732b·2f65·7463·2f73·7564·6f65·7273··w\s+/etc/sudoers00057790:·775c·732b·2f65·7463·2f73·7564·6f65·7273··w\s+/etc/sudoers
000577a0:·5c73·2b2d·705c·732b·7761·285c·737c·2429··\s+-p\s+wa(\s|$)000577a0:·5c73·2b2d·705c·732b·7761·285c·737c·2429··\s+-p\s+wa(\s|$)
000577b0:·2b0a·2020·2020·7061·7474·6572·6e73·3a20··+.····patterns:·000577b0:·2b0a·2020·2020·7061·7474·6572·6e73·3a20··+.····patterns:·
000577c0:·272a·2e72·756c·6573·270a·2020·7265·6769··'*.rules'.··regi000577c0:·272a·2e72·756c·6573·270a·2020·7265·6769··'*.rules'.··regi
000577d0:·7374·6572·3a20·6669·6e64·5f65·7869·7374··ster:·find_exist000577d0:·7374·6572·3a20·6669·6e64·5f65·7869·7374··ster:·find_exist
000577e0:·696e·675f·7761·7463·685f·7275·6c65·735f··ing_watch_rules_000577e0:·696e·675f·7761·7463·685f·7275·6c65·735f··ing_watch_rules_
000577f0:·640a·2020·7768·656e·3a0a·2020·2d20·2722··d.··when:.··-·'"000577f0:·640a·2020·7768·656e·3a0a·2020·2d20·616e··d.··when:.··-·an
00057800:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
00057810:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
00057820:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
00057830:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
00057840:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
00057850:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
00057860:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
00057870:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta00057800:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 00057810:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 00057820:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 00057830:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 00057840:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 00057850:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 00057860:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 00057870:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta
00057880:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.400057880:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
00057890:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-8000057890:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80
000578a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000578a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000578b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d32··NIST-800-53-AC-2000578b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d32··NIST-800-53-AC-2
000578c0:·2837·2928·6229·0a20·202d·204e·4953·542d··(7)(b).··-·NIST-000578c0:·2837·2928·6229·0a20·202d·204e·4953·542d··(7)(b).··-·NIST-
000578d0:·3830·302d·3533·2d41·432d·3628·3929·0a20··800-53-AC-6(9).·000578d0:·3830·302d·3533·2d41·432d·3628·3929·0a20··800-53-AC-6(9).·
000578e0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000578e0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
Offset 22437, 23 lines modifiedOffset 22437, 23 lines modified
00057a40:·6574·632f·6175·6469·742f·7275·6c65·732e··etc/audit/rules.00057a40:·6574·632f·6175·6469·742f·7275·6c65·732e··etc/audit/rules.
00057a50:·640a·2020·2020·636f·6e74·6169·6e73·3a20··d.····contains:·00057a50:·640a·2020·2020·636f·6e74·6169·6e73·3a20··d.····contains:·
00057a60:·5e2e·2a28·3f3a·2d46·206b·6579·3d7c·2d6b··^.*(?:-F·key=|-k00057a60:·5e2e·2a28·3f3a·2d46·206b·6579·3d7c·2d6b··^.*(?:-F·key=|-k
00057a70:·5c73·2b29·6163·7469·6f6e·7324·0a20·2020··\s+)actions$.···00057a70:·5c73·2b29·6163·7469·6f6e·7324·0a20·2020··\s+)actions$.···
00057a80:·2070·6174·7465·726e·733a·2027·2a2e·7275···patterns:·'*.ru00057a80:·2070·6174·7465·726e·733a·2027·2a2e·7275···patterns:·'*.ru
Max diff block lines reached; 30698/39798 bytes (77.13%) of diff not shown.
11.1 KB
html2text {}
    
Offset 369, 16 lines modifiedOffset 369, 16 lines modified
369 ··-·no_reboot_needed369 ··-·no_reboot_needed
370 ··-·restrict_strategy370 ··-·restrict_strategy
  
371 -·name:·Set·architecture·for·audit·tasks371 -·name:·Set·architecture·for·audit·tasks
372 ··set_fact:372 ··set_fact:
373 ····audit_arch:·b64373 ····audit_arch:·b64
374 ··when:374 ··when:
375 ··-·'"audit"·in·ansible_facts.packages' 
376 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]375 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 376 ··-·'"audit"·in·ansible_facts.packages'
377 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture377 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
378 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"378 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
379 ··tags:379 ··tags:
380 ··-·CJIS-5.4.1.1380 ··-·CJIS-5.4.1.1
381 ··-·NIST-800-171-3.1.7381 ··-·NIST-800-171-3.1.7
382 ··-·NIST-800-53-AC-6(9)382 ··-·NIST-800-53-AC-6(9)
383 ··-·NIST-800-53-AU-12(c)383 ··-·NIST-800-53-AU-12(c)
Offset 513, 16 lines modifiedOffset 513, 16 lines modified
513 ······path:·'{{·audit_file·}}'513 ······path:·'{{·audit_file·}}'
514 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules514 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
515 ······create:·true515 ······create:·true
516 ······mode:·o-rwx516 ······mode:·o-rwx
517 ······state:·present517 ······state:·present
518 ····when:·syscalls_found·|·length·==·0518 ····when:·syscalls_found·|·length·==·0
519 ··when:519 ··when:
520 ··-·'"audit"·in·ansible_facts.packages' 
521 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]520 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 521 ··-·'"audit"·in·ansible_facts.packages'
522 ··tags:522 ··tags:
523 ··-·CJIS-5.4.1.1523 ··-·CJIS-5.4.1.1
524 ··-·NIST-800-171-3.1.7524 ··-·NIST-800-171-3.1.7
525 ··-·NIST-800-53-AC-6(9)525 ··-·NIST-800-53-AC-6(9)
526 ··-·NIST-800-53-AU-12(c)526 ··-·NIST-800-53-AU-12(c)
527 ··-·NIST-800-53-AU-2(d)527 ··-·NIST-800-53-AU-2(d)
528 ··-·NIST-800-53-CM-6(a)528 ··-·NIST-800-53-CM-6(a)
Offset 654, 16 lines modifiedOffset 654, 16 lines modified
654 ······path:·'{{·audit_file·}}'654 ······path:·'{{·audit_file·}}'
655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
656 ······create:·true656 ······create:·true
657 ······mode:·o-rwx657 ······mode:·o-rwx
658 ······state:·present658 ······state:·present
659 ····when:·syscalls_found·|·length·==·0659 ····when:·syscalls_found·|·length·==·0
660 ··when:660 ··when:
661 ··-·'"audit"·in·ansible_facts.packages' 
662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]661 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 662 ··-·'"audit"·in·ansible_facts.packages'
663 ··-·audit_arch·==·"b64"663 ··-·audit_arch·==·"b64"
664 ··tags:664 ··tags:
665 ··-·CJIS-5.4.1.1665 ··-·CJIS-5.4.1.1
666 ··-·NIST-800-171-3.1.7666 ··-·NIST-800-171-3.1.7
667 ··-·NIST-800-53-AC-6(9)667 ··-·NIST-800-53-AC-6(9)
668 ··-·NIST-800-53-AU-12(c)668 ··-·NIST-800-53-AU-12(c)
669 ··-·NIST-800-53-AU-2(d)669 ··-·NIST-800-53-AU-2(d)
Offset 831, 16 lines modifiedOffset 831, 16 lines modified
831 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/831 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
832 ··find:832 ··find:
833 ····paths:·/etc/audit/rules.d833 ····paths:·/etc/audit/rules.d
834 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+834 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
835 ····patterns:·'*.rules'835 ····patterns:·'*.rules'
836 ··register:·find_existing_watch_rules_d836 ··register:·find_existing_watch_rules_d
837 ··when:837 ··when:
838 ··-·'"audit"·in·ansible_facts.packages' 
839 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]838 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 839 ··-·'"audit"·in·ansible_facts.packages'
840 ··tags:840 ··tags:
841 ··-·CJIS-5.4.1.1841 ··-·CJIS-5.4.1.1
842 ··-·NIST-800-171-3.1.7842 ··-·NIST-800-171-3.1.7
843 ··-·NIST-800-53-AC-2(7)(b)843 ··-·NIST-800-53-AC-2(7)(b)
844 ··-·NIST-800-53-AC-6(9)844 ··-·NIST-800-53-AC-6(9)
845 ··-·NIST-800-53-AU-12(c)845 ··-·NIST-800-53-AU-12(c)
846 ··-·NIST-800-53-AU-2(d)846 ··-·NIST-800-53-AU-2(d)
Offset 857, 16 lines modifiedOffset 857, 16 lines modified
857 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions857 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
858 ··find:858 ··find:
859 ····paths:·/etc/audit/rules.d859 ····paths:·/etc/audit/rules.d
860 ····contains:·^.*(?:-F·key=|-k\s+)actions$860 ····contains:·^.*(?:-F·key=|-k\s+)actions$
861 ····patterns:·'*.rules'861 ····patterns:·'*.rules'
862 ··register:·find_watch_key862 ··register:·find_watch_key
863 ··when:863 ··when:
864 ··-·'"audit"·in·ansible_facts.packages' 
865 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]864 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 865 ··-·'"audit"·in·ansible_facts.packages'
866 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched866 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
867 ····==·0867 ····==·0
868 ··tags:868 ··tags:
869 ··-·CJIS-5.4.1.1869 ··-·CJIS-5.4.1.1
870 ··-·NIST-800-171-3.1.7870 ··-·NIST-800-171-3.1.7
871 ··-·NIST-800-53-AC-2(7)(b)871 ··-·NIST-800-53-AC-2(7)(b)
872 ··-·NIST-800-53-AC-6(9)872 ··-·NIST-800-53-AC-6(9)
Offset 883, 16 lines modifiedOffset 883, 16 lines modified
883 ··-·restrict_strategy883 ··-·restrict_strategy
  
884 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule884 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
885 ··set_fact:885 ··set_fact:
886 ····all_files:886 ····all_files:
887 ····-·/etc/audit/rules.d/actions.rules887 ····-·/etc/audit/rules.d/actions.rules
888 ··when:888 ··when:
889 ··-·'"audit"·in·ansible_facts.packages' 
890 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]889 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 890 ··-·'"audit"·in·ansible_facts.packages'
891 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and891 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and
892 find_existing_watch_rules_d.matched892 find_existing_watch_rules_d.matched
893 ····is·defined·and·find_existing_watch_rules_d.matched·==·0893 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
894 ··tags:894 ··tags:
895 ··-·CJIS-5.4.1.1895 ··-·CJIS-5.4.1.1
896 ··-·NIST-800-171-3.1.7896 ··-·NIST-800-171-3.1.7
897 ··-·NIST-800-53-AC-2(7)(b)897 ··-·NIST-800-53-AC-2(7)(b)
Offset 910, 16 lines modifiedOffset 910, 16 lines modified
910 ··-·restrict_strategy910 ··-·restrict_strategy
  
911 -·name:·Use·matched·file·as·the·recipient·for·the·rule911 -·name:·Use·matched·file·as·the·recipient·for·the·rule
912 ··set_fact:912 ··set_fact:
913 ····all_files:913 ····all_files:
914 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'914 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
915 ··when:915 ··when:
916 ··-·'"audit"·in·ansible_facts.packages' 
917 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]916 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 917 ··-·'"audit"·in·ansible_facts.packages'
918 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and918 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and
919 find_existing_watch_rules_d.matched919 find_existing_watch_rules_d.matched
920 ····is·defined·and·find_existing_watch_rules_d.matched·==·0920 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
921 ··tags:921 ··tags:
922 ··-·CJIS-5.4.1.1922 ··-·CJIS-5.4.1.1
923 ··-·NIST-800-171-3.1.7923 ··-·NIST-800-171-3.1.7
924 ··-·NIST-800-53-AC-2(7)(b)924 ··-·NIST-800-53-AC-2(7)(b)
Offset 939, 16 lines modifiedOffset 939, 16 lines modified
939 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/939 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 6978/11357 bytes (61.44%) of diff not shown.
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_server.html
    
Offset 38517, 22 lines modifiedOffset 38517, 22 lines modified
00096740:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00096740:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00096750:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00096750:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00096760:·7562·2f67·7275·622e·6366·670a·2020·7374··ub/grub.cfg.··st00096760:·7562·2f67·7275·622e·6366·670a·2020·7374··ub/grub.cfg.··st
00096770:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b00096770:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
00096780:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf00096780:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf
00096790:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00096790:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
000967a0:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when000967a0:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
000967b0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000967c0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000967d0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000967e0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000967f0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00096800:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00096810:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00096820:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000967b0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000967c0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000967d0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000967e0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000967f0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00096800:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00096810:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00096820:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00096830:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00096830:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00096840:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00096840:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00096850:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00096850:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00096860:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00096860:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00096870:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00096870:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00096880:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C00096880:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
00096890:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·00096890:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·
Offset 38552, 22 lines modifiedOffset 38552, 22 lines modified
00096970:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E00096970:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E
00096980:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on00096980:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on
00096990:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub00096990:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub
000969a0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000969a0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000969b0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000969b0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000969c0:·622f·6772·7562·2e63·6667·0a20·2020·206f··b/grub.cfg.····o000969c0:·622f·6772·7562·2e63·6667·0a20·2020·206f··b/grub.cfg.····o
000969d0:·776e·6572·3a20·2730·270a·2020·7768·656e··wner:·'0'.··when000969d0:·776e·6572·3a20·2730·270a·2020·7768·656e··wner:·'0'.··when
000969e0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000969f0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00096a00:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00096a10:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
00096a20:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00096a30:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00096a40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00096a50:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000969e0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000969f0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00096a00:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00096a10:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00096a20:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00096a30:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00096a40:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00096a50:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00096a60:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00096a60:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00096a70:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00096a70:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00096a80:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00096a80:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00096a90:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00096a90:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00096aa0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00096aa0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00096ab0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis00096ab0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
00096ac0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin00096ac0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 38617, 24 lines modifiedOffset 38617, 24 lines modified
00096d80:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy00096d80:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
00096d90:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config00096d90:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
00096da0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t00096da0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
00096db0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>00096db0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
00096dc0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is00096dc0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
00096dd0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only00096dd0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
00096de0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat00096de0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
00096df0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f· 
00096e00:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef00096df0:·666f·726d·730a·6966·2064·706b·672d·7175··forms.if·dpkg-qu
 00096e00:·6572·7920·2d2d·7368·6f77·202d·2d73·686f··ery·--show·--sho
 00096e10:·7766·6f72·6d61·743d·2724·7b64·623a·5374··wformat='${db:St
 00096e20:·6174·7573·2d53·7461·7475·737d·5c6e·2720··atus-Status}\n'·
 00096e30:·2767·7275·6232·2d63·6f6d·6d6f·6e27·2032··'grub2-common'·2
 00096e40:·2667·743b·2f64·6576·2f6e·756c·6c20·7c20··&gt;/dev/null·|·
 00096e50:·6772·6570·202d·7120·696e·7374·616c·6c65··grep·-q·installe
00096e10:·6920·5d20·2661·6d70·3b26·616d·703b·2064··i·]·&amp;&amp;·d00096e60:·6420·2661·6d70·3b26·616d·703b·205b·2021··d·&amp;&amp;·[·!
 00096e70:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 00096e80:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
00096e20:·706b·672d·7175·6572·7920·2d2d·7368·6f77··pkg-query·--show 
00096e30:·202d·2d73·686f·7766·6f72·6d61·743d·2724···--showformat='$ 
00096e40:·7b64·623a·5374·6174·7573·2d53·7461·7475··{db:Status-Statu 
00096e50:·737d·5c6e·2720·2767·7275·6232·2d63·6f6d··s}\n'·'grub2-com 
00096e60:·6d6f·6e27·2032·2667·743b·2f64·6576·2f6e··mon'·2&gt;/dev/n 
00096e70:·756c·6c20·7c20·6772·6570·202d·7120·696e··ull·|·grep·-q·in 
00096e80:·7374·616c·6c65·6420·2661·6d70·3b26·616d··stalled·&amp;&am 
00096e90:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do00096e90:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
00096ea0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&00096ea0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
00096eb0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run00096eb0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
00096ec0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]00096ec0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
00096ed0:·3b20·7d3b·2074·6865·6e0a·0a63·686f·776e··;·};·then..chown00096ed0:·3b20·7d3b·2074·6865·6e0a·0a63·686f·776e··;·};·then..chown
00096ee0:·2030·202f·626f·6f74·2f67·7275·622f·6772···0·/boot/grub/gr00096ee0:·2030·202f·626f·6f74·2f67·7275·622f·6772···0·/boot/grub/gr
00096ef0:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···00096ef0:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 39085, 22 lines modifiedOffset 39085, 22 lines modified
00098ac0:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo00098ac0:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo
00098ad0:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo00098ad0:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo
00098ae0:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.00098ae0:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
00098af0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path00098af0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
00098b00:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru00098b00:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru
00098b10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register00098b10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
00098b20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··00098b20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
00098b30:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo00098b30:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
00098b40:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
00098b50:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
00098b60:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
00098b70:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00098b80:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00098b90:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00098ba0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00098b40:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00098b50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00098b60:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00098b70:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00098b80:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00098b90:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00098ba0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
00098bb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00098bb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
00098bc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not00098bc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
00098bd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"00098bd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
00098be0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·00098be0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
00098bf0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00098bf0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00098c00:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·00098c00:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00098c10:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-00098c10:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
Offset 39121, 21 lines modifiedOffset 39121, 21 lines modified
00098d00:·732c·6f2d·7877·7274·206f·6e20·2f62·6f6f··s,o-xwrt·on·/boo00098d00:·732c·6f2d·7877·7274·206f·6e20·2f62·6f6f··s,o-xwrt·on·/boo
00098d10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.00098d10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
00098d20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path00098d20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
00098d30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru00098d30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru
00098d40:·622e·6366·670a·2020·2020·6d6f·6465·3a20··b.cfg.····mode:·00098d40:·622e·6366·670a·2020·2020·6d6f·6465·3a20··b.cfg.····mode:·
Max diff block lines reached; 3890/12990 bytes (29.95%) of diff not shown.
3.94 KB
html2text {}
    
Offset 3223, 16 lines modifiedOffset 3223, 16 lines modified
3223 ··-·no_reboot_needed3223 ··-·no_reboot_needed
  
3224 -·name:·Test·for·existence·/boot/grub/grub.cfg3224 -·name:·Test·for·existence·/boot/grub/grub.cfg
3225 ··stat:3225 ··stat:
3226 ····path:·/boot/grub/grub.cfg3226 ····path:·/boot/grub/grub.cfg
3227 ··register:·file_exists3227 ··register:·file_exists
3228 ··when:3228 ··when:
3229 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3230 ··-·'"grub2-common"·in·ansible_facts.packages'3229 ··-·'"grub2-common"·in·ansible_facts.packages'
 3230 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3231 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3231 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3232 ··tags:3232 ··tags:
3233 ··-·CJIS-5.5.2.23233 ··-·CJIS-5.5.2.2
3234 ··-·NIST-800-171-3.4.53234 ··-·NIST-800-171-3.4.5
3235 ··-·NIST-800-53-AC-6(1)3235 ··-·NIST-800-53-AC-6(1)
3236 ··-·NIST-800-53-CM-6(a)3236 ··-·NIST-800-53-CM-6(a)
3237 ··-·PCI-DSS-Req-7.13237 ··-·PCI-DSS-Req-7.1
Offset 3244, 16 lines modifiedOffset 3244, 16 lines modified
3244 ··-·no_reboot_needed3244 ··-·no_reboot_needed
  
3245 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3245 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3246 ··file:3246 ··file:
3247 ····path:·/boot/grub/grub.cfg3247 ····path:·/boot/grub/grub.cfg
3248 ····owner:·'0'3248 ····owner:·'0'
3249 ··when:3249 ··when:
3250 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3251 ··-·'"grub2-common"·in·ansible_facts.packages'3250 ··-·'"grub2-common"·in·ansible_facts.packages'
 3251 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3253 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3253 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3254 ··tags:3254 ··tags:
3255 ··-·CJIS-5.5.2.23255 ··-·CJIS-5.5.2.2
3256 ··-·NIST-800-171-3.4.53256 ··-·NIST-800-171-3.4.5
3257 ··-·NIST-800-53-AC-6(1)3257 ··-·NIST-800-53-AC-6(1)
3258 ··-·NIST-800-53-CM-6(a)3258 ··-·NIST-800-53-CM-6(a)
Offset 3265, 16 lines modifiedOffset 3265, 16 lines modified
3265 ··-·medium_severity3265 ··-·medium_severity
3266 ··-·no_reboot_needed3266 ··-·no_reboot_needed
3267 Remediation_Shell_script_⇲3267 Remediation_Shell_script_⇲
3268 Complexity:·low3268 Complexity:·low
3269 Disruption:·low3269 Disruption:·low
3270 Strategy:···configure3270 Strategy:···configure
3271 #·Remediation·is·applicable·only·in·certain·platforms3271 #·Remediation·is·applicable·only·in·certain·platforms
3272 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/3272 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!
3273 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3273 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3274 chown·0·/boot/grub/grub.cfg3274 chown·0·/boot/grub/grub.cfg
  
3275 else3275 else
3276 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3276 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3277 fi3277 fi
3278 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3278 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3310, 16 lines modifiedOffset 3310, 16 lines modified
3310 ··-·no_reboot_needed3310 ··-·no_reboot_needed
  
3311 -·name:·Test·for·existence·/boot/grub/grub.cfg3311 -·name:·Test·for·existence·/boot/grub/grub.cfg
3312 ··stat:3312 ··stat:
3313 ····path:·/boot/grub/grub.cfg3313 ····path:·/boot/grub/grub.cfg
3314 ··register:·file_exists3314 ··register:·file_exists
3315 ··when:3315 ··when:
3316 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3317 ··-·'"grub2-common"·in·ansible_facts.packages'3316 ··-·'"grub2-common"·in·ansible_facts.packages'
 3317 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3318 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3318 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3319 ··tags:3319 ··tags:
3320 ··-·NIST-800-171-3.4.53320 ··-·NIST-800-171-3.4.5
3321 ··-·NIST-800-53-AC-6(1)3321 ··-·NIST-800-53-AC-6(1)
3322 ··-·NIST-800-53-CM-6(a)3322 ··-·NIST-800-53-CM-6(a)
3323 ··-·configure_strategy3323 ··-·configure_strategy
3324 ··-·file_permissions_grub2_cfg3324 ··-·file_permissions_grub2_cfg
Offset 3329, 16 lines modifiedOffset 3329, 16 lines modified
3329 ··-·no_reboot_needed3329 ··-·no_reboot_needed
  
3330 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3330 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3331 ··file:3331 ··file:
3332 ····path:·/boot/grub/grub.cfg3332 ····path:·/boot/grub/grub.cfg
3333 ····mode:·u-xs,g-xwrs,o-xwrt3333 ····mode:·u-xs,g-xwrs,o-xwrt
3334 ··when:3334 ··when:
3335 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3336 ··-·'"grub2-common"·in·ansible_facts.packages'3335 ··-·'"grub2-common"·in·ansible_facts.packages'
 3336 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3337 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3337 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3338 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3338 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3339 ··tags:3339 ··tags:
3340 ··-·NIST-800-171-3.4.53340 ··-·NIST-800-171-3.4.5
3341 ··-·NIST-800-53-AC-6(1)3341 ··-·NIST-800-53-AC-6(1)
3342 ··-·NIST-800-53-CM-6(a)3342 ··-·NIST-800-53-CM-6(a)
3343 ··-·configure_strategy3343 ··-·configure_strategy
Offset 3348, 16 lines modifiedOffset 3348, 16 lines modified
3348 ··-·medium_severity3348 ··-·medium_severity
3349 ··-·no_reboot_needed3349 ··-·no_reboot_needed
3350 Remediation_Shell_script_⇲3350 Remediation_Shell_script_⇲
3351 Complexity:·low3351 Complexity:·low
3352 Disruption:·low3352 Disruption:·low
3353 Strategy:···configure3353 Strategy:···configure
3354 #·Remediation·is·applicable·only·in·certain·platforms3354 #·Remediation·is·applicable·only·in·certain·platforms
3355 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/3355 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&
3356 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3356 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3357 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3357 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3358 else3358 else
3359 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3359 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3360 fi3360 fi
3361 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3361 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_workstation.html
    
Offset 40080, 22 lines modifiedOffset 40080, 22 lines modified
0009c8f0:·6564·0a0a·2d20·6e61·6d65·3a20·5465·7374··ed..-·name:·Test0009c8f0:·6564·0a0a·2d20·6e61·6d65·3a20·5465·7374··ed..-·name:·Test
0009c900:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/0009c900:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
0009c910:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c0009c910:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c
0009c920:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p0009c920:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p
0009c930:·6174·683a·202f·626f·6f74·2f67·7275·622f··ath:·/boot/grub/0009c930:·6174·683a·202f·626f·6f74·2f67·7275·622f··ath:·/boot/grub/
0009c940:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis0009c940:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis
0009c950:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists0009c950:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
0009c960:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009c960:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0009c970:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0009c980:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0009c990:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0009c9a0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0009c9b0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0009c9c0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0009c9d0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0009c970:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0009c980:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0009c990:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0009c9a0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 0009c9b0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 0009c9c0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 0009c9d0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
0009c9e0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt0009c9e0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
0009c9f0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·0009c9f0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
0009ca00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"0009ca00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
0009ca10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz0009ca10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
0009ca20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co0009ca20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
0009ca30:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags0009ca30:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
0009ca40:·3a0a·2020·2d20·434a·4953·2d35·2e35·2e32··:.··-·CJIS-5.5.20009ca40:·3a0a·2020·2d20·434a·4953·2d35·2e35·2e32··:.··-·CJIS-5.5.2
Offset 40115, 22 lines modifiedOffset 40115, 22 lines modified
0009cb20:·6562·6f6f·745f·6e65·6564·6564·0a0a·2d20··eboot_needed..-·0009cb20:·6562·6f6f·745f·6e65·6564·6564·0a0a·2d20··eboot_needed..-·
0009cb30:·6e61·6d65·3a20·456e·7375·7265·206f·776e··name:·Ensure·own0009cb30:·6e61·6d65·3a20·456e·7375·7265·206f·776e··name:·Ensure·own
0009cb40:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0009cb40:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0009cb50:·7562·2f67·7275·622e·6366·670a·2020·6669··ub/grub.cfg.··fi0009cb50:·7562·2f67·7275·622e·6366·670a·2020·6669··ub/grub.cfg.··fi
0009cb60:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b0009cb60:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
0009cb70:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf0009cb70:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf
0009cb80:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'0009cb80:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'
0009cb90:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009cb90:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0009cba0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0009cbb0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0009cbc0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0009cbd0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0009cbe0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0009cbf0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0009cc00:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0009cba0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0009cbb0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0009cbc0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0009cbd0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 0009cbe0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 0009cbf0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 0009cc00:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
0009cc10:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt0009cc10:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
0009cc20:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·0009cc20:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
0009cc30:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"0009cc30:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
0009cc40:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz0009cc40:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
0009cc50:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co0009cc50:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
0009cc60:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi0009cc60:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi
0009cc70:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i0009cc70:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i
Offset 40181, 23 lines modifiedOffset 40181, 23 lines modified
0009cf40:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td0009cf40:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
0009cf50:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><0009cf50:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
0009cf60:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0009cf60:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
0009cf70:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia0009cf70:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0009cf80:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab0009cf80:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0009cf90:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa0009cf90:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0009cfa0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·0009cfa0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 0009cfb0:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho
 0009cfc0:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat='
 0009cfd0:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat
 0009cfe0:·7573·7d5c·6e27·2027·6772·7562·322d·636f··us}\n'·'grub2-co
 0009cff0:·6d6d·6f6e·2720·3226·6774·3b2f·6465·762f··mmon'·2&gt;/dev/
 0009d000:·6e75·6c6c·207c·2067·7265·7020·2d71·2069··null·|·grep·-q·i
 0009d010:·6e73·7461·6c6c·6564·2026·616d·703b·2661··nstalled·&amp;&a
0009cfb0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm0009d020:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/
 0009d030:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
0009cfc0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
0009cfd0:·2661·6d70·3b20·6470·6b67·2d71·7565·7279··&amp;·dpkg-query 
0009cfe0:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo 
0009cff0:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu 
0009d000:·732d·5374·6174·7573·7d5c·6e27·2027·6772··s-Status}\n'·'gr 
0009d010:·7562·322d·636f·6d6d·6f6e·2720·3226·6774··ub2-common'·2&gt 
0009d020:·3b2f·6465·762f·6e75·6c6c·207c·2067·7265··;/dev/null·|·gre 
0009d030:·7020·2d71·2069·6e73·7461·6c6c·6564·2026··p·-q·installed·& 
0009d040:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·0009d040:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
0009d050:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]0009d050:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
0009d060:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·0009d060:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
0009d070:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain0009d070:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
0009d080:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then0009d080:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
0009d090:·0a0a·6368·6f77·6e20·3020·2f62·6f6f·742f··..chown·0·/boot/0009d090:·0a0a·6368·6f77·6e20·3020·2f62·6f6f·742f··..chown·0·/boot/
0009d0a0:·6772·7562·2f67·7275·622e·6366·670a·0a65··grub/grub.cfg..e0009d0a0:·6772·7562·2f67·7275·622e·6366·670a·0a65··grub/grub.cfg..e
Offset 40649, 22 lines modifiedOffset 40649, 22 lines modified
0009ec80:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen0009ec80:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
0009ec90:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr0009ec90:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr
0009eca0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0009eca0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0009ecb0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009ecb0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009ecc0:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r0009ecc0:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r
0009ecd0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex0009ecd0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
0009ece0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-0009ece0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
0009ecf0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
0009ed00:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
0009ed10:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
0009ed20:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
0009ed30:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
0009ed40:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
0009ed50:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0009ecf0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 0009ed00:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 0009ed10:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 0009ed20:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 0009ed30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 0009ed40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 0009ed50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
0009ed60:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_0009ed60:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
0009ed70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t0009ed70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
0009ed80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc0009ed80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
0009ed90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op0009ed90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
0009eda0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",0009eda0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
0009edb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··0009edb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
0009edc0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-80009edc0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-8
0009edd0:·3030·2d31·3731·2d33·2e34·2e35·0a20·202d··00-171-3.4.5.··-0009edd0:·3030·2d31·3731·2d33·2e34·2e35·0a20·202d··00-171-3.4.5.··-
Offset 40684, 22 lines modifiedOffset 40684, 22 lines modified
0009eeb0:·732c·672d·7877·7273·2c6f·2d78·7772·7420··s,g-xwrs,o-xwrt·0009eeb0:·732c·672d·7877·7273·2c6f·2d78·7772·7420··s,g-xwrs,o-xwrt·
0009eec0:·6f6e·202f·626f·6f74·2f67·7275·622f·6772··on·/boot/grub/gr0009eec0:·6f6e·202f·626f·6f74·2f67·7275·622f·6772··on·/boot/grub/gr
0009eed0:·7562·2e63·6667·0a20·2066·696c·653a·0a20··ub.cfg.··file:.·0009eed0:·7562·2e63·6667·0a20·2066·696c·653a·0a20··ub.cfg.··file:.·
0009eee0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009eee0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009eef0:·7275·622f·6772·7562·2e63·6667·0a20·2020··rub/grub.cfg.···0009eef0:·7275·622f·6772·7562·2e63·6667·0a20·2020··rub/grub.cfg.···
0009ef00:·206d·6f64·653a·2075·2d78·732c·672d·7877···mode:·u-xs,g-xw0009ef00:·206d·6f64·653a·2075·2d78·732c·672d·7877···mode:·u-xs,g-xw
0009ef10:·7273·2c6f·2d78·7772·740a·2020·7768·656e··rs,o-xwrt.··when0009ef10:·7273·2c6f·2d78·7772·740a·2020·7768·656e··rs,o-xwrt.··when
0009ef20:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
Max diff block lines reached; 2786/12990 bytes (21.45%) of diff not shown.
3.94 KB
html2text {}
    
Offset 3459, 16 lines modifiedOffset 3459, 16 lines modified
3459 ··-·no_reboot_needed3459 ··-·no_reboot_needed
  
3460 -·name:·Test·for·existence·/boot/grub/grub.cfg3460 -·name:·Test·for·existence·/boot/grub/grub.cfg
3461 ··stat:3461 ··stat:
3462 ····path:·/boot/grub/grub.cfg3462 ····path:·/boot/grub/grub.cfg
3463 ··register:·file_exists3463 ··register:·file_exists
3464 ··when:3464 ··when:
3465 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3466 ··-·'"grub2-common"·in·ansible_facts.packages'3465 ··-·'"grub2-common"·in·ansible_facts.packages'
 3466 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3468 ··tags:3468 ··tags:
3469 ··-·CJIS-5.5.2.23469 ··-·CJIS-5.5.2.2
3470 ··-·NIST-800-171-3.4.53470 ··-·NIST-800-171-3.4.5
3471 ··-·NIST-800-53-AC-6(1)3471 ··-·NIST-800-53-AC-6(1)
3472 ··-·NIST-800-53-CM-6(a)3472 ··-·NIST-800-53-CM-6(a)
3473 ··-·PCI-DSS-Req-7.13473 ··-·PCI-DSS-Req-7.1
Offset 3480, 16 lines modifiedOffset 3480, 16 lines modified
3480 ··-·no_reboot_needed3480 ··-·no_reboot_needed
  
3481 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3481 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3482 ··file:3482 ··file:
3483 ····path:·/boot/grub/grub.cfg3483 ····path:·/boot/grub/grub.cfg
3484 ····owner:·'0'3484 ····owner:·'0'
3485 ··when:3485 ··when:
3486 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3487 ··-·'"grub2-common"·in·ansible_facts.packages'3486 ··-·'"grub2-common"·in·ansible_facts.packages'
 3487 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3488 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3488 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3489 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3489 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3490 ··tags:3490 ··tags:
3491 ··-·CJIS-5.5.2.23491 ··-·CJIS-5.5.2.2
3492 ··-·NIST-800-171-3.4.53492 ··-·NIST-800-171-3.4.5
3493 ··-·NIST-800-53-AC-6(1)3493 ··-·NIST-800-53-AC-6(1)
3494 ··-·NIST-800-53-CM-6(a)3494 ··-·NIST-800-53-CM-6(a)
Offset 3501, 16 lines modifiedOffset 3501, 16 lines modified
3501 ··-·medium_severity3501 ··-·medium_severity
3502 ··-·no_reboot_needed3502 ··-·no_reboot_needed
3503 Remediation_Shell_script_⇲3503 Remediation_Shell_script_⇲
3504 Complexity:·low3504 Complexity:·low
3505 Disruption:·low3505 Disruption:·low
3506 Strategy:···configure3506 Strategy:···configure
3507 #·Remediation·is·applicable·only·in·certain·platforms3507 #·Remediation·is·applicable·only·in·certain·platforms
3508 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/3508 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!
3509 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3509 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3510 chown·0·/boot/grub/grub.cfg3510 chown·0·/boot/grub/grub.cfg
  
3511 else3511 else
3512 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3512 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3513 fi3513 fi
3514 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3514 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3546, 16 lines modifiedOffset 3546, 16 lines modified
3546 ··-·no_reboot_needed3546 ··-·no_reboot_needed
  
3547 -·name:·Test·for·existence·/boot/grub/grub.cfg3547 -·name:·Test·for·existence·/boot/grub/grub.cfg
3548 ··stat:3548 ··stat:
3549 ····path:·/boot/grub/grub.cfg3549 ····path:·/boot/grub/grub.cfg
3550 ··register:·file_exists3550 ··register:·file_exists
3551 ··when:3551 ··when:
3552 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3553 ··-·'"grub2-common"·in·ansible_facts.packages'3552 ··-·'"grub2-common"·in·ansible_facts.packages'
 3553 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3555 ··tags:3555 ··tags:
3556 ··-·NIST-800-171-3.4.53556 ··-·NIST-800-171-3.4.5
3557 ··-·NIST-800-53-AC-6(1)3557 ··-·NIST-800-53-AC-6(1)
3558 ··-·NIST-800-53-CM-6(a)3558 ··-·NIST-800-53-CM-6(a)
3559 ··-·configure_strategy3559 ··-·configure_strategy
3560 ··-·file_permissions_grub2_cfg3560 ··-·file_permissions_grub2_cfg
Offset 3565, 16 lines modifiedOffset 3565, 16 lines modified
3565 ··-·no_reboot_needed3565 ··-·no_reboot_needed
  
3566 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3566 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3567 ··file:3567 ··file:
3568 ····path:·/boot/grub/grub.cfg3568 ····path:·/boot/grub/grub.cfg
3569 ····mode:·u-xs,g-xwrs,o-xwrt3569 ····mode:·u-xs,g-xwrs,o-xwrt
3570 ··when:3570 ··when:
3571 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3572 ··-·'"grub2-common"·in·ansible_facts.packages'3571 ··-·'"grub2-common"·in·ansible_facts.packages'
 3572 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3573 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3573 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3574 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3574 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3575 ··tags:3575 ··tags:
3576 ··-·NIST-800-171-3.4.53576 ··-·NIST-800-171-3.4.5
3577 ··-·NIST-800-53-AC-6(1)3577 ··-·NIST-800-53-AC-6(1)
3578 ··-·NIST-800-53-CM-6(a)3578 ··-·NIST-800-53-CM-6(a)
3579 ··-·configure_strategy3579 ··-·configure_strategy
Offset 3584, 16 lines modifiedOffset 3584, 16 lines modified
3584 ··-·medium_severity3584 ··-·medium_severity
3585 ··-·no_reboot_needed3585 ··-·no_reboot_needed
3586 Remediation_Shell_script_⇲3586 Remediation_Shell_script_⇲
3587 Complexity:·low3587 Complexity:·low
3588 Disruption:·low3588 Disruption:·low
3589 Strategy:···configure3589 Strategy:···configure
3590 #·Remediation·is·applicable·only·in·certain·platforms3590 #·Remediation·is·applicable·only·in·certain·platforms
3591 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/3591 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&
3592 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3592 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3593 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3593 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3594 else3594 else
3595 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3595 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3596 fi3596 fi
3597 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3597 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
708 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_server.html
    
Offset 41162, 22 lines modifiedOffset 41162, 22 lines modified
000a0c90:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra000a0c90:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
000a0ca0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se000a0ca0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se
000a0cb0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f000a0cb0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f
000a0cc0:·6f72·2061·7564·6974·2063·686d·6f64·2074··or·audit·chmod·t000a0cc0:·6f72·2061·7564·6974·2063·686d·6f64·2074··or·audit·chmod·t
000a0cd0:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:000a0cd0:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:
000a0ce0:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:000a0ce0:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:
000a0cf0:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-000a0cf0:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-
000a0d00:·2027·2261·7564·6974·6422·2069·6e20·616e···'"auditd"·in·an 
000a0d10:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000a0d20:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000a0d30:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000a0d40:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000a0d50:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000a0d60:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000a0d70:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000a0d00:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000a0d10:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000a0d20:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000a0d30:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000a0d40:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 000a0d50:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 000a0d60:·6974·6422·2069·6e20·616e·7369·626c·655f··itd"·in·ansible_
 000a0d70:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000a0d80:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch000a0d80:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
000a0d90:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar000a0d90:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
000a0da0:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible000a0da0:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
000a0db0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==000a0db0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
000a0dc0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi000a0dc0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
000a0dd0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000a0dd0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000a0de0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le000a0de0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 41485, 23 lines modifiedOffset 41485, 23 lines modified
000a20c0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr000a20c0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
000a20d0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000a20d0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000a20e0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···000a20e0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
000a20f0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000a20f0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000a2100:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc000a2100:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
000a2110:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len000a2110:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
000a2120:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:000a2120:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
000a2130:·0a20·202d·2027·2261·7564·6974·6422·2069··.··-·'"auditd"·i 
000a2140:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000a2150:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000a2160:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000a2170:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000a2180:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000a2190:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000a21a0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000a2130:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000a2140:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 000a2150:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 000a2160:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 000a2170:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 000a2180:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·'
 000a2190:·2261·7564·6974·6422·2069·6e20·616e·7369··"auditd"·in·ansi
 000a21a0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000a21b0:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·000a21b0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
000a21c0:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-000a21c0:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
000a21d0:·2044·4953·412d·5354·4947·2d55·4254·552d···DISA-STIG-UBTU-000a21d0:·2044·4953·412d·5354·4947·2d55·4254·552d···DISA-STIG-UBTU-
000a21e0:·3230·2d30·3130·3135·320a·2020·2d20·4e49··20-010152.··-·NI000a21e0:·3230·2d30·3130·3135·320a·2020·2d20·4e49··20-010152.··-·NI
000a21f0:·5354·2d38·3030·2d31·3731·2d33·2e31·2e37··ST-800-171-3.1.7000a21f0:·5354·2d38·3030·2d31·3731·2d33·2e31·2e37··ST-800-171-3.1.7
000a2200:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000a2200:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
000a2210:·2d41·552d·3132·2863·290a·2020·2d20·4e49··-AU-12(c).··-·NI000a2210:·2d41·552d·3132·2863·290a·2020·2d20·4e49··-AU-12(c).··-·NI
000a2220:·5354·2d38·3030·2d35·332d·4155·2d32·2864··ST-800-53-AU-2(d000a2220:·5354·2d38·3030·2d35·332d·4155·2d32·2864··ST-800-53-AU-2(d
Offset 41797, 22 lines modifiedOffset 41797, 22 lines modified
000a3440:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:000a3440:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
000a3450:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode000a3450:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
000a3460:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st000a3460:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
000a3470:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···000a3470:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
000a3480:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_000a3480:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
000a3490:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=000a3490:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
000a34a0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·000a34a0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
000a34b0:·2722·6175·6469·7464·2220·696e·2061·6e73··'"auditd"·in·ans 
000a34c0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000a34d0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
000a34e0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000a34f0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000a3500:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000a3510:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000a3520:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000a34b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000a34c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000a34d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000a34e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000a34f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 000a3500:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi
 000a3510:·7464·2220·696e·2061·6e73·6962·6c65·5f66··td"·in·ansible_f
 000a3520:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
000a3530:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000a3530:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000a3540:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000a3540:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000a3550:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000a3550:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000a3560:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB000a3560:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB
000a3570:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-000a3570:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-
000a3580:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000a3580:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000a3590:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000a3590:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
Offset 41846, 26 lines modifiedOffset 41846, 26 lines modified
000a3750:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000a3750:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000a3760:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000a3760:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000a3770:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000a3770:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000a3780:·646d·3132·3637·3922·3e3c·7072·653e·3c63··dm12679"><pre><c000a3780:·646d·3132·3637·3922·3e3c·7072·653e·3c63··dm12679"><pre><c
000a3790:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000a3790:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000a37a0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000a37a0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000a37b0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000a37b0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000a37c0:·706c·6174·666f·726d·730a·6966·2064·706b··platforms.if·dpk000a37c0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000a37d0:·672d·7175·6572·7920·2d2d·7368·6f77·202d··g-query·--show·- 
000a37e0:·2d73·686f·7766·6f72·6d61·743d·2724·7b64··-showformat='${d 
000a37f0:·623a·5374·6174·7573·2d53·7461·7475·737d··b:Status-Status} 
000a3800:·5c6e·2720·2761·7564·6974·6427·2032·2667··\n'·'auditd'·2&g 
000a3810:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr 
000a3820:·6570·202d·7120·696e·7374·616c·6c65·6420··ep·-q·installed· 
000a3830:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·- 
000a3840:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·000a37d0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000a3850:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-000a37e0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000a3860:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe000a37f0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 000a3800:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 000a3810:·6d70·3b20·6470·6b67·2d71·7565·7279·202d··mp;·dpkg-query·-
 000a3820:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform
 000a3830:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status-
 000a3840:·5374·6174·7573·7d5c·6e27·2027·6175·6469··Status}\n'·'audi
 000a3850:·7464·2720·3226·6774·3b2f·6465·762f·6e75··td'·2&gt;/dev/nu
 000a3860:·6c6c·207c·2067·7265·7020·2d71·2069·6e73··ll·|·grep·-q·ins
000a3870:·7265·6e76·205d·3b20·7468·656e·0a0a·2320··renv·];·then..#·000a3870:·7461·6c6c·6564·3b20·7468·656e·0a0a·2320··talled;·then..#·
000a3880:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th000a3880:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th
000a3890:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of000a3890:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of
000a38a0:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul000a38a0:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul
000a38b0:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har000a38b0:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har
000a38c0:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu000a38c0:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu
000a38d0:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl000a38d0:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl
000a38e0:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$000a38e0:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$
Offset 43663, 22 lines modifiedOffset 43663, 22 lines modified
000aa8e0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat000aa8e0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat
000aa8f0:·6567·790a·0a2d·206e·616d·653a·2053·6574··egy..-·name:·Set000aa8f0:·6567·790a·0a2d·206e·616d·653a·2053·6574··egy..-·name:·Set
Max diff block lines reached; 553257/562564 bytes (98.35%) of diff not shown.
159 KB
html2text {}
    
Offset 3414, 16 lines modifiedOffset 3414, 16 lines modified
3414 ··-·reboot_required3414 ··-·reboot_required
3415 ··-·restrict_strategy3415 ··-·restrict_strategy
  
3416 -·name:·Set·architecture·for·audit·chmod·tasks3416 -·name:·Set·architecture·for·audit·chmod·tasks
3417 ··set_fact:3417 ··set_fact:
3418 ····audit_arch:·b643418 ····audit_arch:·b64
3419 ··when:3419 ··when:
3420 ··-·'"auditd"·in·ansible_facts.packages' 
3421 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3420 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3421 ··-·'"auditd"·in·ansible_facts.packages'
3422 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3422 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3423 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3423 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3424 ··tags:3424 ··tags:
3425 ··-·CJIS-5.4.1.13425 ··-·CJIS-5.4.1.1
3426 ··-·DISA-STIG-UBTU-20-0101523426 ··-·DISA-STIG-UBTU-20-010152
3427 ··-·NIST-800-171-3.1.73427 ··-·NIST-800-171-3.1.7
3428 ··-·NIST-800-53-AU-12(c)3428 ··-·NIST-800-53-AU-12(c)
Offset 3560, 16 lines modifiedOffset 3560, 16 lines modified
3560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3561 ········-F·auid!=unset·-F·key=perm_mod3561 ········-F·auid!=unset·-F·key=perm_mod
3562 ······create:·true3562 ······create:·true
3563 ······mode:·o-rwx3563 ······mode:·o-rwx
3564 ······state:·present3564 ······state:·present
3565 ····when:·syscalls_found·|·length·==·03565 ····when:·syscalls_found·|·length·==·0
3566 ··when:3566 ··when:
3567 ··-·'"auditd"·in·ansible_facts.packages' 
3568 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3567 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3568 ··-·'"auditd"·in·ansible_facts.packages'
3569 ··tags:3569 ··tags:
3570 ··-·CJIS-5.4.1.13570 ··-·CJIS-5.4.1.1
3571 ··-·DISA-STIG-UBTU-20-0101523571 ··-·DISA-STIG-UBTU-20-010152
3572 ··-·NIST-800-171-3.1.73572 ··-·NIST-800-171-3.1.7
3573 ··-·NIST-800-53-AU-12(c)3573 ··-·NIST-800-53-AU-12(c)
3574 ··-·NIST-800-53-AU-2(d)3574 ··-·NIST-800-53-AU-2(d)
3575 ··-·NIST-800-53-CM-6(a)3575 ··-·NIST-800-53-CM-6(a)
Offset 3704, 16 lines modifiedOffset 3704, 16 lines modified
3704 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003704 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3705 ········-F·auid!=unset·-F·key=perm_mod3705 ········-F·auid!=unset·-F·key=perm_mod
3706 ······create:·true3706 ······create:·true
3707 ······mode:·o-rwx3707 ······mode:·o-rwx
3708 ······state:·present3708 ······state:·present
3709 ····when:·syscalls_found·|·length·==·03709 ····when:·syscalls_found·|·length·==·0
3710 ··when:3710 ··when:
3711 ··-·'"auditd"·in·ansible_facts.packages' 
3712 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3711 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3712 ··-·'"auditd"·in·ansible_facts.packages'
3713 ··-·audit_arch·==·"b64"3713 ··-·audit_arch·==·"b64"
3714 ··tags:3714 ··tags:
3715 ··-·CJIS-5.4.1.13715 ··-·CJIS-5.4.1.1
3716 ··-·DISA-STIG-UBTU-20-0101523716 ··-·DISA-STIG-UBTU-20-010152
3717 ··-·NIST-800-171-3.1.73717 ··-·NIST-800-171-3.1.7
3718 ··-·NIST-800-53-AU-12(c)3718 ··-·NIST-800-53-AU-12(c)
3719 ··-·NIST-800-53-AU-2(d)3719 ··-·NIST-800-53-AU-2(d)
Offset 3723, 16 lines modifiedOffset 3723, 16 lines modified
3723 ··-·low_complexity3723 ··-·low_complexity
3724 ··-·low_disruption3724 ··-·low_disruption
3725 ··-·medium_severity3725 ··-·medium_severity
3726 ··-·reboot_required3726 ··-·reboot_required
3727 ··-·restrict_strategy3727 ··-·restrict_strategy
3728 Remediation_Shell_script_⇲3728 Remediation_Shell_script_⇲
3729 #·Remediation·is·applicable·only·in·certain·platforms3729 #·Remediation·is·applicable·only·in·certain·platforms
3730 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·- 
3731 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3730 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status-
 3731 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then
  
3732 #·First·perform·the·remediation·of·the·syscall·rule3732 #·First·perform·the·remediation·of·the·syscall·rule
3733 #·Retrieve·hardware·architecture·of·the·underlying·system3733 #·Retrieve·hardware·architecture·of·the·underlying·system
3734 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")3734 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
3735 for·ARCH·in·"${RULE_ARCHS[@]}"3735 for·ARCH·in·"${RULE_ARCHS[@]}"
3736 do3736 do
Offset 4124, 16 lines modifiedOffset 4124, 16 lines modified
4124 ··-·reboot_required4124 ··-·reboot_required
4125 ··-·restrict_strategy4125 ··-·restrict_strategy
  
4126 -·name:·Set·architecture·for·audit·chown·tasks4126 -·name:·Set·architecture·for·audit·chown·tasks
4127 ··set_fact:4127 ··set_fact:
4128 ····audit_arch:·b644128 ····audit_arch:·b64
4129 ··when:4129 ··when:
4130 ··-·'"auditd"·in·ansible_facts.packages' 
4131 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4130 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4131 ··-·'"auditd"·in·ansible_facts.packages'
4132 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4132 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4133 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4133 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4134 ··tags:4134 ··tags:
4135 ··-·CJIS-5.4.1.14135 ··-·CJIS-5.4.1.1
4136 ··-·DISA-STIG-UBTU-20-0101484136 ··-·DISA-STIG-UBTU-20-010148
4137 ··-·NIST-800-171-3.1.74137 ··-·NIST-800-171-3.1.7
4138 ··-·NIST-800-53-AU-12(c)4138 ··-·NIST-800-53-AU-12(c)
Offset 4272, 16 lines modifiedOffset 4272, 16 lines modified
4272 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004272 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4273 ········-F·auid!=unset·-F·key=perm_mod4273 ········-F·auid!=unset·-F·key=perm_mod
4274 ······create:·true4274 ······create:·true
4275 ······mode:·o-rwx4275 ······mode:·o-rwx
4276 ······state:·present4276 ······state:·present
4277 ····when:·syscalls_found·|·length·==·04277 ····when:·syscalls_found·|·length·==·0
4278 ··when:4278 ··when:
4279 ··-·'"auditd"·in·ansible_facts.packages' 
4280 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4279 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4280 ··-·'"auditd"·in·ansible_facts.packages'
4281 ··tags:4281 ··tags:
4282 ··-·CJIS-5.4.1.14282 ··-·CJIS-5.4.1.1
4283 ··-·DISA-STIG-UBTU-20-0101484283 ··-·DISA-STIG-UBTU-20-010148
4284 ··-·NIST-800-171-3.1.74284 ··-·NIST-800-171-3.1.7
4285 ··-·NIST-800-53-AU-12(c)4285 ··-·NIST-800-53-AU-12(c)
4286 ··-·NIST-800-53-AU-2(d)4286 ··-·NIST-800-53-AU-2(d)
4287 ··-·NIST-800-53-CM-6(a)4287 ··-·NIST-800-53-CM-6(a)
Offset 4418, 16 lines modifiedOffset 4418, 16 lines modified
4418 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004418 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4419 ········-F·auid!=unset·-F·key=perm_mod4419 ········-F·auid!=unset·-F·key=perm_mod
4420 ······create:·true4420 ······create:·true
4421 ······mode:·o-rwx4421 ······mode:·o-rwx
4422 ······state:·present4422 ······state:·present
4423 ····when:·syscalls_found·|·length·==·04423 ····when:·syscalls_found·|·length·==·0
4424 ··when:4424 ··when:
4425 ··-·'"auditd"·in·ansible_facts.packages' 
4426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4425 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4426 ··-·'"auditd"·in·ansible_facts.packages'
4427 ··-·audit_arch·==·"b64"4427 ··-·audit_arch·==·"b64"
4428 ··tags:4428 ··tags:
4429 ··-·CJIS-5.4.1.14429 ··-·CJIS-5.4.1.1
4430 ··-·DISA-STIG-UBTU-20-0101484430 ··-·DISA-STIG-UBTU-20-010148
4431 ··-·NIST-800-171-3.1.74431 ··-·NIST-800-171-3.1.7
4432 ··-·NIST-800-53-AU-12(c)4432 ··-·NIST-800-53-AU-12(c)
4433 ··-·NIST-800-53-AU-2(d)4433 ··-·NIST-800-53-AU-2(d)
Offset 4437, 16 lines modifiedOffset 4437, 16 lines modified
4437 ··-·low_complexity4437 ··-·low_complexity
Max diff block lines reached; 157987/162445 bytes (97.26%) of diff not shown.
707 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_workstation.html
    
Offset 42730, 23 lines modifiedOffset 42730, 23 lines modified
000a6e90:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri000a6e90:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri
000a6ea0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n000a6ea0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
000a6eb0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite000a6eb0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
000a6ec0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·000a6ec0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
000a6ed0:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se000a6ed0:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se
000a6ee0:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi000a6ee0:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi
000a6ef0:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh000a6ef0:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh
000a6f00:·656e·3a0a·2020·2d20·2722·6175·6469·7464··en:.··-·'"auditd 
000a6f10:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a6f20:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000a6f30:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000a6f40:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000a6f50:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000a6f60:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000a6f70:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000a6f00:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000a6f10:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000a6f20:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000a6f30:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000a6f40:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000a6f50:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000a6f60:·2d20·2722·6175·6469·7464·2220·696e·2061··-·'"auditd"·in·a
 000a6f70:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000a6f80:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib000a6f80:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
000a6f90:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000a6f90:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000a6fa0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·000a6fa0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
000a6fb0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000a6fb0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000a6fc0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·000a6fc0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
000a6fd0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi000a6fd0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
000a6fe0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"000a6fe0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
000a6ff0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi000a6ff0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 43053, 23 lines modifiedOffset 43053, 23 lines modified
000a82c0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000a82c0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000a82d0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000a82d0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000a82e0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000a82e0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000a82f0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000a82f0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000a8300:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000a8300:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000a8310:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000a8310:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000a8320:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000a8320:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000a8330:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au000a8330:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
000a8340:·6469·7464·2220·696e·2061·6e73·6962·6c65··ditd"·in·ansible 
000a8350:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000a8360:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000a8370:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000a8380:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000a8390:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000a83a0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000a83b0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000a8340:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000a8350:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000a8360:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000a8370:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000a8380:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 000a8390:·5d0a·2020·2d20·2722·6175·6469·7464·2220··].··-·'"auditd"·
 000a83a0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000a83b0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag
000a83c0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.000a83c0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
000a83d0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000a83d0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000a83e0:·472d·5542·5455·2d32·302d·3031·3031·3532··G-UBTU-20-010152000a83e0:·472d·5542·5455·2d32·302d·3031·3031·3532··G-UBTU-20-010152
000a83f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000a83f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000a8400:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000a8400:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000a8410:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000a8410:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
000a8420:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000a8420:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 43365, 23 lines modifiedOffset 43365, 23 lines modified
000a9640:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000a9640:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000a9650:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000a9650:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000a9660:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000a9660:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000a9670:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000a9670:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000a9680:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000a9680:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000a9690:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000a9690:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000a96a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000a96a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000a96b0:·6e3a·0a20·202d·2027·2261·7564·6974·6422··n:.··-·'"auditd" 
000a96c0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000a96d0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000a96e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000a96f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000a9700:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000a9710:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000a9720:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000a96b0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000a96c0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000a96d0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000a96e0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000a96f0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000a9700:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000a9710:·2027·2261·7564·6974·6422·2069·6e20·616e···'"auditd"·in·an
 000a9720:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000a9730:·6e65·7222·5d0a·2020·2d20·6175·6469·745f··ner"].··-·audit_000a9730:·6167·6573·270a·2020·2d20·6175·6469·745f··ages'.··-·audit_
000a9740:·6172·6368·203d·3d20·2262·3634·220a·2020··arch·==·"b64".··000a9740:·6172·6368·203d·3d20·2262·3634·220a·2020··arch·==·"b64".··
000a9750:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5000a9750:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
000a9760:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-000a9760:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
000a9770:·5354·4947·2d55·4254·552d·3230·2d30·3130··STIG-UBTU-20-010000a9770:·5354·4947·2d55·4254·552d·3230·2d30·3130··STIG-UBTU-20-010
000a9780:·3135·320a·2020·2d20·4e49·5354·2d38·3030··152.··-·NIST-800000a9780:·3135·320a·2020·2d20·4e49·5354·2d38·3030··152.··-·NIST-800
000a9790:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N000a9790:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
000a97a0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12000a97a0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 43415, 25 lines modifiedOffset 43415, 25 lines modified
000a9960:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c000a9960:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
000a9970:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse000a9970:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
000a9980:·2220·6964·3d22·6964·6d31·3236·3739·223e··"·id="idm12679">000a9980:·2220·6964·3d22·6964·6d31·3236·3739·223e··"·id="idm12679">
000a9990:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000a9990:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000a99a0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000a99a0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000a99b0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000a99b0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000a99c0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000a99c0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
000a99d0:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·- 
000a99e0:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform 
000a99f0:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status- 
000a9a00:·5374·6174·7573·7d5c·6e27·2027·6175·6469··Status}\n'·'audi 
000a9a10:·7464·2720·3226·6774·3b2f·6465·762f·6e75··td'·2&gt;/dev/nu 
000a9a20:·6c6c·207c·2067·7265·7020·2d71·2069·6e73··ll·|·grep·-q·ins 
000a9a30:·7461·6c6c·6564·2026·616d·703b·2661·6d70··talled·&amp;&amp 
000a9a40:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke000a99d0:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc
000a9a50:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000a99e0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
000a9a60:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000a99f0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
000a9a70:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t000a9a00:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·
 000a9a10:·2661·6d70·3b26·616d·703b·2064·706b·672d··&amp;&amp;·dpkg-
 000a9a20:·7175·6572·7920·2d2d·7368·6f77·202d·2d73··query·--show·--s
 000a9a30:·686f·7766·6f72·6d61·743d·2724·7b64·623a··howformat='${db:
 000a9a40:·5374·6174·7573·2d53·7461·7475·737d·5c6e··Status-Status}\n
 000a9a50:·2720·2761·7564·6974·6427·2032·2667·743b··'·'auditd'·2&gt;
 000a9a60:·2f64·6576·2f6e·756c·6c20·7c20·6772·6570··/dev/null·|·grep
 000a9a70:·202d·7120·696e·7374·616c·6c65·643b·2074···-q·installed;·t
000a9a80:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per000a9a80:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
000a9a90:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia000a9a90:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
000a9aa0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc000a9aa0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
000a9ab0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri000a9ab0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri
000a9ac0:·6576·6520·6861·7264·7761·7265·2061·7263··eve·hardware·arc000a9ac0:·6576·6520·6861·7264·7761·7265·2061·7263··eve·hardware·arc
000a9ad0:·6869·7465·6374·7572·6520·6f66·2074·6865··hitecture·of·the000a9ad0:·6869·7465·6374·7572·6520·6f66·2074·6865··hitecture·of·the
000a9ae0:·2075·6e64·6572·6c79·696e·6720·7379·7374···underlying·syst000a9ae0:·2075·6e64·6572·6c79·696e·6720·7379·7374···underlying·syst
Offset 45231, 23 lines modifiedOffset 45231, 23 lines modified
000b0ae0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric000b0ae0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric
Max diff block lines reached; 551670/561046 bytes (98.33%) of diff not shown.
159 KB
html2text {}
    
Offset 3651, 16 lines modifiedOffset 3651, 16 lines modified
3651 ··-·reboot_required3651 ··-·reboot_required
3652 ··-·restrict_strategy3652 ··-·restrict_strategy
  
3653 -·name:·Set·architecture·for·audit·chmod·tasks3653 -·name:·Set·architecture·for·audit·chmod·tasks
3654 ··set_fact:3654 ··set_fact:
3655 ····audit_arch:·b643655 ····audit_arch:·b64
3656 ··when:3656 ··when:
3657 ··-·'"auditd"·in·ansible_facts.packages' 
3658 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3657 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3658 ··-·'"auditd"·in·ansible_facts.packages'
3659 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3659 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3660 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3660 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3661 ··tags:3661 ··tags:
3662 ··-·CJIS-5.4.1.13662 ··-·CJIS-5.4.1.1
3663 ··-·DISA-STIG-UBTU-20-0101523663 ··-·DISA-STIG-UBTU-20-010152
3664 ··-·NIST-800-171-3.1.73664 ··-·NIST-800-171-3.1.7
3665 ··-·NIST-800-53-AU-12(c)3665 ··-·NIST-800-53-AU-12(c)
Offset 3797, 16 lines modifiedOffset 3797, 16 lines modified
3797 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003797 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3798 ········-F·auid!=unset·-F·key=perm_mod3798 ········-F·auid!=unset·-F·key=perm_mod
3799 ······create:·true3799 ······create:·true
3800 ······mode:·o-rwx3800 ······mode:·o-rwx
3801 ······state:·present3801 ······state:·present
3802 ····when:·syscalls_found·|·length·==·03802 ····when:·syscalls_found·|·length·==·0
3803 ··when:3803 ··when:
3804 ··-·'"auditd"·in·ansible_facts.packages' 
3805 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3804 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3805 ··-·'"auditd"·in·ansible_facts.packages'
3806 ··tags:3806 ··tags:
3807 ··-·CJIS-5.4.1.13807 ··-·CJIS-5.4.1.1
3808 ··-·DISA-STIG-UBTU-20-0101523808 ··-·DISA-STIG-UBTU-20-010152
3809 ··-·NIST-800-171-3.1.73809 ··-·NIST-800-171-3.1.7
3810 ··-·NIST-800-53-AU-12(c)3810 ··-·NIST-800-53-AU-12(c)
3811 ··-·NIST-800-53-AU-2(d)3811 ··-·NIST-800-53-AU-2(d)
3812 ··-·NIST-800-53-CM-6(a)3812 ··-·NIST-800-53-CM-6(a)
Offset 3941, 16 lines modifiedOffset 3941, 16 lines modified
3941 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003941 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3942 ········-F·auid!=unset·-F·key=perm_mod3942 ········-F·auid!=unset·-F·key=perm_mod
3943 ······create:·true3943 ······create:·true
3944 ······mode:·o-rwx3944 ······mode:·o-rwx
3945 ······state:·present3945 ······state:·present
3946 ····when:·syscalls_found·|·length·==·03946 ····when:·syscalls_found·|·length·==·0
3947 ··when:3947 ··when:
3948 ··-·'"auditd"·in·ansible_facts.packages' 
3949 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3948 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3949 ··-·'"auditd"·in·ansible_facts.packages'
3950 ··-·audit_arch·==·"b64"3950 ··-·audit_arch·==·"b64"
3951 ··tags:3951 ··tags:
3952 ··-·CJIS-5.4.1.13952 ··-·CJIS-5.4.1.1
3953 ··-·DISA-STIG-UBTU-20-0101523953 ··-·DISA-STIG-UBTU-20-010152
3954 ··-·NIST-800-171-3.1.73954 ··-·NIST-800-171-3.1.7
3955 ··-·NIST-800-53-AU-12(c)3955 ··-·NIST-800-53-AU-12(c)
3956 ··-·NIST-800-53-AU-2(d)3956 ··-·NIST-800-53-AU-2(d)
Offset 3960, 16 lines modifiedOffset 3960, 16 lines modified
3960 ··-·low_complexity3960 ··-·low_complexity
3961 ··-·low_disruption3961 ··-·low_disruption
3962 ··-·medium_severity3962 ··-·medium_severity
3963 ··-·reboot_required3963 ··-·reboot_required
3964 ··-·restrict_strategy3964 ··-·restrict_strategy
3965 Remediation_Shell_script_⇲3965 Remediation_Shell_script_⇲
3966 #·Remediation·is·applicable·only·in·certain·platforms3966 #·Remediation·is·applicable·only·in·certain·platforms
3967 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·- 
3968 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3967 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status-
 3968 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then
  
3969 #·First·perform·the·remediation·of·the·syscall·rule3969 #·First·perform·the·remediation·of·the·syscall·rule
3970 #·Retrieve·hardware·architecture·of·the·underlying·system3970 #·Retrieve·hardware·architecture·of·the·underlying·system
3971 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")3971 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
3972 for·ARCH·in·"${RULE_ARCHS[@]}"3972 for·ARCH·in·"${RULE_ARCHS[@]}"
3973 do3973 do
Offset 4361, 16 lines modifiedOffset 4361, 16 lines modified
4361 ··-·reboot_required4361 ··-·reboot_required
4362 ··-·restrict_strategy4362 ··-·restrict_strategy
  
4363 -·name:·Set·architecture·for·audit·chown·tasks4363 -·name:·Set·architecture·for·audit·chown·tasks
4364 ··set_fact:4364 ··set_fact:
4365 ····audit_arch:·b644365 ····audit_arch:·b64
4366 ··when:4366 ··when:
4367 ··-·'"auditd"·in·ansible_facts.packages' 
4368 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4367 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4368 ··-·'"auditd"·in·ansible_facts.packages'
4369 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4369 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4370 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4370 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4371 ··tags:4371 ··tags:
4372 ··-·CJIS-5.4.1.14372 ··-·CJIS-5.4.1.1
4373 ··-·DISA-STIG-UBTU-20-0101484373 ··-·DISA-STIG-UBTU-20-010148
4374 ··-·NIST-800-171-3.1.74374 ··-·NIST-800-171-3.1.7
4375 ··-·NIST-800-53-AU-12(c)4375 ··-·NIST-800-53-AU-12(c)
Offset 4509, 16 lines modifiedOffset 4509, 16 lines modified
4509 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004509 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4510 ········-F·auid!=unset·-F·key=perm_mod4510 ········-F·auid!=unset·-F·key=perm_mod
4511 ······create:·true4511 ······create:·true
4512 ······mode:·o-rwx4512 ······mode:·o-rwx
4513 ······state:·present4513 ······state:·present
4514 ····when:·syscalls_found·|·length·==·04514 ····when:·syscalls_found·|·length·==·0
4515 ··when:4515 ··when:
4516 ··-·'"auditd"·in·ansible_facts.packages' 
4517 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4516 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4517 ··-·'"auditd"·in·ansible_facts.packages'
4518 ··tags:4518 ··tags:
4519 ··-·CJIS-5.4.1.14519 ··-·CJIS-5.4.1.1
4520 ··-·DISA-STIG-UBTU-20-0101484520 ··-·DISA-STIG-UBTU-20-010148
4521 ··-·NIST-800-171-3.1.74521 ··-·NIST-800-171-3.1.7
4522 ··-·NIST-800-53-AU-12(c)4522 ··-·NIST-800-53-AU-12(c)
4523 ··-·NIST-800-53-AU-2(d)4523 ··-·NIST-800-53-AU-2(d)
4524 ··-·NIST-800-53-CM-6(a)4524 ··-·NIST-800-53-CM-6(a)
Offset 4655, 16 lines modifiedOffset 4655, 16 lines modified
4655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4656 ········-F·auid!=unset·-F·key=perm_mod4656 ········-F·auid!=unset·-F·key=perm_mod
4657 ······create:·true4657 ······create:·true
4658 ······mode:·o-rwx4658 ······mode:·o-rwx
4659 ······state:·present4659 ······state:·present
4660 ····when:·syscalls_found·|·length·==·04660 ····when:·syscalls_found·|·length·==·0
4661 ··when:4661 ··when:
4662 ··-·'"auditd"·in·ansible_facts.packages' 
4663 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4663 ··-·'"auditd"·in·ansible_facts.packages'
4664 ··-·audit_arch·==·"b64"4664 ··-·audit_arch·==·"b64"
4665 ··tags:4665 ··tags:
4666 ··-·CJIS-5.4.1.14666 ··-·CJIS-5.4.1.1
4667 ··-·DISA-STIG-UBTU-20-0101484667 ··-·DISA-STIG-UBTU-20-010148
4668 ··-·NIST-800-171-3.1.74668 ··-·NIST-800-171-3.1.7
4669 ··-·NIST-800-53-AU-12(c)4669 ··-·NIST-800-53-AU-12(c)
4670 ··-·NIST-800-53-AU-2(d)4670 ··-·NIST-800-53-AU-2(d)
Offset 4674, 16 lines modifiedOffset 4674, 16 lines modified
4674 ··-·low_complexity4674 ··-·low_complexity
Max diff block lines reached; 157987/162445 bytes (97.26%) of diff not shown.
729 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-stig.html
    
Offset 43035, 23 lines modifiedOffset 43035, 23 lines modified
000a81a0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s000a81a0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
000a81b0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:000a81b0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
000a81c0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur000a81c0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
000a81d0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo000a81d0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
000a81e0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa000a81e0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
000a81f0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar000a81f0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000a8200:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000a8200:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000a8210:·2020·2d20·2722·6175·6469·7464·2220·696e····-·'"auditd"·in 
000a8220:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000a8230:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
000a8240:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000a8250:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
000a8260:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
000a8270:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
000a8280:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000a8210:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000a8220:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000a8230:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000a8240:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000a8250:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000a8260:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000a8270:·6175·6469·7464·2220·696e·2061·6e73·6962··auditd"·in·ansib
 000a8280:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
000a8290:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a000a8290:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a
000a82a0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"000a82a0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
000a82b0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi000a82b0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
000a82c0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000a82c0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000a82d0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000a82d0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000a82e0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000a82e0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000a82f0:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000a82f0:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000a8300:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000a8300:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 43358, 23 lines modifiedOffset 43358, 23 lines modified
000a95d0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000a95d0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000a95e0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000a95e0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000a95f0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000a95f0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000a9600:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000a9600:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000a9610:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000a9610:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000a9620:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000a9620:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000a9630:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000a9630:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000a9640:·656e·3a0a·2020·2d20·2722·6175·6469·7464··en:.··-·'"auditd 
000a9650:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a9660:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000a9670:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000a9680:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000a9690:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000a96a0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000a96b0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000a9640:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000a9650:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000a9660:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000a9670:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000a9680:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000a9690:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000a96a0:·2d20·2722·6175·6469·7464·2220·696e·2061··-·'"auditd"·in·a
 000a96b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000a96c0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000a96c0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
000a96d0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000a96d0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000a96e0:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB000a96e0:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB
000a96f0:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-000a96f0:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-
000a9700:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000a9700:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000a9710:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000a9710:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000a9720:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000a9720:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
000a9730:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000a9730:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 43670, 23 lines modifiedOffset 43670, 23 lines modified
000aa950:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea000aa950:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
000aa960:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000aa960:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000aa970:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000aa970:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000aa980:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000aa980:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000aa990:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000aa990:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000aa9a0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000aa9a0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000aa9b0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000aa9b0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000aa9c0:·202d·2027·2261·7564·6974·6422·2069·6e20···-·'"auditd"·in· 
000aa9d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000aa9e0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000aa9f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000aaa00:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000aaa10:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000aaa20:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000aaa30:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000aa9c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000aa9d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000aa9e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000aa9f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000aaa00:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000aaa10:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 000aaa20:·7564·6974·6422·2069·6e20·616e·7369·626c··uditd"·in·ansibl
 000aaa30:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000aaa40:·5d0a·2020·2d20·6175·6469·745f·6172·6368··].··-·audit_arch000aaa40:·270a·2020·2d20·6175·6469·745f·6172·6368··'.··-·audit_arch
000aaa50:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags000aaa50:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags
000aaa60:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1000aaa60:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
000aaa70:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG000aaa70:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
000aaa80:·2d55·4254·552d·3230·2d30·3130·3135·320a··-UBTU-20-010152.000aaa80:·2d55·4254·552d·3230·2d30·3130·3135·320a··-UBTU-20-010152.
000aaa90:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000aaa90:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000aaaa0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000aaaa0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000aaab0:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000aaab0:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
Offset 43720, 25 lines modifiedOffset 43720, 25 lines modified
000aac70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000aac70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000aac80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000aac80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000aac90:·3d22·6964·6d31·3236·3739·223e·3c70·7265··="idm12679"><pre000aac90:·3d22·6964·6d31·3236·3739·223e·3c70·7265··="idm12679"><pre
000aaca0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000aaca0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000aacb0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000aacb0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000aacc0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000aacc0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000aacd0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000aacd0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000aace0:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho 
000aacf0:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat=' 
000aad00:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat 
000aad10:·7573·7d5c·6e27·2027·6175·6469·7464·2720··us}\n'·'auditd'· 
000aad20:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·| 
000aad30:·2067·7265·7020·2d71·2069·6e73·7461·6c6c···grep·-q·install 
000aad40:·6564·2026·616d·703b·2661·6d70·3b20·5b20··ed·&amp;&amp;·[· 
000aad50:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000aace0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000aad60:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000aacf0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000aad70:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000aad00:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000aad80:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.000aad10:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp
 000aad20:·3b26·616d·703b·2064·706b·672d·7175·6572··;&amp;·dpkg-quer
 000aad30:·7920·2d2d·7368·6f77·202d·2d73·686f·7766··y·--show·--showf
 000aad40:·6f72·6d61·743d·2724·7b64·623a·5374·6174··ormat='${db:Stat
 000aad50:·7573·2d53·7461·7475·737d·5c6e·2720·2761··us-Status}\n'·'a
 000aad60:·7564·6974·6427·2032·2667·743b·2f64·6576··uditd'·2&gt;/dev
 000aad70:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
 000aad80:·696e·7374·616c·6c65·643b·2074·6865·6e0a··installed;·then.
000aad90:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000aad90:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000aada0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000aada0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
000aadb0:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·000aadb0:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
000aadc0:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·000aadc0:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·
000aadd0:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite000aadd0:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite
000aade0:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und000aade0:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und
000aadf0:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[000aadf0:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[
Offset 45536, 23 lines modifiedOffset 45536, 23 lines modified
000b1df0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st000b1df0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
Max diff block lines reached; 566388/575764 bytes (98.37%) of diff not shown.
167 KB
html2text {}
    
Offset 3784, 16 lines modifiedOffset 3784, 16 lines modified
3784 ··-·reboot_required3784 ··-·reboot_required
3785 ··-·restrict_strategy3785 ··-·restrict_strategy
  
3786 -·name:·Set·architecture·for·audit·chmod·tasks3786 -·name:·Set·architecture·for·audit·chmod·tasks
3787 ··set_fact:3787 ··set_fact:
3788 ····audit_arch:·b643788 ····audit_arch:·b64
3789 ··when:3789 ··when:
3790 ··-·'"auditd"·in·ansible_facts.packages' 
3791 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3790 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3791 ··-·'"auditd"·in·ansible_facts.packages'
3792 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3792 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3793 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3793 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3794 ··tags:3794 ··tags:
3795 ··-·CJIS-5.4.1.13795 ··-·CJIS-5.4.1.1
3796 ··-·DISA-STIG-UBTU-20-0101523796 ··-·DISA-STIG-UBTU-20-010152
3797 ··-·NIST-800-171-3.1.73797 ··-·NIST-800-171-3.1.7
3798 ··-·NIST-800-53-AU-12(c)3798 ··-·NIST-800-53-AU-12(c)
Offset 3930, 16 lines modifiedOffset 3930, 16 lines modified
3930 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003930 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3931 ········-F·auid!=unset·-F·key=perm_mod3931 ········-F·auid!=unset·-F·key=perm_mod
3932 ······create:·true3932 ······create:·true
3933 ······mode:·o-rwx3933 ······mode:·o-rwx
3934 ······state:·present3934 ······state:·present
3935 ····when:·syscalls_found·|·length·==·03935 ····when:·syscalls_found·|·length·==·0
3936 ··when:3936 ··when:
3937 ··-·'"auditd"·in·ansible_facts.packages' 
3938 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3937 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3938 ··-·'"auditd"·in·ansible_facts.packages'
3939 ··tags:3939 ··tags:
3940 ··-·CJIS-5.4.1.13940 ··-·CJIS-5.4.1.1
3941 ··-·DISA-STIG-UBTU-20-0101523941 ··-·DISA-STIG-UBTU-20-010152
3942 ··-·NIST-800-171-3.1.73942 ··-·NIST-800-171-3.1.7
3943 ··-·NIST-800-53-AU-12(c)3943 ··-·NIST-800-53-AU-12(c)
3944 ··-·NIST-800-53-AU-2(d)3944 ··-·NIST-800-53-AU-2(d)
3945 ··-·NIST-800-53-CM-6(a)3945 ··-·NIST-800-53-CM-6(a)
Offset 4074, 16 lines modifiedOffset 4074, 16 lines modified
4074 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004074 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4075 ········-F·auid!=unset·-F·key=perm_mod4075 ········-F·auid!=unset·-F·key=perm_mod
4076 ······create:·true4076 ······create:·true
4077 ······mode:·o-rwx4077 ······mode:·o-rwx
4078 ······state:·present4078 ······state:·present
4079 ····when:·syscalls_found·|·length·==·04079 ····when:·syscalls_found·|·length·==·0
4080 ··when:4080 ··when:
4081 ··-·'"auditd"·in·ansible_facts.packages' 
4082 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4081 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4082 ··-·'"auditd"·in·ansible_facts.packages'
4083 ··-·audit_arch·==·"b64"4083 ··-·audit_arch·==·"b64"
4084 ··tags:4084 ··tags:
4085 ··-·CJIS-5.4.1.14085 ··-·CJIS-5.4.1.1
4086 ··-·DISA-STIG-UBTU-20-0101524086 ··-·DISA-STIG-UBTU-20-010152
4087 ··-·NIST-800-171-3.1.74087 ··-·NIST-800-171-3.1.7
4088 ··-·NIST-800-53-AU-12(c)4088 ··-·NIST-800-53-AU-12(c)
4089 ··-·NIST-800-53-AU-2(d)4089 ··-·NIST-800-53-AU-2(d)
Offset 4093, 16 lines modifiedOffset 4093, 16 lines modified
4093 ··-·low_complexity4093 ··-·low_complexity
4094 ··-·low_disruption4094 ··-·low_disruption
4095 ··-·medium_severity4095 ··-·medium_severity
4096 ··-·reboot_required4096 ··-·reboot_required
4097 ··-·restrict_strategy4097 ··-·restrict_strategy
4098 Remediation_Shell_script_⇲4098 Remediation_Shell_script_⇲
4099 #·Remediation·is·applicable·only·in·certain·platforms4099 #·Remediation·is·applicable·only·in·certain·platforms
4100 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·- 
4101 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then4100 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status-
 4101 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then
  
4102 #·First·perform·the·remediation·of·the·syscall·rule4102 #·First·perform·the·remediation·of·the·syscall·rule
4103 #·Retrieve·hardware·architecture·of·the·underlying·system4103 #·Retrieve·hardware·architecture·of·the·underlying·system
4104 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4104 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4105 for·ARCH·in·"${RULE_ARCHS[@]}"4105 for·ARCH·in·"${RULE_ARCHS[@]}"
4106 do4106 do
Offset 4494, 16 lines modifiedOffset 4494, 16 lines modified
4494 ··-·reboot_required4494 ··-·reboot_required
4495 ··-·restrict_strategy4495 ··-·restrict_strategy
  
4496 -·name:·Set·architecture·for·audit·chown·tasks4496 -·name:·Set·architecture·for·audit·chown·tasks
4497 ··set_fact:4497 ··set_fact:
4498 ····audit_arch:·b644498 ····audit_arch:·b64
4499 ··when:4499 ··when:
4500 ··-·'"auditd"·in·ansible_facts.packages' 
4501 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4500 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4501 ··-·'"auditd"·in·ansible_facts.packages'
4502 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4502 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4503 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4503 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4504 ··tags:4504 ··tags:
4505 ··-·CJIS-5.4.1.14505 ··-·CJIS-5.4.1.1
4506 ··-·DISA-STIG-UBTU-20-0101484506 ··-·DISA-STIG-UBTU-20-010148
4507 ··-·NIST-800-171-3.1.74507 ··-·NIST-800-171-3.1.7
4508 ··-·NIST-800-53-AU-12(c)4508 ··-·NIST-800-53-AU-12(c)
Offset 4642, 16 lines modifiedOffset 4642, 16 lines modified
4642 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004642 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4643 ········-F·auid!=unset·-F·key=perm_mod4643 ········-F·auid!=unset·-F·key=perm_mod
4644 ······create:·true4644 ······create:·true
4645 ······mode:·o-rwx4645 ······mode:·o-rwx
4646 ······state:·present4646 ······state:·present
4647 ····when:·syscalls_found·|·length·==·04647 ····when:·syscalls_found·|·length·==·0
4648 ··when:4648 ··when:
4649 ··-·'"auditd"·in·ansible_facts.packages' 
4650 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4649 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4650 ··-·'"auditd"·in·ansible_facts.packages'
4651 ··tags:4651 ··tags:
4652 ··-·CJIS-5.4.1.14652 ··-·CJIS-5.4.1.1
4653 ··-·DISA-STIG-UBTU-20-0101484653 ··-·DISA-STIG-UBTU-20-010148
4654 ··-·NIST-800-171-3.1.74654 ··-·NIST-800-171-3.1.7
4655 ··-·NIST-800-53-AU-12(c)4655 ··-·NIST-800-53-AU-12(c)
4656 ··-·NIST-800-53-AU-2(d)4656 ··-·NIST-800-53-AU-2(d)
4657 ··-·NIST-800-53-CM-6(a)4657 ··-·NIST-800-53-CM-6(a)
Offset 4788, 16 lines modifiedOffset 4788, 16 lines modified
4788 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004788 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4789 ········-F·auid!=unset·-F·key=perm_mod4789 ········-F·auid!=unset·-F·key=perm_mod
4790 ······create:·true4790 ······create:·true
4791 ······mode:·o-rwx4791 ······mode:·o-rwx
4792 ······state:·present4792 ······state:·present
4793 ····when:·syscalls_found·|·length·==·04793 ····when:·syscalls_found·|·length·==·0
4794 ··when:4794 ··when:
4795 ··-·'"auditd"·in·ansible_facts.packages' 
4796 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4795 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4796 ··-·'"auditd"·in·ansible_facts.packages'
4797 ··-·audit_arch·==·"b64"4797 ··-·audit_arch·==·"b64"
4798 ··tags:4798 ··tags:
4799 ··-·CJIS-5.4.1.14799 ··-·CJIS-5.4.1.1
4800 ··-·DISA-STIG-UBTU-20-0101484800 ··-·DISA-STIG-UBTU-20-010148
4801 ··-·NIST-800-171-3.1.74801 ··-·NIST-800-171-3.1.7
4802 ··-·NIST-800-53-AU-12(c)4802 ··-·NIST-800-53-AU-12(c)
4803 ··-·NIST-800-53-AU-2(d)4803 ··-·NIST-800-53-AU-2(d)
Offset 4807, 16 lines modifiedOffset 4807, 16 lines modified
4807 ··-·low_complexity4807 ··-·low_complexity
Max diff block lines reached; 166194/170652 bytes (97.39%) of diff not shown.
16.4 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_server.html
    
Offset 38096, 21 lines modifiedOffset 38096, 21 lines modified
00094cf0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·00094cf0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
00094d00:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.00094d00:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.
00094d10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····00094d10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
00094d20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00094d20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00094d30:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi00094d30:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi
00094d40:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist00094d40:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist
00094d50:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"00094d50:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"
00094d60:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00094d70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00094d80:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
00094d90:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
00094da0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00094db0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00094dc0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'00094d60:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 00094d70:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00094d80:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00094d90:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 00094da0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
 00094db0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00094dc0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00094dd0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00094dd0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00094de0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00094de0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00094df0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00094df0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00094e00:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00094e00:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00094e10:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00094e10:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00094e20:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag00094e20:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
00094e30:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.00094e30:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 38131, 21 lines modifiedOffset 38131, 21 lines modified
00094f20:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow00094f20:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow
00094f30:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g00094f30:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
00094f40:·7275·622f·6772·7562·2e63·6667·0a20·2066··rub/grub.cfg.··f00094f40:·7275·622f·6772·7562·2e63·6667·0a20·2066··rub/grub.cfg.··f
00094f50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/00094f50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
00094f60:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c00094f60:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c
00094f70:·6667·0a20·2020·206f·776e·6572·3a20·2730··fg.····owner:·'000094f70:·6667·0a20·2020·206f·776e·6572·3a20·2730··fg.····owner:·'0
00094f80:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"00094f80:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
00094f90:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00094fa0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00094fb0:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
00094fc0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
00094fd0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00094fe0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00094ff0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'00094f90:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 00094fa0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00094fb0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00094fc0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 00094fd0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
 00094fe0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00094ff0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00095000:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00095000:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00095010:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00095010:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00095020:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00095020:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00095030:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00095030:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00095040:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00095040:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00095050:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f00095050:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
00095060:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·00095060:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 38196, 23 lines modifiedOffset 38196, 23 lines modified
00095330:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t00095330:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
00095340:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>00095340:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>
00095350:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr00095350:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
00095360:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi00095360:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
00095370:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica00095370:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
00095380:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert00095380:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
00095390:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if00095390:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
000953a0:·2064·706b·672d·7175·6572·7920·2d2d·7368···dpkg-query·--sh 
000953b0:·6f77·202d·2d73·686f·7766·6f72·6d61·743d··ow·--showformat= 
000953c0:·2724·7b64·623a·5374·6174·7573·2d53·7461··'${db:Status-Sta 
000953d0:·7475·737d·5c6e·2720·2767·7275·6232·2d63··tus}\n'·'grub2-c 
000953e0:·6f6d·6d6f·6e27·2032·2667·743b·2f64·6576··ommon'·2&gt;/dev 
000953f0:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q· 
00095400:·696e·7374·616c·6c65·6420·2661·6d70·3b26··installed·&amp;& 
00095410:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys000953a0:·205b·2021·202d·6620·2f73·7973·2f66·6972···[·!·-f·/sys/fir
00095420:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·000953b0:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
 000953c0:·3b26·616d·703b·2064·706b·672d·7175·6572··;&amp;·dpkg-quer
 000953d0:·7920·2d2d·7368·6f77·202d·2d73·686f·7766··y·--show·--showf
 000953e0:·6f72·6d61·743d·2724·7b64·623a·5374·6174··ormat='${db:Stat
 000953f0:·7573·2d53·7461·7475·737d·5c6e·2720·2767··us-Status}\n'·'g
 00095400:·7275·6232·2d63·6f6d·6d6f·6e27·2032·2667··rub2-common'·2&g
 00095410:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr
 00095420:·6570·202d·7120·696e·7374·616c·6c65·6420··ep·-q·installed·
00095430:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!00095430:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
00095440:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·00095440:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
00095450:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!00095450:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
00095460:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai00095460:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
00095470:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the00095470:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
00095480:·6e0a·0a63·686f·776e·2030·202f·626f·6f74··n..chown·0·/boot00095480:·6e0a·0a63·686f·776e·2030·202f·626f·6f74··n..chown·0·/boot
00095490:·2f67·7275·622f·6772·7562·2e63·6667·0a0a··/grub/grub.cfg..00095490:·2f67·7275·622f·6772·7562·2e63·6667·0a0a··/grub/grub.cfg..
Offset 38664, 22 lines modifiedOffset 38664, 22 lines modified
00097070:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe00097070:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
00097080:·6e63·6520·2f62·6f6f·742f·6772·7562·2f67··nce·/boot/grub/g00097080:·6e63·6520·2f62·6f6f·742f·6772·7562·2f67··nce·/boot/grub/g
00097090:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.00097090:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
000970a0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000970a0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000970b0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··000970b0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··
000970c0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000970c0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000970d0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000970d0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000970e0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000970f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00097100:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
00097110:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
00097120:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
00097130:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
00097140:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l000970e0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000970f0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 00097100:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 00097110:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
 00097120:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub
 00097130:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00097140:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
00097150:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible00097150:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
00097160:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_00097160:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
00097170:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do00097170:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
00097180:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o00097180:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
00097190:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"00097190:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000971a0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000971a0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000971b0:·2074·6167·733a·0a20·202d·204e·4953·542d···tags:.··-·NIST-000971b0:·2074·6167·733a·0a20·202d·204e·4953·542d···tags:.··-·NIST-
000971c0:·3830·302d·3137·312d·332e·342e·350a·2020··800-171-3.4.5.··000971c0:·3830·302d·3137·312d·332e·342e·350a·2020··800-171-3.4.5.··
Offset 38699, 22 lines modifiedOffset 38699, 22 lines modified
000972a0:·7873·2c67·2d78·7772·732c·6f2d·7877·7274··xs,g-xwrs,o-xwrt000972a0:·7873·2c67·2d78·7772·732c·6f2d·7877·7274··xs,g-xwrs,o-xwrt
000972b0:·206f·6e20·2f62·6f6f·742f·6772·7562·2f67···on·/boot/grub/g000972b0:·206f·6e20·2f62·6f6f·742f·6772·7562·2f67···on·/boot/grub/g
000972c0:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.000972c0:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.
000972d0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000972d0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000972e0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··000972e0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··
000972f0:·2020·6d6f·6465·3a20·752d·7873·2c67·2d78····mode:·u-xs,g-x000972f0:·2020·6d6f·6465·3a20·752d·7873·2c67·2d78····mode:·u-xs,g-x
00097300:·7772·732c·6f2d·7877·7274·0a20·2077·6865··wrs,o-xwrt.··whe00097300:·7772·732c·6f2d·7877·7274·0a20·2077·6865··wrs,o-xwrt.··whe
00097310:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c00097310:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e
00097320:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
00097330:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
00097340:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef 
Max diff block lines reached; 2786/12714 bytes (21.91%) of diff not shown.
3.84 KB
html2text {}
    
Offset 3153, 16 lines modifiedOffset 3153, 16 lines modified
3153 ··-·no_reboot_needed3153 ··-·no_reboot_needed
  
3154 -·name:·Test·for·existence·/boot/grub/grub.cfg3154 -·name:·Test·for·existence·/boot/grub/grub.cfg
3155 ··stat:3155 ··stat:
3156 ····path:·/boot/grub/grub.cfg3156 ····path:·/boot/grub/grub.cfg
3157 ··register:·file_exists3157 ··register:·file_exists
3158 ··when:3158 ··when:
3159 ··-·'"grub2-common"·in·ansible_facts.packages' 
3160 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3159 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3160 ··-·'"grub2-common"·in·ansible_facts.packages'
3161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3162 ··tags:3162 ··tags:
3163 ··-·CJIS-5.5.2.23163 ··-·CJIS-5.5.2.2
3164 ··-·NIST-800-171-3.4.53164 ··-·NIST-800-171-3.4.5
3165 ··-·NIST-800-53-AC-6(1)3165 ··-·NIST-800-53-AC-6(1)
3166 ··-·NIST-800-53-CM-6(a)3166 ··-·NIST-800-53-CM-6(a)
3167 ··-·PCI-DSS-Req-7.13167 ··-·PCI-DSS-Req-7.1
Offset 3174, 16 lines modifiedOffset 3174, 16 lines modified
3174 ··-·no_reboot_needed3174 ··-·no_reboot_needed
  
3175 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3175 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3176 ··file:3176 ··file:
3177 ····path:·/boot/grub/grub.cfg3177 ····path:·/boot/grub/grub.cfg
3178 ····owner:·'0'3178 ····owner:·'0'
3179 ··when:3179 ··when:
3180 ··-·'"grub2-common"·in·ansible_facts.packages' 
3181 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3180 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3181 ··-·'"grub2-common"·in·ansible_facts.packages'
3182 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3182 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3183 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3183 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3184 ··tags:3184 ··tags:
3185 ··-·CJIS-5.5.2.23185 ··-·CJIS-5.5.2.2
3186 ··-·NIST-800-171-3.4.53186 ··-·NIST-800-171-3.4.5
3187 ··-·NIST-800-53-AC-6(1)3187 ··-·NIST-800-53-AC-6(1)
3188 ··-·NIST-800-53-CM-6(a)3188 ··-·NIST-800-53-CM-6(a)
Offset 3195, 16 lines modifiedOffset 3195, 16 lines modified
3195 ··-·medium_severity3195 ··-·medium_severity
3196 ··-·no_reboot_needed3196 ··-·no_reboot_needed
3197 Remediation_Shell_script_⇲3197 Remediation_Shell_script_⇲
3198 Complexity:·low3198 Complexity:·low
3199 Disruption:·low3199 Disruption:·low
3200 Strategy:···configure3200 Strategy:···configure
3201 #·Remediation·is·applicable·only·in·certain·platforms3201 #·Remediation·is·applicable·only·in·certain·platforms
3202 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!3202 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
3203 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3203 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3204 chown·0·/boot/grub/grub.cfg3204 chown·0·/boot/grub/grub.cfg
  
3205 else3205 else
3206 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3206 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3207 fi3207 fi
3208 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3208 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3240, 16 lines modifiedOffset 3240, 16 lines modified
3240 ··-·no_reboot_needed3240 ··-·no_reboot_needed
  
3241 -·name:·Test·for·existence·/boot/grub/grub.cfg3241 -·name:·Test·for·existence·/boot/grub/grub.cfg
3242 ··stat:3242 ··stat:
3243 ····path:·/boot/grub/grub.cfg3243 ····path:·/boot/grub/grub.cfg
3244 ··register:·file_exists3244 ··register:·file_exists
3245 ··when:3245 ··when:
3246 ··-·'"grub2-common"·in·ansible_facts.packages' 
3247 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3246 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3247 ··-·'"grub2-common"·in·ansible_facts.packages'
3248 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3248 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3249 ··tags:3249 ··tags:
3250 ··-·NIST-800-171-3.4.53250 ··-·NIST-800-171-3.4.5
3251 ··-·NIST-800-53-AC-6(1)3251 ··-·NIST-800-53-AC-6(1)
3252 ··-·NIST-800-53-CM-6(a)3252 ··-·NIST-800-53-CM-6(a)
3253 ··-·configure_strategy3253 ··-·configure_strategy
3254 ··-·file_permissions_grub2_cfg3254 ··-·file_permissions_grub2_cfg
Offset 3259, 16 lines modifiedOffset 3259, 16 lines modified
3259 ··-·no_reboot_needed3259 ··-·no_reboot_needed
  
3260 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3260 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3261 ··file:3261 ··file:
3262 ····path:·/boot/grub/grub.cfg3262 ····path:·/boot/grub/grub.cfg
3263 ····mode:·u-xs,g-xwrs,o-xwrt3263 ····mode:·u-xs,g-xwrs,o-xwrt
3264 ··when:3264 ··when:
3265 ··-·'"grub2-common"·in·ansible_facts.packages' 
3266 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3265 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3266 ··-·'"grub2-common"·in·ansible_facts.packages'
3267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3268 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3268 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3269 ··tags:3269 ··tags:
3270 ··-·NIST-800-171-3.4.53270 ··-·NIST-800-171-3.4.5
3271 ··-·NIST-800-53-AC-6(1)3271 ··-·NIST-800-53-AC-6(1)
3272 ··-·NIST-800-53-CM-6(a)3272 ··-·NIST-800-53-CM-6(a)
3273 ··-·configure_strategy3273 ··-·configure_strategy
Offset 3278, 16 lines modifiedOffset 3278, 16 lines modified
3278 ··-·medium_severity3278 ··-·medium_severity
3279 ··-·no_reboot_needed3279 ··-·no_reboot_needed
3280 Remediation_Shell_script_⇲3280 Remediation_Shell_script_⇲
3281 Complexity:·low3281 Complexity:·low
3282 Disruption:·low3282 Disruption:·low
3283 Strategy:···configure3283 Strategy:···configure
3284 #·Remediation·is·applicable·only·in·certain·platforms3284 #·Remediation·is·applicable·only·in·certain·platforms
3285 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&3285 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
3286 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3286 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3287 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3287 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3288 else3288 else
3289 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3289 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3290 fi3290 fi
3291 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3291 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.4 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_workstation.html
    
Offset 39645, 21 lines modifiedOffset 39645, 21 lines modified
0009adc0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence0009adc0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
0009add0:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub0009add0:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub
0009ade0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···0009ade0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
0009adf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru0009adf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
0009ae00:·622f·6772·7562·2e63·6667·0a20·2072·6567··b/grub.cfg.··reg0009ae00:·622f·6772·7562·2e63·6667·0a20·2072·6567··b/grub.cfg.··reg
0009ae10:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis0009ae10:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
0009ae20:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'0009ae20:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
0009ae30:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
0009ae40:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
0009ae50:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
0009ae60:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
0009ae70:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009ae80:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009ae90:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list0009ae30:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 0009ae40:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 0009ae50:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 0009ae60:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 0009ae70:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 0009ae80:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 0009ae90:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
0009aea0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi0009aea0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
0009aeb0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ0009aeb0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
0009aec0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke0009aec0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
0009aed0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open0009aed0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
0009aee0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"0009aee0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
0009aef0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta0009aef0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
0009af00:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.50009af00:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 39680, 21 lines modifiedOffset 39680, 21 lines modified
0009aff0:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o0009aff0:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
0009b000:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/0009b000:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
0009b010:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··0009b010:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··
0009b020:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·0009b020:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
0009b030:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.0009b030:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.
0009b040:·6366·670a·2020·2020·6f77·6e65·723a·2027··cfg.····owner:·'0009b040:·6366·670a·2020·2020·6f77·6e65·723a·2027··cfg.····owner:·'
0009b050:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0009b050:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0009b060:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
0009b070:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
0009b080:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
0009b090:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
0009b0a0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009b0b0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009b0c0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list0009b060:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 0009b070:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 0009b080:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 0009b090:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 0009b0a0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 0009b0b0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 0009b0c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
0009b0d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi0009b0d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
0009b0e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ0009b0e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
0009b0f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke0009b0f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
0009b100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open0009b100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
0009b110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"0009b110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
0009b120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·0009b120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
0009b130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat0009b130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 39745, 23 lines modifiedOffset 39745, 23 lines modified
0009b400:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0009b400:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0009b410:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td0009b410:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td
0009b420:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p0009b420:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0009b430:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed0009b430:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0009b440:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic0009b440:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0009b450:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer0009b450:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0009b460:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i0009b460:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0009b470:·6620·6470·6b67·2d71·7565·7279·202d·2d73··f·dpkg-query·--s 
0009b480:·686f·7720·2d2d·7368·6f77·666f·726d·6174··how·--showformat 
0009b490:·3d27·247b·6462·3a53·7461·7475·732d·5374··='${db:Status-St 
0009b4a0:·6174·7573·7d5c·6e27·2027·6772·7562·322d··atus}\n'·'grub2- 
0009b4b0:·636f·6d6d·6f6e·2720·3226·6774·3b2f·6465··common'·2&gt;/de 
0009b4c0:·762f·6e75·6c6c·207c·2067·7265·7020·2d71··v/null·|·grep·-q 
0009b4d0:·2069·6e73·7461·6c6c·6564·2026·616d·703b···installed·&amp; 
0009b4e0:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy0009b470:·6620·5b20·2120·2d66·202f·7379·732f·6669··f·[·!·-f·/sys/fi
0009b4f0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]0009b480:·726d·7761·7265·2f65·6669·205d·2026·616d··rmware/efi·]·&am
 0009b490:·703b·2661·6d70·3b20·6470·6b67·2d71·7565··p;&amp;·dpkg-que
 0009b4a0:·7279·202d·2d73·686f·7720·2d2d·7368·6f77··ry·--show·--show
 0009b4b0:·666f·726d·6174·3d27·247b·6462·3a53·7461··format='${db:Sta
 0009b4c0:·7475·732d·5374·6174·7573·7d5c·6e27·2027··tus-Status}\n'·'
 0009b4d0:·6772·7562·322d·636f·6d6d·6f6e·2720·3226··grub2-common'·2&
 0009b4e0:·6774·3b2f·6465·762f·6e75·6c6c·207c·2067··gt;/dev/null·|·g
 0009b4f0:·7265·7020·2d71·2069·6e73·7461·6c6c·6564··rep·-q·installed
0009b500:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·0009b500:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
0009b510:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv0009b510:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
0009b520:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·0009b520:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
0009b530:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta0009b530:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
0009b540:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th0009b540:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
0009b550:·656e·0a0a·6368·6f77·6e20·3020·2f62·6f6f··en..chown·0·/boo0009b550:·656e·0a0a·6368·6f77·6e20·3020·2f62·6f6f··en..chown·0·/boo
0009b560:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.0009b560:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
Offset 40213, 22 lines modifiedOffset 40213, 22 lines modified
0009d140:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist0009d140:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
0009d150:·656e·6365·202f·626f·6f74·2f67·7275·622f··ence·/boot/grub/0009d150:·656e·6365·202f·626f·6f74·2f67·7275·622f··ence·/boot/grub/
0009d160:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:0009d160:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
0009d170:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot0009d170:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
0009d180:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·0009d180:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·
0009d190:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_0009d190:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
0009d1a0:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·0009d1a0:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
0009d1b0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
0009d1c0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
0009d1d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
0009d1e0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
0009d1f0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
0009d200:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
0009d210:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·0009d1b0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 0009d1c0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 0009d1d0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 0009d1e0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
 0009d1f0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru
 0009d200:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 0009d210:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
0009d220:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl0009d220:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
0009d230:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization0009d230:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
0009d240:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d0009d240:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
0009d250:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"0009d250:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
0009d260:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman0009d260:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
0009d270:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0009d270:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0009d280:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST0009d280:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST
0009d290:·2d38·3030·2d31·3731·2d33·2e34·2e35·0a20··-800-171-3.4.5.·0009d290:·2d38·3030·2d31·3731·2d33·2e34·2e35·0a20··-800-171-3.4.5.·
Offset 40248, 22 lines modifiedOffset 40248, 22 lines modified
0009d370:·2d78·732c·672d·7877·7273·2c6f·2d78·7772··-xs,g-xwrs,o-xwr0009d370:·2d78·732c·672d·7877·7273·2c6f·2d78·7772··-xs,g-xwrs,o-xwr
0009d380:·7420·6f6e·202f·626f·6f74·2f67·7275·622f··t·on·/boot/grub/0009d380:·7420·6f6e·202f·626f·6f74·2f67·7275·622f··t·on·/boot/grub/
0009d390:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:0009d390:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:
0009d3a0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot0009d3a0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
0009d3b0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·0009d3b0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·
0009d3c0:·2020·206d·6f64·653a·2075·2d78·732c·672d·····mode:·u-xs,g-0009d3c0:·2020·206d·6f64·653a·2075·2d78·732c·672d·····mode:·u-xs,g-
0009d3d0:·7877·7273·2c6f·2d78·7772·740a·2020·7768··xwrs,o-xwrt.··wh0009d3d0:·7877·7273·2c6f·2d78·7772·740a·2020·7768··xwrs,o-xwrt.··wh
0009d3e0:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-0009d3e0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
0009d3f0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
0009d400:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
0009d410:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
Max diff block lines reached; 2786/12714 bytes (21.91%) of diff not shown.
3.84 KB
html2text {}
    
Offset 3389, 16 lines modifiedOffset 3389, 16 lines modified
3389 ··-·no_reboot_needed3389 ··-·no_reboot_needed
  
3390 -·name:·Test·for·existence·/boot/grub/grub.cfg3390 -·name:·Test·for·existence·/boot/grub/grub.cfg
3391 ··stat:3391 ··stat:
3392 ····path:·/boot/grub/grub.cfg3392 ····path:·/boot/grub/grub.cfg
3393 ··register:·file_exists3393 ··register:·file_exists
3394 ··when:3394 ··when:
3395 ··-·'"grub2-common"·in·ansible_facts.packages' 
3396 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3395 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3396 ··-·'"grub2-common"·in·ansible_facts.packages'
3397 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3397 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3398 ··tags:3398 ··tags:
3399 ··-·CJIS-5.5.2.23399 ··-·CJIS-5.5.2.2
3400 ··-·NIST-800-171-3.4.53400 ··-·NIST-800-171-3.4.5
3401 ··-·NIST-800-53-AC-6(1)3401 ··-·NIST-800-53-AC-6(1)
3402 ··-·NIST-800-53-CM-6(a)3402 ··-·NIST-800-53-CM-6(a)
3403 ··-·PCI-DSS-Req-7.13403 ··-·PCI-DSS-Req-7.1
Offset 3410, 16 lines modifiedOffset 3410, 16 lines modified
3410 ··-·no_reboot_needed3410 ··-·no_reboot_needed
  
3411 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3411 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3412 ··file:3412 ··file:
3413 ····path:·/boot/grub/grub.cfg3413 ····path:·/boot/grub/grub.cfg
3414 ····owner:·'0'3414 ····owner:·'0'
3415 ··when:3415 ··when:
3416 ··-·'"grub2-common"·in·ansible_facts.packages' 
3417 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3416 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3417 ··-·'"grub2-common"·in·ansible_facts.packages'
3418 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3418 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3419 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3419 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3420 ··tags:3420 ··tags:
3421 ··-·CJIS-5.5.2.23421 ··-·CJIS-5.5.2.2
3422 ··-·NIST-800-171-3.4.53422 ··-·NIST-800-171-3.4.5
3423 ··-·NIST-800-53-AC-6(1)3423 ··-·NIST-800-53-AC-6(1)
3424 ··-·NIST-800-53-CM-6(a)3424 ··-·NIST-800-53-CM-6(a)
Offset 3431, 16 lines modifiedOffset 3431, 16 lines modified
3431 ··-·medium_severity3431 ··-·medium_severity
3432 ··-·no_reboot_needed3432 ··-·no_reboot_needed
3433 Remediation_Shell_script_⇲3433 Remediation_Shell_script_⇲
3434 Complexity:·low3434 Complexity:·low
3435 Disruption:·low3435 Disruption:·low
3436 Strategy:···configure3436 Strategy:···configure
3437 #·Remediation·is·applicable·only·in·certain·platforms3437 #·Remediation·is·applicable·only·in·certain·platforms
3438 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!3438 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
3439 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3439 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3440 chown·0·/boot/grub/grub.cfg3440 chown·0·/boot/grub/grub.cfg
  
3441 else3441 else
3442 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3442 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3443 fi3443 fi
3444 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3444 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3476, 16 lines modifiedOffset 3476, 16 lines modified
3476 ··-·no_reboot_needed3476 ··-·no_reboot_needed
  
3477 -·name:·Test·for·existence·/boot/grub/grub.cfg3477 -·name:·Test·for·existence·/boot/grub/grub.cfg
3478 ··stat:3478 ··stat:
3479 ····path:·/boot/grub/grub.cfg3479 ····path:·/boot/grub/grub.cfg
3480 ··register:·file_exists3480 ··register:·file_exists
3481 ··when:3481 ··when:
3482 ··-·'"grub2-common"·in·ansible_facts.packages' 
3483 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3482 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3483 ··-·'"grub2-common"·in·ansible_facts.packages'
3484 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3484 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3485 ··tags:3485 ··tags:
3486 ··-·NIST-800-171-3.4.53486 ··-·NIST-800-171-3.4.5
3487 ··-·NIST-800-53-AC-6(1)3487 ··-·NIST-800-53-AC-6(1)
3488 ··-·NIST-800-53-CM-6(a)3488 ··-·NIST-800-53-CM-6(a)
3489 ··-·configure_strategy3489 ··-·configure_strategy
3490 ··-·file_permissions_grub2_cfg3490 ··-·file_permissions_grub2_cfg
Offset 3495, 16 lines modifiedOffset 3495, 16 lines modified
3495 ··-·no_reboot_needed3495 ··-·no_reboot_needed
  
3496 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3496 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3497 ··file:3497 ··file:
3498 ····path:·/boot/grub/grub.cfg3498 ····path:·/boot/grub/grub.cfg
3499 ····mode:·u-xs,g-xwrs,o-xwrt3499 ····mode:·u-xs,g-xwrs,o-xwrt
3500 ··when:3500 ··when:
3501 ··-·'"grub2-common"·in·ansible_facts.packages' 
3502 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3501 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3502 ··-·'"grub2-common"·in·ansible_facts.packages'
3503 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3503 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3504 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3504 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3505 ··tags:3505 ··tags:
3506 ··-·NIST-800-171-3.4.53506 ··-·NIST-800-171-3.4.5
3507 ··-·NIST-800-53-AC-6(1)3507 ··-·NIST-800-53-AC-6(1)
3508 ··-·NIST-800-53-CM-6(a)3508 ··-·NIST-800-53-CM-6(a)
3509 ··-·configure_strategy3509 ··-·configure_strategy
Offset 3514, 16 lines modifiedOffset 3514, 16 lines modified
3514 ··-·medium_severity3514 ··-·medium_severity
3515 ··-·no_reboot_needed3515 ··-·no_reboot_needed
3516 Remediation_Shell_script_⇲3516 Remediation_Shell_script_⇲
3517 Complexity:·low3517 Complexity:·low
3518 Disruption:·low3518 Disruption:·low
3519 Strategy:···configure3519 Strategy:···configure
3520 #·Remediation·is·applicable·only·in·certain·platforms3520 #·Remediation·is·applicable·only·in·certain·platforms
3521 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&3521 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
3522 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3522 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3523 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3523 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3524 else3524 else
3525 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3525 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3526 fi3526 fi
3527 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3527 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_server.html
    
Offset 175019, 22 lines modifiedOffset 175019, 22 lines modified
002abaa0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002abaa0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002abab0:·6520·2f62·6f6f·742f·6772·7562·2f67·7275··e·/boot/grub/gru002abab0:·6520·2f62·6f6f·742f·6772·7562·2f67·7275··e·/boot/grub/gru
002abac0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002abac0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002abad0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002abad0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002abae0:·7562·2f67·7275·622e·6366·670a·2020·7265··ub/grub.cfg.··re002abae0:·7562·2f67·7275·622e·6366·670a·2020·7265··ub/grub.cfg.··re
002abaf0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi002abaf0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
002abb00:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·002abb00:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
002abb10:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002abb20:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002abb30:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·' 
002abb40:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
002abb50:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002abb60:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002abb70:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis002abb10:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002abb20:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002abb30:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002abb40:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 002abb50:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
 002abb60:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002abb70:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
002abb80:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v002abb80:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
002abb90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002abb90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002abba0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002abba0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002abbb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002abbb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002abbc0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002abbc0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002abbd0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t002abbd0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
002abbe0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.002abbe0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
002abbf0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8002abbf0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 175054, 22 lines modifiedOffset 175054, 22 lines modified
002abcd0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·002abcd0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
002abce0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot002abce0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
002abcf0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·002abcf0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·
002abd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002abd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002abd10:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub002abd10:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub
002abd20:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·002abd20:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·
002abd30:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·002abd30:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
002abd40:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002abd50:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002abd60:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·' 
002abd70:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
002abd80:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002abd90:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002abda0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis002abd40:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002abd50:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002abd60:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002abd70:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 002abd80:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
 002abd90:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002abda0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
002abdb0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v002abdb0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
002abdc0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002abdc0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002abdd0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002abdd0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002abde0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002abde0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002abdf0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002abdf0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002abe00:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-002abe00:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
002abe10:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta002abe10:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
002abe20:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and002abe20:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 175119, 24 lines modifiedOffset 175119, 24 lines modified
002ac0e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>002ac0e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
002ac0f0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t002ac0f0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t
002ac100:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><002ac100:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
002ac110:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme002ac110:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
002ac120:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli002ac120:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
002ac130:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce002ac130:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
002ac140:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.002ac140:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 002ac150:·6966·205b·2021·202d·6620·2f73·7973·2f66··if·[·!·-f·/sys/f
002ac150:·6966·2064·706b·672d·7175·6572·7920·2d2d··if·dpkg-query·-- 
002ac160:·7368·6f77·202d·2d73·686f·7766·6f72·6d61··show·--showforma 
002ac170:·743d·2724·7b64·623a·5374·6174·7573·2d53··t='${db:Status-S 
002ac180:·7461·7475·737d·5c6e·2720·2767·7275·6232··tatus}\n'·'grub2 
002ac190:·2d63·6f6d·6d6f·6e27·2032·2667·743b·2f64··-common'·2&gt;/d 
002ac1a0:·6576·2f6e·756c·6c20·7c20·6772·6570·202d··ev/null·|·grep·- 
002ac1b0:·7120·696e·7374·616c·6c65·6420·2661·6d70··q·installed·&amp 
002ac1c0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s 
002ac1d0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·002ac160:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a
 002ac170:·6d70·3b26·616d·703b·2064·706b·672d·7175··mp;&amp;·dpkg-qu
 002ac180:·6572·7920·2d2d·7368·6f77·202d·2d73·686f··ery·--show·--sho
 002ac190:·7766·6f72·6d61·743d·2724·7b64·623a·5374··wformat='${db:St
 002ac1a0:·6174·7573·2d53·7461·7475·737d·5c6e·2720··atus-Status}\n'·
 002ac1b0:·2767·7275·6232·2d63·6f6d·6d6f·6e27·2032··'grub2-common'·2
 002ac1c0:·2667·743b·2f64·6576·2f6e·756c·6c20·7c20··&gt;/dev/null·|·
 002ac1d0:·6772·6570·202d·7120·696e·7374·616c·6c65··grep·-q·installe
002ac1e0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[002ac1e0:·6420·2661·6d70·3b26·616d·703b·207b·205b··d·&amp;&amp;·{·[
002ac1f0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren002ac1f0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
002ac200:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[002ac200:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
002ac210:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont002ac210:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
002ac220:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t002ac220:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
002ac230:·6865·6e0a·0a63·686f·776e·2030·202f·626f··hen..chown·0·/bo002ac230:·6865·6e0a·0a63·686f·776e·2030·202f·626f··hen..chown·0·/bo
002ac240:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg002ac240:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg
002ac250:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&002ac250:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
Offset 175587, 22 lines modifiedOffset 175587, 22 lines modified
002ade20:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002ade20:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002ade30:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002ade30:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002ade40:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat002ade40:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
002ade50:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002ade50:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002ade60:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.002ade60:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
002ade70:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002ade70:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002ade80:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002ade80:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002ade90:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002adea0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002adeb0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
002adec0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002aded0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
002adee0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002adef0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|002ade90:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 002adea0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 002adeb0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002adec0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
 002aded0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr
 002adee0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002adef0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
002adf00:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib002adf00:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
002adf10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002adf10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002adf20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002adf20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002adf30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002adf30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002adf40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002adf40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002adf50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002adf50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002adf60:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS002adf60:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS
002adf70:·542d·3830·302d·3137·312d·332e·342e·350a··T-800-171-3.4.5.002adf70:·542d·3830·302d·3137·312d·332e·342e·350a··T-800-171-3.4.5.
Offset 175622, 22 lines modifiedOffset 175622, 22 lines modified
002ae050:·752d·7873·2c67·2d78·7772·732c·6f2d·7877··u-xs,g-xwrs,o-xw002ae050:·752d·7873·2c67·2d78·7772·732c·6f2d·7877··u-xs,g-xwrs,o-xw
002ae060:·7274·206f·6e20·2f62·6f6f·742f·6772·7562··rt·on·/boot/grub002ae060:·7274·206f·6e20·2f62·6f6f·742f·6772·7562··rt·on·/boot/grub
002ae070:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file002ae070:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
002ae080:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002ae080:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002ae090:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.002ae090:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
002ae0a0:·2020·2020·6d6f·6465·3a20·752d·7873·2c67······mode:·u-xs,g002ae0a0:·2020·2020·6d6f·6465·3a20·752d·7873·2c67······mode:·u-xs,g
002ae0b0:·2d78·7772·732c·6f2d·7877·7274·0a20·2077··-xwrs,o-xwrt.··w002ae0b0:·2d78·7772·732c·6f2d·7877·7274·0a20·2077··-xwrs,o-xwrt.··w
Max diff block lines reached; 2788/13140 bytes (21.22%) of diff not shown.
3.85 KB
html2text {}
    
Offset 39172, 16 lines modifiedOffset 39172, 16 lines modified
39172 ··-·no_reboot_needed39172 ··-·no_reboot_needed
  
39173 -·name:·Test·for·existence·/boot/grub/grub.cfg39173 -·name:·Test·for·existence·/boot/grub/grub.cfg
39174 ··stat:39174 ··stat:
39175 ····path:·/boot/grub/grub.cfg39175 ····path:·/boot/grub/grub.cfg
39176 ··register:·file_exists39176 ··register:·file_exists
39177 ··when:39177 ··when:
39178 ··-·'"grub2-common"·in·ansible_facts.packages' 
39179 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39178 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39179 ··-·'"grub2-common"·in·ansible_facts.packages'
39180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39181 ··tags:39181 ··tags:
39182 ··-·CJIS-5.5.2.239182 ··-·CJIS-5.5.2.2
39183 ··-·NIST-800-171-3.4.539183 ··-·NIST-800-171-3.4.5
39184 ··-·NIST-800-53-AC-6(1)39184 ··-·NIST-800-53-AC-6(1)
39185 ··-·NIST-800-53-CM-6(a)39185 ··-·NIST-800-53-CM-6(a)
39186 ··-·PCI-DSS-Req-7.139186 ··-·PCI-DSS-Req-7.1
Offset 39193, 16 lines modifiedOffset 39193, 16 lines modified
39193 ··-·no_reboot_needed39193 ··-·no_reboot_needed
  
39194 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg39194 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
39195 ··file:39195 ··file:
39196 ····path:·/boot/grub/grub.cfg39196 ····path:·/boot/grub/grub.cfg
39197 ····owner:·'0'39197 ····owner:·'0'
39198 ··when:39198 ··when:
39199 ··-·'"grub2-common"·in·ansible_facts.packages' 
39200 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39199 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39200 ··-·'"grub2-common"·in·ansible_facts.packages'
39201 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39201 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39202 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39202 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39203 ··tags:39203 ··tags:
39204 ··-·CJIS-5.5.2.239204 ··-·CJIS-5.5.2.2
39205 ··-·NIST-800-171-3.4.539205 ··-·NIST-800-171-3.4.5
39206 ··-·NIST-800-53-AC-6(1)39206 ··-·NIST-800-53-AC-6(1)
39207 ··-·NIST-800-53-CM-6(a)39207 ··-·NIST-800-53-CM-6(a)
Offset 39214, 16 lines modifiedOffset 39214, 16 lines modified
39214 ··-·medium_severity39214 ··-·medium_severity
39215 ··-·no_reboot_needed39215 ··-·no_reboot_needed
39216 Remediation_Shell_script_⇲39216 Remediation_Shell_script_⇲
39217 Complexity:·low39217 Complexity:·low
39218 Disruption:·low39218 Disruption:·low
39219 Strategy:···configure39219 Strategy:···configure
39220 #·Remediation·is·applicable·only·in·certain·platforms39220 #·Remediation·is·applicable·only·in·certain·platforms
39221 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!39221 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
39222 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39222 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39223 chown·0·/boot/grub/grub.cfg39223 chown·0·/boot/grub/grub.cfg
  
39224 else39224 else
39225 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39225 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39226 fi39226 fi
39227 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***39227 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 39259, 16 lines modifiedOffset 39259, 16 lines modified
39259 ··-·no_reboot_needed39259 ··-·no_reboot_needed
  
39260 -·name:·Test·for·existence·/boot/grub/grub.cfg39260 -·name:·Test·for·existence·/boot/grub/grub.cfg
39261 ··stat:39261 ··stat:
39262 ····path:·/boot/grub/grub.cfg39262 ····path:·/boot/grub/grub.cfg
39263 ··register:·file_exists39263 ··register:·file_exists
39264 ··when:39264 ··when:
39265 ··-·'"grub2-common"·in·ansible_facts.packages' 
39266 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39265 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39266 ··-·'"grub2-common"·in·ansible_facts.packages'
39267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39268 ··tags:39268 ··tags:
39269 ··-·NIST-800-171-3.4.539269 ··-·NIST-800-171-3.4.5
39270 ··-·NIST-800-53-AC-6(1)39270 ··-·NIST-800-53-AC-6(1)
39271 ··-·NIST-800-53-CM-6(a)39271 ··-·NIST-800-53-CM-6(a)
39272 ··-·configure_strategy39272 ··-·configure_strategy
39273 ··-·file_permissions_grub2_cfg39273 ··-·file_permissions_grub2_cfg
Offset 39278, 16 lines modifiedOffset 39278, 16 lines modified
39278 ··-·no_reboot_needed39278 ··-·no_reboot_needed
  
39279 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg39279 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
39280 ··file:39280 ··file:
39281 ····path:·/boot/grub/grub.cfg39281 ····path:·/boot/grub/grub.cfg
39282 ····mode:·u-xs,g-xwrs,o-xwrt39282 ····mode:·u-xs,g-xwrs,o-xwrt
39283 ··when:39283 ··when:
39284 ··-·'"grub2-common"·in·ansible_facts.packages' 
39285 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39284 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39285 ··-·'"grub2-common"·in·ansible_facts.packages'
39286 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39286 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39287 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39287 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39288 ··tags:39288 ··tags:
39289 ··-·NIST-800-171-3.4.539289 ··-·NIST-800-171-3.4.5
39290 ··-·NIST-800-53-AC-6(1)39290 ··-·NIST-800-53-AC-6(1)
39291 ··-·NIST-800-53-CM-6(a)39291 ··-·NIST-800-53-CM-6(a)
39292 ··-·configure_strategy39292 ··-·configure_strategy
Offset 39297, 16 lines modifiedOffset 39297, 16 lines modified
39297 ··-·medium_severity39297 ··-·medium_severity
39298 ··-·no_reboot_needed39298 ··-·no_reboot_needed
39299 Remediation_Shell_script_⇲39299 Remediation_Shell_script_⇲
39300 Complexity:·low39300 Complexity:·low
39301 Disruption:·low39301 Disruption:·low
39302 Strategy:···configure39302 Strategy:···configure
39303 #·Remediation·is·applicable·only·in·certain·platforms39303 #·Remediation·is·applicable·only·in·certain·platforms
39304 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&39304 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
39305 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39305 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39306 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg39306 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
39307 else39307 else
39308 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39308 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39309 fi39309 fi
39310 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***39310 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_workstation.html
    
Offset 176573, 22 lines modifiedOffset 176573, 22 lines modified
002b1bc0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen002b1bc0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
002b1bd0:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr002b1bd0:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr
002b1be0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·002b1be0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
002b1bf0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002b1bf0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002b1c00:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r002b1c00:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r
002b1c10:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex002b1c10:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
002b1c20:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-002b1c20:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
 002b1c30:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002b1c40:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002b1c50:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
002b1c30:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002b1c40:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002b1c50:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
002b1c60:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002b1c70:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b1c80:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b1c90:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li002b1c60:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 002b1c70:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 002b1c80:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002b1c90:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
002b1ca0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_002b1ca0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
002b1cb0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002b1cb0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002b1cc0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002b1cc0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002b1cd0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002b1cd0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002b1ce0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002b1ce0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002b1cf0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002b1cf0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002b1d00:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5002b1d00:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
002b1d10:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-002b1d10:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 176608, 22 lines modifiedOffset 176608, 22 lines modified
002b1df0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002b1df0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002b1e00:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo002b1e00:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
002b1e10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.002b1e10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
002b1e20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path002b1e20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
002b1e30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru002b1e30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru
002b1e40:·622e·6366·670a·2020·2020·6f77·6e65·723a··b.cfg.····owner:002b1e40:·622e·6366·670a·2020·2020·6f77·6e65·723a··b.cfg.····owner:
002b1e50:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002b1e50:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
 002b1e60:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002b1e70:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002b1e80:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
002b1e60:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002b1e70:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002b1e80:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
002b1e90:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002b1ea0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b1eb0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b1ec0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li002b1e90:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 002b1ea0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 002b1eb0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002b1ec0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
002b1ed0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_002b1ed0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
002b1ee0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002b1ee0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002b1ef0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002b1ef0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002b1f00:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002b1f00:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002b1f10:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002b1f10:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002b1f20:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002b1f20:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002b1f30:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002b1f30:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002b1f40:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002b1f40:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 176673, 24 lines modifiedOffset 176673, 24 lines modified
002b2200:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th002b2200:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
002b2210:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</002b2210:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
002b2220:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>002b2220:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
002b2230:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem002b2230:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
002b2240:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl002b2240:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
002b2250:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c002b2250:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
002b2260:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms002b2260:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 002b2270:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/
002b2270:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·- 
002b2280:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform 
002b2290:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status- 
002b22a0:·5374·6174·7573·7d5c·6e27·2027·6772·7562··Status}\n'·'grub 
002b22b0:·322d·636f·6d6d·6f6e·2720·3226·6774·3b2f··2-common'·2&gt;/ 
002b22c0:·6465·762f·6e75·6c6c·207c·2067·7265·7020··dev/null·|·grep· 
002b22d0:·2d71·2069·6e73·7461·6c6c·6564·2026·616d··-q·installed·&am 
002b22e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/ 
002b22f0:·7379·732f·6669·726d·7761·7265·2f65·6669··sys/firmware/efi002b2280:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
 002b2290:·616d·703b·2661·6d70·3b20·6470·6b67·2d71··amp;&amp;·dpkg-q
 002b22a0:·7565·7279·202d·2d73·686f·7720·2d2d·7368··uery·--show·--sh
 002b22b0:·6f77·666f·726d·6174·3d27·247b·6462·3a53··owformat='${db:S
 002b22c0:·7461·7475·732d·5374·6174·7573·7d5c·6e27··tatus-Status}\n'
 002b22d0:·2027·6772·7562·322d·636f·6d6d·6f6e·2720···'grub2-common'·
 002b22e0:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·|
 002b22f0:·2067·7265·7020·2d71·2069·6e73·7461·6c6c···grep·-q·install
002b2300:·205d·2026·616d·703b·2661·6d70·3b20·7b20···]·&amp;&amp;·{·002b2300:·6564·2026·616d·703b·2661·6d70·3b20·7b20··ed·&amp;&amp;·{·
002b2310:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere002b2310:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
002b2320:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·002b2320:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
002b2330:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con002b2330:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
002b2340:·7461·696e·6572·656e·7620·5d3b·207d·3b20··tainerenv·];·};·002b2340:·7461·696e·6572·656e·7620·5d3b·207d·3b20··tainerenv·];·};·
002b2350:·7468·656e·0a0a·6368·6f77·6e20·3020·2f62··then..chown·0·/b002b2350:·7468·656e·0a0a·6368·6f77·6e20·3020·2f62··then..chown·0·/b
002b2360:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf002b2360:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf
002b2370:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;002b2370:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 177141, 22 lines modifiedOffset 177141, 22 lines modified
002b3f40:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi002b3f40:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
002b3f50:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru002b3f50:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
002b3f60:·622f·6772·7562·2e63·6667·0a20·2073·7461··b/grub.cfg.··sta002b3f60:·622f·6772·7562·2e63·6667·0a20·2073·7461··b/grub.cfg.··sta
002b3f70:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002b3f70:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002b3f80:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg002b3f80:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg
002b3f90:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil002b3f90:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
002b3fa0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:002b3fa0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
002b3fb0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
002b3fc0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
002b3fd0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
002b3fe0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002b3ff0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002b4000:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002b4010:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·002b3fb0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002b3fc0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 002b3fd0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 002b3fe0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 002b3ff0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 002b4000:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 002b4010:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
002b4020:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi002b4020:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
002b4030:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002b4030:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002b4040:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002b4040:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002b4050:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002b4050:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002b4060:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002b4060:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002b4070:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002b4070:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002b4080:·5d0a·2020·7461·6773·3a0a·2020·2d20·4e49··].··tags:.··-·NI002b4080:·5d0a·2020·7461·6773·3a0a·2020·2d20·4e49··].··tags:.··-·NI
002b4090:·5354·2d38·3030·2d31·3731·2d33·2e34·2e35··ST-800-171-3.4.5002b4090:·5354·2d38·3030·2d31·3731·2d33·2e34·2e35··ST-800-171-3.4.5
Offset 177176, 22 lines modifiedOffset 177176, 22 lines modified
002b4170:·2075·2d78·732c·672d·7877·7273·2c6f·2d78···u-xs,g-xwrs,o-x002b4170:·2075·2d78·732c·672d·7877·7273·2c6f·2d78···u-xs,g-xwrs,o-x
002b4180:·7772·7420·6f6e·202f·626f·6f74·2f67·7275··wrt·on·/boot/gru002b4180:·7772·7420·6f6e·202f·626f·6f74·2f67·7275··wrt·on·/boot/gru
002b4190:·622f·6772·7562·2e63·6667·0a20·2066·696c··b/grub.cfg.··fil002b4190:·622f·6772·7562·2e63·6667·0a20·2066·696c··b/grub.cfg.··fil
002b41a0:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo002b41a0:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
002b41b0:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg002b41b0:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg
002b41c0:·0a20·2020·206d·6f64·653a·2075·2d78·732c··.····mode:·u-xs,002b41c0:·0a20·2020·206d·6f64·653a·2075·2d78·732c··.····mode:·u-xs,
002b41d0:·672d·7877·7273·2c6f·2d78·7772·740a·2020··g-xwrs,o-xwrt.··002b41d0:·672d·7877·7273·2c6f·2d78·7772·740a·2020··g-xwrs,o-xwrt.··
Max diff block lines reached; 2788/13140 bytes (21.22%) of diff not shown.
3.85 KB
html2text {}
    
Offset 39409, 16 lines modifiedOffset 39409, 16 lines modified
39409 ··-·no_reboot_needed39409 ··-·no_reboot_needed
  
39410 -·name:·Test·for·existence·/boot/grub/grub.cfg39410 -·name:·Test·for·existence·/boot/grub/grub.cfg
39411 ··stat:39411 ··stat:
39412 ····path:·/boot/grub/grub.cfg39412 ····path:·/boot/grub/grub.cfg
39413 ··register:·file_exists39413 ··register:·file_exists
39414 ··when:39414 ··when:
39415 ··-·'"grub2-common"·in·ansible_facts.packages' 
39416 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39415 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39416 ··-·'"grub2-common"·in·ansible_facts.packages'
39417 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39417 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39418 ··tags:39418 ··tags:
39419 ··-·CJIS-5.5.2.239419 ··-·CJIS-5.5.2.2
39420 ··-·NIST-800-171-3.4.539420 ··-·NIST-800-171-3.4.5
39421 ··-·NIST-800-53-AC-6(1)39421 ··-·NIST-800-53-AC-6(1)
39422 ··-·NIST-800-53-CM-6(a)39422 ··-·NIST-800-53-CM-6(a)
39423 ··-·PCI-DSS-Req-7.139423 ··-·PCI-DSS-Req-7.1
Offset 39430, 16 lines modifiedOffset 39430, 16 lines modified
39430 ··-·no_reboot_needed39430 ··-·no_reboot_needed
  
39431 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg39431 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
39432 ··file:39432 ··file:
39433 ····path:·/boot/grub/grub.cfg39433 ····path:·/boot/grub/grub.cfg
39434 ····owner:·'0'39434 ····owner:·'0'
39435 ··when:39435 ··when:
39436 ··-·'"grub2-common"·in·ansible_facts.packages' 
39437 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39436 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39437 ··-·'"grub2-common"·in·ansible_facts.packages'
39438 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39438 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39439 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39439 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39440 ··tags:39440 ··tags:
39441 ··-·CJIS-5.5.2.239441 ··-·CJIS-5.5.2.2
39442 ··-·NIST-800-171-3.4.539442 ··-·NIST-800-171-3.4.5
39443 ··-·NIST-800-53-AC-6(1)39443 ··-·NIST-800-53-AC-6(1)
39444 ··-·NIST-800-53-CM-6(a)39444 ··-·NIST-800-53-CM-6(a)
Offset 39451, 16 lines modifiedOffset 39451, 16 lines modified
39451 ··-·medium_severity39451 ··-·medium_severity
39452 ··-·no_reboot_needed39452 ··-·no_reboot_needed
39453 Remediation_Shell_script_⇲39453 Remediation_Shell_script_⇲
39454 Complexity:·low39454 Complexity:·low
39455 Disruption:·low39455 Disruption:·low
39456 Strategy:···configure39456 Strategy:···configure
39457 #·Remediation·is·applicable·only·in·certain·platforms39457 #·Remediation·is·applicable·only·in·certain·platforms
39458 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!39458 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
39459 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39459 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39460 chown·0·/boot/grub/grub.cfg39460 chown·0·/boot/grub/grub.cfg
  
39461 else39461 else
39462 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39462 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39463 fi39463 fi
39464 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***39464 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 39496, 16 lines modifiedOffset 39496, 16 lines modified
39496 ··-·no_reboot_needed39496 ··-·no_reboot_needed
  
39497 -·name:·Test·for·existence·/boot/grub/grub.cfg39497 -·name:·Test·for·existence·/boot/grub/grub.cfg
39498 ··stat:39498 ··stat:
39499 ····path:·/boot/grub/grub.cfg39499 ····path:·/boot/grub/grub.cfg
39500 ··register:·file_exists39500 ··register:·file_exists
39501 ··when:39501 ··when:
39502 ··-·'"grub2-common"·in·ansible_facts.packages' 
39503 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39502 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39503 ··-·'"grub2-common"·in·ansible_facts.packages'
39504 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39504 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39505 ··tags:39505 ··tags:
39506 ··-·NIST-800-171-3.4.539506 ··-·NIST-800-171-3.4.5
39507 ··-·NIST-800-53-AC-6(1)39507 ··-·NIST-800-53-AC-6(1)
39508 ··-·NIST-800-53-CM-6(a)39508 ··-·NIST-800-53-CM-6(a)
39509 ··-·configure_strategy39509 ··-·configure_strategy
39510 ··-·file_permissions_grub2_cfg39510 ··-·file_permissions_grub2_cfg
Offset 39515, 16 lines modifiedOffset 39515, 16 lines modified
39515 ··-·no_reboot_needed39515 ··-·no_reboot_needed
  
39516 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg39516 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
39517 ··file:39517 ··file:
39518 ····path:·/boot/grub/grub.cfg39518 ····path:·/boot/grub/grub.cfg
39519 ····mode:·u-xs,g-xwrs,o-xwrt39519 ····mode:·u-xs,g-xwrs,o-xwrt
39520 ··when:39520 ··when:
39521 ··-·'"grub2-common"·in·ansible_facts.packages' 
39522 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39521 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39522 ··-·'"grub2-common"·in·ansible_facts.packages'
39523 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39523 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39524 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39524 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39525 ··tags:39525 ··tags:
39526 ··-·NIST-800-171-3.4.539526 ··-·NIST-800-171-3.4.5
39527 ··-·NIST-800-53-AC-6(1)39527 ··-·NIST-800-53-AC-6(1)
39528 ··-·NIST-800-53-CM-6(a)39528 ··-·NIST-800-53-CM-6(a)
39529 ··-·configure_strategy39529 ··-·configure_strategy
Offset 39534, 16 lines modifiedOffset 39534, 16 lines modified
39534 ··-·medium_severity39534 ··-·medium_severity
39535 ··-·no_reboot_needed39535 ··-·no_reboot_needed
39536 Remediation_Shell_script_⇲39536 Remediation_Shell_script_⇲
39537 Complexity:·low39537 Complexity:·low
39538 Disruption:·low39538 Disruption:·low
39539 Strategy:···configure39539 Strategy:···configure
39540 #·Remediation·is·applicable·only·in·certain·platforms39540 #·Remediation·is·applicable·only·in·certain·platforms
39541 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&39541 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
39542 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39542 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39543 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg39543 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
39544 else39544 else
39545 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39545 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39546 fi39546 fi
39547 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***39547 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
11.5 KB
./usr/share/scap-security-guide/ansible/ubuntu1804-playbook-cis.yml
Ordering differences only
    
Offset 138, 16 lines modifiedOffset 138, 16 lines modified
138 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/138 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
139 ······find:139 ······find:
140 ········paths:·/etc/audit/rules.d140 ········paths:·/etc/audit/rules.d
141 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+141 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
142 ········patterns:·'*.rules'142 ········patterns:·'*.rules'
143 ······register:·find_existing_watch_rules_d143 ······register:·find_existing_watch_rules_d
144 ······when:144 ······when:
145 ······-·'"audit"·in·ansible_facts.packages' 
146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]145 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 146 ······-·'"audit"·in·ansible_facts.packages'
147 ······tags:147 ······tags:
148 ······-·CJIS-5.4.1.1148 ······-·CJIS-5.4.1.1
149 ······-·NIST-800-171-3.1.7149 ······-·NIST-800-171-3.1.7
150 ······-·NIST-800-53-AC-2(7)(b)150 ······-·NIST-800-53-AC-2(7)(b)
151 ······-·NIST-800-53-AC-6(9)151 ······-·NIST-800-53-AC-6(9)
152 ······-·NIST-800-53-AU-12(c)152 ······-·NIST-800-53-AU-12(c)
153 ······-·NIST-800-53-AU-2(d)153 ······-·NIST-800-53-AU-2(d)
Offset 164, 16 lines modifiedOffset 164, 16 lines modified
164 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions164 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
165 ······find:165 ······find:
166 ········paths:·/etc/audit/rules.d166 ········paths:·/etc/audit/rules.d
167 ········contains:·^.*(?:-F·key=|-k\s+)actions$167 ········contains:·^.*(?:-F·key=|-k\s+)actions$
168 ········patterns:·'*.rules'168 ········patterns:·'*.rules'
169 ······register:·find_watch_key169 ······register:·find_watch_key
170 ······when:170 ······when:
171 ······-·'"audit"·in·ansible_facts.packages' 
172 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]171 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 172 ······-·'"audit"·in·ansible_facts.packages'
173 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched173 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
174 ········==·0174 ········==·0
175 ······tags:175 ······tags:
176 ······-·CJIS-5.4.1.1176 ······-·CJIS-5.4.1.1
177 ······-·NIST-800-171-3.1.7177 ······-·NIST-800-171-3.1.7
178 ······-·NIST-800-53-AC-2(7)(b)178 ······-·NIST-800-53-AC-2(7)(b)
179 ······-·NIST-800-53-AC-6(9)179 ······-·NIST-800-53-AC-6(9)
Offset 190, 16 lines modifiedOffset 190, 16 lines modified
190 ······-·restrict_strategy190 ······-·restrict_strategy
  
191 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule191 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
192 ······set_fact:192 ······set_fact:
193 ········all_files:193 ········all_files:
194 ········-·/etc/audit/rules.d/actions.rules194 ········-·/etc/audit/rules.d/actions.rules
195 ······when:195 ······when:
196 ······-·'"audit"·in·ansible_facts.packages' 
197 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]196 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 197 ······-·'"audit"·in·ansible_facts.packages'
198 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched198 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
199 ········is·defined·and·find_existing_watch_rules_d.matched·==·0199 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
200 ······tags:200 ······tags:
201 ······-·CJIS-5.4.1.1201 ······-·CJIS-5.4.1.1
202 ······-·NIST-800-171-3.1.7202 ······-·NIST-800-171-3.1.7
203 ······-·NIST-800-53-AC-2(7)(b)203 ······-·NIST-800-53-AC-2(7)(b)
204 ······-·NIST-800-53-AC-6(9)204 ······-·NIST-800-53-AC-6(9)
Offset 216, 16 lines modifiedOffset 216, 16 lines modified
216 ······-·restrict_strategy216 ······-·restrict_strategy
  
217 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule217 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
218 ······set_fact:218 ······set_fact:
219 ········all_files:219 ········all_files:
220 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'220 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
221 ······when:221 ······when:
222 ······-·'"audit"·in·ansible_facts.packages' 
223 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 223 ······-·'"audit"·in·ansible_facts.packages'
224 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched224 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
225 ········is·defined·and·find_existing_watch_rules_d.matched·==·0225 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
226 ······tags:226 ······tags:
227 ······-·CJIS-5.4.1.1227 ······-·CJIS-5.4.1.1
228 ······-·NIST-800-171-3.1.7228 ······-·NIST-800-171-3.1.7
229 ······-·NIST-800-53-AC-2(7)(b)229 ······-·NIST-800-53-AC-2(7)(b)
230 ······-·NIST-800-53-AC-6(9)230 ······-·NIST-800-53-AC-6(9)
Offset 244, 16 lines modifiedOffset 244, 16 lines modified
244 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/244 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
245 ······lineinfile:245 ······lineinfile:
246 ········path:·'{{·all_files[0]·}}'246 ········path:·'{{·all_files[0]·}}'
247 ········line:·-w·/etc/sudoers·-p·wa·-k·actions247 ········line:·-w·/etc/sudoers·-p·wa·-k·actions
248 ········create:·true248 ········create:·true
249 ········mode:·'0640'249 ········mode:·'0640'
250 ······when:250 ······when:
251 ······-·'"audit"·in·ansible_facts.packages' 
252 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]251 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 252 ······-·'"audit"·in·ansible_facts.packages'
253 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched253 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
254 ········==·0254 ········==·0
255 ······tags:255 ······tags:
256 ······-·CJIS-5.4.1.1256 ······-·CJIS-5.4.1.1
257 ······-·NIST-800-171-3.1.7257 ······-·NIST-800-171-3.1.7
258 ······-·NIST-800-53-AC-2(7)(b)258 ······-·NIST-800-53-AC-2(7)(b)
259 ······-·NIST-800-53-AC-6(9)259 ······-·NIST-800-53-AC-6(9)
Offset 272, 16 lines modifiedOffset 272, 16 lines modified
272 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/audit.rules272 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/audit.rules
273 ······find:273 ······find:
274 ········paths:·/etc/audit/274 ········paths:·/etc/audit/
275 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+275 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
276 ········patterns:·audit.rules276 ········patterns:·audit.rules
277 ······register:·find_existing_watch_audit_rules277 ······register:·find_existing_watch_audit_rules
278 ······when:278 ······when:
279 ······-·'"audit"·in·ansible_facts.packages' 
280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]279 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 280 ······-·'"audit"·in·ansible_facts.packages'
281 ······tags:281 ······tags:
282 ······-·CJIS-5.4.1.1282 ······-·CJIS-5.4.1.1
283 ······-·NIST-800-171-3.1.7283 ······-·NIST-800-171-3.1.7
284 ······-·NIST-800-53-AC-2(7)(b)284 ······-·NIST-800-53-AC-2(7)(b)
285 ······-·NIST-800-53-AC-6(9)285 ······-·NIST-800-53-AC-6(9)
286 ······-·NIST-800-53-AU-12(c)286 ······-·NIST-800-53-AU-12(c)
287 ······-·NIST-800-53-AU-2(d)287 ······-·NIST-800-53-AU-2(d)
Offset 299, 16 lines modifiedOffset 299, 16 lines modified
299 ······lineinfile:299 ······lineinfile:
300 ········line:·-w·/etc/sudoers·-p·wa·-k·actions300 ········line:·-w·/etc/sudoers·-p·wa·-k·actions
301 ········state:·present301 ········state:·present
302 ········dest:·/etc/audit/audit.rules302 ········dest:·/etc/audit/audit.rules
303 ········create:·true303 ········create:·true
304 ········mode:·'0640'304 ········mode:·'0640'
305 ······when:305 ······when:
306 ······-·'"audit"·in·ansible_facts.packages' 
307 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]306 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 307 ······-·'"audit"·in·ansible_facts.packages'
308 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched308 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
309 ········==·0309 ········==·0
310 ······tags:310 ······tags:
311 ······-·CJIS-5.4.1.1311 ······-·CJIS-5.4.1.1
312 ······-·NIST-800-171-3.1.7312 ······-·NIST-800-171-3.1.7
313 ······-·NIST-800-53-AC-2(7)(b)313 ······-·NIST-800-53-AC-2(7)(b)
314 ······-·NIST-800-53-AC-6(9)314 ······-·NIST-800-53-AC-6(9)
Offset 327, 16 lines modifiedOffset 327, 16 lines modified
327 ····-·name:·Check·if·watch·rule·for·/etc/sudoers.d/·already·exists·in·/etc/audit/rules.d/327 ····-·name:·Check·if·watch·rule·for·/etc/sudoers.d/·already·exists·in·/etc/audit/rules.d/
Max diff block lines reached; 6662/11573 bytes (57.57%) of diff not shown.
2.8 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level1_server.yml
Ordering differences only
    
Offset 1092, 16 lines modifiedOffset 1092, 16 lines modified
1092 ······-·no_reboot_needed1092 ······-·no_reboot_needed
  
1093 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1093 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1094 ······stat:1094 ······stat:
1095 ········path:·/boot/grub/grub.cfg1095 ········path:·/boot/grub/grub.cfg
1096 ······register:·file_exists1096 ······register:·file_exists
1097 ······when:1097 ······when:
1098 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1099 ······-·'"grub2-common"·in·ansible_facts.packages'1098 ······-·'"grub2-common"·in·ansible_facts.packages'
 1099 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1100 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1100 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1101 ······tags:1101 ······tags:
1102 ······-·CJIS-5.5.2.21102 ······-·CJIS-5.5.2.2
1103 ······-·NIST-800-171-3.4.51103 ······-·NIST-800-171-3.4.5
1104 ······-·NIST-800-53-AC-6(1)1104 ······-·NIST-800-53-AC-6(1)
1105 ······-·NIST-800-53-CM-6(a)1105 ······-·NIST-800-53-CM-6(a)
1106 ······-·PCI-DSS-Req-7.11106 ······-·PCI-DSS-Req-7.1
Offset 1113, 16 lines modifiedOffset 1113, 16 lines modified
1113 ······-·no_reboot_needed1113 ······-·no_reboot_needed
  
1114 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1114 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1115 ······file:1115 ······file:
1116 ········path:·/boot/grub/grub.cfg1116 ········path:·/boot/grub/grub.cfg
1117 ········owner:·'0'1117 ········owner:·'0'
1118 ······when:1118 ······when:
1119 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1120 ······-·'"grub2-common"·in·ansible_facts.packages'1119 ······-·'"grub2-common"·in·ansible_facts.packages'
 1120 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1121 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1121 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1122 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1122 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1123 ······tags:1123 ······tags:
1124 ······-·CJIS-5.5.2.21124 ······-·CJIS-5.5.2.2
1125 ······-·NIST-800-171-3.4.51125 ······-·NIST-800-171-3.4.5
1126 ······-·NIST-800-53-AC-6(1)1126 ······-·NIST-800-53-AC-6(1)
1127 ······-·NIST-800-53-CM-6(a)1127 ······-·NIST-800-53-CM-6(a)
Offset 1150, 16 lines modifiedOffset 1150, 16 lines modified
1150 ······-·no_reboot_needed1150 ······-·no_reboot_needed
  
1151 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1151 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1152 ······stat:1152 ······stat:
1153 ········path:·/boot/grub/grub.cfg1153 ········path:·/boot/grub/grub.cfg
1154 ······register:·file_exists1154 ······register:·file_exists
1155 ······when:1155 ······when:
1156 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1157 ······-·'"grub2-common"·in·ansible_facts.packages'1156 ······-·'"grub2-common"·in·ansible_facts.packages'
 1157 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1159 ······tags:1159 ······tags:
1160 ······-·NIST-800-171-3.4.51160 ······-·NIST-800-171-3.4.5
1161 ······-·NIST-800-53-AC-6(1)1161 ······-·NIST-800-53-AC-6(1)
1162 ······-·NIST-800-53-CM-6(a)1162 ······-·NIST-800-53-CM-6(a)
1163 ······-·configure_strategy1163 ······-·configure_strategy
1164 ······-·file_permissions_grub2_cfg1164 ······-·file_permissions_grub2_cfg
Offset 1169, 16 lines modifiedOffset 1169, 16 lines modified
1169 ······-·no_reboot_needed1169 ······-·no_reboot_needed
  
1170 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1170 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1171 ······file:1171 ······file:
1172 ········path:·/boot/grub/grub.cfg1172 ········path:·/boot/grub/grub.cfg
1173 ········mode:·u-xs,g-xwrs,o-xwrt1173 ········mode:·u-xs,g-xwrs,o-xwrt
1174 ······when:1174 ······when:
1175 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1176 ······-·'"grub2-common"·in·ansible_facts.packages'1175 ······-·'"grub2-common"·in·ansible_facts.packages'
 1176 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1177 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1177 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1178 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1178 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1179 ······tags:1179 ······tags:
1180 ······-·NIST-800-171-3.4.51180 ······-·NIST-800-171-3.4.5
1181 ······-·NIST-800-53-AC-6(1)1181 ······-·NIST-800-53-AC-6(1)
1182 ······-·NIST-800-53-CM-6(a)1182 ······-·NIST-800-53-CM-6(a)
1183 ······-·configure_strategy1183 ······-·configure_strategy
2.81 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level1_workstation.yml
Ordering differences only
    
Offset 1061, 16 lines modifiedOffset 1061, 16 lines modified
1061 ······-·no_reboot_needed1061 ······-·no_reboot_needed
  
1062 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1062 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1063 ······stat:1063 ······stat:
1064 ········path:·/boot/grub/grub.cfg1064 ········path:·/boot/grub/grub.cfg
1065 ······register:·file_exists1065 ······register:·file_exists
1066 ······when:1066 ······when:
1067 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1068 ······-·'"grub2-common"·in·ansible_facts.packages'1067 ······-·'"grub2-common"·in·ansible_facts.packages'
 1068 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1069 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1069 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1070 ······tags:1070 ······tags:
1071 ······-·CJIS-5.5.2.21071 ······-·CJIS-5.5.2.2
1072 ······-·NIST-800-171-3.4.51072 ······-·NIST-800-171-3.4.5
1073 ······-·NIST-800-53-AC-6(1)1073 ······-·NIST-800-53-AC-6(1)
1074 ······-·NIST-800-53-CM-6(a)1074 ······-·NIST-800-53-CM-6(a)
1075 ······-·PCI-DSS-Req-7.11075 ······-·PCI-DSS-Req-7.1
Offset 1082, 16 lines modifiedOffset 1082, 16 lines modified
1082 ······-·no_reboot_needed1082 ······-·no_reboot_needed
  
1083 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1083 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1084 ······file:1084 ······file:
1085 ········path:·/boot/grub/grub.cfg1085 ········path:·/boot/grub/grub.cfg
1086 ········owner:·'0'1086 ········owner:·'0'
1087 ······when:1087 ······when:
1088 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1089 ······-·'"grub2-common"·in·ansible_facts.packages'1088 ······-·'"grub2-common"·in·ansible_facts.packages'
 1089 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1090 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1090 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1091 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1091 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1092 ······tags:1092 ······tags:
1093 ······-·CJIS-5.5.2.21093 ······-·CJIS-5.5.2.2
1094 ······-·NIST-800-171-3.4.51094 ······-·NIST-800-171-3.4.5
1095 ······-·NIST-800-53-AC-6(1)1095 ······-·NIST-800-53-AC-6(1)
1096 ······-·NIST-800-53-CM-6(a)1096 ······-·NIST-800-53-CM-6(a)
Offset 1119, 16 lines modifiedOffset 1119, 16 lines modified
1119 ······-·no_reboot_needed1119 ······-·no_reboot_needed
  
1120 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1120 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1121 ······stat:1121 ······stat:
1122 ········path:·/boot/grub/grub.cfg1122 ········path:·/boot/grub/grub.cfg
1123 ······register:·file_exists1123 ······register:·file_exists
1124 ······when:1124 ······when:
1125 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1126 ······-·'"grub2-common"·in·ansible_facts.packages'1125 ······-·'"grub2-common"·in·ansible_facts.packages'
 1126 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1127 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1127 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1128 ······tags:1128 ······tags:
1129 ······-·NIST-800-171-3.4.51129 ······-·NIST-800-171-3.4.5
1130 ······-·NIST-800-53-AC-6(1)1130 ······-·NIST-800-53-AC-6(1)
1131 ······-·NIST-800-53-CM-6(a)1131 ······-·NIST-800-53-CM-6(a)
1132 ······-·configure_strategy1132 ······-·configure_strategy
1133 ······-·file_permissions_grub2_cfg1133 ······-·file_permissions_grub2_cfg
Offset 1138, 16 lines modifiedOffset 1138, 16 lines modified
1138 ······-·no_reboot_needed1138 ······-·no_reboot_needed
  
1139 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1139 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1140 ······file:1140 ······file:
1141 ········path:·/boot/grub/grub.cfg1141 ········path:·/boot/grub/grub.cfg
1142 ········mode:·u-xs,g-xwrs,o-xwrt1142 ········mode:·u-xs,g-xwrs,o-xwrt
1143 ······when:1143 ······when:
1144 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1145 ······-·'"grub2-common"·in·ansible_facts.packages'1144 ······-·'"grub2-common"·in·ansible_facts.packages'
 1145 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1148 ······tags:1148 ······tags:
1149 ······-·NIST-800-171-3.4.51149 ······-·NIST-800-171-3.4.5
1150 ······-·NIST-800-53-AC-6(1)1150 ······-·NIST-800-53-AC-6(1)
1151 ······-·NIST-800-53-CM-6(a)1151 ······-·NIST-800-53-CM-6(a)
1152 ······-·configure_strategy1152 ······-·configure_strategy
127 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level2_server.yml
Ordering differences only
    
Offset 1183, 16 lines modifiedOffset 1183, 16 lines modified
  
1183 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1183 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1184 ······find:1184 ······find:
1185 ········paths:·/etc/audit/rules.d/1185 ········paths:·/etc/audit/rules.d/
1186 ········patterns:·'*.rules'1186 ········patterns:·'*.rules'
1187 ······register:·find_rules_d1187 ······register:·find_rules_d
1188 ······when:1188 ······when:
1189 ······-·'"auditd"·in·ansible_facts.packages' 
1190 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1189 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1190 ······-·'"auditd"·in·ansible_facts.packages'
1191 ······tags:1191 ······tags:
1192 ······-·CJIS-5.4.1.11192 ······-·CJIS-5.4.1.1
1193 ······-·NIST-800-171-3.3.11193 ······-·NIST-800-171-3.3.1
1194 ······-·NIST-800-171-3.4.31194 ······-·NIST-800-171-3.4.3
1195 ······-·NIST-800-53-AC-6(9)1195 ······-·NIST-800-53-AC-6(9)
1196 ······-·NIST-800-53-CM-6(a)1196 ······-·NIST-800-53-CM-6(a)
1197 ······-·PCI-DSS-Req-10.5.21197 ······-·PCI-DSS-Req-10.5.2
Offset 1207, 16 lines modifiedOffset 1207, 16 lines modified
1207 ······lineinfile:1207 ······lineinfile:
1208 ········path:·'{{·item·}}'1208 ········path:·'{{·item·}}'
1209 ········regexp:·^\s*(?:-e)\s+.*$1209 ········regexp:·^\s*(?:-e)\s+.*$
1210 ········state:·absent1210 ········state:·absent
1211 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1211 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1212 ········}}'1212 ········}}'
1213 ······when:1213 ······when:
1214 ······-·'"auditd"·in·ansible_facts.packages' 
1215 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1214 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1215 ······-·'"auditd"·in·ansible_facts.packages'
1216 ······tags:1216 ······tags:
1217 ······-·CJIS-5.4.1.11217 ······-·CJIS-5.4.1.1
1218 ······-·NIST-800-171-3.3.11218 ······-·NIST-800-171-3.3.1
1219 ······-·NIST-800-171-3.4.31219 ······-·NIST-800-171-3.4.3
1220 ······-·NIST-800-53-AC-6(9)1220 ······-·NIST-800-53-AC-6(9)
1221 ······-·NIST-800-53-CM-6(a)1221 ······-·NIST-800-53-CM-6(a)
1222 ······-·PCI-DSS-Req-10.5.21222 ······-·PCI-DSS-Req-10.5.2
Offset 1233, 16 lines modifiedOffset 1233, 16 lines modified
1233 ········create:·true1233 ········create:·true
1234 ········line:·-e·21234 ········line:·-e·2
1235 ········mode:·o-rwx1235 ········mode:·o-rwx
1236 ······loop:1236 ······loop:
1237 ······-·/etc/audit/audit.rules1237 ······-·/etc/audit/audit.rules
1238 ······-·/etc/audit/rules.d/immutable.rules1238 ······-·/etc/audit/rules.d/immutable.rules
1239 ······when:1239 ······when:
1240 ······-·'"auditd"·in·ansible_facts.packages' 
1241 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1240 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1241 ······-·'"auditd"·in·ansible_facts.packages'
1242 ······tags:1242 ······tags:
1243 ······-·CJIS-5.4.1.11243 ······-·CJIS-5.4.1.1
1244 ······-·NIST-800-171-3.3.11244 ······-·NIST-800-171-3.3.1
1245 ······-·NIST-800-171-3.4.31245 ······-·NIST-800-171-3.4.3
1246 ······-·NIST-800-53-AC-6(9)1246 ······-·NIST-800-53-AC-6(9)
1247 ······-·NIST-800-53-CM-6(a)1247 ······-·NIST-800-53-CM-6(a)
1248 ······-·PCI-DSS-Req-10.5.21248 ······-·PCI-DSS-Req-10.5.2
Offset 1277, 16 lines modifiedOffset 1277, 16 lines modified
1277 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1277 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1278 ······find:1278 ······find:
1279 ········paths:·/etc/audit/rules.d1279 ········paths:·/etc/audit/rules.d
1280 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1280 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1281 ········patterns:·'*.rules'1281 ········patterns:·'*.rules'
1282 ······register:·find_existing_watch_rules_d1282 ······register:·find_existing_watch_rules_d
1283 ······when:1283 ······when:
1284 ······-·'"auditd"·in·ansible_facts.packages' 
1285 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1285 ······-·'"auditd"·in·ansible_facts.packages'
1286 ······tags:1286 ······tags:
1287 ······-·CJIS-5.4.1.11287 ······-·CJIS-5.4.1.1
1288 ······-·NIST-800-171-3.1.71288 ······-·NIST-800-171-3.1.7
1289 ······-·NIST-800-53-AC-2(7)(b)1289 ······-·NIST-800-53-AC-2(7)(b)
1290 ······-·NIST-800-53-AC-6(9)1290 ······-·NIST-800-53-AC-6(9)
1291 ······-·NIST-800-53-AU-12(c)1291 ······-·NIST-800-53-AU-12(c)
1292 ······-·NIST-800-53-AU-2(d)1292 ······-·NIST-800-53-AU-2(d)
Offset 1303, 16 lines modifiedOffset 1303, 16 lines modified
1303 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1303 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1304 ······find:1304 ······find:
1305 ········paths:·/etc/audit/rules.d1305 ········paths:·/etc/audit/rules.d
1306 ········contains:·^.*(?:-F·key=|-k\s+)actions$1306 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1307 ········patterns:·'*.rules'1307 ········patterns:·'*.rules'
1308 ······register:·find_watch_key1308 ······register:·find_watch_key
1309 ······when:1309 ······when:
1310 ······-·'"auditd"·in·ansible_facts.packages' 
1311 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1310 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1311 ······-·'"auditd"·in·ansible_facts.packages'
1312 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1312 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1313 ········==·01313 ········==·0
1314 ······tags:1314 ······tags:
1315 ······-·CJIS-5.4.1.11315 ······-·CJIS-5.4.1.1
1316 ······-·NIST-800-171-3.1.71316 ······-·NIST-800-171-3.1.7
1317 ······-·NIST-800-53-AC-2(7)(b)1317 ······-·NIST-800-53-AC-2(7)(b)
1318 ······-·NIST-800-53-AC-6(9)1318 ······-·NIST-800-53-AC-6(9)
Offset 1329, 16 lines modifiedOffset 1329, 16 lines modified
1329 ······-·restrict_strategy1329 ······-·restrict_strategy
  
1330 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1330 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1331 ······set_fact:1331 ······set_fact:
1332 ········all_files:1332 ········all_files:
1333 ········-·/etc/audit/rules.d/actions.rules1333 ········-·/etc/audit/rules.d/actions.rules
1334 ······when:1334 ······when:
1335 ······-·'"auditd"·in·ansible_facts.packages' 
1336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1335 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1336 ······-·'"auditd"·in·ansible_facts.packages'
1337 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1337 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1338 ········is·defined·and·find_existing_watch_rules_d.matched·==·01338 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1339 ······tags:1339 ······tags:
1340 ······-·CJIS-5.4.1.11340 ······-·CJIS-5.4.1.1
1341 ······-·NIST-800-171-3.1.71341 ······-·NIST-800-171-3.1.7
1342 ······-·NIST-800-53-AC-2(7)(b)1342 ······-·NIST-800-53-AC-2(7)(b)
1343 ······-·NIST-800-53-AC-6(9)1343 ······-·NIST-800-53-AC-6(9)
Offset 1355, 16 lines modifiedOffset 1355, 16 lines modified
1355 ······-·restrict_strategy1355 ······-·restrict_strategy
  
1356 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1356 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1357 ······set_fact:1357 ······set_fact:
1358 ········all_files:1358 ········all_files:
1359 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1359 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1360 ······when:1360 ······when:
1361 ······-·'"auditd"·in·ansible_facts.packages' 
1362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1361 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1362 ······-·'"auditd"·in·ansible_facts.packages'
1363 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1363 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1364 ········is·defined·and·find_existing_watch_rules_d.matched·==·01364 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1365 ······tags:1365 ······tags:
1366 ······-·CJIS-5.4.1.11366 ······-·CJIS-5.4.1.1
1367 ······-·NIST-800-171-3.1.71367 ······-·NIST-800-171-3.1.7
1368 ······-·NIST-800-53-AC-2(7)(b)1368 ······-·NIST-800-53-AC-2(7)(b)
1369 ······-·NIST-800-53-AC-6(9)1369 ······-·NIST-800-53-AC-6(9)
Offset 1383, 16 lines modifiedOffset 1383, 16 lines modified
1383 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1383 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 124928/129622 bytes (96.38%) of diff not shown.
127 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level2_workstation.yml
Ordering differences only
    
Offset 1152, 16 lines modifiedOffset 1152, 16 lines modified
  
1152 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1152 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1153 ······find:1153 ······find:
1154 ········paths:·/etc/audit/rules.d/1154 ········paths:·/etc/audit/rules.d/
1155 ········patterns:·'*.rules'1155 ········patterns:·'*.rules'
1156 ······register:·find_rules_d1156 ······register:·find_rules_d
1157 ······when:1157 ······when:
1158 ······-·'"auditd"·in·ansible_facts.packages' 
1159 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1159 ······-·'"auditd"·in·ansible_facts.packages'
1160 ······tags:1160 ······tags:
1161 ······-·CJIS-5.4.1.11161 ······-·CJIS-5.4.1.1
1162 ······-·NIST-800-171-3.3.11162 ······-·NIST-800-171-3.3.1
1163 ······-·NIST-800-171-3.4.31163 ······-·NIST-800-171-3.4.3
1164 ······-·NIST-800-53-AC-6(9)1164 ······-·NIST-800-53-AC-6(9)
1165 ······-·NIST-800-53-CM-6(a)1165 ······-·NIST-800-53-CM-6(a)
1166 ······-·PCI-DSS-Req-10.5.21166 ······-·PCI-DSS-Req-10.5.2
Offset 1176, 16 lines modifiedOffset 1176, 16 lines modified
1176 ······lineinfile:1176 ······lineinfile:
1177 ········path:·'{{·item·}}'1177 ········path:·'{{·item·}}'
1178 ········regexp:·^\s*(?:-e)\s+.*$1178 ········regexp:·^\s*(?:-e)\s+.*$
1179 ········state:·absent1179 ········state:·absent
1180 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1180 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1181 ········}}'1181 ········}}'
1182 ······when:1182 ······when:
1183 ······-·'"auditd"·in·ansible_facts.packages' 
1184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1183 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1184 ······-·'"auditd"·in·ansible_facts.packages'
1185 ······tags:1185 ······tags:
1186 ······-·CJIS-5.4.1.11186 ······-·CJIS-5.4.1.1
1187 ······-·NIST-800-171-3.3.11187 ······-·NIST-800-171-3.3.1
1188 ······-·NIST-800-171-3.4.31188 ······-·NIST-800-171-3.4.3
1189 ······-·NIST-800-53-AC-6(9)1189 ······-·NIST-800-53-AC-6(9)
1190 ······-·NIST-800-53-CM-6(a)1190 ······-·NIST-800-53-CM-6(a)
1191 ······-·PCI-DSS-Req-10.5.21191 ······-·PCI-DSS-Req-10.5.2
Offset 1202, 16 lines modifiedOffset 1202, 16 lines modified
1202 ········create:·true1202 ········create:·true
1203 ········line:·-e·21203 ········line:·-e·2
1204 ········mode:·o-rwx1204 ········mode:·o-rwx
1205 ······loop:1205 ······loop:
1206 ······-·/etc/audit/audit.rules1206 ······-·/etc/audit/audit.rules
1207 ······-·/etc/audit/rules.d/immutable.rules1207 ······-·/etc/audit/rules.d/immutable.rules
1208 ······when:1208 ······when:
1209 ······-·'"auditd"·in·ansible_facts.packages' 
1210 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1209 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1210 ······-·'"auditd"·in·ansible_facts.packages'
1211 ······tags:1211 ······tags:
1212 ······-·CJIS-5.4.1.11212 ······-·CJIS-5.4.1.1
1213 ······-·NIST-800-171-3.3.11213 ······-·NIST-800-171-3.3.1
1214 ······-·NIST-800-171-3.4.31214 ······-·NIST-800-171-3.4.3
1215 ······-·NIST-800-53-AC-6(9)1215 ······-·NIST-800-53-AC-6(9)
1216 ······-·NIST-800-53-CM-6(a)1216 ······-·NIST-800-53-CM-6(a)
1217 ······-·PCI-DSS-Req-10.5.21217 ······-·PCI-DSS-Req-10.5.2
Offset 1246, 16 lines modifiedOffset 1246, 16 lines modified
1246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1247 ······find:1247 ······find:
1248 ········paths:·/etc/audit/rules.d1248 ········paths:·/etc/audit/rules.d
1249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1250 ········patterns:·'*.rules'1250 ········patterns:·'*.rules'
1251 ······register:·find_existing_watch_rules_d1251 ······register:·find_existing_watch_rules_d
1252 ······when:1252 ······when:
1253 ······-·'"auditd"·in·ansible_facts.packages' 
1254 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1253 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1254 ······-·'"auditd"·in·ansible_facts.packages'
1255 ······tags:1255 ······tags:
1256 ······-·CJIS-5.4.1.11256 ······-·CJIS-5.4.1.1
1257 ······-·NIST-800-171-3.1.71257 ······-·NIST-800-171-3.1.7
1258 ······-·NIST-800-53-AC-2(7)(b)1258 ······-·NIST-800-53-AC-2(7)(b)
1259 ······-·NIST-800-53-AC-6(9)1259 ······-·NIST-800-53-AC-6(9)
1260 ······-·NIST-800-53-AU-12(c)1260 ······-·NIST-800-53-AU-12(c)
1261 ······-·NIST-800-53-AU-2(d)1261 ······-·NIST-800-53-AU-2(d)
Offset 1272, 16 lines modifiedOffset 1272, 16 lines modified
1272 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1272 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1273 ······find:1273 ······find:
1274 ········paths:·/etc/audit/rules.d1274 ········paths:·/etc/audit/rules.d
1275 ········contains:·^.*(?:-F·key=|-k\s+)actions$1275 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1276 ········patterns:·'*.rules'1276 ········patterns:·'*.rules'
1277 ······register:·find_watch_key1277 ······register:·find_watch_key
1278 ······when:1278 ······when:
1279 ······-·'"auditd"·in·ansible_facts.packages' 
1280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1279 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1280 ······-·'"auditd"·in·ansible_facts.packages'
1281 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1281 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1282 ········==·01282 ········==·0
1283 ······tags:1283 ······tags:
1284 ······-·CJIS-5.4.1.11284 ······-·CJIS-5.4.1.1
1285 ······-·NIST-800-171-3.1.71285 ······-·NIST-800-171-3.1.7
1286 ······-·NIST-800-53-AC-2(7)(b)1286 ······-·NIST-800-53-AC-2(7)(b)
1287 ······-·NIST-800-53-AC-6(9)1287 ······-·NIST-800-53-AC-6(9)
Offset 1298, 16 lines modifiedOffset 1298, 16 lines modified
1298 ······-·restrict_strategy1298 ······-·restrict_strategy
  
1299 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1299 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1300 ······set_fact:1300 ······set_fact:
1301 ········all_files:1301 ········all_files:
1302 ········-·/etc/audit/rules.d/actions.rules1302 ········-·/etc/audit/rules.d/actions.rules
1303 ······when:1303 ······when:
1304 ······-·'"auditd"·in·ansible_facts.packages' 
1305 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1304 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1305 ······-·'"auditd"·in·ansible_facts.packages'
1306 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1306 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1307 ········is·defined·and·find_existing_watch_rules_d.matched·==·01307 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1308 ······tags:1308 ······tags:
1309 ······-·CJIS-5.4.1.11309 ······-·CJIS-5.4.1.1
1310 ······-·NIST-800-171-3.1.71310 ······-·NIST-800-171-3.1.7
1311 ······-·NIST-800-53-AC-2(7)(b)1311 ······-·NIST-800-53-AC-2(7)(b)
1312 ······-·NIST-800-53-AC-6(9)1312 ······-·NIST-800-53-AC-6(9)
Offset 1324, 16 lines modifiedOffset 1324, 16 lines modified
1324 ······-·restrict_strategy1324 ······-·restrict_strategy
  
1325 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1325 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1326 ······set_fact:1326 ······set_fact:
1327 ········all_files:1327 ········all_files:
1328 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1328 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1329 ······when:1329 ······when:
1330 ······-·'"auditd"·in·ansible_facts.packages' 
1331 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1330 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1331 ······-·'"auditd"·in·ansible_facts.packages'
1332 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1332 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1333 ········is·defined·and·find_existing_watch_rules_d.matched·==·01333 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1334 ······tags:1334 ······tags:
1335 ······-·CJIS-5.4.1.11335 ······-·CJIS-5.4.1.1
1336 ······-·NIST-800-171-3.1.71336 ······-·NIST-800-171-3.1.7
1337 ······-·NIST-800-53-AC-2(7)(b)1337 ······-·NIST-800-53-AC-2(7)(b)
1338 ······-·NIST-800-53-AC-6(9)1338 ······-·NIST-800-53-AC-6(9)
Offset 1352, 16 lines modifiedOffset 1352, 16 lines modified
1352 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1352 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 124928/129622 bytes (96.38%) of diff not shown.
117 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-stig.yml
Ordering differences only
    
Offset 779, 16 lines modifiedOffset 779, 16 lines modified
779 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/rules.d/779 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/rules.d/
780 ······find:780 ······find:
781 ········paths:·/etc/audit/rules.d781 ········paths:·/etc/audit/rules.d
782 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+782 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+
783 ········patterns:·'*.rules'783 ········patterns:·'*.rules'
784 ······register:·find_existing_watch_rules_d784 ······register:·find_existing_watch_rules_d
785 ······when:785 ······when:
786 ······-·'"auditd"·in·ansible_facts.packages' 
787 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]786 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 787 ······-·'"auditd"·in·ansible_facts.packages'
788 ······tags:788 ······tags:
789 ······-·CJIS-5.4.1.1789 ······-·CJIS-5.4.1.1
790 ······-·DISA-STIG-UBTU-20-010101790 ······-·DISA-STIG-UBTU-20-010101
791 ······-·NIST-800-171-3.1.7791 ······-·NIST-800-171-3.1.7
792 ······-·NIST-800-53-AC-2(4)792 ······-·NIST-800-53-AC-2(4)
793 ······-·NIST-800-53-AC-6(9)793 ······-·NIST-800-53-AC-6(9)
794 ······-·NIST-800-53-AU-12(c)794 ······-·NIST-800-53-AU-12(c)
Offset 805, 16 lines modifiedOffset 805, 16 lines modified
805 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_usergroup_modification805 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_usergroup_modification
806 ······find:806 ······find:
807 ········paths:·/etc/audit/rules.d807 ········paths:·/etc/audit/rules.d
808 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_usergroup_modification$808 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_usergroup_modification$
809 ········patterns:·'*.rules'809 ········patterns:·'*.rules'
810 ······register:·find_watch_key810 ······register:·find_watch_key
811 ······when:811 ······when:
812 ······-·'"auditd"·in·ansible_facts.packages' 
813 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]812 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 813 ······-·'"auditd"·in·ansible_facts.packages'
814 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched814 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
815 ········==·0815 ········==·0
816 ······tags:816 ······tags:
817 ······-·CJIS-5.4.1.1817 ······-·CJIS-5.4.1.1
818 ······-·DISA-STIG-UBTU-20-010101818 ······-·DISA-STIG-UBTU-20-010101
819 ······-·NIST-800-171-3.1.7819 ······-·NIST-800-171-3.1.7
820 ······-·NIST-800-53-AC-2(4)820 ······-·NIST-800-53-AC-2(4)
Offset 832, 16 lines modifiedOffset 832, 16 lines modified
  
832 ····-·name:·Use·/etc/audit/rules.d/audit_rules_usergroup_modification.rules·as·the·recipient832 ····-·name:·Use·/etc/audit/rules.d/audit_rules_usergroup_modification.rules·as·the·recipient
833 ········for·the·rule833 ········for·the·rule
834 ······set_fact:834 ······set_fact:
835 ········all_files:835 ········all_files:
836 ········-·/etc/audit/rules.d/audit_rules_usergroup_modification.rules836 ········-·/etc/audit/rules.d/audit_rules_usergroup_modification.rules
837 ······when:837 ······when:
838 ······-·'"auditd"·in·ansible_facts.packages' 
839 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 839 ······-·'"auditd"·in·ansible_facts.packages'
840 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched840 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
841 ········is·defined·and·find_existing_watch_rules_d.matched·==·0841 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
842 ······tags:842 ······tags:
843 ······-·CJIS-5.4.1.1843 ······-·CJIS-5.4.1.1
844 ······-·DISA-STIG-UBTU-20-010101844 ······-·DISA-STIG-UBTU-20-010101
845 ······-·NIST-800-171-3.1.7845 ······-·NIST-800-171-3.1.7
846 ······-·NIST-800-53-AC-2(4)846 ······-·NIST-800-53-AC-2(4)
Offset 858, 16 lines modifiedOffset 858, 16 lines modified
858 ······-·restrict_strategy858 ······-·restrict_strategy
  
859 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule859 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
860 ······set_fact:860 ······set_fact:
861 ········all_files:861 ········all_files:
862 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'862 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
863 ······when:863 ······when:
864 ······-·'"auditd"·in·ansible_facts.packages' 
865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]864 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 865 ······-·'"auditd"·in·ansible_facts.packages'
866 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched866 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
867 ········is·defined·and·find_existing_watch_rules_d.matched·==·0867 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
868 ······tags:868 ······tags:
869 ······-·CJIS-5.4.1.1869 ······-·CJIS-5.4.1.1
870 ······-·DISA-STIG-UBTU-20-010101870 ······-·DISA-STIG-UBTU-20-010101
871 ······-·NIST-800-171-3.1.7871 ······-·NIST-800-171-3.1.7
872 ······-·NIST-800-53-AC-2(4)872 ······-·NIST-800-53-AC-2(4)
Offset 886, 16 lines modifiedOffset 886, 16 lines modified
886 ····-·name:·Add·watch·rule·for·/etc/group·in·/etc/audit/rules.d/886 ····-·name:·Add·watch·rule·for·/etc/group·in·/etc/audit/rules.d/
887 ······lineinfile:887 ······lineinfile:
888 ········path:·'{{·all_files[0]·}}'888 ········path:·'{{·all_files[0]·}}'
889 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification889 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification
890 ········create:·true890 ········create:·true
891 ········mode:·'0640'891 ········mode:·'0640'
892 ······when:892 ······when:
893 ······-·'"auditd"·in·ansible_facts.packages' 
894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]893 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 894 ······-·'"auditd"·in·ansible_facts.packages'
895 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched895 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
896 ········==·0896 ········==·0
897 ······tags:897 ······tags:
898 ······-·CJIS-5.4.1.1898 ······-·CJIS-5.4.1.1
899 ······-·DISA-STIG-UBTU-20-010101899 ······-·DISA-STIG-UBTU-20-010101
900 ······-·NIST-800-171-3.1.7900 ······-·NIST-800-171-3.1.7
901 ······-·NIST-800-53-AC-2(4)901 ······-·NIST-800-53-AC-2(4)
Offset 914, 16 lines modifiedOffset 914, 16 lines modified
914 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/audit.rules914 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/audit.rules
915 ······find:915 ······find:
916 ········paths:·/etc/audit/916 ········paths:·/etc/audit/
917 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+917 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+
918 ········patterns:·audit.rules918 ········patterns:·audit.rules
919 ······register:·find_existing_watch_audit_rules919 ······register:·find_existing_watch_audit_rules
920 ······when:920 ······when:
921 ······-·'"auditd"·in·ansible_facts.packages' 
922 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]921 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 922 ······-·'"auditd"·in·ansible_facts.packages'
923 ······tags:923 ······tags:
924 ······-·CJIS-5.4.1.1924 ······-·CJIS-5.4.1.1
925 ······-·DISA-STIG-UBTU-20-010101925 ······-·DISA-STIG-UBTU-20-010101
926 ······-·NIST-800-171-3.1.7926 ······-·NIST-800-171-3.1.7
927 ······-·NIST-800-53-AC-2(4)927 ······-·NIST-800-53-AC-2(4)
928 ······-·NIST-800-53-AC-6(9)928 ······-·NIST-800-53-AC-6(9)
929 ······-·NIST-800-53-AU-12(c)929 ······-·NIST-800-53-AU-12(c)
Offset 941, 16 lines modifiedOffset 941, 16 lines modified
941 ······lineinfile:941 ······lineinfile:
942 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification942 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification
943 ········state:·present943 ········state:·present
944 ········dest:·/etc/audit/audit.rules944 ········dest:·/etc/audit/audit.rules
945 ········create:·true945 ········create:·true
946 ········mode:·'0640'946 ········mode:·'0640'
947 ······when:947 ······when:
948 ······-·'"auditd"·in·ansible_facts.packages' 
949 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]948 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 949 ······-·'"auditd"·in·ansible_facts.packages'
950 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched950 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
951 ········==·0951 ········==·0
952 ······tags:952 ······tags:
953 ······-·CJIS-5.4.1.1953 ······-·CJIS-5.4.1.1
954 ······-·DISA-STIG-UBTU-20-010101954 ······-·DISA-STIG-UBTU-20-010101
955 ······-·NIST-800-171-3.1.7955 ······-·NIST-800-171-3.1.7
956 ······-·NIST-800-53-AC-2(4)956 ······-·NIST-800-53-AC-2(4)
Offset 990, 16 lines modifiedOffset 990, 16 lines modified
990 ····-·name:·Check·if·watch·rule·for·/etc/gshadow·already·exists·in·/etc/audit/rules.d/990 ····-·name:·Check·if·watch·rule·for·/etc/gshadow·already·exists·in·/etc/audit/rules.d/
Max diff block lines reached; 114863/119929 bytes (95.78%) of diff not shown.
2.71 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level1_server.yml
Ordering differences only
    
Offset 1062, 16 lines modifiedOffset 1062, 16 lines modified
1062 ······-·no_reboot_needed1062 ······-·no_reboot_needed
  
1063 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1063 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1064 ······stat:1064 ······stat:
1065 ········path:·/boot/grub/grub.cfg1065 ········path:·/boot/grub/grub.cfg
1066 ······register:·file_exists1066 ······register:·file_exists
1067 ······when:1067 ······when:
1068 ······-·'"grub2-common"·in·ansible_facts.packages' 
1069 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1068 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1069 ······-·'"grub2-common"·in·ansible_facts.packages'
1070 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1070 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1071 ······tags:1071 ······tags:
1072 ······-·CJIS-5.5.2.21072 ······-·CJIS-5.5.2.2
1073 ······-·NIST-800-171-3.4.51073 ······-·NIST-800-171-3.4.5
1074 ······-·NIST-800-53-AC-6(1)1074 ······-·NIST-800-53-AC-6(1)
1075 ······-·NIST-800-53-CM-6(a)1075 ······-·NIST-800-53-CM-6(a)
1076 ······-·PCI-DSS-Req-7.11076 ······-·PCI-DSS-Req-7.1
Offset 1083, 16 lines modifiedOffset 1083, 16 lines modified
1083 ······-·no_reboot_needed1083 ······-·no_reboot_needed
  
1084 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1084 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1085 ······file:1085 ······file:
1086 ········path:·/boot/grub/grub.cfg1086 ········path:·/boot/grub/grub.cfg
1087 ········owner:·'0'1087 ········owner:·'0'
1088 ······when:1088 ······when:
1089 ······-·'"grub2-common"·in·ansible_facts.packages' 
1090 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1089 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1090 ······-·'"grub2-common"·in·ansible_facts.packages'
1091 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1091 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1092 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1092 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1093 ······tags:1093 ······tags:
1094 ······-·CJIS-5.5.2.21094 ······-·CJIS-5.5.2.2
1095 ······-·NIST-800-171-3.4.51095 ······-·NIST-800-171-3.4.5
1096 ······-·NIST-800-53-AC-6(1)1096 ······-·NIST-800-53-AC-6(1)
1097 ······-·NIST-800-53-CM-6(a)1097 ······-·NIST-800-53-CM-6(a)
Offset 1120, 16 lines modifiedOffset 1120, 16 lines modified
1120 ······-·no_reboot_needed1120 ······-·no_reboot_needed
  
1121 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1121 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1122 ······stat:1122 ······stat:
1123 ········path:·/boot/grub/grub.cfg1123 ········path:·/boot/grub/grub.cfg
1124 ······register:·file_exists1124 ······register:·file_exists
1125 ······when:1125 ······when:
1126 ······-·'"grub2-common"·in·ansible_facts.packages' 
1127 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1126 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1127 ······-·'"grub2-common"·in·ansible_facts.packages'
1128 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1128 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1129 ······tags:1129 ······tags:
1130 ······-·NIST-800-171-3.4.51130 ······-·NIST-800-171-3.4.5
1131 ······-·NIST-800-53-AC-6(1)1131 ······-·NIST-800-53-AC-6(1)
1132 ······-·NIST-800-53-CM-6(a)1132 ······-·NIST-800-53-CM-6(a)
1133 ······-·configure_strategy1133 ······-·configure_strategy
1134 ······-·file_permissions_grub2_cfg1134 ······-·file_permissions_grub2_cfg
Offset 1139, 16 lines modifiedOffset 1139, 16 lines modified
1139 ······-·no_reboot_needed1139 ······-·no_reboot_needed
  
1140 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1140 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1141 ······file:1141 ······file:
1142 ········path:·/boot/grub/grub.cfg1142 ········path:·/boot/grub/grub.cfg
1143 ········mode:·u-xs,g-xwrs,o-xwrt1143 ········mode:·u-xs,g-xwrs,o-xwrt
1144 ······when:1144 ······when:
1145 ······-·'"grub2-common"·in·ansible_facts.packages' 
1146 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1145 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1146 ······-·'"grub2-common"·in·ansible_facts.packages'
1147 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1147 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1148 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1148 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1149 ······tags:1149 ······tags:
1150 ······-·NIST-800-171-3.4.51150 ······-·NIST-800-171-3.4.5
1151 ······-·NIST-800-53-AC-6(1)1151 ······-·NIST-800-53-AC-6(1)
1152 ······-·NIST-800-53-CM-6(a)1152 ······-·NIST-800-53-CM-6(a)
1153 ······-·configure_strategy1153 ······-·configure_strategy
2.71 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level1_workstation.yml
Ordering differences only
    
Offset 1031, 16 lines modifiedOffset 1031, 16 lines modified
1031 ······-·no_reboot_needed1031 ······-·no_reboot_needed
  
1032 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1032 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1033 ······stat:1033 ······stat:
1034 ········path:·/boot/grub/grub.cfg1034 ········path:·/boot/grub/grub.cfg
1035 ······register:·file_exists1035 ······register:·file_exists
1036 ······when:1036 ······when:
1037 ······-·'"grub2-common"·in·ansible_facts.packages' 
1038 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1037 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1038 ······-·'"grub2-common"·in·ansible_facts.packages'
1039 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1039 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1040 ······tags:1040 ······tags:
1041 ······-·CJIS-5.5.2.21041 ······-·CJIS-5.5.2.2
1042 ······-·NIST-800-171-3.4.51042 ······-·NIST-800-171-3.4.5
1043 ······-·NIST-800-53-AC-6(1)1043 ······-·NIST-800-53-AC-6(1)
1044 ······-·NIST-800-53-CM-6(a)1044 ······-·NIST-800-53-CM-6(a)
1045 ······-·PCI-DSS-Req-7.11045 ······-·PCI-DSS-Req-7.1
Offset 1052, 16 lines modifiedOffset 1052, 16 lines modified
1052 ······-·no_reboot_needed1052 ······-·no_reboot_needed
  
1053 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1053 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1054 ······file:1054 ······file:
1055 ········path:·/boot/grub/grub.cfg1055 ········path:·/boot/grub/grub.cfg
1056 ········owner:·'0'1056 ········owner:·'0'
1057 ······when:1057 ······when:
1058 ······-·'"grub2-common"·in·ansible_facts.packages' 
1059 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1058 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1059 ······-·'"grub2-common"·in·ansible_facts.packages'
1060 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1060 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1061 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1061 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1062 ······tags:1062 ······tags:
1063 ······-·CJIS-5.5.2.21063 ······-·CJIS-5.5.2.2
1064 ······-·NIST-800-171-3.4.51064 ······-·NIST-800-171-3.4.5
1065 ······-·NIST-800-53-AC-6(1)1065 ······-·NIST-800-53-AC-6(1)
1066 ······-·NIST-800-53-CM-6(a)1066 ······-·NIST-800-53-CM-6(a)
Offset 1089, 16 lines modifiedOffset 1089, 16 lines modified
1089 ······-·no_reboot_needed1089 ······-·no_reboot_needed
  
1090 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1090 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1091 ······stat:1091 ······stat:
1092 ········path:·/boot/grub/grub.cfg1092 ········path:·/boot/grub/grub.cfg
1093 ······register:·file_exists1093 ······register:·file_exists
1094 ······when:1094 ······when:
1095 ······-·'"grub2-common"·in·ansible_facts.packages' 
1096 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1095 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1096 ······-·'"grub2-common"·in·ansible_facts.packages'
1097 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1097 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1098 ······tags:1098 ······tags:
1099 ······-·NIST-800-171-3.4.51099 ······-·NIST-800-171-3.4.5
1100 ······-·NIST-800-53-AC-6(1)1100 ······-·NIST-800-53-AC-6(1)
1101 ······-·NIST-800-53-CM-6(a)1101 ······-·NIST-800-53-CM-6(a)
1102 ······-·configure_strategy1102 ······-·configure_strategy
1103 ······-·file_permissions_grub2_cfg1103 ······-·file_permissions_grub2_cfg
Offset 1108, 16 lines modifiedOffset 1108, 16 lines modified
1108 ······-·no_reboot_needed1108 ······-·no_reboot_needed
  
1109 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1109 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1110 ······file:1110 ······file:
1111 ········path:·/boot/grub/grub.cfg1111 ········path:·/boot/grub/grub.cfg
1112 ········mode:·u-xs,g-xwrs,o-xwrt1112 ········mode:·u-xs,g-xwrs,o-xwrt
1113 ······when:1113 ······when:
1114 ······-·'"grub2-common"·in·ansible_facts.packages' 
1115 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1114 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1115 ······-·'"grub2-common"·in·ansible_facts.packages'
1116 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1116 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1117 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1117 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1118 ······tags:1118 ······tags:
1119 ······-·NIST-800-171-3.4.51119 ······-·NIST-800-171-3.4.5
1120 ······-·NIST-800-53-AC-6(1)1120 ······-·NIST-800-53-AC-6(1)
1121 ······-·NIST-800-53-CM-6(a)1121 ······-·NIST-800-53-CM-6(a)
1122 ······-·configure_strategy1122 ······-·configure_strategy
2.71 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level2_server.yml
Ordering differences only
    
Offset 16207, 16 lines modifiedOffset 16207, 16 lines modified
16207 ······-·no_reboot_needed16207 ······-·no_reboot_needed
  
16208 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16208 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16209 ······stat:16209 ······stat:
16210 ········path:·/boot/grub/grub.cfg16210 ········path:·/boot/grub/grub.cfg
16211 ······register:·file_exists16211 ······register:·file_exists
16212 ······when:16212 ······when:
16213 ······-·'"grub2-common"·in·ansible_facts.packages' 
16214 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16213 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16214 ······-·'"grub2-common"·in·ansible_facts.packages'
16215 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16215 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16216 ······tags:16216 ······tags:
16217 ······-·CJIS-5.5.2.216217 ······-·CJIS-5.5.2.2
16218 ······-·NIST-800-171-3.4.516218 ······-·NIST-800-171-3.4.5
16219 ······-·NIST-800-53-AC-6(1)16219 ······-·NIST-800-53-AC-6(1)
16220 ······-·NIST-800-53-CM-6(a)16220 ······-·NIST-800-53-CM-6(a)
16221 ······-·PCI-DSS-Req-7.116221 ······-·PCI-DSS-Req-7.1
Offset 16228, 16 lines modifiedOffset 16228, 16 lines modified
16228 ······-·no_reboot_needed16228 ······-·no_reboot_needed
  
16229 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg16229 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
16230 ······file:16230 ······file:
16231 ········path:·/boot/grub/grub.cfg16231 ········path:·/boot/grub/grub.cfg
16232 ········owner:·'0'16232 ········owner:·'0'
16233 ······when:16233 ······when:
16234 ······-·'"grub2-common"·in·ansible_facts.packages' 
16235 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16234 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16235 ······-·'"grub2-common"·in·ansible_facts.packages'
16236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16238 ······tags:16238 ······tags:
16239 ······-·CJIS-5.5.2.216239 ······-·CJIS-5.5.2.2
16240 ······-·NIST-800-171-3.4.516240 ······-·NIST-800-171-3.4.5
16241 ······-·NIST-800-53-AC-6(1)16241 ······-·NIST-800-53-AC-6(1)
16242 ······-·NIST-800-53-CM-6(a)16242 ······-·NIST-800-53-CM-6(a)
Offset 16265, 16 lines modifiedOffset 16265, 16 lines modified
16265 ······-·no_reboot_needed16265 ······-·no_reboot_needed
  
16266 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16266 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16267 ······stat:16267 ······stat:
16268 ········path:·/boot/grub/grub.cfg16268 ········path:·/boot/grub/grub.cfg
16269 ······register:·file_exists16269 ······register:·file_exists
16270 ······when:16270 ······when:
16271 ······-·'"grub2-common"·in·ansible_facts.packages' 
16272 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16271 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16272 ······-·'"grub2-common"·in·ansible_facts.packages'
16273 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16273 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16274 ······tags:16274 ······tags:
16275 ······-·NIST-800-171-3.4.516275 ······-·NIST-800-171-3.4.5
16276 ······-·NIST-800-53-AC-6(1)16276 ······-·NIST-800-53-AC-6(1)
16277 ······-·NIST-800-53-CM-6(a)16277 ······-·NIST-800-53-CM-6(a)
16278 ······-·configure_strategy16278 ······-·configure_strategy
16279 ······-·file_permissions_grub2_cfg16279 ······-·file_permissions_grub2_cfg
Offset 16284, 16 lines modifiedOffset 16284, 16 lines modified
16284 ······-·no_reboot_needed16284 ······-·no_reboot_needed
  
16285 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg16285 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
16286 ······file:16286 ······file:
16287 ········path:·/boot/grub/grub.cfg16287 ········path:·/boot/grub/grub.cfg
16288 ········mode:·u-xs,g-xwrs,o-xwrt16288 ········mode:·u-xs,g-xwrs,o-xwrt
16289 ······when:16289 ······when:
16290 ······-·'"grub2-common"·in·ansible_facts.packages' 
16291 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16290 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16291 ······-·'"grub2-common"·in·ansible_facts.packages'
16292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16293 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16293 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16294 ······tags:16294 ······tags:
16295 ······-·NIST-800-171-3.4.516295 ······-·NIST-800-171-3.4.5
16296 ······-·NIST-800-53-AC-6(1)16296 ······-·NIST-800-53-AC-6(1)
16297 ······-·NIST-800-53-CM-6(a)16297 ······-·NIST-800-53-CM-6(a)
16298 ······-·configure_strategy16298 ······-·configure_strategy
2.72 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level2_workstation.yml
Ordering differences only
    
Offset 16176, 16 lines modifiedOffset 16176, 16 lines modified
16176 ······-·no_reboot_needed16176 ······-·no_reboot_needed
  
16177 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16177 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16178 ······stat:16178 ······stat:
16179 ········path:·/boot/grub/grub.cfg16179 ········path:·/boot/grub/grub.cfg
16180 ······register:·file_exists16180 ······register:·file_exists
16181 ······when:16181 ······when:
16182 ······-·'"grub2-common"·in·ansible_facts.packages' 
16183 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16182 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16183 ······-·'"grub2-common"·in·ansible_facts.packages'
16184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16185 ······tags:16185 ······tags:
16186 ······-·CJIS-5.5.2.216186 ······-·CJIS-5.5.2.2
16187 ······-·NIST-800-171-3.4.516187 ······-·NIST-800-171-3.4.5
16188 ······-·NIST-800-53-AC-6(1)16188 ······-·NIST-800-53-AC-6(1)
16189 ······-·NIST-800-53-CM-6(a)16189 ······-·NIST-800-53-CM-6(a)
16190 ······-·PCI-DSS-Req-7.116190 ······-·PCI-DSS-Req-7.1
Offset 16197, 16 lines modifiedOffset 16197, 16 lines modified
16197 ······-·no_reboot_needed16197 ······-·no_reboot_needed
  
16198 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg16198 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
16199 ······file:16199 ······file:
16200 ········path:·/boot/grub/grub.cfg16200 ········path:·/boot/grub/grub.cfg
16201 ········owner:·'0'16201 ········owner:·'0'
16202 ······when:16202 ······when:
16203 ······-·'"grub2-common"·in·ansible_facts.packages' 
16204 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16203 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16204 ······-·'"grub2-common"·in·ansible_facts.packages'
16205 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16205 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16206 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16206 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16207 ······tags:16207 ······tags:
16208 ······-·CJIS-5.5.2.216208 ······-·CJIS-5.5.2.2
16209 ······-·NIST-800-171-3.4.516209 ······-·NIST-800-171-3.4.5
16210 ······-·NIST-800-53-AC-6(1)16210 ······-·NIST-800-53-AC-6(1)
16211 ······-·NIST-800-53-CM-6(a)16211 ······-·NIST-800-53-CM-6(a)
Offset 16234, 16 lines modifiedOffset 16234, 16 lines modified
16234 ······-·no_reboot_needed16234 ······-·no_reboot_needed
  
16235 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16235 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16236 ······stat:16236 ······stat:
16237 ········path:·/boot/grub/grub.cfg16237 ········path:·/boot/grub/grub.cfg
16238 ······register:·file_exists16238 ······register:·file_exists
16239 ······when:16239 ······when:
16240 ······-·'"grub2-common"·in·ansible_facts.packages' 
16241 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16240 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16241 ······-·'"grub2-common"·in·ansible_facts.packages'
16242 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16242 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16243 ······tags:16243 ······tags:
16244 ······-·NIST-800-171-3.4.516244 ······-·NIST-800-171-3.4.5
16245 ······-·NIST-800-53-AC-6(1)16245 ······-·NIST-800-53-AC-6(1)
16246 ······-·NIST-800-53-CM-6(a)16246 ······-·NIST-800-53-CM-6(a)
16247 ······-·configure_strategy16247 ······-·configure_strategy
16248 ······-·file_permissions_grub2_cfg16248 ······-·file_permissions_grub2_cfg
Offset 16253, 16 lines modifiedOffset 16253, 16 lines modified
16253 ······-·no_reboot_needed16253 ······-·no_reboot_needed
  
16254 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg16254 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
16255 ······file:16255 ······file:
16256 ········path:·/boot/grub/grub.cfg16256 ········path:·/boot/grub/grub.cfg
16257 ········mode:·u-xs,g-xwrs,o-xwrt16257 ········mode:·u-xs,g-xwrs,o-xwrt
16258 ······when:16258 ······when:
16259 ······-·'"grub2-common"·in·ansible_facts.packages' 
16260 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16259 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16260 ······-·'"grub2-common"·in·ansible_facts.packages'
16261 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16261 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16262 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16262 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16263 ······tags:16263 ······tags:
16264 ······-·NIST-800-171-3.4.516264 ······-·NIST-800-171-3.4.5
16265 ······-·NIST-800-53-AC-6(1)16265 ······-·NIST-800-53-AC-6(1)
16266 ······-·NIST-800-53-CM-6(a)16266 ······-·NIST-800-53-CM-6(a)
16267 ······-·configure_strategy16267 ······-·configure_strategy
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml
    
Offset 8715, 16 lines modifiedOffset 8715, 16 lines modified
  
8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8716 ··find:8716 ··find:
8717 ····paths:·/etc/audit/rules.d/8717 ····paths:·/etc/audit/rules.d/
8718 ····patterns:·'*.rules'8718 ····patterns:·'*.rules'
8719 ··register:·find_rules_d8719 ··register:·find_rules_d
8720 ··when:8720 ··when:
8721 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8722 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8721 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8722 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8723 ··tags:8723 ··tags:
8724 ··-·CJIS-5.4.1.18724 ··-·CJIS-5.4.1.1
8725 ··-·NIST-800-171-3.3.18725 ··-·NIST-800-171-3.3.1
8726 ··-·NIST-800-171-3.4.38726 ··-·NIST-800-171-3.4.3
8727 ··-·NIST-800-53-AC-6(9)8727 ··-·NIST-800-53-AC-6(9)
8728 ··-·NIST-800-53-CM-6(a)8728 ··-·NIST-800-53-CM-6(a)
8729 ··-·PCI-DSS-Req-10.5.28729 ··-·PCI-DSS-Req-10.5.2
Offset 8739, 16 lines modifiedOffset 8739, 16 lines modified
8739 ··lineinfile:8739 ··lineinfile:
8740 ····path:·'{{·item·}}'8740 ····path:·'{{·item·}}'
8741 ····regexp:·^\s*(?:-e)\s+.*$8741 ····regexp:·^\s*(?:-e)\s+.*$
8742 ····state:·absent8742 ····state:·absent
8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8744 ····}}'8744 ····}}'
8745 ··when:8745 ··when:
8746 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8747 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8746 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8747 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8748 ··tags:8748 ··tags:
8749 ··-·CJIS-5.4.1.18749 ··-·CJIS-5.4.1.1
8750 ··-·NIST-800-171-3.3.18750 ··-·NIST-800-171-3.3.1
8751 ··-·NIST-800-171-3.4.38751 ··-·NIST-800-171-3.4.3
8752 ··-·NIST-800-53-AC-6(9)8752 ··-·NIST-800-53-AC-6(9)
8753 ··-·NIST-800-53-CM-6(a)8753 ··-·NIST-800-53-CM-6(a)
8754 ··-·PCI-DSS-Req-10.5.28754 ··-·PCI-DSS-Req-10.5.2
Offset 8765, 16 lines modifiedOffset 8765, 16 lines modified
8765 ····create:·true8765 ····create:·true
8766 ····line:·-e·28766 ····line:·-e·2
8767 ····mode:·o-rwx8767 ····mode:·o-rwx
8768 ··loop:8768 ··loop:
8769 ··-·/etc/audit/audit.rules8769 ··-·/etc/audit/audit.rules
8770 ··-·/etc/audit/rules.d/immutable.rules8770 ··-·/etc/audit/rules.d/immutable.rules
8771 ··when:8771 ··when:
8772 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8773 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8772 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8773 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8774 ··tags:8774 ··tags:
8775 ··-·CJIS-5.4.1.18775 ··-·CJIS-5.4.1.1
8776 ··-·NIST-800-171-3.3.18776 ··-·NIST-800-171-3.3.1
8777 ··-·NIST-800-171-3.4.38777 ··-·NIST-800-171-3.4.3
8778 ··-·NIST-800-53-AC-6(9)8778 ··-·NIST-800-53-AC-6(9)
8779 ··-·NIST-800-53-CM-6(a)8779 ··-·NIST-800-53-CM-6(a)
8780 ··-·PCI-DSS-Req-10.5.28780 ··-·PCI-DSS-Req-10.5.2
Offset 9118, 16 lines modifiedOffset 9118, 16 lines modified
9118 ··-·reboot_required9118 ··-·reboot_required
9119 ··-·restrict_strategy9119 ··-·restrict_strategy
  
9120 -·name:·Set·architecture·for·audit·mount·tasks9120 -·name:·Set·architecture·for·audit·mount·tasks
9121 ··set_fact:9121 ··set_fact:
9122 ····audit_arch:·b649122 ····audit_arch:·b64
9123 ··when:9123 ··when:
9124 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9125 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9124 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9125 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
9128 ··tags:9128 ··tags:
9129 ··-·CJIS-5.4.1.19129 ··-·CJIS-5.4.1.1
9130 ··-·NIST-800-171-3.1.79130 ··-·NIST-800-171-3.1.7
9131 ··-·NIST-800-53-AC-6(9)9131 ··-·NIST-800-53-AC-6(9)
9132 ··-·NIST-800-53-AU-12(c)9132 ··-·NIST-800-53-AU-12(c)
Offset 9258, 16 lines modifiedOffset 9258, 16 lines modified
9258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9259 ········-F·auid!=unset·-F·key=perm_mod9259 ········-F·auid!=unset·-F·key=perm_mod
9260 ······create:·true9260 ······create:·true
9261 ······mode:·o-rwx9261 ······mode:·o-rwx
9262 ······state:·present9262 ······state:·present
9263 ····when:·syscalls_found·|·length·==·09263 ····when:·syscalls_found·|·length·==·0
9264 ··when:9264 ··when:
9265 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9266 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9265 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9266 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9267 ··tags:9267 ··tags:
9268 ··-·CJIS-5.4.1.19268 ··-·CJIS-5.4.1.1
9269 ··-·NIST-800-171-3.1.79269 ··-·NIST-800-171-3.1.7
9270 ··-·NIST-800-53-AC-6(9)9270 ··-·NIST-800-53-AC-6(9)
9271 ··-·NIST-800-53-AU-12(c)9271 ··-·NIST-800-53-AU-12(c)
9272 ··-·NIST-800-53-AU-2(d)9272 ··-·NIST-800-53-AU-2(d)
9273 ··-·NIST-800-53-CM-6(a)9273 ··-·NIST-800-53-CM-6(a)
Offset 9396, 16 lines modifiedOffset 9396, 16 lines modified
9396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9397 ········-F·auid!=unset·-F·key=perm_mod9397 ········-F·auid!=unset·-F·key=perm_mod
9398 ······create:·true9398 ······create:·true
9399 ······mode:·o-rwx9399 ······mode:·o-rwx
9400 ······state:·present9400 ······state:·present
9401 ····when:·syscalls_found·|·length·==·09401 ····when:·syscalls_found·|·length·==·0
9402 ··when:9402 ··when:
9403 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9404 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9403 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9404 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9405 ··-·audit_arch·==·&quot;b64&quot;9405 ··-·audit_arch·==·&quot;b64&quot;
9406 ··tags:9406 ··tags:
9407 ··-·CJIS-5.4.1.19407 ··-·CJIS-5.4.1.1
9408 ··-·NIST-800-171-3.1.79408 ··-·NIST-800-171-3.1.7
9409 ··-·NIST-800-53-AC-6(9)9409 ··-·NIST-800-53-AC-6(9)
9410 ··-·NIST-800-53-AU-12(c)9410 ··-·NIST-800-53-AU-12(c)
9411 ··-·NIST-800-53-AU-2(d)9411 ··-·NIST-800-53-AU-2(d)
Offset 9414, 15 lines modifiedOffset 9414, 15 lines modified
9414 ··-·audit_rules_media_export9414 ··-·audit_rules_media_export
9415 ··-·low_complexity9415 ··-·low_complexity
9416 ··-·low_disruption9416 ··-·low_disruption
9417 ··-·medium_severity9417 ··-·medium_severity
9418 ··-·reboot_required9418 ··-·reboot_required
9419 ··-·restrict_strategy</xccdf-1.2:fix>9419 ··-·restrict_strategy</xccdf-1.2:fix>
9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
9421 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then9421 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed;·then
  
9422 #·First·perform·the·remediation·of·the·syscall·rule9422 #·First·perform·the·remediation·of·the·syscall·rule
9423 #·Retrieve·hardware·architecture·of·the·underlying·system9423 #·Retrieve·hardware·architecture·of·the·underlying·system
9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
9426 do9426 do
Offset 10300, 16 lines modifiedOffset 10300, 16 lines modified
10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
10301 ··find:10301 ··find:
10302 ····paths:·/etc/audit/rules.d10302 ····paths:·/etc/audit/rules.d
Max diff block lines reached; 111430/116446 bytes (95.69%) of diff not shown.
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
    
Offset 8715, 16 lines modifiedOffset 8715, 16 lines modified
  
8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8716 ··find:8716 ··find:
8717 ····paths:·/etc/audit/rules.d/8717 ····paths:·/etc/audit/rules.d/
8718 ····patterns:·'*.rules'8718 ····patterns:·'*.rules'
8719 ··register:·find_rules_d8719 ··register:·find_rules_d
8720 ··when:8720 ··when:
8721 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8722 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8721 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8722 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8723 ··tags:8723 ··tags:
8724 ··-·CJIS-5.4.1.18724 ··-·CJIS-5.4.1.1
8725 ··-·NIST-800-171-3.3.18725 ··-·NIST-800-171-3.3.1
8726 ··-·NIST-800-171-3.4.38726 ··-·NIST-800-171-3.4.3
8727 ··-·NIST-800-53-AC-6(9)8727 ··-·NIST-800-53-AC-6(9)
8728 ··-·NIST-800-53-CM-6(a)8728 ··-·NIST-800-53-CM-6(a)
8729 ··-·PCI-DSS-Req-10.5.28729 ··-·PCI-DSS-Req-10.5.2
Offset 8739, 16 lines modifiedOffset 8739, 16 lines modified
8739 ··lineinfile:8739 ··lineinfile:
8740 ····path:·'{{·item·}}'8740 ····path:·'{{·item·}}'
8741 ····regexp:·^\s*(?:-e)\s+.*$8741 ····regexp:·^\s*(?:-e)\s+.*$
8742 ····state:·absent8742 ····state:·absent
8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8744 ····}}'8744 ····}}'
8745 ··when:8745 ··when:
8746 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8747 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8746 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8747 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8748 ··tags:8748 ··tags:
8749 ··-·CJIS-5.4.1.18749 ··-·CJIS-5.4.1.1
8750 ··-·NIST-800-171-3.3.18750 ··-·NIST-800-171-3.3.1
8751 ··-·NIST-800-171-3.4.38751 ··-·NIST-800-171-3.4.3
8752 ··-·NIST-800-53-AC-6(9)8752 ··-·NIST-800-53-AC-6(9)
8753 ··-·NIST-800-53-CM-6(a)8753 ··-·NIST-800-53-CM-6(a)
8754 ··-·PCI-DSS-Req-10.5.28754 ··-·PCI-DSS-Req-10.5.2
Offset 8765, 16 lines modifiedOffset 8765, 16 lines modified
8765 ····create:·true8765 ····create:·true
8766 ····line:·-e·28766 ····line:·-e·2
8767 ····mode:·o-rwx8767 ····mode:·o-rwx
8768 ··loop:8768 ··loop:
8769 ··-·/etc/audit/audit.rules8769 ··-·/etc/audit/audit.rules
8770 ··-·/etc/audit/rules.d/immutable.rules8770 ··-·/etc/audit/rules.d/immutable.rules
8771 ··when:8771 ··when:
8772 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8773 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8772 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8773 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8774 ··tags:8774 ··tags:
8775 ··-·CJIS-5.4.1.18775 ··-·CJIS-5.4.1.1
8776 ··-·NIST-800-171-3.3.18776 ··-·NIST-800-171-3.3.1
8777 ··-·NIST-800-171-3.4.38777 ··-·NIST-800-171-3.4.3
8778 ··-·NIST-800-53-AC-6(9)8778 ··-·NIST-800-53-AC-6(9)
8779 ··-·NIST-800-53-CM-6(a)8779 ··-·NIST-800-53-CM-6(a)
8780 ··-·PCI-DSS-Req-10.5.28780 ··-·PCI-DSS-Req-10.5.2
Offset 9118, 16 lines modifiedOffset 9118, 16 lines modified
9118 ··-·reboot_required9118 ··-·reboot_required
9119 ··-·restrict_strategy9119 ··-·restrict_strategy
  
9120 -·name:·Set·architecture·for·audit·mount·tasks9120 -·name:·Set·architecture·for·audit·mount·tasks
9121 ··set_fact:9121 ··set_fact:
9122 ····audit_arch:·b649122 ····audit_arch:·b64
9123 ··when:9123 ··when:
9124 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9125 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9124 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9125 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
9128 ··tags:9128 ··tags:
9129 ··-·CJIS-5.4.1.19129 ··-·CJIS-5.4.1.1
9130 ··-·NIST-800-171-3.1.79130 ··-·NIST-800-171-3.1.7
9131 ··-·NIST-800-53-AC-6(9)9131 ··-·NIST-800-53-AC-6(9)
9132 ··-·NIST-800-53-AU-12(c)9132 ··-·NIST-800-53-AU-12(c)
Offset 9258, 16 lines modifiedOffset 9258, 16 lines modified
9258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9259 ········-F·auid!=unset·-F·key=perm_mod9259 ········-F·auid!=unset·-F·key=perm_mod
9260 ······create:·true9260 ······create:·true
9261 ······mode:·o-rwx9261 ······mode:·o-rwx
9262 ······state:·present9262 ······state:·present
9263 ····when:·syscalls_found·|·length·==·09263 ····when:·syscalls_found·|·length·==·0
9264 ··when:9264 ··when:
9265 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9266 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9265 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9266 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9267 ··tags:9267 ··tags:
9268 ··-·CJIS-5.4.1.19268 ··-·CJIS-5.4.1.1
9269 ··-·NIST-800-171-3.1.79269 ··-·NIST-800-171-3.1.7
9270 ··-·NIST-800-53-AC-6(9)9270 ··-·NIST-800-53-AC-6(9)
9271 ··-·NIST-800-53-AU-12(c)9271 ··-·NIST-800-53-AU-12(c)
9272 ··-·NIST-800-53-AU-2(d)9272 ··-·NIST-800-53-AU-2(d)
9273 ··-·NIST-800-53-CM-6(a)9273 ··-·NIST-800-53-CM-6(a)
Offset 9396, 16 lines modifiedOffset 9396, 16 lines modified
9396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9397 ········-F·auid!=unset·-F·key=perm_mod9397 ········-F·auid!=unset·-F·key=perm_mod
9398 ······create:·true9398 ······create:·true
9399 ······mode:·o-rwx9399 ······mode:·o-rwx
9400 ······state:·present9400 ······state:·present
9401 ····when:·syscalls_found·|·length·==·09401 ····when:·syscalls_found·|·length·==·0
9402 ··when:9402 ··when:
9403 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9404 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9403 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9404 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9405 ··-·audit_arch·==·&quot;b64&quot;9405 ··-·audit_arch·==·&quot;b64&quot;
9406 ··tags:9406 ··tags:
9407 ··-·CJIS-5.4.1.19407 ··-·CJIS-5.4.1.1
9408 ··-·NIST-800-171-3.1.79408 ··-·NIST-800-171-3.1.7
9409 ··-·NIST-800-53-AC-6(9)9409 ··-·NIST-800-53-AC-6(9)
9410 ··-·NIST-800-53-AU-12(c)9410 ··-·NIST-800-53-AU-12(c)
9411 ··-·NIST-800-53-AU-2(d)9411 ··-·NIST-800-53-AU-2(d)
Offset 9414, 15 lines modifiedOffset 9414, 15 lines modified
9414 ··-·audit_rules_media_export9414 ··-·audit_rules_media_export
9415 ··-·low_complexity9415 ··-·low_complexity
9416 ··-·low_disruption9416 ··-·low_disruption
9417 ··-·medium_severity9417 ··-·medium_severity
9418 ··-·reboot_required9418 ··-·reboot_required
9419 ··-·restrict_strategy</xccdf-1.2:fix>9419 ··-·restrict_strategy</xccdf-1.2:fix>
9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
9421 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then9421 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed;·then
  
9422 #·First·perform·the·remediation·of·the·syscall·rule9422 #·First·perform·the·remediation·of·the·syscall·rule
9423 #·Retrieve·hardware·architecture·of·the·underlying·system9423 #·Retrieve·hardware·architecture·of·the·underlying·system
9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
9426 do9426 do
Offset 10300, 16 lines modifiedOffset 10300, 16 lines modified
10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
10301 ··find:10301 ··find:
10302 ····paths:·/etc/audit/rules.d10302 ····paths:·/etc/audit/rules.d
Max diff block lines reached; 111430/116446 bytes (95.69%) of diff not shown.
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
    
Offset 8611, 16 lines modifiedOffset 8611, 16 lines modified
  
8611 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8611 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8612 ··find:8612 ··find:
8613 ····paths:·/etc/audit/rules.d/8613 ····paths:·/etc/audit/rules.d/
8614 ····patterns:·'*.rules'8614 ····patterns:·'*.rules'
8615 ··register:·find_rules_d8615 ··register:·find_rules_d
8616 ··when:8616 ··when:
8617 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8618 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8617 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8618 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8619 ··tags:8619 ··tags:
8620 ··-·CJIS-5.4.1.18620 ··-·CJIS-5.4.1.1
8621 ··-·NIST-800-171-3.3.18621 ··-·NIST-800-171-3.3.1
8622 ··-·NIST-800-171-3.4.38622 ··-·NIST-800-171-3.4.3
8623 ··-·NIST-800-53-AC-6(9)8623 ··-·NIST-800-53-AC-6(9)
8624 ··-·NIST-800-53-CM-6(a)8624 ··-·NIST-800-53-CM-6(a)
8625 ··-·PCI-DSS-Req-10.5.28625 ··-·PCI-DSS-Req-10.5.2
Offset 8635, 16 lines modifiedOffset 8635, 16 lines modified
8635 ··lineinfile:8635 ··lineinfile:
8636 ····path:·'{{·item·}}'8636 ····path:·'{{·item·}}'
8637 ····regexp:·^\s*(?:-e)\s+.*$8637 ····regexp:·^\s*(?:-e)\s+.*$
8638 ····state:·absent8638 ····state:·absent
8639 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8639 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8640 ····}}'8640 ····}}'
8641 ··when:8641 ··when:
8642 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8643 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8642 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8643 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8644 ··tags:8644 ··tags:
8645 ··-·CJIS-5.4.1.18645 ··-·CJIS-5.4.1.1
8646 ··-·NIST-800-171-3.3.18646 ··-·NIST-800-171-3.3.1
8647 ··-·NIST-800-171-3.4.38647 ··-·NIST-800-171-3.4.3
8648 ··-·NIST-800-53-AC-6(9)8648 ··-·NIST-800-53-AC-6(9)
8649 ··-·NIST-800-53-CM-6(a)8649 ··-·NIST-800-53-CM-6(a)
8650 ··-·PCI-DSS-Req-10.5.28650 ··-·PCI-DSS-Req-10.5.2
Offset 8661, 16 lines modifiedOffset 8661, 16 lines modified
8661 ····create:·true8661 ····create:·true
8662 ····line:·-e·28662 ····line:·-e·2
8663 ····mode:·o-rwx8663 ····mode:·o-rwx
8664 ··loop:8664 ··loop:
8665 ··-·/etc/audit/audit.rules8665 ··-·/etc/audit/audit.rules
8666 ··-·/etc/audit/rules.d/immutable.rules8666 ··-·/etc/audit/rules.d/immutable.rules
8667 ··when:8667 ··when:
8668 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8669 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8668 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8669 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8670 ··tags:8670 ··tags:
8671 ··-·CJIS-5.4.1.18671 ··-·CJIS-5.4.1.1
8672 ··-·NIST-800-171-3.3.18672 ··-·NIST-800-171-3.3.1
8673 ··-·NIST-800-171-3.4.38673 ··-·NIST-800-171-3.4.3
8674 ··-·NIST-800-53-AC-6(9)8674 ··-·NIST-800-53-AC-6(9)
8675 ··-·NIST-800-53-CM-6(a)8675 ··-·NIST-800-53-CM-6(a)
8676 ··-·PCI-DSS-Req-10.5.28676 ··-·PCI-DSS-Req-10.5.2
Offset 9014, 16 lines modifiedOffset 9014, 16 lines modified
9014 ··-·reboot_required9014 ··-·reboot_required
9015 ··-·restrict_strategy9015 ··-·restrict_strategy
  
9016 -·name:·Set·architecture·for·audit·mount·tasks9016 -·name:·Set·architecture·for·audit·mount·tasks
9017 ··set_fact:9017 ··set_fact:
9018 ····audit_arch:·b649018 ····audit_arch:·b64
9019 ··when:9019 ··when:
9020 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9021 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9020 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9021 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9022 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture9022 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
9023 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;9023 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
9024 ··tags:9024 ··tags:
9025 ··-·CJIS-5.4.1.19025 ··-·CJIS-5.4.1.1
9026 ··-·NIST-800-171-3.1.79026 ··-·NIST-800-171-3.1.7
9027 ··-·NIST-800-53-AC-6(9)9027 ··-·NIST-800-53-AC-6(9)
9028 ··-·NIST-800-53-AU-12(c)9028 ··-·NIST-800-53-AU-12(c)
Offset 9154, 16 lines modifiedOffset 9154, 16 lines modified
9154 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009154 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9155 ········-F·auid!=unset·-F·key=perm_mod9155 ········-F·auid!=unset·-F·key=perm_mod
9156 ······create:·true9156 ······create:·true
9157 ······mode:·o-rwx9157 ······mode:·o-rwx
9158 ······state:·present9158 ······state:·present
9159 ····when:·syscalls_found·|·length·==·09159 ····when:·syscalls_found·|·length·==·0
9160 ··when:9160 ··when:
9161 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9161 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9162 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9163 ··tags:9163 ··tags:
9164 ··-·CJIS-5.4.1.19164 ··-·CJIS-5.4.1.1
9165 ··-·NIST-800-171-3.1.79165 ··-·NIST-800-171-3.1.7
9166 ··-·NIST-800-53-AC-6(9)9166 ··-·NIST-800-53-AC-6(9)
9167 ··-·NIST-800-53-AU-12(c)9167 ··-·NIST-800-53-AU-12(c)
9168 ··-·NIST-800-53-AU-2(d)9168 ··-·NIST-800-53-AU-2(d)
9169 ··-·NIST-800-53-CM-6(a)9169 ··-·NIST-800-53-CM-6(a)
Offset 9292, 16 lines modifiedOffset 9292, 16 lines modified
9292 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009292 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9293 ········-F·auid!=unset·-F·key=perm_mod9293 ········-F·auid!=unset·-F·key=perm_mod
9294 ······create:·true9294 ······create:·true
9295 ······mode:·o-rwx9295 ······mode:·o-rwx
9296 ······state:·present9296 ······state:·present
9297 ····when:·syscalls_found·|·length·==·09297 ····when:·syscalls_found·|·length·==·0
9298 ··when:9298 ··when:
9299 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9300 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9299 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9300 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9301 ··-·audit_arch·==·&quot;b64&quot;9301 ··-·audit_arch·==·&quot;b64&quot;
9302 ··tags:9302 ··tags:
9303 ··-·CJIS-5.4.1.19303 ··-·CJIS-5.4.1.1
9304 ··-·NIST-800-171-3.1.79304 ··-·NIST-800-171-3.1.7
9305 ··-·NIST-800-53-AC-6(9)9305 ··-·NIST-800-53-AC-6(9)
9306 ··-·NIST-800-53-AU-12(c)9306 ··-·NIST-800-53-AU-12(c)
9307 ··-·NIST-800-53-AU-2(d)9307 ··-·NIST-800-53-AU-2(d)
Offset 9310, 15 lines modifiedOffset 9310, 15 lines modified
9310 ··-·audit_rules_media_export9310 ··-·audit_rules_media_export
9311 ··-·low_complexity9311 ··-·low_complexity
9312 ··-·low_disruption9312 ··-·low_disruption
9313 ··-·medium_severity9313 ··-·medium_severity
9314 ··-·reboot_required9314 ··-·reboot_required
9315 ··-·restrict_strategy</xccdf-1.2:fix>9315 ··-·restrict_strategy</xccdf-1.2:fix>
9316 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms9316 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
9317 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then9317 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed;·then
  
9318 #·First·perform·the·remediation·of·the·syscall·rule9318 #·First·perform·the·remediation·of·the·syscall·rule
9319 #·Retrieve·hardware·architecture·of·the·underlying·system9319 #·Retrieve·hardware·architecture·of·the·underlying·system
9320 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)9320 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
9321 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;9321 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
9322 do9322 do
Offset 10196, 16 lines modifiedOffset 10196, 16 lines modified
10196 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/10196 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
10197 ··find:10197 ··find:
10198 ····paths:·/etc/audit/rules.d10198 ····paths:·/etc/audit/rules.d
Max diff block lines reached; 111106/116118 bytes (95.68%) of diff not shown.
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml
    
Offset 16284, 16 lines modifiedOffset 16284, 16 lines modified
  
16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
16285 ··find:16285 ··find:
16286 ····paths:·/etc/audit/rules.d/16286 ····paths:·/etc/audit/rules.d/
16287 ····patterns:·'*.rules'16287 ····patterns:·'*.rules'
16288 ··register:·find_rules_d16288 ··register:·find_rules_d
16289 ··when:16289 ··when:
16290 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16291 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16290 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16291 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16292 ··tags:16292 ··tags:
16293 ··-·CJIS-5.4.1.116293 ··-·CJIS-5.4.1.1
16294 ··-·NIST-800-171-3.3.116294 ··-·NIST-800-171-3.3.1
16295 ··-·NIST-800-171-3.4.316295 ··-·NIST-800-171-3.4.3
16296 ··-·NIST-800-53-AC-6(9)16296 ··-·NIST-800-53-AC-6(9)
16297 ··-·NIST-800-53-CM-6(a)16297 ··-·NIST-800-53-CM-6(a)
16298 ··-·PCI-DSS-Req-10.5.216298 ··-·PCI-DSS-Req-10.5.2
Offset 16308, 16 lines modifiedOffset 16308, 16 lines modified
16308 ··lineinfile:16308 ··lineinfile:
16309 ····path:·'{{·item·}}'16309 ····path:·'{{·item·}}'
16310 ····regexp:·^\s*(?:-e)\s+.*$16310 ····regexp:·^\s*(?:-e)\s+.*$
16311 ····state:·absent16311 ····state:·absent
16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
16313 ····}}'16313 ····}}'
16314 ··when:16314 ··when:
16315 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16316 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16315 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16316 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16317 ··tags:16317 ··tags:
16318 ··-·CJIS-5.4.1.116318 ··-·CJIS-5.4.1.1
16319 ··-·NIST-800-171-3.3.116319 ··-·NIST-800-171-3.3.1
16320 ··-·NIST-800-171-3.4.316320 ··-·NIST-800-171-3.4.3
16321 ··-·NIST-800-53-AC-6(9)16321 ··-·NIST-800-53-AC-6(9)
16322 ··-·NIST-800-53-CM-6(a)16322 ··-·NIST-800-53-CM-6(a)
16323 ··-·PCI-DSS-Req-10.5.216323 ··-·PCI-DSS-Req-10.5.2
Offset 16334, 16 lines modifiedOffset 16334, 16 lines modified
16334 ····create:·true16334 ····create:·true
16335 ····line:·-e·216335 ····line:·-e·2
16336 ····mode:·o-rwx16336 ····mode:·o-rwx
16337 ··loop:16337 ··loop:
16338 ··-·/etc/audit/audit.rules16338 ··-·/etc/audit/audit.rules
16339 ··-·/etc/audit/rules.d/immutable.rules16339 ··-·/etc/audit/rules.d/immutable.rules
16340 ··when:16340 ··when:
16341 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16342 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16341 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16342 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16343 ··tags:16343 ··tags:
16344 ··-·CJIS-5.4.1.116344 ··-·CJIS-5.4.1.1
16345 ··-·NIST-800-171-3.3.116345 ··-·NIST-800-171-3.3.1
16346 ··-·NIST-800-171-3.4.316346 ··-·NIST-800-171-3.4.3
16347 ··-·NIST-800-53-AC-6(9)16347 ··-·NIST-800-53-AC-6(9)
16348 ··-·NIST-800-53-CM-6(a)16348 ··-·NIST-800-53-CM-6(a)
16349 ··-·PCI-DSS-Req-10.5.216349 ··-·PCI-DSS-Req-10.5.2
Offset 16687, 16 lines modifiedOffset 16687, 16 lines modified
16687 ··-·reboot_required16687 ··-·reboot_required
16688 ··-·restrict_strategy16688 ··-·restrict_strategy
  
16689 -·name:·Set·architecture·for·audit·mount·tasks16689 -·name:·Set·architecture·for·audit·mount·tasks
16690 ··set_fact:16690 ··set_fact:
16691 ····audit_arch:·b6416691 ····audit_arch:·b64
16692 ··when:16692 ··when:
16693 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16694 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16693 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16694 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16697 ··tags:16697 ··tags:
16698 ··-·CJIS-5.4.1.116698 ··-·CJIS-5.4.1.1
16699 ··-·NIST-800-171-3.1.716699 ··-·NIST-800-171-3.1.7
16700 ··-·NIST-800-53-AC-6(9)16700 ··-·NIST-800-53-AC-6(9)
16701 ··-·NIST-800-53-AU-12(c)16701 ··-·NIST-800-53-AU-12(c)
Offset 16827, 16 lines modifiedOffset 16827, 16 lines modified
16827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16828 ········-F·auid!=unset·-F·key=perm_mod16828 ········-F·auid!=unset·-F·key=perm_mod
16829 ······create:·true16829 ······create:·true
16830 ······mode:·o-rwx16830 ······mode:·o-rwx
16831 ······state:·present16831 ······state:·present
16832 ····when:·syscalls_found·|·length·==·016832 ····when:·syscalls_found·|·length·==·0
16833 ··when:16833 ··when:
16834 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16835 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16834 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16835 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16836 ··tags:16836 ··tags:
16837 ··-·CJIS-5.4.1.116837 ··-·CJIS-5.4.1.1
16838 ··-·NIST-800-171-3.1.716838 ··-·NIST-800-171-3.1.7
16839 ··-·NIST-800-53-AC-6(9)16839 ··-·NIST-800-53-AC-6(9)
16840 ··-·NIST-800-53-AU-12(c)16840 ··-·NIST-800-53-AU-12(c)
16841 ··-·NIST-800-53-AU-2(d)16841 ··-·NIST-800-53-AU-2(d)
16842 ··-·NIST-800-53-CM-6(a)16842 ··-·NIST-800-53-CM-6(a)
Offset 16965, 16 lines modifiedOffset 16965, 16 lines modified
16965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16966 ········-F·auid!=unset·-F·key=perm_mod16966 ········-F·auid!=unset·-F·key=perm_mod
16967 ······create:·true16967 ······create:·true
16968 ······mode:·o-rwx16968 ······mode:·o-rwx
16969 ······state:·present16969 ······state:·present
16970 ····when:·syscalls_found·|·length·==·016970 ····when:·syscalls_found·|·length·==·0
16971 ··when:16971 ··when:
16972 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16973 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16972 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16973 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16974 ··-·audit_arch·==·&quot;b64&quot;16974 ··-·audit_arch·==·&quot;b64&quot;
16975 ··tags:16975 ··tags:
16976 ··-·CJIS-5.4.1.116976 ··-·CJIS-5.4.1.1
16977 ··-·NIST-800-171-3.1.716977 ··-·NIST-800-171-3.1.7
16978 ··-·NIST-800-53-AC-6(9)16978 ··-·NIST-800-53-AC-6(9)
16979 ··-·NIST-800-53-AU-12(c)16979 ··-·NIST-800-53-AU-12(c)
16980 ··-·NIST-800-53-AU-2(d)16980 ··-·NIST-800-53-AU-2(d)
Offset 16983, 15 lines modifiedOffset 16983, 15 lines modified
16983 ··-·audit_rules_media_export16983 ··-·audit_rules_media_export
16984 ··-·low_complexity16984 ··-·low_complexity
16985 ··-·low_disruption16985 ··-·low_disruption
16986 ··-·medium_severity16986 ··-·medium_severity
16987 ··-·reboot_required16987 ··-·reboot_required
16988 ··-·restrict_strategy</xccdf-1.2:fix>16988 ··-·restrict_strategy</xccdf-1.2:fix>
16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16990 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then16990 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then
  
16991 #·First·perform·the·remediation·of·the·syscall·rule16991 #·First·perform·the·remediation·of·the·syscall·rule
16992 #·Retrieve·hardware·architecture·of·the·underlying·system16992 #·Retrieve·hardware·architecture·of·the·underlying·system
16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
16995 do16995 do
Offset 17674, 15 lines modifiedOffset 17674, 15 lines modified
17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>
17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>
17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>
Max diff block lines reached; 267035/272556 bytes (97.97%) of diff not shown.
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
    
Offset 16284, 16 lines modifiedOffset 16284, 16 lines modified
  
16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
16285 ··find:16285 ··find:
16286 ····paths:·/etc/audit/rules.d/16286 ····paths:·/etc/audit/rules.d/
16287 ····patterns:·'*.rules'16287 ····patterns:·'*.rules'
16288 ··register:·find_rules_d16288 ··register:·find_rules_d
16289 ··when:16289 ··when:
16290 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16291 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16290 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16291 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16292 ··tags:16292 ··tags:
16293 ··-·CJIS-5.4.1.116293 ··-·CJIS-5.4.1.1
16294 ··-·NIST-800-171-3.3.116294 ··-·NIST-800-171-3.3.1
16295 ··-·NIST-800-171-3.4.316295 ··-·NIST-800-171-3.4.3
16296 ··-·NIST-800-53-AC-6(9)16296 ··-·NIST-800-53-AC-6(9)
16297 ··-·NIST-800-53-CM-6(a)16297 ··-·NIST-800-53-CM-6(a)
16298 ··-·PCI-DSS-Req-10.5.216298 ··-·PCI-DSS-Req-10.5.2
Offset 16308, 16 lines modifiedOffset 16308, 16 lines modified
16308 ··lineinfile:16308 ··lineinfile:
16309 ····path:·'{{·item·}}'16309 ····path:·'{{·item·}}'
16310 ····regexp:·^\s*(?:-e)\s+.*$16310 ····regexp:·^\s*(?:-e)\s+.*$
16311 ····state:·absent16311 ····state:·absent
16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
16313 ····}}'16313 ····}}'
16314 ··when:16314 ··when:
16315 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16316 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16315 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16316 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16317 ··tags:16317 ··tags:
16318 ··-·CJIS-5.4.1.116318 ··-·CJIS-5.4.1.1
16319 ··-·NIST-800-171-3.3.116319 ··-·NIST-800-171-3.3.1
16320 ··-·NIST-800-171-3.4.316320 ··-·NIST-800-171-3.4.3
16321 ··-·NIST-800-53-AC-6(9)16321 ··-·NIST-800-53-AC-6(9)
16322 ··-·NIST-800-53-CM-6(a)16322 ··-·NIST-800-53-CM-6(a)
16323 ··-·PCI-DSS-Req-10.5.216323 ··-·PCI-DSS-Req-10.5.2
Offset 16334, 16 lines modifiedOffset 16334, 16 lines modified
16334 ····create:·true16334 ····create:·true
16335 ····line:·-e·216335 ····line:·-e·2
16336 ····mode:·o-rwx16336 ····mode:·o-rwx
16337 ··loop:16337 ··loop:
16338 ··-·/etc/audit/audit.rules16338 ··-·/etc/audit/audit.rules
16339 ··-·/etc/audit/rules.d/immutable.rules16339 ··-·/etc/audit/rules.d/immutable.rules
16340 ··when:16340 ··when:
16341 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16342 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16341 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16342 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16343 ··tags:16343 ··tags:
16344 ··-·CJIS-5.4.1.116344 ··-·CJIS-5.4.1.1
16345 ··-·NIST-800-171-3.3.116345 ··-·NIST-800-171-3.3.1
16346 ··-·NIST-800-171-3.4.316346 ··-·NIST-800-171-3.4.3
16347 ··-·NIST-800-53-AC-6(9)16347 ··-·NIST-800-53-AC-6(9)
16348 ··-·NIST-800-53-CM-6(a)16348 ··-·NIST-800-53-CM-6(a)
16349 ··-·PCI-DSS-Req-10.5.216349 ··-·PCI-DSS-Req-10.5.2
Offset 16687, 16 lines modifiedOffset 16687, 16 lines modified
16687 ··-·reboot_required16687 ··-·reboot_required
16688 ··-·restrict_strategy16688 ··-·restrict_strategy
  
16689 -·name:·Set·architecture·for·audit·mount·tasks16689 -·name:·Set·architecture·for·audit·mount·tasks
16690 ··set_fact:16690 ··set_fact:
16691 ····audit_arch:·b6416691 ····audit_arch:·b64
16692 ··when:16692 ··when:
16693 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16694 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16693 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16694 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16697 ··tags:16697 ··tags:
16698 ··-·CJIS-5.4.1.116698 ··-·CJIS-5.4.1.1
16699 ··-·NIST-800-171-3.1.716699 ··-·NIST-800-171-3.1.7
16700 ··-·NIST-800-53-AC-6(9)16700 ··-·NIST-800-53-AC-6(9)
16701 ··-·NIST-800-53-AU-12(c)16701 ··-·NIST-800-53-AU-12(c)
Offset 16827, 16 lines modifiedOffset 16827, 16 lines modified
16827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16828 ········-F·auid!=unset·-F·key=perm_mod16828 ········-F·auid!=unset·-F·key=perm_mod
16829 ······create:·true16829 ······create:·true
16830 ······mode:·o-rwx16830 ······mode:·o-rwx
16831 ······state:·present16831 ······state:·present
16832 ····when:·syscalls_found·|·length·==·016832 ····when:·syscalls_found·|·length·==·0
16833 ··when:16833 ··when:
16834 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16835 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16834 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16835 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16836 ··tags:16836 ··tags:
16837 ··-·CJIS-5.4.1.116837 ··-·CJIS-5.4.1.1
16838 ··-·NIST-800-171-3.1.716838 ··-·NIST-800-171-3.1.7
16839 ··-·NIST-800-53-AC-6(9)16839 ··-·NIST-800-53-AC-6(9)
16840 ··-·NIST-800-53-AU-12(c)16840 ··-·NIST-800-53-AU-12(c)
16841 ··-·NIST-800-53-AU-2(d)16841 ··-·NIST-800-53-AU-2(d)
16842 ··-·NIST-800-53-CM-6(a)16842 ··-·NIST-800-53-CM-6(a)
Offset 16965, 16 lines modifiedOffset 16965, 16 lines modified
16965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16966 ········-F·auid!=unset·-F·key=perm_mod16966 ········-F·auid!=unset·-F·key=perm_mod
16967 ······create:·true16967 ······create:·true
16968 ······mode:·o-rwx16968 ······mode:·o-rwx
16969 ······state:·present16969 ······state:·present
16970 ····when:·syscalls_found·|·length·==·016970 ····when:·syscalls_found·|·length·==·0
16971 ··when:16971 ··when:
16972 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16973 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16972 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16973 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16974 ··-·audit_arch·==·&quot;b64&quot;16974 ··-·audit_arch·==·&quot;b64&quot;
16975 ··tags:16975 ··tags:
16976 ··-·CJIS-5.4.1.116976 ··-·CJIS-5.4.1.1
16977 ··-·NIST-800-171-3.1.716977 ··-·NIST-800-171-3.1.7
16978 ··-·NIST-800-53-AC-6(9)16978 ··-·NIST-800-53-AC-6(9)
16979 ··-·NIST-800-53-AU-12(c)16979 ··-·NIST-800-53-AU-12(c)
16980 ··-·NIST-800-53-AU-2(d)16980 ··-·NIST-800-53-AU-2(d)
Offset 16983, 15 lines modifiedOffset 16983, 15 lines modified
16983 ··-·audit_rules_media_export16983 ··-·audit_rules_media_export
16984 ··-·low_complexity16984 ··-·low_complexity
16985 ··-·low_disruption16985 ··-·low_disruption
16986 ··-·medium_severity16986 ··-·medium_severity
16987 ··-·reboot_required16987 ··-·reboot_required
16988 ··-·restrict_strategy</xccdf-1.2:fix>16988 ··-·restrict_strategy</xccdf-1.2:fix>
16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16990 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then16990 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then
  
16991 #·First·perform·the·remediation·of·the·syscall·rule16991 #·First·perform·the·remediation·of·the·syscall·rule
16992 #·Retrieve·hardware·architecture·of·the·underlying·system16992 #·Retrieve·hardware·architecture·of·the·underlying·system
16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
16995 do16995 do
Offset 17674, 15 lines modifiedOffset 17674, 15 lines modified
17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>
17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>
17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>
Max diff block lines reached; 267035/272556 bytes (97.97%) of diff not shown.
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
265 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
    
Offset 16180, 16 lines modifiedOffset 16180, 16 lines modified
  
16180 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension16180 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
16181 ··find:16181 ··find:
16182 ····paths:·/etc/audit/rules.d/16182 ····paths:·/etc/audit/rules.d/
16183 ····patterns:·'*.rules'16183 ····patterns:·'*.rules'
16184 ··register:·find_rules_d16184 ··register:·find_rules_d
16185 ··when:16185 ··when:
16186 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16187 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16186 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16187 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16188 ··tags:16188 ··tags:
16189 ··-·CJIS-5.4.1.116189 ··-·CJIS-5.4.1.1
16190 ··-·NIST-800-171-3.3.116190 ··-·NIST-800-171-3.3.1
16191 ··-·NIST-800-171-3.4.316191 ··-·NIST-800-171-3.4.3
16192 ··-·NIST-800-53-AC-6(9)16192 ··-·NIST-800-53-AC-6(9)
16193 ··-·NIST-800-53-CM-6(a)16193 ··-·NIST-800-53-CM-6(a)
16194 ··-·PCI-DSS-Req-10.5.216194 ··-·PCI-DSS-Req-10.5.2
Offset 16204, 16 lines modifiedOffset 16204, 16 lines modified
16204 ··lineinfile:16204 ··lineinfile:
16205 ····path:·'{{·item·}}'16205 ····path:·'{{·item·}}'
16206 ····regexp:·^\s*(?:-e)\s+.*$16206 ····regexp:·^\s*(?:-e)\s+.*$
16207 ····state:·absent16207 ····state:·absent
16208 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']16208 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
16209 ····}}'16209 ····}}'
16210 ··when:16210 ··when:
16211 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16212 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16211 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16212 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16213 ··tags:16213 ··tags:
16214 ··-·CJIS-5.4.1.116214 ··-·CJIS-5.4.1.1
16215 ··-·NIST-800-171-3.3.116215 ··-·NIST-800-171-3.3.1
16216 ··-·NIST-800-171-3.4.316216 ··-·NIST-800-171-3.4.3
16217 ··-·NIST-800-53-AC-6(9)16217 ··-·NIST-800-53-AC-6(9)
16218 ··-·NIST-800-53-CM-6(a)16218 ··-·NIST-800-53-CM-6(a)
16219 ··-·PCI-DSS-Req-10.5.216219 ··-·PCI-DSS-Req-10.5.2
Offset 16230, 16 lines modifiedOffset 16230, 16 lines modified
16230 ····create:·true16230 ····create:·true
16231 ····line:·-e·216231 ····line:·-e·2
16232 ····mode:·o-rwx16232 ····mode:·o-rwx
16233 ··loop:16233 ··loop:
16234 ··-·/etc/audit/audit.rules16234 ··-·/etc/audit/audit.rules
16235 ··-·/etc/audit/rules.d/immutable.rules16235 ··-·/etc/audit/rules.d/immutable.rules
16236 ··when:16236 ··when:
16237 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16238 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16237 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16238 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16239 ··tags:16239 ··tags:
16240 ··-·CJIS-5.4.1.116240 ··-·CJIS-5.4.1.1
16241 ··-·NIST-800-171-3.3.116241 ··-·NIST-800-171-3.3.1
16242 ··-·NIST-800-171-3.4.316242 ··-·NIST-800-171-3.4.3
16243 ··-·NIST-800-53-AC-6(9)16243 ··-·NIST-800-53-AC-6(9)
16244 ··-·NIST-800-53-CM-6(a)16244 ··-·NIST-800-53-CM-6(a)
16245 ··-·PCI-DSS-Req-10.5.216245 ··-·PCI-DSS-Req-10.5.2
Offset 16583, 16 lines modifiedOffset 16583, 16 lines modified
16583 ··-·reboot_required16583 ··-·reboot_required
16584 ··-·restrict_strategy16584 ··-·restrict_strategy
  
16585 -·name:·Set·architecture·for·audit·mount·tasks16585 -·name:·Set·architecture·for·audit·mount·tasks
16586 ··set_fact:16586 ··set_fact:
16587 ····audit_arch:·b6416587 ····audit_arch:·b64
16588 ··when:16588 ··when:
16589 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16590 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16589 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16590 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16591 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16591 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16592 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16592 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16593 ··tags:16593 ··tags:
16594 ··-·CJIS-5.4.1.116594 ··-·CJIS-5.4.1.1
16595 ··-·NIST-800-171-3.1.716595 ··-·NIST-800-171-3.1.7
16596 ··-·NIST-800-53-AC-6(9)16596 ··-·NIST-800-53-AC-6(9)
16597 ··-·NIST-800-53-AU-12(c)16597 ··-·NIST-800-53-AU-12(c)
Offset 16723, 16 lines modifiedOffset 16723, 16 lines modified
16723 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016723 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16724 ········-F·auid!=unset·-F·key=perm_mod16724 ········-F·auid!=unset·-F·key=perm_mod
16725 ······create:·true16725 ······create:·true
16726 ······mode:·o-rwx16726 ······mode:·o-rwx
16727 ······state:·present16727 ······state:·present
16728 ····when:·syscalls_found·|·length·==·016728 ····when:·syscalls_found·|·length·==·0
16729 ··when:16729 ··when:
16730 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16731 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16730 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16731 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16732 ··tags:16732 ··tags:
16733 ··-·CJIS-5.4.1.116733 ··-·CJIS-5.4.1.1
16734 ··-·NIST-800-171-3.1.716734 ··-·NIST-800-171-3.1.7
16735 ··-·NIST-800-53-AC-6(9)16735 ··-·NIST-800-53-AC-6(9)
16736 ··-·NIST-800-53-AU-12(c)16736 ··-·NIST-800-53-AU-12(c)
16737 ··-·NIST-800-53-AU-2(d)16737 ··-·NIST-800-53-AU-2(d)
16738 ··-·NIST-800-53-CM-6(a)16738 ··-·NIST-800-53-CM-6(a)
Offset 16861, 16 lines modifiedOffset 16861, 16 lines modified
16861 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016861 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16862 ········-F·auid!=unset·-F·key=perm_mod16862 ········-F·auid!=unset·-F·key=perm_mod
16863 ······create:·true16863 ······create:·true
16864 ······mode:·o-rwx16864 ······mode:·o-rwx
16865 ······state:·present16865 ······state:·present
16866 ····when:·syscalls_found·|·length·==·016866 ····when:·syscalls_found·|·length·==·0
16867 ··when:16867 ··when:
16868 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16869 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16868 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16869 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16870 ··-·audit_arch·==·&quot;b64&quot;16870 ··-·audit_arch·==·&quot;b64&quot;
16871 ··tags:16871 ··tags:
16872 ··-·CJIS-5.4.1.116872 ··-·CJIS-5.4.1.1
16873 ··-·NIST-800-171-3.1.716873 ··-·NIST-800-171-3.1.7
16874 ··-·NIST-800-53-AC-6(9)16874 ··-·NIST-800-53-AC-6(9)
16875 ··-·NIST-800-53-AU-12(c)16875 ··-·NIST-800-53-AU-12(c)
16876 ··-·NIST-800-53-AU-2(d)16876 ··-·NIST-800-53-AU-2(d)
Offset 16879, 15 lines modifiedOffset 16879, 15 lines modified
16879 ··-·audit_rules_media_export16879 ··-·audit_rules_media_export
16880 ··-·low_complexity16880 ··-·low_complexity
16881 ··-·low_disruption16881 ··-·low_disruption
16882 ··-·medium_severity16882 ··-·medium_severity
16883 ··-·reboot_required16883 ··-·reboot_required
16884 ··-·restrict_strategy</xccdf-1.2:fix>16884 ··-·restrict_strategy</xccdf-1.2:fix>
16885 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16885 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16886 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then16886 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then
  
16887 #·First·perform·the·remediation·of·the·syscall·rule16887 #·First·perform·the·remediation·of·the·syscall·rule
16888 #·Retrieve·hardware·architecture·of·the·underlying·system16888 #·Retrieve·hardware·architecture·of·the·underlying·system
16889 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)16889 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
16890 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;16890 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
16891 do16891 do
Offset 17570, 15 lines modifiedOffset 17570, 15 lines modified
17570 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>17570 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>
17571 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>17571 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>
17572 ··········<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>17572 ··········<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>
Max diff block lines reached; 266231/271732 bytes (97.98%) of diff not shown.
4.93 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds-1.2.xml
4.81 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds-1.2.xml
    
Offset 76545, 16 lines modifiedOffset 76545, 16 lines modified
76545 ··-·no_reboot_needed76545 ··-·no_reboot_needed
  
76546 -·name:·Test·for·existence·/boot/grub/grub.cfg76546 -·name:·Test·for·existence·/boot/grub/grub.cfg
76547 ··stat:76547 ··stat:
76548 ····path:·/boot/grub/grub.cfg76548 ····path:·/boot/grub/grub.cfg
76549 ··register:·file_exists76549 ··register:·file_exists
76550 ··when:76550 ··when:
76551 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76552 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76551 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76552 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76554 ··tags:76554 ··tags:
76555 ··-·CJIS-5.5.2.276555 ··-·CJIS-5.5.2.2
76556 ··-·NIST-800-171-3.4.576556 ··-·NIST-800-171-3.4.5
76557 ··-·NIST-800-53-AC-6(1)76557 ··-·NIST-800-53-AC-6(1)
76558 ··-·NIST-800-53-CM-6(a)76558 ··-·NIST-800-53-CM-6(a)
76559 ··-·PCI-DSS-Req-7.176559 ··-·PCI-DSS-Req-7.1
Offset 76566, 16 lines modifiedOffset 76566, 16 lines modified
76566 ··-·no_reboot_needed76566 ··-·no_reboot_needed
  
76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
76568 ··file:76568 ··file:
76569 ····path:·/boot/grub/grub.cfg76569 ····path:·/boot/grub/grub.cfg
76570 ····owner:·'0'76570 ····owner:·'0'
76571 ··when:76571 ··when:
76572 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76573 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76572 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76573 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76576 ··tags:76576 ··tags:
76577 ··-·CJIS-5.5.2.276577 ··-·CJIS-5.5.2.2
76578 ··-·NIST-800-171-3.4.576578 ··-·NIST-800-171-3.4.5
76579 ··-·NIST-800-53-AC-6(1)76579 ··-·NIST-800-53-AC-6(1)
76580 ··-·NIST-800-53-CM-6(a)76580 ··-·NIST-800-53-CM-6(a)
Offset 76583, 15 lines modifiedOffset 76583, 15 lines modified
76583 ··-·configure_strategy76583 ··-·configure_strategy
76584 ··-·file_owner_grub2_cfg76584 ··-·file_owner_grub2_cfg
76585 ··-·low_complexity76585 ··-·low_complexity
76586 ··-·low_disruption76586 ··-·low_disruption
76587 ··-·medium_severity76587 ··-·medium_severity
76588 ··-·no_reboot_needed</xccdf-1.2:fix>76588 ··-·no_reboot_needed</xccdf-1.2:fix>
76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76590 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76590 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76591 chown·0·/boot/grub/grub.cfg76591 chown·0·/boot/grub/grub.cfg
  
76592 else76592 else
76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76594 fi</xccdf-1.2:fix>76594 fi</xccdf-1.2:fix>
76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 76687, 16 lines modifiedOffset 76687, 16 lines modified
76687 ··-·no_reboot_needed76687 ··-·no_reboot_needed
  
76688 -·name:·Test·for·existence·/boot/grub/grub.cfg76688 -·name:·Test·for·existence·/boot/grub/grub.cfg
76689 ··stat:76689 ··stat:
76690 ····path:·/boot/grub/grub.cfg76690 ····path:·/boot/grub/grub.cfg
76691 ··register:·file_exists76691 ··register:·file_exists
76692 ··when:76692 ··when:
76693 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76694 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76693 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76694 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76696 ··tags:76696 ··tags:
76697 ··-·NIST-800-171-3.4.576697 ··-·NIST-800-171-3.4.5
76698 ··-·NIST-800-53-AC-6(1)76698 ··-·NIST-800-53-AC-6(1)
76699 ··-·NIST-800-53-CM-6(a)76699 ··-·NIST-800-53-CM-6(a)
76700 ··-·configure_strategy76700 ··-·configure_strategy
76701 ··-·file_permissions_grub2_cfg76701 ··-·file_permissions_grub2_cfg
Offset 76706, 30 lines modifiedOffset 76706, 30 lines modified
76706 ··-·no_reboot_needed76706 ··-·no_reboot_needed
  
76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
76708 ··file:76708 ··file:
76709 ····path:·/boot/grub/grub.cfg76709 ····path:·/boot/grub/grub.cfg
76710 ····mode:·u-xs,g-xwrs,o-xwrt76710 ····mode:·u-xs,g-xwrs,o-xwrt
76711 ··when:76711 ··when:
76712 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76713 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76712 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76713 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76716 ··tags:76716 ··tags:
76717 ··-·NIST-800-171-3.4.576717 ··-·NIST-800-171-3.4.5
76718 ··-·NIST-800-53-AC-6(1)76718 ··-·NIST-800-53-AC-6(1)
76719 ··-·NIST-800-53-CM-6(a)76719 ··-·NIST-800-53-CM-6(a)
76720 ··-·configure_strategy76720 ··-·configure_strategy
76721 ··-·file_permissions_grub2_cfg76721 ··-·file_permissions_grub2_cfg
76722 ··-·low_complexity76722 ··-·low_complexity
76723 ··-·low_disruption76723 ··-·low_disruption
76724 ··-·medium_severity76724 ··-·medium_severity
76725 ··-·no_reboot_needed</xccdf-1.2:fix>76725 ··-·no_reboot_needed</xccdf-1.2:fix>
76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76727 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76727 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
76729 else76729 else
76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76731 fi</xccdf-1.2:fix>76731 fi</xccdf-1.2:fix>
76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
4.91 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
4.8 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
    
Offset 76545, 16 lines modifiedOffset 76545, 16 lines modified
76545 ··-·no_reboot_needed76545 ··-·no_reboot_needed
  
76546 -·name:·Test·for·existence·/boot/grub/grub.cfg76546 -·name:·Test·for·existence·/boot/grub/grub.cfg
76547 ··stat:76547 ··stat:
76548 ····path:·/boot/grub/grub.cfg76548 ····path:·/boot/grub/grub.cfg
76549 ··register:·file_exists76549 ··register:·file_exists
76550 ··when:76550 ··when:
76551 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76552 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76551 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76552 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76554 ··tags:76554 ··tags:
76555 ··-·CJIS-5.5.2.276555 ··-·CJIS-5.5.2.2
76556 ··-·NIST-800-171-3.4.576556 ··-·NIST-800-171-3.4.5
76557 ··-·NIST-800-53-AC-6(1)76557 ··-·NIST-800-53-AC-6(1)
76558 ··-·NIST-800-53-CM-6(a)76558 ··-·NIST-800-53-CM-6(a)
76559 ··-·PCI-DSS-Req-7.176559 ··-·PCI-DSS-Req-7.1
Offset 76566, 16 lines modifiedOffset 76566, 16 lines modified
76566 ··-·no_reboot_needed76566 ··-·no_reboot_needed
  
76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
76568 ··file:76568 ··file:
76569 ····path:·/boot/grub/grub.cfg76569 ····path:·/boot/grub/grub.cfg
76570 ····owner:·'0'76570 ····owner:·'0'
76571 ··when:76571 ··when:
76572 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76573 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76572 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76573 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76576 ··tags:76576 ··tags:
76577 ··-·CJIS-5.5.2.276577 ··-·CJIS-5.5.2.2
76578 ··-·NIST-800-171-3.4.576578 ··-·NIST-800-171-3.4.5
76579 ··-·NIST-800-53-AC-6(1)76579 ··-·NIST-800-53-AC-6(1)
76580 ··-·NIST-800-53-CM-6(a)76580 ··-·NIST-800-53-CM-6(a)
Offset 76583, 15 lines modifiedOffset 76583, 15 lines modified
76583 ··-·configure_strategy76583 ··-·configure_strategy
76584 ··-·file_owner_grub2_cfg76584 ··-·file_owner_grub2_cfg
76585 ··-·low_complexity76585 ··-·low_complexity
76586 ··-·low_disruption76586 ··-·low_disruption
76587 ··-·medium_severity76587 ··-·medium_severity
76588 ··-·no_reboot_needed</xccdf-1.2:fix>76588 ··-·no_reboot_needed</xccdf-1.2:fix>
76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76590 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76590 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76591 chown·0·/boot/grub/grub.cfg76591 chown·0·/boot/grub/grub.cfg
  
76592 else76592 else
76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76594 fi</xccdf-1.2:fix>76594 fi</xccdf-1.2:fix>
76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 76687, 16 lines modifiedOffset 76687, 16 lines modified
76687 ··-·no_reboot_needed76687 ··-·no_reboot_needed
  
76688 -·name:·Test·for·existence·/boot/grub/grub.cfg76688 -·name:·Test·for·existence·/boot/grub/grub.cfg
76689 ··stat:76689 ··stat:
76690 ····path:·/boot/grub/grub.cfg76690 ····path:·/boot/grub/grub.cfg
76691 ··register:·file_exists76691 ··register:·file_exists
76692 ··when:76692 ··when:
76693 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76694 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76693 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76694 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76696 ··tags:76696 ··tags:
76697 ··-·NIST-800-171-3.4.576697 ··-·NIST-800-171-3.4.5
76698 ··-·NIST-800-53-AC-6(1)76698 ··-·NIST-800-53-AC-6(1)
76699 ··-·NIST-800-53-CM-6(a)76699 ··-·NIST-800-53-CM-6(a)
76700 ··-·configure_strategy76700 ··-·configure_strategy
76701 ··-·file_permissions_grub2_cfg76701 ··-·file_permissions_grub2_cfg
Offset 76706, 30 lines modifiedOffset 76706, 30 lines modified
76706 ··-·no_reboot_needed76706 ··-·no_reboot_needed
  
76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
76708 ··file:76708 ··file:
76709 ····path:·/boot/grub/grub.cfg76709 ····path:·/boot/grub/grub.cfg
76710 ····mode:·u-xs,g-xwrs,o-xwrt76710 ····mode:·u-xs,g-xwrs,o-xwrt
76711 ··when:76711 ··when:
76712 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76713 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76712 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76713 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76716 ··tags:76716 ··tags:
76717 ··-·NIST-800-171-3.4.576717 ··-·NIST-800-171-3.4.5
76718 ··-·NIST-800-53-AC-6(1)76718 ··-·NIST-800-53-AC-6(1)
76719 ··-·NIST-800-53-CM-6(a)76719 ··-·NIST-800-53-CM-6(a)
76720 ··-·configure_strategy76720 ··-·configure_strategy
76721 ··-·file_permissions_grub2_cfg76721 ··-·file_permissions_grub2_cfg
76722 ··-·low_complexity76722 ··-·low_complexity
76723 ··-·low_disruption76723 ··-·low_disruption
76724 ··-·medium_severity76724 ··-·medium_severity
76725 ··-·no_reboot_needed</xccdf-1.2:fix>76725 ··-·no_reboot_needed</xccdf-1.2:fix>
76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76727 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76727 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
76729 else76729 else
76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76731 fi</xccdf-1.2:fix>76731 fi</xccdf-1.2:fix>
76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
4.91 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
4.79 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
    
Offset 76441, 16 lines modifiedOffset 76441, 16 lines modified
76441 ··-·no_reboot_needed76441 ··-·no_reboot_needed
  
76442 -·name:·Test·for·existence·/boot/grub/grub.cfg76442 -·name:·Test·for·existence·/boot/grub/grub.cfg
76443 ··stat:76443 ··stat:
76444 ····path:·/boot/grub/grub.cfg76444 ····path:·/boot/grub/grub.cfg
76445 ··register:·file_exists76445 ··register:·file_exists
76446 ··when:76446 ··when:
76447 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76448 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76447 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76448 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76449 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76449 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76450 ··tags:76450 ··tags:
76451 ··-·CJIS-5.5.2.276451 ··-·CJIS-5.5.2.2
76452 ··-·NIST-800-171-3.4.576452 ··-·NIST-800-171-3.4.5
76453 ··-·NIST-800-53-AC-6(1)76453 ··-·NIST-800-53-AC-6(1)
76454 ··-·NIST-800-53-CM-6(a)76454 ··-·NIST-800-53-CM-6(a)
76455 ··-·PCI-DSS-Req-7.176455 ··-·PCI-DSS-Req-7.1
Offset 76462, 16 lines modifiedOffset 76462, 16 lines modified
76462 ··-·no_reboot_needed76462 ··-·no_reboot_needed
  
76463 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg76463 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
76464 ··file:76464 ··file:
76465 ····path:·/boot/grub/grub.cfg76465 ····path:·/boot/grub/grub.cfg
76466 ····owner:·'0'76466 ····owner:·'0'
76467 ··when:76467 ··when:
76468 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76469 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76468 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76469 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76470 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76470 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76471 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76471 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76472 ··tags:76472 ··tags:
76473 ··-·CJIS-5.5.2.276473 ··-·CJIS-5.5.2.2
76474 ··-·NIST-800-171-3.4.576474 ··-·NIST-800-171-3.4.5
76475 ··-·NIST-800-53-AC-6(1)76475 ··-·NIST-800-53-AC-6(1)
76476 ··-·NIST-800-53-CM-6(a)76476 ··-·NIST-800-53-CM-6(a)
Offset 76479, 15 lines modifiedOffset 76479, 15 lines modified
76479 ··-·configure_strategy76479 ··-·configure_strategy
76480 ··-·file_owner_grub2_cfg76480 ··-·file_owner_grub2_cfg
76481 ··-·low_complexity76481 ··-·low_complexity
76482 ··-·low_disruption76482 ··-·low_disruption
76483 ··-·medium_severity76483 ··-·medium_severity
76484 ··-·no_reboot_needed</xccdf-1.2:fix>76484 ··-·no_reboot_needed</xccdf-1.2:fix>
76485 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76485 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76486 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76486 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76487 chown·0·/boot/grub/grub.cfg76487 chown·0·/boot/grub/grub.cfg
  
76488 else76488 else
76489 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76489 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76490 fi</xccdf-1.2:fix>76490 fi</xccdf-1.2:fix>
76491 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76491 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 76583, 16 lines modifiedOffset 76583, 16 lines modified
76583 ··-·no_reboot_needed76583 ··-·no_reboot_needed
  
76584 -·name:·Test·for·existence·/boot/grub/grub.cfg76584 -·name:·Test·for·existence·/boot/grub/grub.cfg
76585 ··stat:76585 ··stat:
76586 ····path:·/boot/grub/grub.cfg76586 ····path:·/boot/grub/grub.cfg
76587 ··register:·file_exists76587 ··register:·file_exists
76588 ··when:76588 ··when:
76589 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76590 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76589 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76590 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76591 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76591 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76592 ··tags:76592 ··tags:
76593 ··-·NIST-800-171-3.4.576593 ··-·NIST-800-171-3.4.5
76594 ··-·NIST-800-53-AC-6(1)76594 ··-·NIST-800-53-AC-6(1)
76595 ··-·NIST-800-53-CM-6(a)76595 ··-·NIST-800-53-CM-6(a)
76596 ··-·configure_strategy76596 ··-·configure_strategy
76597 ··-·file_permissions_grub2_cfg76597 ··-·file_permissions_grub2_cfg
Offset 76602, 30 lines modifiedOffset 76602, 30 lines modified
76602 ··-·no_reboot_needed76602 ··-·no_reboot_needed
  
76603 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg76603 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
76604 ··file:76604 ··file:
76605 ····path:·/boot/grub/grub.cfg76605 ····path:·/boot/grub/grub.cfg
76606 ····mode:·u-xs,g-xwrs,o-xwrt76606 ····mode:·u-xs,g-xwrs,o-xwrt
76607 ··when:76607 ··when:
76608 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76609 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76608 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76609 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76610 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76610 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76611 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76611 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76612 ··tags:76612 ··tags:
76613 ··-·NIST-800-171-3.4.576613 ··-·NIST-800-171-3.4.5
76614 ··-·NIST-800-53-AC-6(1)76614 ··-·NIST-800-53-AC-6(1)
76615 ··-·NIST-800-53-CM-6(a)76615 ··-·NIST-800-53-CM-6(a)
76616 ··-·configure_strategy76616 ··-·configure_strategy
76617 ··-·file_permissions_grub2_cfg76617 ··-·file_permissions_grub2_cfg
76618 ··-·low_complexity76618 ··-·low_complexity
76619 ··-·low_disruption76619 ··-·low_disruption
76620 ··-·medium_severity76620 ··-·medium_severity
76621 ··-·no_reboot_needed</xccdf-1.2:fix>76621 ··-·no_reboot_needed</xccdf-1.2:fix>
76622 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76622 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76623 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76623 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76624 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg76624 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
76625 else76625 else
76626 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76626 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76627 fi</xccdf-1.2:fix>76627 fi</xccdf-1.2:fix>
76628 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76628 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
159 KB
ssg-debian_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····1824·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····1820·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0···826596·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0···826496·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
158 KB
data.tar.xz
158 KB
data.tar
52.8 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml
    
Offset 8329, 16 lines modifiedOffset 8329, 16 lines modified
  
8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8330 ··find:8330 ··find:
8331 ····paths:·/etc/audit/rules.d/8331 ····paths:·/etc/audit/rules.d/
8332 ····patterns:·'*.rules'8332 ····patterns:·'*.rules'
8333 ··register:·find_rules_d8333 ··register:·find_rules_d
8334 ··when:8334 ··when:
8335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8336 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8335 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8336 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8337 ··tags:8337 ··tags:
8338 ··-·CJIS-5.4.1.18338 ··-·CJIS-5.4.1.1
8339 ··-·NIST-800-171-3.3.18339 ··-·NIST-800-171-3.3.1
8340 ··-·NIST-800-171-3.4.38340 ··-·NIST-800-171-3.4.3
8341 ··-·NIST-800-53-AC-6(9)8341 ··-·NIST-800-53-AC-6(9)
8342 ··-·NIST-800-53-CM-6(a)8342 ··-·NIST-800-53-CM-6(a)
8343 ··-·PCI-DSS-Req-10.5.28343 ··-·PCI-DSS-Req-10.5.2
Offset 8353, 16 lines modifiedOffset 8353, 16 lines modified
8353 ··lineinfile:8353 ··lineinfile:
8354 ····path:·'{{·item·}}'8354 ····path:·'{{·item·}}'
8355 ····regexp:·^\s*(?:-e)\s+.*$8355 ····regexp:·^\s*(?:-e)\s+.*$
8356 ····state:·absent8356 ····state:·absent
8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8358 ····}}'8358 ····}}'
8359 ··when:8359 ··when:
8360 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8361 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8360 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8361 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8362 ··tags:8362 ··tags:
8363 ··-·CJIS-5.4.1.18363 ··-·CJIS-5.4.1.1
8364 ··-·NIST-800-171-3.3.18364 ··-·NIST-800-171-3.3.1
8365 ··-·NIST-800-171-3.4.38365 ··-·NIST-800-171-3.4.3
8366 ··-·NIST-800-53-AC-6(9)8366 ··-·NIST-800-53-AC-6(9)
8367 ··-·NIST-800-53-CM-6(a)8367 ··-·NIST-800-53-CM-6(a)
8368 ··-·PCI-DSS-Req-10.5.28368 ··-·PCI-DSS-Req-10.5.2
Offset 8379, 16 lines modifiedOffset 8379, 16 lines modified
8379 ····create:·true8379 ····create:·true
8380 ····line:·-e·28380 ····line:·-e·2
8381 ····mode:·o-rwx8381 ····mode:·o-rwx
8382 ··loop:8382 ··loop:
8383 ··-·/etc/audit/audit.rules8383 ··-·/etc/audit/audit.rules
8384 ··-·/etc/audit/rules.d/immutable.rules8384 ··-·/etc/audit/rules.d/immutable.rules
8385 ··when:8385 ··when:
8386 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8387 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8386 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8387 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8388 ··tags:8388 ··tags:
8389 ··-·CJIS-5.4.1.18389 ··-·CJIS-5.4.1.1
8390 ··-·NIST-800-171-3.3.18390 ··-·NIST-800-171-3.3.1
8391 ··-·NIST-800-171-3.4.38391 ··-·NIST-800-171-3.4.3
8392 ··-·NIST-800-53-AC-6(9)8392 ··-·NIST-800-53-AC-6(9)
8393 ··-·NIST-800-53-CM-6(a)8393 ··-·NIST-800-53-CM-6(a)
8394 ··-·PCI-DSS-Req-10.5.28394 ··-·PCI-DSS-Req-10.5.2
Offset 9268, 16 lines modifiedOffset 9268, 16 lines modified
9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
9269 ··find:9269 ··find:
9270 ····paths:·/etc/audit/rules.d9270 ····paths:·/etc/audit/rules.d
9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
9272 ····patterns:·'*.rules'9272 ····patterns:·'*.rules'
9273 ··register:·find_existing_watch_rules_d9273 ··register:·find_existing_watch_rules_d
9274 ··when:9274 ··when:
9275 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9276 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9275 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9276 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9277 ··tags:9277 ··tags:
9278 ··-·CJIS-5.4.1.19278 ··-·CJIS-5.4.1.1
9279 ··-·NIST-800-171-3.1.79279 ··-·NIST-800-171-3.1.7
9280 ··-·NIST-800-53-AC-2(7)(b)9280 ··-·NIST-800-53-AC-2(7)(b)
9281 ··-·NIST-800-53-AC-6(9)9281 ··-·NIST-800-53-AC-6(9)
9282 ··-·NIST-800-53-AU-12(c)9282 ··-·NIST-800-53-AU-12(c)
9283 ··-·NIST-800-53-AU-2(d)9283 ··-·NIST-800-53-AU-2(d)
Offset 9294, 16 lines modifiedOffset 9294, 16 lines modified
9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
9295 ··find:9295 ··find:
9296 ····paths:·/etc/audit/rules.d9296 ····paths:·/etc/audit/rules.d
9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$
9298 ····patterns:·'*.rules'9298 ····patterns:·'*.rules'
9299 ··register:·find_watch_key9299 ··register:·find_watch_key
9300 ··when:9300 ··when:
9301 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9302 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9301 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9302 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9304 ····==·09304 ····==·0
9305 ··tags:9305 ··tags:
9306 ··-·CJIS-5.4.1.19306 ··-·CJIS-5.4.1.1
9307 ··-·NIST-800-171-3.1.79307 ··-·NIST-800-171-3.1.7
9308 ··-·NIST-800-53-AC-2(7)(b)9308 ··-·NIST-800-53-AC-2(7)(b)
9309 ··-·NIST-800-53-AC-6(9)9309 ··-·NIST-800-53-AC-6(9)
Offset 9320, 16 lines modifiedOffset 9320, 16 lines modified
9320 ··-·restrict_strategy9320 ··-·restrict_strategy
  
9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
9322 ··set_fact:9322 ··set_fact:
9323 ····all_files:9323 ····all_files:
9324 ····-·/etc/audit/rules.d/actions.rules9324 ····-·/etc/audit/rules.d/actions.rules
9325 ··when:9325 ··when:
9326 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9327 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9326 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9327 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9329 ····is·defined·and·find_existing_watch_rules_d.matched·==·09329 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9330 ··tags:9330 ··tags:
9331 ··-·CJIS-5.4.1.19331 ··-·CJIS-5.4.1.1
9332 ··-·NIST-800-171-3.1.79332 ··-·NIST-800-171-3.1.7
9333 ··-·NIST-800-53-AC-2(7)(b)9333 ··-·NIST-800-53-AC-2(7)(b)
9334 ··-·NIST-800-53-AC-6(9)9334 ··-·NIST-800-53-AC-6(9)
Offset 9346, 16 lines modifiedOffset 9346, 16 lines modified
9346 ··-·restrict_strategy9346 ··-·restrict_strategy
  
9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule
9348 ··set_fact:9348 ··set_fact:
9349 ····all_files:9349 ····all_files:
9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9351 ··when:9351 ··when:
9352 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9353 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9352 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9353 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
9355 ····is·defined·and·find_existing_watch_rules_d.matched·==·09355 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9356 ··tags:9356 ··tags:
9357 ··-·CJIS-5.4.1.19357 ··-·CJIS-5.4.1.1
9358 ··-·NIST-800-171-3.1.79358 ··-·NIST-800-171-3.1.7
9359 ··-·NIST-800-53-AC-2(7)(b)9359 ··-·NIST-800-53-AC-2(7)(b)
9360 ··-·NIST-800-53-AC-6(9)9360 ··-·NIST-800-53-AC-6(9)
Offset 9374, 16 lines modifiedOffset 9374, 16 lines modified
9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48555/53886 bytes (90.11%) of diff not shown.
52.8 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml
    
Offset 8329, 16 lines modifiedOffset 8329, 16 lines modified
  
8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8330 ··find:8330 ··find:
8331 ····paths:·/etc/audit/rules.d/8331 ····paths:·/etc/audit/rules.d/
8332 ····patterns:·'*.rules'8332 ····patterns:·'*.rules'
8333 ··register:·find_rules_d8333 ··register:·find_rules_d
8334 ··when:8334 ··when:
8335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8336 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8335 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8336 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8337 ··tags:8337 ··tags:
8338 ··-·CJIS-5.4.1.18338 ··-·CJIS-5.4.1.1
8339 ··-·NIST-800-171-3.3.18339 ··-·NIST-800-171-3.3.1
8340 ··-·NIST-800-171-3.4.38340 ··-·NIST-800-171-3.4.3
8341 ··-·NIST-800-53-AC-6(9)8341 ··-·NIST-800-53-AC-6(9)
8342 ··-·NIST-800-53-CM-6(a)8342 ··-·NIST-800-53-CM-6(a)
8343 ··-·PCI-DSS-Req-10.5.28343 ··-·PCI-DSS-Req-10.5.2
Offset 8353, 16 lines modifiedOffset 8353, 16 lines modified
8353 ··lineinfile:8353 ··lineinfile:
8354 ····path:·'{{·item·}}'8354 ····path:·'{{·item·}}'
8355 ····regexp:·^\s*(?:-e)\s+.*$8355 ····regexp:·^\s*(?:-e)\s+.*$
8356 ····state:·absent8356 ····state:·absent
8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8358 ····}}'8358 ····}}'
8359 ··when:8359 ··when:
8360 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8361 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8360 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8361 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8362 ··tags:8362 ··tags:
8363 ··-·CJIS-5.4.1.18363 ··-·CJIS-5.4.1.1
8364 ··-·NIST-800-171-3.3.18364 ··-·NIST-800-171-3.3.1
8365 ··-·NIST-800-171-3.4.38365 ··-·NIST-800-171-3.4.3
8366 ··-·NIST-800-53-AC-6(9)8366 ··-·NIST-800-53-AC-6(9)
8367 ··-·NIST-800-53-CM-6(a)8367 ··-·NIST-800-53-CM-6(a)
8368 ··-·PCI-DSS-Req-10.5.28368 ··-·PCI-DSS-Req-10.5.2
Offset 8379, 16 lines modifiedOffset 8379, 16 lines modified
8379 ····create:·true8379 ····create:·true
8380 ····line:·-e·28380 ····line:·-e·2
8381 ····mode:·o-rwx8381 ····mode:·o-rwx
8382 ··loop:8382 ··loop:
8383 ··-·/etc/audit/audit.rules8383 ··-·/etc/audit/audit.rules
8384 ··-·/etc/audit/rules.d/immutable.rules8384 ··-·/etc/audit/rules.d/immutable.rules
8385 ··when:8385 ··when:
8386 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8387 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8386 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8387 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8388 ··tags:8388 ··tags:
8389 ··-·CJIS-5.4.1.18389 ··-·CJIS-5.4.1.1
8390 ··-·NIST-800-171-3.3.18390 ··-·NIST-800-171-3.3.1
8391 ··-·NIST-800-171-3.4.38391 ··-·NIST-800-171-3.4.3
8392 ··-·NIST-800-53-AC-6(9)8392 ··-·NIST-800-53-AC-6(9)
8393 ··-·NIST-800-53-CM-6(a)8393 ··-·NIST-800-53-CM-6(a)
8394 ··-·PCI-DSS-Req-10.5.28394 ··-·PCI-DSS-Req-10.5.2
Offset 9268, 16 lines modifiedOffset 9268, 16 lines modified
9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
9269 ··find:9269 ··find:
9270 ····paths:·/etc/audit/rules.d9270 ····paths:·/etc/audit/rules.d
9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
9272 ····patterns:·'*.rules'9272 ····patterns:·'*.rules'
9273 ··register:·find_existing_watch_rules_d9273 ··register:·find_existing_watch_rules_d
9274 ··when:9274 ··when:
9275 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9276 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9275 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9276 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9277 ··tags:9277 ··tags:
9278 ··-·CJIS-5.4.1.19278 ··-·CJIS-5.4.1.1
9279 ··-·NIST-800-171-3.1.79279 ··-·NIST-800-171-3.1.7
9280 ··-·NIST-800-53-AC-2(7)(b)9280 ··-·NIST-800-53-AC-2(7)(b)
9281 ··-·NIST-800-53-AC-6(9)9281 ··-·NIST-800-53-AC-6(9)
9282 ··-·NIST-800-53-AU-12(c)9282 ··-·NIST-800-53-AU-12(c)
9283 ··-·NIST-800-53-AU-2(d)9283 ··-·NIST-800-53-AU-2(d)
Offset 9294, 16 lines modifiedOffset 9294, 16 lines modified
9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
9295 ··find:9295 ··find:
9296 ····paths:·/etc/audit/rules.d9296 ····paths:·/etc/audit/rules.d
9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$
9298 ····patterns:·'*.rules'9298 ····patterns:·'*.rules'
9299 ··register:·find_watch_key9299 ··register:·find_watch_key
9300 ··when:9300 ··when:
9301 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9302 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9301 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9302 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9304 ····==·09304 ····==·0
9305 ··tags:9305 ··tags:
9306 ··-·CJIS-5.4.1.19306 ··-·CJIS-5.4.1.1
9307 ··-·NIST-800-171-3.1.79307 ··-·NIST-800-171-3.1.7
9308 ··-·NIST-800-53-AC-2(7)(b)9308 ··-·NIST-800-53-AC-2(7)(b)
9309 ··-·NIST-800-53-AC-6(9)9309 ··-·NIST-800-53-AC-6(9)
Offset 9320, 16 lines modifiedOffset 9320, 16 lines modified
9320 ··-·restrict_strategy9320 ··-·restrict_strategy
  
9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
9322 ··set_fact:9322 ··set_fact:
9323 ····all_files:9323 ····all_files:
9324 ····-·/etc/audit/rules.d/actions.rules9324 ····-·/etc/audit/rules.d/actions.rules
9325 ··when:9325 ··when:
9326 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9327 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9326 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9327 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9329 ····is·defined·and·find_existing_watch_rules_d.matched·==·09329 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9330 ··tags:9330 ··tags:
9331 ··-·CJIS-5.4.1.19331 ··-·CJIS-5.4.1.1
9332 ··-·NIST-800-171-3.1.79332 ··-·NIST-800-171-3.1.7
9333 ··-·NIST-800-53-AC-2(7)(b)9333 ··-·NIST-800-53-AC-2(7)(b)
9334 ··-·NIST-800-53-AC-6(9)9334 ··-·NIST-800-53-AC-6(9)
Offset 9346, 16 lines modifiedOffset 9346, 16 lines modified
9346 ··-·restrict_strategy9346 ··-·restrict_strategy
  
9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule
9348 ··set_fact:9348 ··set_fact:
9349 ····all_files:9349 ····all_files:
9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9351 ··when:9351 ··when:
9352 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9353 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9352 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9353 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
9355 ····is·defined·and·find_existing_watch_rules_d.matched·==·09355 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9356 ··tags:9356 ··tags:
9357 ··-·CJIS-5.4.1.19357 ··-·CJIS-5.4.1.1
9358 ··-·NIST-800-171-3.1.79358 ··-·NIST-800-171-3.1.7
9359 ··-·NIST-800-53-AC-2(7)(b)9359 ··-·NIST-800-53-AC-2(7)(b)
9360 ··-·NIST-800-53-AC-6(9)9360 ··-·NIST-800-53-AC-6(9)
Offset 9374, 16 lines modifiedOffset 9374, 16 lines modified
9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48555/53886 bytes (90.11%) of diff not shown.
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml
52.5 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml
    
Offset 8229, 16 lines modifiedOffset 8229, 16 lines modified
  
8229 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8229 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8230 ··find:8230 ··find:
8231 ····paths:·/etc/audit/rules.d/8231 ····paths:·/etc/audit/rules.d/
8232 ····patterns:·'*.rules'8232 ····patterns:·'*.rules'
8233 ··register:·find_rules_d8233 ··register:·find_rules_d
8234 ··when:8234 ··when:
8235 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8236 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8235 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8236 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8237 ··tags:8237 ··tags:
8238 ··-·CJIS-5.4.1.18238 ··-·CJIS-5.4.1.1
8239 ··-·NIST-800-171-3.3.18239 ··-·NIST-800-171-3.3.1
8240 ··-·NIST-800-171-3.4.38240 ··-·NIST-800-171-3.4.3
8241 ··-·NIST-800-53-AC-6(9)8241 ··-·NIST-800-53-AC-6(9)
8242 ··-·NIST-800-53-CM-6(a)8242 ··-·NIST-800-53-CM-6(a)
8243 ··-·PCI-DSS-Req-10.5.28243 ··-·PCI-DSS-Req-10.5.2
Offset 8253, 16 lines modifiedOffset 8253, 16 lines modified
8253 ··lineinfile:8253 ··lineinfile:
8254 ····path:·'{{·item·}}'8254 ····path:·'{{·item·}}'
8255 ····regexp:·^\s*(?:-e)\s+.*$8255 ····regexp:·^\s*(?:-e)\s+.*$
8256 ····state:·absent8256 ····state:·absent
8257 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8257 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8258 ····}}'8258 ····}}'
8259 ··when:8259 ··when:
8260 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8261 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8260 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8261 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8262 ··tags:8262 ··tags:
8263 ··-·CJIS-5.4.1.18263 ··-·CJIS-5.4.1.1
8264 ··-·NIST-800-171-3.3.18264 ··-·NIST-800-171-3.3.1
8265 ··-·NIST-800-171-3.4.38265 ··-·NIST-800-171-3.4.3
8266 ··-·NIST-800-53-AC-6(9)8266 ··-·NIST-800-53-AC-6(9)
8267 ··-·NIST-800-53-CM-6(a)8267 ··-·NIST-800-53-CM-6(a)
8268 ··-·PCI-DSS-Req-10.5.28268 ··-·PCI-DSS-Req-10.5.2
Offset 8279, 16 lines modifiedOffset 8279, 16 lines modified
8279 ····create:·true8279 ····create:·true
8280 ····line:·-e·28280 ····line:·-e·2
8281 ····mode:·o-rwx8281 ····mode:·o-rwx
8282 ··loop:8282 ··loop:
8283 ··-·/etc/audit/audit.rules8283 ··-·/etc/audit/audit.rules
8284 ··-·/etc/audit/rules.d/immutable.rules8284 ··-·/etc/audit/rules.d/immutable.rules
8285 ··when:8285 ··when:
8286 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8287 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8286 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8287 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8288 ··tags:8288 ··tags:
8289 ··-·CJIS-5.4.1.18289 ··-·CJIS-5.4.1.1
8290 ··-·NIST-800-171-3.3.18290 ··-·NIST-800-171-3.3.1
8291 ··-·NIST-800-171-3.4.38291 ··-·NIST-800-171-3.4.3
8292 ··-·NIST-800-53-AC-6(9)8292 ··-·NIST-800-53-AC-6(9)
8293 ··-·NIST-800-53-CM-6(a)8293 ··-·NIST-800-53-CM-6(a)
8294 ··-·PCI-DSS-Req-10.5.28294 ··-·PCI-DSS-Req-10.5.2
Offset 9168, 16 lines modifiedOffset 9168, 16 lines modified
9168 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/9168 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
9169 ··find:9169 ··find:
9170 ····paths:·/etc/audit/rules.d9170 ····paths:·/etc/audit/rules.d
9171 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+9171 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
9172 ····patterns:·'*.rules'9172 ····patterns:·'*.rules'
9173 ··register:·find_existing_watch_rules_d9173 ··register:·find_existing_watch_rules_d
9174 ··when:9174 ··when:
9175 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9176 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9175 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9176 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9177 ··tags:9177 ··tags:
9178 ··-·CJIS-5.4.1.19178 ··-·CJIS-5.4.1.1
9179 ··-·NIST-800-171-3.1.79179 ··-·NIST-800-171-3.1.7
9180 ··-·NIST-800-53-AC-2(7)(b)9180 ··-·NIST-800-53-AC-2(7)(b)
9181 ··-·NIST-800-53-AC-6(9)9181 ··-·NIST-800-53-AC-6(9)
9182 ··-·NIST-800-53-AU-12(c)9182 ··-·NIST-800-53-AU-12(c)
9183 ··-·NIST-800-53-AU-2(d)9183 ··-·NIST-800-53-AU-2(d)
Offset 9194, 16 lines modifiedOffset 9194, 16 lines modified
9194 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions9194 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
9195 ··find:9195 ··find:
9196 ····paths:·/etc/audit/rules.d9196 ····paths:·/etc/audit/rules.d
9197 ····contains:·^.*(?:-F·key=|-k\s+)actions$9197 ····contains:·^.*(?:-F·key=|-k\s+)actions$
9198 ····patterns:·'*.rules'9198 ····patterns:·'*.rules'
9199 ··register:·find_watch_key9199 ··register:·find_watch_key
9200 ··when:9200 ··when:
9201 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9202 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9201 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9202 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9203 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9203 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9204 ····==·09204 ····==·0
9205 ··tags:9205 ··tags:
9206 ··-·CJIS-5.4.1.19206 ··-·CJIS-5.4.1.1
9207 ··-·NIST-800-171-3.1.79207 ··-·NIST-800-171-3.1.7
9208 ··-·NIST-800-53-AC-2(7)(b)9208 ··-·NIST-800-53-AC-2(7)(b)
9209 ··-·NIST-800-53-AC-6(9)9209 ··-·NIST-800-53-AC-6(9)
Offset 9220, 16 lines modifiedOffset 9220, 16 lines modified
9220 ··-·restrict_strategy9220 ··-·restrict_strategy
  
9221 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule9221 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
9222 ··set_fact:9222 ··set_fact:
9223 ····all_files:9223 ····all_files:
9224 ····-·/etc/audit/rules.d/actions.rules9224 ····-·/etc/audit/rules.d/actions.rules
9225 ··when:9225 ··when:
9226 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9227 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9226 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9227 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9228 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9228 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9229 ····is·defined·and·find_existing_watch_rules_d.matched·==·09229 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9230 ··tags:9230 ··tags:
9231 ··-·CJIS-5.4.1.19231 ··-·CJIS-5.4.1.1
9232 ··-·NIST-800-171-3.1.79232 ··-·NIST-800-171-3.1.7
9233 ··-·NIST-800-53-AC-2(7)(b)9233 ··-·NIST-800-53-AC-2(7)(b)
9234 ··-·NIST-800-53-AC-6(9)9234 ··-·NIST-800-53-AC-6(9)
Offset 9246, 16 lines modifiedOffset 9246, 16 lines modified
9246 ··-·restrict_strategy9246 ··-·restrict_strategy
  
9247 -·name:·Use·matched·file·as·the·recipient·for·the·rule9247 -·name:·Use·matched·file·as·the·recipient·for·the·rule
9248 ··set_fact:9248 ··set_fact:
9249 ····all_files:9249 ····all_files:
9250 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9250 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9251 ··when:9251 ··when:
9252 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9253 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9252 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9254 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched9254 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
9255 ····is·defined·and·find_existing_watch_rules_d.matched·==·09255 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9256 ··tags:9256 ··tags:
9257 ··-·CJIS-5.4.1.19257 ··-·CJIS-5.4.1.1
9258 ··-·NIST-800-171-3.1.79258 ··-·NIST-800-171-3.1.7
9259 ··-·NIST-800-53-AC-2(7)(b)9259 ··-·NIST-800-53-AC-2(7)(b)
9260 ··-·NIST-800-53-AC-6(9)9260 ··-·NIST-800-53-AC-6(9)
Offset 9274, 16 lines modifiedOffset 9274, 16 lines modified
9274 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/9274 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48367/53698 bytes (90.07%) of diff not shown.
22.1 MB
ssg-nondebian_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0····15452·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0····15448·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0·40200044·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0·40203060·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
22.1 MB
data.tar.xz
22.1 MB
data.tar
113 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-cis.html
    
Offset 55089, 21 lines modifiedOffset 55089, 21 lines modified
000d7300:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas000d7300:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
000d7310:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps000d7310:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
000d7320:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="000d7320:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
000d7330:·6964·6d31·3437·3033·223e·3c70·7265·3e3c··idm14703"><pre><000d7330:·6964·6d31·3437·3033·223e·3c70·7265·3e3c··idm14703"><pre><
000d7340:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000d7340:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000d7350:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000d7350:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000d7360:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000d7360:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000d7370:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp000d7370:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·
000d7380:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
000d7390:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[· 
000d73a0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000d7380:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000d73b0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000d7390:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000d73c0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000d73a0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
000d73d0:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.000d73b0:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;&
 000d73c0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet
 000d73d0:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then.
000d73e0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000d73e0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000d73f0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000d73f0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
000d7400:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·000d7400:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
000d7410:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·000d7410:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·
000d7420:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite000d7420:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite
000d7430:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und000d7430:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und
000d7440:·6572·6c79·696e·6720·7379·7374·656d·0a23··erlying·system.#000d7440:·6572·6c79·696e·6720·7379·7374·656d·0a23··erlying·system.#
Offset 56791, 20 lines modifiedOffset 56791, 20 lines modified
000ddd60:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000ddd60:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000ddd70:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000ddd70:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000ddd80:·3d22·6964·6d31·3530·3033·223e·3c70·7265··="idm15003"><pre000ddd80:·3d22·6964·6d31·3530·3033·223e·3c70·7265··="idm15003"><pre
000ddd90:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000ddd90:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000ddda0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000ddda0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000dddb0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000dddb0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000dddc0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000dddc0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000dddd0:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a 
000ddde0:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;· 
000dddf0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000dddd0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000dde00:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000ddde0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000dde10:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000dddf0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000dde20:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the000dde00:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp
 000dde10:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui
 000dde20:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the
000dde30:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000dde30:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000dde40:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000dde40:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000dde50:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000dde50:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
000dde60:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev000dde60:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
000dde70:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi000dde70:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi
000dde80:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u000dde80:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u
000dde90:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system000dde90:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system
Offset 61153, 23 lines modifiedOffset 61153, 23 lines modified
000eee00:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·000eee00:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·
000eee10:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra000eee10:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
000eee20:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se000eee20:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se
000eee30:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f000eee30:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f
000eee40:·6f72·2061·7564·6974·2074·6173·6b73·0a20··or·audit·tasks.·000eee40:·6f72·2061·7564·6974·2074·6173·6b73·0a20··or·audit·tasks.·
000eee50:·2073·6574·5f66·6163·743a·0a20·2020·2061···set_fact:.····a000eee50:·2073·6574·5f66·6163·743a·0a20·2020·2061···set_fact:.····a
000eee60:·7564·6974·5f61·7263·683a·2062·3634·0a20··udit_arch:·b64.·000eee60:·7564·6974·5f61·7263·683a·2062·3634·0a20··udit_arch:·b64.·
000eee70:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud000eee70:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib
000eee80:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000eee90:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
000eeea0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000eeeb0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000eeec0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000eeed0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000eeee0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000eeef0:·7461·696e·6572·225d·0a20·202d·2061·6e73··tainer"].··-·ans000eee80:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000eee90:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000eeea0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000eeeb0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000eeec0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
 000eeed0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000eeee0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000eeef0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
000eef00:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000eef00:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000eef10:·6520·3d3d·2022·6161·7263·6836·3422·206f··e·==·"aarch64"·o000eef10:·6520·3d3d·2022·6161·7263·6836·3422·206f··e·==·"aarch64"·o
000eef20:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit000eef20:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
000eef30:·6563·7475·7265·203d·3d20·2270·7063·3634··ecture·==·"ppc64000eef30:·6563·7475·7265·203d·3d20·2270·7063·3634··ecture·==·"ppc64
000eef40:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc000eef40:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
000eef50:·6869·7465·6374·7572·650a·2020·2020·3d3d··hitecture.····==000eef50:·6869·7465·6374·7572·650a·2020·2020·3d3d··hitecture.····==
000eef60:·2022·7070·6336·346c·6522·206f·7220·616e···"ppc64le"·or·an000eef60:·2022·7070·6336·346c·6522·206f·7220·616e···"ppc64le"·or·an
Offset 61465, 23 lines modifiedOffset 61465, 23 lines modified
000f0180:·6175·6469·745f·7469·6d65·5f72·756c·6573··audit_time_rules000f0180:·6175·6469·745f·7469·6d65·5f72·756c·6573··audit_time_rules
000f0190:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t000f0190:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t
000f01a0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·000f01a0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·
000f01b0:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat000f01b0:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat
000f01c0:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w000f01c0:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w
000f01d0:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo000f01d0:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo
000f01e0:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·000f01e0:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·
000f01f0:·300a·2020·7768·656e·3a0a·2020·2d20·2722··0.··when:.··-·'"000f01f0:·300a·2020·7768·656e·3a0a·2020·2d20·616e··0.··when:.··-·an
000f0200:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000f0210:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
000f0220:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
000f0230:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000f0240:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000f0250:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000f0260:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000f0270:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000f0200:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000f0210:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000f0220:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000f0230:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000f0240:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 000f0250:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 000f0260:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000f0270:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta
000f0280:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4000f0280:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
000f0290:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80000f0290:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80
000f02a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000f02a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000f02b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6000f02b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6
000f02c0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800000f02c0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800
000f02d0:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000f02d0:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
000f02e0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000f02e0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 61765, 23 lines modifiedOffset 61765, 23 lines modified
000f1440:·745f·7469·6d65·5f72·756c·6573·0a20·2020··t_time_rules.···000f1440:·745f·7469·6d65·5f72·756c·6573·0a20·2020··t_time_rules.···
000f1450:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.000f1450:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
000f1460:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw000f1460:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
000f1470:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p000f1470:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000f1480:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000f1480:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000f1490:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000f1490:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000f14a0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000f14a0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000f14b0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000f14b0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000f14c0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000f14d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000f14e0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000f14f0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000f1500:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000f1510:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000f1520:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f14c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000f14d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000f14e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000f14f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
Max diff block lines reached; 79208/89274 bytes (88.72%) of diff not shown.
25.7 KB
html2text {}
    
Offset 3169, 15 lines modifiedOffset 3169, 15 lines modified
3169 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3169 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-
3170 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-3170 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-
3171 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-3171 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-
3172 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-3172 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-
3173 ············001970,·4.1.173173 ············001970,·4.1.17
3174 Remediation_Shell_script_⇲3174 Remediation_Shell_script_⇲
3175 #·Remediation·is·applicable·only·in·certain·platforms3175 #·Remediation·is·applicable·only·in·certain·platforms
3176 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3176 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
3177 #·First·perform·the·remediation·of·the·syscall·rule3177 #·First·perform·the·remediation·of·the·syscall·rule
3178 #·Retrieve·hardware·architecture·of·the·underlying·system3178 #·Retrieve·hardware·architecture·of·the·underlying·system
3179 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>3179 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
3180 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence3180 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
3181 #·······of·32-bit's·equivalent·of·the·corresponding·rule.3181 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
3182 #·······(See·`man·7·audit.rules`·for·details·)3182 #·······(See·`man·7·audit.rules`·for·details·)
Offset 3535, 15 lines modifiedOffset 3535, 15 lines modified
3535 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3535 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-
3536 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-3536 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-
3537 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-3537 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-
3538 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-3538 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-
3539 ············001970,·4.1.173539 ············001970,·4.1.17
3540 Remediation_Shell_script_⇲3540 Remediation_Shell_script_⇲
3541 #·Remediation·is·applicable·only·in·certain·platforms3541 #·Remediation·is·applicable·only·in·certain·platforms
3542 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3542 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
3543 #·First·perform·the·remediation·of·the·syscall·rule3543 #·First·perform·the·remediation·of·the·syscall·rule
3544 #·Retrieve·hardware·architecture·of·the·underlying·system3544 #·Retrieve·hardware·architecture·of·the·underlying·system
3545 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>3545 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
3546 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence3546 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
3547 #·······of·32-bit's·equivalent·of·the·corresponding·rule.3547 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
3548 #·······(See·`man·7·audit.rules`·for·details·)3548 #·······(See·`man·7·audit.rules`·for·details·)
Offset 4062, 16 lines modifiedOffset 4062, 16 lines modified
4062 ··-·no_reboot_needed4062 ··-·no_reboot_needed
4063 ··-·restrict_strategy4063 ··-·restrict_strategy
  
4064 -·name:·Set·architecture·for·audit·tasks4064 -·name:·Set·architecture·for·audit·tasks
4065 ··set_fact:4065 ··set_fact:
4066 ····audit_arch:·b644066 ····audit_arch:·b64
4067 ··when:4067 ··when:
4068 ··-·'"audit"·in·ansible_facts.packages' 
4069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4068 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4069 ··-·'"audit"·in·ansible_facts.packages'
4070 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4070 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4071 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4071 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4072 ··tags:4072 ··tags:
4073 ··-·CJIS-5.4.1.14073 ··-·CJIS-5.4.1.1
4074 ··-·NIST-800-171-3.1.74074 ··-·NIST-800-171-3.1.7
4075 ··-·NIST-800-53-AC-6(9)4075 ··-·NIST-800-53-AC-6(9)
4076 ··-·NIST-800-53-AU-12(c)4076 ··-·NIST-800-53-AU-12(c)
Offset 4204, 16 lines modifiedOffset 4204, 16 lines modified
4204 ······path:·'{{·audit_file·}}'4204 ······path:·'{{·audit_file·}}'
4205 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4205 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4206 ······create:·true4206 ······create:·true
4207 ······mode:·o-rwx4207 ······mode:·o-rwx
4208 ······state:·present4208 ······state:·present
4209 ····when:·syscalls_found·|·length·==·04209 ····when:·syscalls_found·|·length·==·0
4210 ··when:4210 ··when:
4211 ··-·'"audit"·in·ansible_facts.packages' 
4212 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4211 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4212 ··-·'"audit"·in·ansible_facts.packages'
4213 ··tags:4213 ··tags:
4214 ··-·CJIS-5.4.1.14214 ··-·CJIS-5.4.1.1
4215 ··-·NIST-800-171-3.1.74215 ··-·NIST-800-171-3.1.7
4216 ··-·NIST-800-53-AC-6(9)4216 ··-·NIST-800-53-AC-6(9)
4217 ··-·NIST-800-53-AU-12(c)4217 ··-·NIST-800-53-AU-12(c)
4218 ··-·NIST-800-53-AU-2(d)4218 ··-·NIST-800-53-AU-2(d)
4219 ··-·NIST-800-53-CM-6(a)4219 ··-·NIST-800-53-CM-6(a)
Offset 4343, 16 lines modifiedOffset 4343, 16 lines modified
4343 ······path:·'{{·audit_file·}}'4343 ······path:·'{{·audit_file·}}'
4344 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4344 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4345 ······create:·true4345 ······create:·true
4346 ······mode:·o-rwx4346 ······mode:·o-rwx
4347 ······state:·present4347 ······state:·present
4348 ····when:·syscalls_found·|·length·==·04348 ····when:·syscalls_found·|·length·==·0
4349 ··when:4349 ··when:
4350 ··-·'"audit"·in·ansible_facts.packages' 
4351 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4350 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4351 ··-·'"audit"·in·ansible_facts.packages'
4352 ··-·audit_arch·==·"b64"4352 ··-·audit_arch·==·"b64"
4353 ··tags:4353 ··tags:
4354 ··-·CJIS-5.4.1.14354 ··-·CJIS-5.4.1.1
4355 ··-·NIST-800-171-3.1.74355 ··-·NIST-800-171-3.1.7
4356 ··-·NIST-800-53-AC-6(9)4356 ··-·NIST-800-53-AC-6(9)
4357 ··-·NIST-800-53-AU-12(c)4357 ··-·NIST-800-53-AU-12(c)
4358 ··-·NIST-800-53-AU-2(d)4358 ··-·NIST-800-53-AU-2(d)
Offset 4417, 16 lines modifiedOffset 4417, 16 lines modified
4417 ··-·no_reboot_needed4417 ··-·no_reboot_needed
4418 ··-·restrict_strategy4418 ··-·restrict_strategy
  
4419 -·name:·Set·architecture·for·audit·tasks4419 -·name:·Set·architecture·for·audit·tasks
4420 ··set_fact:4420 ··set_fact:
4421 ····audit_arch:·b644421 ····audit_arch:·b64
4422 ··when:4422 ··when:
4423 ··-·'"audit"·in·ansible_facts.packages' 
4424 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4423 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4424 ··-·'"audit"·in·ansible_facts.packages'
4425 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4425 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4426 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4426 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4427 ··tags:4427 ··tags:
4428 ··-·CJIS-5.4.1.14428 ··-·CJIS-5.4.1.1
4429 ··-·NIST-800-171-3.1.74429 ··-·NIST-800-171-3.1.7
4430 ··-·NIST-800-53-AC-6(9)4430 ··-·NIST-800-53-AC-6(9)
4431 ··-·NIST-800-53-AU-12(c)4431 ··-·NIST-800-53-AU-12(c)
Offset 4559, 16 lines modifiedOffset 4559, 16 lines modified
4559 ······path:·'{{·audit_file·}}'4559 ······path:·'{{·audit_file·}}'
4560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4561 ······create:·true4561 ······create:·true
4562 ······mode:·o-rwx4562 ······mode:·o-rwx
4563 ······state:·present4563 ······state:·present
4564 ····when:·syscalls_found·|·length·==·04564 ····when:·syscalls_found·|·length·==·0
4565 ··when:4565 ··when:
4566 ··-·'"audit"·in·ansible_facts.packages' 
4567 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4566 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4567 ··-·'"audit"·in·ansible_facts.packages'
4568 ··tags:4568 ··tags:
4569 ··-·CJIS-5.4.1.14569 ··-·CJIS-5.4.1.1
4570 ··-·NIST-800-171-3.1.74570 ··-·NIST-800-171-3.1.7
4571 ··-·NIST-800-53-AC-6(9)4571 ··-·NIST-800-53-AC-6(9)
4572 ··-·NIST-800-53-AU-12(c)4572 ··-·NIST-800-53-AU-12(c)
4573 ··-·NIST-800-53-AU-2(d)4573 ··-·NIST-800-53-AU-2(d)
4574 ··-·NIST-800-53-CM-6(a)4574 ··-·NIST-800-53-CM-6(a)
Offset 4699, 16 lines modifiedOffset 4699, 16 lines modified
4699 ······path:·'{{·audit_file·}}'4699 ······path:·'{{·audit_file·}}'
4700 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4700 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4701 ······create:·true4701 ······create:·true
4702 ······mode:·o-rwx4702 ······mode:·o-rwx
4703 ······state:·present4703 ······state:·present
Max diff block lines reached; 20768/26322 bytes (78.90%) of diff not shown.
22.2 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-cis_l1.html
    
Offset 38584, 22 lines modifiedOffset 38584, 22 lines modified
00096b70:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi00096b70:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
00096b80:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru00096b80:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
00096b90:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st00096b90:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st
00096ba0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b00096ba0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
00096bb0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00096bb0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00096bc0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f00096bc0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
00096bd0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe00096bd0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
00096be0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c00096be0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e
 00096bf0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 00096c00:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 00096c10:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
 00096c20:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru
00096bf0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl00096c30:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
00096c00:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00096c40:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
00096c10:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef 
00096c20:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo 
00096c30:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
00096c40:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
00096c50:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl00096c50:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
00096c60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization00096c60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
00096c70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d00096c70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
00096c80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"00096c80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
00096c90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman00096c90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
00096ca0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].00096ca0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
00096cb0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS00096cb0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
00096cc0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS00096cc0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 38620, 22 lines modifiedOffset 38620, 22 lines modified
00096db0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou00096db0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou
00096dc0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo00096dc0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo
00096dd0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00096dd0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00096de0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa00096de0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
00096df0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/00096df0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
00096e00:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro00096e00:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro
00096e10:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.00096e10:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
 00096e20:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 00096e30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 00096e40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 00096e50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
00096e20:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm00096e60:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
00096e30:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f00096e70:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
00096e40:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·00096e80:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
00096e50:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
00096e60:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
00096e70:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
00096e80:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
00096e90:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v00096e90:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
00096ea0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty00096ea0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
00096eb0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock00096eb0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
00096ec0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope00096ec0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
00096ed0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·00096ed0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
00096ee0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-00096ee0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
00096ef0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta00096ef0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
00096f00:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and00096f00:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 38685, 19 lines modifiedOffset 38685, 19 lines modified
000971c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat000971c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
000971d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con000971d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con
000971e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>000971e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>
000971f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co000971f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
00097200:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation00097200:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
00097210:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o00097210:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
00097220:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p00097220:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
00097230:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·00097230:·6c61·7466·6f72·6d73·0a69·6620·5b20·2d66··latforms.if·[·-f
 00097240:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e
 00097250:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;·
00097240:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub200097260:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
00097250:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am00097270:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
00097260:·703b·205b·202d·6620·2f73·7973·2f66·6972··p;·[·-f·/sys/fir 
00097270:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp 
00097280:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·00097280:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
00097290:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a00097290:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000972a0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000972a0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000972b0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000972b0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
000972c0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c000972c0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
000972d0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru000972d0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru
000972e0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els000972e0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els
Offset 39077, 21 lines modifiedOffset 39077, 21 lines modified
00098a40:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·00098a40:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
00098a50:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00098a50:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00098a60:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···00098a60:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
00098a70:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru00098a70:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
00098a80:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re00098a80:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
00098a90:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi00098a90:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
00098aa0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·00098aa0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
 00098ab0:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in·
 00098ac0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 00098ad0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 00098ae0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
00098ab0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·00098af0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
00098ac0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts00098b00:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
00098ad0:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'00098b10:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
00098ae0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
00098af0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
00098b00:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
00098b10:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
00098b20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu00098b20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00098b30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00098b30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00098b40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",00098b40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00098b50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"00098b50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00098b60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con00098b60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00098b70:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:00098b70:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
00098b80:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.00098b80:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.
Offset 39112, 21 lines modifiedOffset 39112, 21 lines modified
00098c70:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·00098c70:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
00098c80:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot00098c80:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
00098c90:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.00098c90:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
00098ca0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path00098ca0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
00098cb0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr00098cb0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
00098cc0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner00098cc0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner
00098cd0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··00098cd0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
 00098ce0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i
 00098cf0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00098d00:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00098d10:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
00098ce0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common00098d20:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
00098cf0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac00098d30:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
00098d00:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00098d40:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00098d10:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in 
00098d20:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00098d30:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00098d40:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
00098d50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00098d50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00098d60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00098d60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00098d70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00098d70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00098d80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00098d80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00098d90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00098d90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00098da0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f00098da0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
00098db0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·00098db0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Max diff block lines reached; 7530/17346 bytes (43.41%) of diff not shown.
5.13 KB
html2text {}
    
Offset 2682, 16 lines modifiedOffset 2682, 16 lines modified
2682 ··-·no_reboot_needed2682 ··-·no_reboot_needed
  
2683 -·name:·Test·for·existence·/boot/grub2/grub.cfg2683 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2684 ··stat:2684 ··stat:
2685 ····path:·/boot/grub2/grub.cfg2685 ····path:·/boot/grub2/grub.cfg
2686 ··register:·file_exists2686 ··register:·file_exists
2687 ··when:2687 ··when:
2688 ··-·'"grub2-common"·in·ansible_facts.packages' 
2689 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2688 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2689 ··-·'"grub2-common"·in·ansible_facts.packages'
2690 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2690 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2691 ··tags:2691 ··tags:
2692 ··-·CJIS-5.5.2.22692 ··-·CJIS-5.5.2.2
2693 ··-·NIST-800-171-3.4.52693 ··-·NIST-800-171-3.4.5
2694 ··-·NIST-800-53-AC-6(1)2694 ··-·NIST-800-53-AC-6(1)
2695 ··-·NIST-800-53-CM-6(a)2695 ··-·NIST-800-53-CM-6(a)
2696 ··-·PCI-DSS-Req-7.12696 ··-·PCI-DSS-Req-7.1
Offset 2703, 16 lines modifiedOffset 2703, 16 lines modified
2703 ··-·no_reboot_needed2703 ··-·no_reboot_needed
  
2704 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2704 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2705 ··file:2705 ··file:
2706 ····path:·/boot/grub2/grub.cfg2706 ····path:·/boot/grub2/grub.cfg
2707 ····group:·'0'2707 ····group:·'0'
2708 ··when:2708 ··when:
2709 ··-·'"grub2-common"·in·ansible_facts.packages' 
2710 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2709 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2710 ··-·'"grub2-common"·in·ansible_facts.packages'
2711 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2711 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2712 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2712 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2713 ··tags:2713 ··tags:
2714 ··-·CJIS-5.5.2.22714 ··-·CJIS-5.5.2.2
2715 ··-·NIST-800-171-3.4.52715 ··-·NIST-800-171-3.4.5
2716 ··-·NIST-800-53-AC-6(1)2716 ··-·NIST-800-53-AC-6(1)
2717 ··-·NIST-800-53-CM-6(a)2717 ··-·NIST-800-53-CM-6(a)
Offset 2724, 15 lines modifiedOffset 2724, 15 lines modified
2724 ··-·medium_severity2724 ··-·medium_severity
2725 ··-·no_reboot_needed2725 ··-·no_reboot_needed
2726 Remediation_Shell_script_⇲2726 Remediation_Shell_script_⇲
2727 Complexity:·low2727 Complexity:·low
2728 Disruption:·low2728 Disruption:·low
2729 Strategy:···configure2729 Strategy:···configure
2730 #·Remediation·is·applicable·only·in·certain·platforms2730 #·Remediation·is·applicable·only·in·certain·platforms
2731 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};2731 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
2732 then2732 then
  
2733 chgrp·0·/boot/grub2/grub.cfg2733 chgrp·0·/boot/grub2/grub.cfg
  
2734 else2734 else
2735 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2735 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2736 fi2736 fi
Offset 2768, 16 lines modifiedOffset 2768, 16 lines modified
2768 ··-·no_reboot_needed2768 ··-·no_reboot_needed
  
2769 -·name:·Test·for·existence·/boot/grub2/grub.cfg2769 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2770 ··stat:2770 ··stat:
2771 ····path:·/boot/grub2/grub.cfg2771 ····path:·/boot/grub2/grub.cfg
2772 ··register:·file_exists2772 ··register:·file_exists
2773 ··when:2773 ··when:
2774 ··-·'"grub2-common"·in·ansible_facts.packages' 
2775 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2774 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2775 ··-·'"grub2-common"·in·ansible_facts.packages'
2776 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2776 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2777 ··tags:2777 ··tags:
2778 ··-·CJIS-5.5.2.22778 ··-·CJIS-5.5.2.2
2779 ··-·NIST-800-171-3.4.52779 ··-·NIST-800-171-3.4.5
2780 ··-·NIST-800-53-AC-6(1)2780 ··-·NIST-800-53-AC-6(1)
2781 ··-·NIST-800-53-CM-6(a)2781 ··-·NIST-800-53-CM-6(a)
2782 ··-·PCI-DSS-Req-7.12782 ··-·PCI-DSS-Req-7.1
Offset 2789, 16 lines modifiedOffset 2789, 16 lines modified
2789 ··-·no_reboot_needed2789 ··-·no_reboot_needed
  
2790 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2790 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2791 ··file:2791 ··file:
2792 ····path:·/boot/grub2/grub.cfg2792 ····path:·/boot/grub2/grub.cfg
2793 ····owner:·'0'2793 ····owner:·'0'
2794 ··when:2794 ··when:
2795 ··-·'"grub2-common"·in·ansible_facts.packages' 
2796 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2795 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2796 ··-·'"grub2-common"·in·ansible_facts.packages'
2797 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2797 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2798 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2798 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2799 ··tags:2799 ··tags:
2800 ··-·CJIS-5.5.2.22800 ··-·CJIS-5.5.2.2
2801 ··-·NIST-800-171-3.4.52801 ··-·NIST-800-171-3.4.5
2802 ··-·NIST-800-53-AC-6(1)2802 ··-·NIST-800-53-AC-6(1)
2803 ··-·NIST-800-53-CM-6(a)2803 ··-·NIST-800-53-CM-6(a)
Offset 2810, 15 lines modifiedOffset 2810, 15 lines modified
2810 ··-·medium_severity2810 ··-·medium_severity
2811 ··-·no_reboot_needed2811 ··-·no_reboot_needed
2812 Remediation_Shell_script_⇲2812 Remediation_Shell_script_⇲
2813 Complexity:·low2813 Complexity:·low
2814 Disruption:·low2814 Disruption:·low
2815 Strategy:···configure2815 Strategy:···configure
2816 #·Remediation·is·applicable·only·in·certain·platforms2816 #·Remediation·is·applicable·only·in·certain·platforms
2817 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};2817 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
2818 then2818 then
  
2819 chown·0·/boot/grub2/grub.cfg2819 chown·0·/boot/grub2/grub.cfg
  
2820 else2820 else
2821 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2821 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2822 fi2822 fi
Offset 2852, 16 lines modifiedOffset 2852, 16 lines modified
2852 ··-·no_reboot_needed2852 ··-·no_reboot_needed
  
2853 -·name:·Test·for·existence·/boot/grub2/grub.cfg2853 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2854 ··stat:2854 ··stat:
2855 ····path:·/boot/grub2/grub.cfg2855 ····path:·/boot/grub2/grub.cfg
2856 ··register:·file_exists2856 ··register:·file_exists
2857 ··when:2857 ··when:
2858 ··-·'"grub2-common"·in·ansible_facts.packages' 
2859 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2858 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2859 ··-·'"grub2-common"·in·ansible_facts.packages'
2860 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2860 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2861 ··tags:2861 ··tags:
2862 ··-·NIST-800-171-3.4.52862 ··-·NIST-800-171-3.4.5
2863 ··-·NIST-800-53-AC-6(1)2863 ··-·NIST-800-53-AC-6(1)
2864 ··-·NIST-800-53-CM-6(a)2864 ··-·NIST-800-53-CM-6(a)
2865 ··-·configure_strategy2865 ··-·configure_strategy
2866 ··-·file_permissions_efi_grub2_cfg2866 ··-·file_permissions_efi_grub2_cfg
Offset 2871, 16 lines modifiedOffset 2871, 16 lines modified
2871 ··-·no_reboot_needed2871 ··-·no_reboot_needed
  
2872 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2872 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2873 ··file:2873 ··file:
2874 ····path:·/boot/grub2/grub.cfg2874 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1080/5230 bytes (20.65%) of diff not shown.
3.12 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-standard.html
    
Offset 23175, 21 lines modifiedOffset 23175, 21 lines modified
0005a860:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0005a860:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0005a870:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0005a870:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0005a880:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0005a880:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0005a890:·646d·3134·3535·3422·3e3c·7072·653e·3c63··dm14554"><pre><c0005a890:·646d·3134·3535·3422·3e3c·7072·653e·3c63··dm14554"><pre><c
0005a8a0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio0005a8a0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
0005a8b0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·0005a8b0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
0005a8c0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·0005a8c0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
0005a8d0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm0005a8d0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
0005a8e0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
0005a8f0:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
0005a900:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·0005a8e0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
0005a910:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!0005a8f0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
0005a920:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai0005a900:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
0005a930:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..0005a910:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 0005a920:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 0005a930:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
0005a940:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·0005a940:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
0005a950:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·0005a950:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
0005a960:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r0005a960:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r
0005a970:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h0005a970:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h
0005a980:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec0005a980:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec
0005a990:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde0005a990:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde
0005a9a0:·726c·7969·6e67·2073·7973·7465·6d0a·2320··rlying·system.#·0005a9a0:·726c·7969·6e67·2073·7973·7465·6d0a·2320··rlying·system.#·
1.09 KB
html2text {}
    
Offset 996, 15 lines modifiedOffset 996, 15 lines modified
996 ············4.1,·SR_4.3,·SR_5.1,·SR_5.2,·SR_5.3,·SR_6.1,·SR_6.2,·SR_7.1,·SR_7.6,·A.11.2.6,996 ············4.1,·SR_4.3,·SR_5.1,·SR_5.2,·SR_5.3,·SR_6.1,·SR_6.2,·SR_7.1,·SR_7.6,·A.11.2.6,
997 ············A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.2.1,·A.14.1.3,997 ············A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.2.1,·A.14.1.3,
998 ············A.14.2.7,·A.15.2.1,·A.15.2.2,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),998 ············A.14.2.7,·A.15.2.1,·A.15.2.2,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),
999 ············AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3,·DE.CM-7,·ID.SC-4,999 ············AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3,·DE.CM-7,·ID.SC-4,
1000 ············PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·Req-10.2.71000 ············PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·Req-10.2.7
1001 Remediation_Shell_script_⇲1001 Remediation_Shell_script_⇲
1002 #·Remediation·is·applicable·only·in·certain·platforms1002 #·Remediation·is·applicable·only·in·certain·platforms
1003 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then1003 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
1004 #·First·perform·the·remediation·of·the·syscall·rule1004 #·First·perform·the·remediation·of·the·syscall·rule
1005 #·Retrieve·hardware·architecture·of·the·underlying·system1005 #·Retrieve·hardware·architecture·of·the·underlying·system
1006 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>1006 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
1007 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence1007 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
1008 #·······of·32-bit's·equivalent·of·the·corresponding·rule.1008 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
1009 #·······(See·`man·7·audit.rules`·for·details·)1009 #·······(See·`man·7·audit.rules`·for·details·)
22.2 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-cis.html
    
Offset 66360, 22 lines modifiedOffset 66360, 22 lines modified
00103370:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi00103370:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
00103380:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru00103380:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
00103390:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st00103390:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st
001033a0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b001033a0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
001033b0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c001033b0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
001033c0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f001033c0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
001033d0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe001033d0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
001033e0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e001033e0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
001033f0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m 
00103400:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
00103410:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
00103420:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
00103430:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an001033f0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
00103440:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack00103400:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 00103410:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 00103420:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo
 00103430:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 00103440:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
00103450:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl00103450:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
00103460:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization00103460:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
00103470:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d00103470:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
00103480:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"00103480:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
00103490:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman00103490:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
001034a0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].001034a0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
001034b0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS001034b0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
001034c0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS001034c0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 66396, 22 lines modifiedOffset 66396, 22 lines modified
001035b0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou001035b0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou
001035c0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo001035c0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo
001035d0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf001035d0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
001035e0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa001035e0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
001035f0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/001035f0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
00103600:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro00103600:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro
00103610:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.00103610:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
00103620:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
00103630:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
00103640:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
00103650:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
00103660:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-00103620:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
00103670:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib00103630:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
00103680:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package00103640:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 00103650:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 00103660:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 00103670:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 00103680:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
00103690:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v00103690:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
001036a0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty001036a0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
001036b0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock001036b0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
001036c0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope001036c0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
001036d0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·001036d0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
001036e0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-001036e0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
001036f0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta001036f0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
00103700:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and00103700:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 66461, 19 lines modifiedOffset 66461, 19 lines modified
001039c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat001039c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
001039d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con001039d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con
001039e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>001039e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>
001039f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co001039f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
00103a00:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation00103a00:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
00103a10:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o00103a10:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
00103a20:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p00103a20:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
00103a30:·6c61·7466·6f72·6d73·0a69·6620·5b20·2d66··latforms.if·[·-f00103a30:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
00103a40:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e 
00103a50:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;· 
00103a60:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g00103a40:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2
00103a70:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp00103a50:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am
 00103a60:·703b·205b·202d·6620·2f73·7973·2f66·6972··p;·[·-f·/sys/fir
 00103a70:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
00103a80:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·00103a80:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
00103a90:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a00103a90:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
00103aa0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·00103aa0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
00103ab0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere00103ab0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
00103ac0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c00103ac0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
00103ad0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru00103ad0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru
00103ae0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els00103ae0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els
Offset 66853, 21 lines modifiedOffset 66853, 21 lines modified
00105240:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·00105240:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
00105250:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00105250:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00105260:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···00105260:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
00105270:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru00105270:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
00105280:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re00105280:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
00105290:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi00105290:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
001052a0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·001052a0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
001052b0:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in· 
001052c0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
001052d0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
001052e0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
001052f0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm001052b0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
00105300:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f001052c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
00105310:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·001052d0:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 001052e0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a
 001052f0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 00105300:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 00105310:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
00105320:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu00105320:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00105330:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00105330:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00105340:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",00105340:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00105350:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"00105350:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00105360:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con00105360:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00105370:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:00105370:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
00105380:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.00105380:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.
Offset 66888, 21 lines modifiedOffset 66888, 21 lines modified
00105470:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·00105470:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
00105480:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot00105480:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
00105490:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.00105490:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
001054a0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path001054a0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
001054b0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr001054b0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
001054c0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner001054c0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner
001054d0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··001054d0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
001054e0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
001054f0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
00105500:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
00105510:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
00105520:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co001054e0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
00105530:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible001054f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
00105540:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'00105500:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 00105510:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 00105520:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 00105530:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 00105540:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
00105550:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00105550:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00105560:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00105560:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00105570:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00105570:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00105580:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00105580:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00105590:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00105590:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
001055a0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f001055a0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
001055b0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·001055b0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Max diff block lines reached; 7530/17346 bytes (43.41%) of diff not shown.
5.12 KB
html2text {}
    
Offset 5671, 16 lines modifiedOffset 5671, 16 lines modified
5671 ··-·no_reboot_needed5671 ··-·no_reboot_needed
  
5672 -·name:·Test·for·existence·/boot/grub2/grub.cfg5672 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5673 ··stat:5673 ··stat:
5674 ····path:·/boot/grub2/grub.cfg5674 ····path:·/boot/grub2/grub.cfg
5675 ··register:·file_exists5675 ··register:·file_exists
5676 ··when:5676 ··when:
5677 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5678 ··-·'"grub2-common"·in·ansible_facts.packages'5677 ··-·'"grub2-common"·in·ansible_facts.packages'
 5678 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5679 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5679 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5680 ··tags:5680 ··tags:
5681 ··-·CJIS-5.5.2.25681 ··-·CJIS-5.5.2.2
5682 ··-·NIST-800-171-3.4.55682 ··-·NIST-800-171-3.4.5
5683 ··-·NIST-800-53-AC-6(1)5683 ··-·NIST-800-53-AC-6(1)
5684 ··-·NIST-800-53-CM-6(a)5684 ··-·NIST-800-53-CM-6(a)
5685 ··-·PCI-DSS-Req-7.15685 ··-·PCI-DSS-Req-7.1
Offset 5692, 16 lines modifiedOffset 5692, 16 lines modified
5692 ··-·no_reboot_needed5692 ··-·no_reboot_needed
  
5693 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5693 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5694 ··file:5694 ··file:
5695 ····path:·/boot/grub2/grub.cfg5695 ····path:·/boot/grub2/grub.cfg
5696 ····group:·'0'5696 ····group:·'0'
5697 ··when:5697 ··when:
5698 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5699 ··-·'"grub2-common"·in·ansible_facts.packages'5698 ··-·'"grub2-common"·in·ansible_facts.packages'
 5699 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5700 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5700 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5701 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5701 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5702 ··tags:5702 ··tags:
5703 ··-·CJIS-5.5.2.25703 ··-·CJIS-5.5.2.2
5704 ··-·NIST-800-171-3.4.55704 ··-·NIST-800-171-3.4.5
5705 ··-·NIST-800-53-AC-6(1)5705 ··-·NIST-800-53-AC-6(1)
5706 ··-·NIST-800-53-CM-6(a)5706 ··-·NIST-800-53-CM-6(a)
Offset 5713, 15 lines modifiedOffset 5713, 15 lines modified
5713 ··-·medium_severity5713 ··-·medium_severity
5714 ··-·no_reboot_needed5714 ··-·no_reboot_needed
5715 Remediation_Shell_script_⇲5715 Remediation_Shell_script_⇲
5716 Complexity:·low5716 Complexity:·low
5717 Disruption:·low5717 Disruption:·low
5718 Strategy:···configure5718 Strategy:···configure
5719 #·Remediation·is·applicable·only·in·certain·platforms5719 #·Remediation·is·applicable·only·in·certain·platforms
5720 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/5720 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
5721 run/.containerenv·];·};·then5721 run/.containerenv·];·};·then
  
5722 chgrp·0·/boot/grub2/grub.cfg5722 chgrp·0·/boot/grub2/grub.cfg
  
5723 else5723 else
5724 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5724 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5725 fi5725 fi
Offset 5758, 16 lines modifiedOffset 5758, 16 lines modified
5758 ··-·no_reboot_needed5758 ··-·no_reboot_needed
  
5759 -·name:·Test·for·existence·/boot/grub2/grub.cfg5759 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5760 ··stat:5760 ··stat:
5761 ····path:·/boot/grub2/grub.cfg5761 ····path:·/boot/grub2/grub.cfg
5762 ··register:·file_exists5762 ··register:·file_exists
5763 ··when:5763 ··when:
5764 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5765 ··-·'"grub2-common"·in·ansible_facts.packages'5764 ··-·'"grub2-common"·in·ansible_facts.packages'
 5765 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5767 ··tags:5767 ··tags:
5768 ··-·CJIS-5.5.2.25768 ··-·CJIS-5.5.2.2
5769 ··-·NIST-800-171-3.4.55769 ··-·NIST-800-171-3.4.5
5770 ··-·NIST-800-53-AC-6(1)5770 ··-·NIST-800-53-AC-6(1)
5771 ··-·NIST-800-53-CM-6(a)5771 ··-·NIST-800-53-CM-6(a)
5772 ··-·PCI-DSS-Req-7.15772 ··-·PCI-DSS-Req-7.1
Offset 5779, 16 lines modifiedOffset 5779, 16 lines modified
5779 ··-·no_reboot_needed5779 ··-·no_reboot_needed
  
5780 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5780 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5781 ··file:5781 ··file:
5782 ····path:·/boot/grub2/grub.cfg5782 ····path:·/boot/grub2/grub.cfg
5783 ····owner:·'0'5783 ····owner:·'0'
5784 ··when:5784 ··when:
5785 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5786 ··-·'"grub2-common"·in·ansible_facts.packages'5785 ··-·'"grub2-common"·in·ansible_facts.packages'
 5786 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5787 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5787 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5788 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5788 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5789 ··tags:5789 ··tags:
5790 ··-·CJIS-5.5.2.25790 ··-·CJIS-5.5.2.2
5791 ··-·NIST-800-171-3.4.55791 ··-·NIST-800-171-3.4.5
5792 ··-·NIST-800-53-AC-6(1)5792 ··-·NIST-800-53-AC-6(1)
5793 ··-·NIST-800-53-CM-6(a)5793 ··-·NIST-800-53-CM-6(a)
Offset 5800, 15 lines modifiedOffset 5800, 15 lines modified
5800 ··-·medium_severity5800 ··-·medium_severity
5801 ··-·no_reboot_needed5801 ··-·no_reboot_needed
5802 Remediation_Shell_script_⇲5802 Remediation_Shell_script_⇲
5803 Complexity:·low5803 Complexity:·low
5804 Disruption:·low5804 Disruption:·low
5805 Strategy:···configure5805 Strategy:···configure
5806 #·Remediation·is·applicable·only·in·certain·platforms5806 #·Remediation·is·applicable·only·in·certain·platforms
5807 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/5807 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
5808 run/.containerenv·];·};·then5808 run/.containerenv·];·};·then
  
5809 chown·0·/boot/grub2/grub.cfg5809 chown·0·/boot/grub2/grub.cfg
  
5810 else5810 else
5811 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5811 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5812 fi5812 fi
Offset 5843, 16 lines modifiedOffset 5843, 16 lines modified
5843 ··-·no_reboot_needed5843 ··-·no_reboot_needed
  
5844 -·name:·Test·for·existence·/boot/grub2/grub.cfg5844 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5845 ··stat:5845 ··stat:
5846 ····path:·/boot/grub2/grub.cfg5846 ····path:·/boot/grub2/grub.cfg
5847 ··register:·file_exists5847 ··register:·file_exists
5848 ··when:5848 ··when:
5849 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5850 ··-·'"grub2-common"·in·ansible_facts.packages'5849 ··-·'"grub2-common"·in·ansible_facts.packages'
 5850 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5851 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5851 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5852 ··tags:5852 ··tags:
5853 ··-·NIST-800-171-3.4.55853 ··-·NIST-800-171-3.4.5
5854 ··-·NIST-800-53-AC-6(1)5854 ··-·NIST-800-53-AC-6(1)
5855 ··-·NIST-800-53-CM-6(a)5855 ··-·NIST-800-53-CM-6(a)
5856 ··-·configure_strategy5856 ··-·configure_strategy
5857 ··-·file_permissions_efi_grub2_cfg5857 ··-·file_permissions_efi_grub2_cfg
Offset 5862, 16 lines modifiedOffset 5862, 16 lines modified
5862 ··-·no_reboot_needed5862 ··-·no_reboot_needed
  
5863 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5863 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5864 ··file:5864 ··file:
5865 ····path:·/boot/grub2/grub.cfg5865 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1011/5222 bytes (19.36%) of diff not shown.
21.9 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-cis_l1.html
    
Offset 40145, 21 lines modifiedOffset 40145, 21 lines modified
0009cd00:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc0009cd00:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
0009cd10:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr0009cd10:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
0009cd20:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0009cd20:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0009cd30:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009cd30:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009cd40:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··0009cd40:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
0009cd50:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e0009cd50:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
0009cd60:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··0009cd60:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
0009cd70:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
0009cd80:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009cd90:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009cda0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
0009cdb0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co0009cd70:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
0009cdc0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible0009cd80:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
0009cdd0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0009cd90:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 0009cda0:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 0009cdb0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 0009cdc0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 0009cdd0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
0009cde0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir0009cde0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
0009cdf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type0009cdf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
0009ce00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker0009ce00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
0009ce10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv0009ce10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
0009ce20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c0009ce20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
0009ce30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag0009ce30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0009ce40:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.0009ce40:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 40181, 21 lines modifiedOffset 40181, 21 lines modified
0009cf40:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own0009cf40:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
0009cf50:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0009cf50:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0009cf60:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f0009cf60:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
0009cf70:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/0009cf70:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
0009cf80:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0009cf80:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0009cf90:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'0009cf90:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
0009cfa0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0009cfa0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0009cfb0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
0009cfc0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
0009cfd0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
0009cfe0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
0009cff0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo0009cfb0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
0009d000:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa0009cfc0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
0009d010:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0009cfd0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 0009cfe0:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 0009cff0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 0009d000:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 0009d010:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
0009d020:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua0009d020:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
0009d030:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no0009d030:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
0009d040:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·0009d040:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
0009d050:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",0009d050:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
0009d060:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont0009d060:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0009d070:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file0009d070:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
0009d080:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·0009d080:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 40246, 19 lines modifiedOffset 40246, 19 lines modified
0009d350:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0009d350:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0009d360:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur0009d360:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
0009d370:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0009d370:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0009d380:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·0009d380:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
0009d390:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0009d390:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0009d3a0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i0009d3a0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0009d3b0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo0009d3b0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 0009d3c0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
0009d3c0:·726d·730a·6966·205b·202d·6620·2f73·7973··rms.if·[·-f·/sys 
0009d3d0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
0009d3e0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
0009d3f0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-0009d3d0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
0009d400:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp0009d3e0:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 0009d3f0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
 0009d400:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
0009d410:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc0009d410:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
0009d420:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a0009d420:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
0009d430:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/0009d430:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
0009d440:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];0009d440:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
0009d450:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·0009d450:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
0009d460:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr0009d460:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
0009d470:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···0009d470:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 40637, 22 lines modifiedOffset 40637, 22 lines modified
0009ebc0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for0009ebc0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
0009ebd0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot0009ebd0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
0009ebe0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.0009ebe0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
0009ebf0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path0009ebf0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
0009ec00:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr0009ec00:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
0009ec10:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe0009ec10:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
0009ec20:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·0009ec20:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
0009ec30:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo0009ec30:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
0009ec40:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
0009ec50:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
0009ec60:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
0009ec70:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
0009ec80:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i0009ec40:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
0009ec90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0009ec50:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
0009eca0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an0009ec60:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 0009ec70:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 0009ec80:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 0009ec90:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 0009eca0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
0009ecb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza0009ecb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
0009ecc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in0009ecc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
0009ecd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc0009ecd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
0009ece0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po0009ece0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
0009ecf0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe0009ecf0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
0009ed00:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·0009ed00:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
0009ed10:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··-0009ed10:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··-
Offset 40672, 22 lines modifiedOffset 40672, 22 lines modified
0009edf0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na0009edf0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na
0009ee00:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner0009ee00:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner
0009ee10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub0009ee10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
0009ee20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil0009ee20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
0009ee30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo0009ee30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
0009ee40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0009ee40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0009ee50:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'0009ee50:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'
0009ee60:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009ee60:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0009ee70:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans 
0009ee80:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
0009ee90:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
0009eea0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
0009eeb0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"0009ee70:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
0009eec0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0009ee80:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
0009eed0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0009ee90:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0009eea0:·6f6f·742f·6566·6922·2069·6e20·616e·7369··oot/efi"·in·ansi
 0009eeb0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 0009eec0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 0009eed0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
0009eee0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali0009eee0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
0009eef0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·0009eef0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
0009ef00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l0009ef00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
0009ef10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"0009ef10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
0009ef20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai0009ef20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0009ef30:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e0009ef30:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e
Max diff block lines reached; 7280/17070 bytes (42.65%) of diff not shown.
5.12 KB
html2text {}
    
Offset 3075, 16 lines modifiedOffset 3075, 16 lines modified
3075 ··-·no_reboot_needed3075 ··-·no_reboot_needed
  
3076 -·name:·Test·for·existence·/boot/grub2/grub.cfg3076 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3077 ··stat:3077 ··stat:
3078 ····path:·/boot/grub2/grub.cfg3078 ····path:·/boot/grub2/grub.cfg
3079 ··register:·file_exists3079 ··register:·file_exists
3080 ··when:3080 ··when:
3081 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3082 ··-·'"grub2-common"·in·ansible_facts.packages'3081 ··-·'"grub2-common"·in·ansible_facts.packages'
 3082 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3083 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3083 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3084 ··tags:3084 ··tags:
3085 ··-·CJIS-5.5.2.23085 ··-·CJIS-5.5.2.2
3086 ··-·NIST-800-171-3.4.53086 ··-·NIST-800-171-3.4.5
3087 ··-·NIST-800-53-AC-6(1)3087 ··-·NIST-800-53-AC-6(1)
3088 ··-·NIST-800-53-CM-6(a)3088 ··-·NIST-800-53-CM-6(a)
3089 ··-·PCI-DSS-Req-7.13089 ··-·PCI-DSS-Req-7.1
Offset 3096, 16 lines modifiedOffset 3096, 16 lines modified
3096 ··-·no_reboot_needed3096 ··-·no_reboot_needed
  
3097 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3097 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3098 ··file:3098 ··file:
3099 ····path:·/boot/grub2/grub.cfg3099 ····path:·/boot/grub2/grub.cfg
3100 ····group:·'0'3100 ····group:·'0'
3101 ··when:3101 ··when:
3102 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3103 ··-·'"grub2-common"·in·ansible_facts.packages'3102 ··-·'"grub2-common"·in·ansible_facts.packages'
 3103 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3104 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3104 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3105 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3105 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3106 ··tags:3106 ··tags:
3107 ··-·CJIS-5.5.2.23107 ··-·CJIS-5.5.2.2
3108 ··-·NIST-800-171-3.4.53108 ··-·NIST-800-171-3.4.5
3109 ··-·NIST-800-53-AC-6(1)3109 ··-·NIST-800-53-AC-6(1)
3110 ··-·NIST-800-53-CM-6(a)3110 ··-·NIST-800-53-CM-6(a)
Offset 3117, 15 lines modifiedOffset 3117, 15 lines modified
3117 ··-·medium_severity3117 ··-·medium_severity
3118 ··-·no_reboot_needed3118 ··-·no_reboot_needed
3119 Remediation_Shell_script_⇲3119 Remediation_Shell_script_⇲
3120 Complexity:·low3120 Complexity:·low
3121 Disruption:·low3121 Disruption:·low
3122 Strategy:···configure3122 Strategy:···configure
3123 #·Remediation·is·applicable·only·in·certain·platforms3123 #·Remediation·is·applicable·only·in·certain·platforms
3124 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/3124 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
3125 run/.containerenv·];·};·then3125 run/.containerenv·];·};·then
  
3126 chgrp·0·/boot/grub2/grub.cfg3126 chgrp·0·/boot/grub2/grub.cfg
  
3127 else3127 else
3128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3129 fi3129 fi
Offset 3162, 16 lines modifiedOffset 3162, 16 lines modified
3162 ··-·no_reboot_needed3162 ··-·no_reboot_needed
  
3163 -·name:·Test·for·existence·/boot/grub2/grub.cfg3163 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3164 ··stat:3164 ··stat:
3165 ····path:·/boot/grub2/grub.cfg3165 ····path:·/boot/grub2/grub.cfg
3166 ··register:·file_exists3166 ··register:·file_exists
3167 ··when:3167 ··when:
3168 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3169 ··-·'"grub2-common"·in·ansible_facts.packages'3168 ··-·'"grub2-common"·in·ansible_facts.packages'
 3169 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3171 ··tags:3171 ··tags:
3172 ··-·CJIS-5.5.2.23172 ··-·CJIS-5.5.2.2
3173 ··-·NIST-800-171-3.4.53173 ··-·NIST-800-171-3.4.5
3174 ··-·NIST-800-53-AC-6(1)3174 ··-·NIST-800-53-AC-6(1)
3175 ··-·NIST-800-53-CM-6(a)3175 ··-·NIST-800-53-CM-6(a)
3176 ··-·PCI-DSS-Req-7.13176 ··-·PCI-DSS-Req-7.1
Offset 3183, 16 lines modifiedOffset 3183, 16 lines modified
3183 ··-·no_reboot_needed3183 ··-·no_reboot_needed
  
3184 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3184 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3185 ··file:3185 ··file:
3186 ····path:·/boot/grub2/grub.cfg3186 ····path:·/boot/grub2/grub.cfg
3187 ····owner:·'0'3187 ····owner:·'0'
3188 ··when:3188 ··when:
3189 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3190 ··-·'"grub2-common"·in·ansible_facts.packages'3189 ··-·'"grub2-common"·in·ansible_facts.packages'
 3190 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3192 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3192 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3193 ··tags:3193 ··tags:
3194 ··-·CJIS-5.5.2.23194 ··-·CJIS-5.5.2.2
3195 ··-·NIST-800-171-3.4.53195 ··-·NIST-800-171-3.4.5
3196 ··-·NIST-800-53-AC-6(1)3196 ··-·NIST-800-53-AC-6(1)
3197 ··-·NIST-800-53-CM-6(a)3197 ··-·NIST-800-53-CM-6(a)
Offset 3204, 15 lines modifiedOffset 3204, 15 lines modified
3204 ··-·medium_severity3204 ··-·medium_severity
3205 ··-·no_reboot_needed3205 ··-·no_reboot_needed
3206 Remediation_Shell_script_⇲3206 Remediation_Shell_script_⇲
3207 Complexity:·low3207 Complexity:·low
3208 Disruption:·low3208 Disruption:·low
3209 Strategy:···configure3209 Strategy:···configure
3210 #·Remediation·is·applicable·only·in·certain·platforms3210 #·Remediation·is·applicable·only·in·certain·platforms
3211 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/3211 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
3212 run/.containerenv·];·};·then3212 run/.containerenv·];·};·then
  
3213 chown·0·/boot/grub2/grub.cfg3213 chown·0·/boot/grub2/grub.cfg
  
3214 else3214 else
3215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3216 fi3216 fi
Offset 3247, 16 lines modifiedOffset 3247, 16 lines modified
3247 ··-·no_reboot_needed3247 ··-·no_reboot_needed
  
3248 -·name:·Test·for·existence·/boot/grub2/grub.cfg3248 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3249 ··stat:3249 ··stat:
3250 ····path:·/boot/grub2/grub.cfg3250 ····path:·/boot/grub2/grub.cfg
3251 ··register:·file_exists3251 ··register:·file_exists
3252 ··when:3252 ··when:
3253 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3254 ··-·'"grub2-common"·in·ansible_facts.packages'3253 ··-·'"grub2-common"·in·ansible_facts.packages'
 3254 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3255 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3255 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3256 ··tags:3256 ··tags:
3257 ··-·NIST-800-171-3.4.53257 ··-·NIST-800-171-3.4.5
3258 ··-·NIST-800-53-AC-6(1)3258 ··-·NIST-800-53-AC-6(1)
3259 ··-·NIST-800-53-CM-6(a)3259 ··-·NIST-800-53-CM-6(a)
3260 ··-·configure_strategy3260 ··-·configure_strategy
3261 ··-·file_permissions_efi_grub2_cfg3261 ··-·file_permissions_efi_grub2_cfg
Offset 3266, 16 lines modifiedOffset 3266, 16 lines modified
3266 ··-·no_reboot_needed3266 ··-·no_reboot_needed
  
3267 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg3267 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
3268 ··file:3268 ··file:
3269 ····path:·/boot/grub2/grub.cfg3269 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1011/5222 bytes (19.36%) of diff not shown.
90.3 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis.html
    
Offset 185605, 22 lines modifiedOffset 185605, 22 lines modified
002d5040:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002d5040:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002d5050:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002d5050:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002d5060:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002d5060:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002d5070:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002d5070:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002d5080:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002d5080:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002d5090:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register002d5090:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
002d50a0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002d50a0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002d50b0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002d50b0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002d50c0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002d50d0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002d50e0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002d50f0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002d5100:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
002d5110:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
002d5120:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002d50c0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 002d50d0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002d50e0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002d50f0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 002d5100:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002d5110:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002d5120:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002d5130:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002d5130:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002d5140:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002d5140:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002d5150:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002d5150:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002d5160:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002d5160:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002d5170:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002d5170:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002d5180:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002d5180:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002d5190:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.002d5190:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 185641, 22 lines modifiedOffset 185641, 22 lines modified
002d5280:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g002d5280:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
002d5290:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·002d5290:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
002d52a0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub002d52a0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
002d52b0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···002d52b0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
002d52c0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002d52c0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002d52d0:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····002d52d0:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
002d52e0:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe002d52e0:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
002d52f0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e002d52f0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
002d5300:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
002d5310:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
002d5320:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
002d5330:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
002d5340:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
002d5350:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
002d5360:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an002d5300:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 002d5310:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 002d5320:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002d5330:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 002d5340:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002d5350:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002d5360:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
002d5370:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza002d5370:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
002d5380:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in002d5380:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
002d5390:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc002d5390:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
002d53a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po002d53a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
002d53b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe002d53b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
002d53c0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi002d53c0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
002d53d0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi002d53d0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 185706, 19 lines modifiedOffset 185706, 19 lines modified
002d5690:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St002d5690:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
002d56a0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>002d56a0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
002d56b0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></002d56b0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
002d56c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>002d56c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
002d56d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat002d56d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
002d56e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl002d56e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
002d56f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai002d56f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
002d5700:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[002d5700:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
002d5710:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw 
002d5720:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
002d5730:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
002d5740:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common002d5710:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 002d5720:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
 002d5730:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
 002d5740:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
002d5750:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·002d5750:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
002d5760:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv002d5760:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
002d5770:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·002d5770:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
002d5780:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta002d5780:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
002d5790:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th002d5790:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
002d57a0:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo002d57a0:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
002d57b0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002d57b0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 186209, 22 lines modifiedOffset 186209, 22 lines modified
002d7600:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·002d7600:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
002d7610:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002d7610:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002d7620:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···002d7620:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
002d7630:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002d7630:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002d7640:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re002d7640:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re
002d7650:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi002d7650:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
002d7660:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·002d7660:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
002d7670:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002d7680:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002d7690:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002d76a0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
002d76b0:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
002d76c0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
002d76d0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package002d7670:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 002d7680:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 002d7690:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 002d76a0:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 002d76b0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 002d76c0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 002d76d0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
002d76e0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v002d76e0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
002d76f0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002d76f0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002d7700:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002d7700:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002d7710:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002d7710:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002d7720:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002d7720:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002d7730:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t002d7730:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
002d7740:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.002d7740:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
002d7750:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8002d7750:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 186244, 22 lines modifiedOffset 186244, 22 lines modified
002d7830:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens002d7830:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
002d7840:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·002d7840:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
002d7850:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002d7850:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002d7860:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file002d7860:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file
002d7870:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002d7870:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002d7880:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg002d7880:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
002d7890:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.002d7890:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
002d78a0:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002d78a0:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002d78b0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002d78c0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002d78d0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002d78e0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002d78f0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002d7900:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002d7910:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002d78b0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002d78c0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002d78d0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
Max diff block lines reached; 60208/69870 bytes (86.17%) of diff not shown.
22.0 KB
html2text {}
    
Offset 41793, 16 lines modifiedOffset 41793, 16 lines modified
41793 ··-·no_reboot_needed41793 ··-·no_reboot_needed
  
41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41795 ··stat:41795 ··stat:
41796 ····path:·/boot/grub2/grub.cfg41796 ····path:·/boot/grub2/grub.cfg
41797 ··register:·file_exists41797 ··register:·file_exists
41798 ··when:41798 ··when:
41799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41800 ··-·'"grub2-common"·in·ansible_facts.packages'41799 ··-·'"grub2-common"·in·ansible_facts.packages'
 41800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41802 ··tags:41802 ··tags:
41803 ··-·CJIS-5.5.2.241803 ··-·CJIS-5.5.2.2
41804 ··-·NIST-800-171-3.4.541804 ··-·NIST-800-171-3.4.5
41805 ··-·NIST-800-53-AC-6(1)41805 ··-·NIST-800-53-AC-6(1)
41806 ··-·NIST-800-53-CM-6(a)41806 ··-·NIST-800-53-CM-6(a)
41807 ··-·PCI-DSS-Req-7.141807 ··-·PCI-DSS-Req-7.1
Offset 41814, 16 lines modifiedOffset 41814, 16 lines modified
41814 ··-·no_reboot_needed41814 ··-·no_reboot_needed
  
41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41816 ··file:41816 ··file:
41817 ····path:·/boot/grub2/grub.cfg41817 ····path:·/boot/grub2/grub.cfg
41818 ····group:·'0'41818 ····group:·'0'
41819 ··when:41819 ··when:
41820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41821 ··-·'"grub2-common"·in·ansible_facts.packages'41820 ··-·'"grub2-common"·in·ansible_facts.packages'
 41821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41824 ··tags:41824 ··tags:
41825 ··-·CJIS-5.5.2.241825 ··-·CJIS-5.5.2.2
41826 ··-·NIST-800-171-3.4.541826 ··-·NIST-800-171-3.4.5
41827 ··-·NIST-800-53-AC-6(1)41827 ··-·NIST-800-53-AC-6(1)
41828 ··-·NIST-800-53-CM-6(a)41828 ··-·NIST-800-53-CM-6(a)
Offset 41835, 15 lines modifiedOffset 41835, 15 lines modified
41835 ··-·medium_severity41835 ··-·medium_severity
41836 ··-·no_reboot_needed41836 ··-·no_reboot_needed
41837 Remediation_Shell_script_⇲41837 Remediation_Shell_script_⇲
41838 Complexity:·low41838 Complexity:·low
41839 Disruption:·low41839 Disruption:·low
41840 Strategy:···configure41840 Strategy:···configure
41841 #·Remediation·is·applicable·only·in·certain·platforms41841 #·Remediation·is·applicable·only·in·certain·platforms
41842 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41842 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41843 chgrp·0·/boot/grub2/grub.cfg41843 chgrp·0·/boot/grub2/grub.cfg
  
41844 else41844 else
41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41846 fi41846 fi
41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41874, 16 lines modifiedOffset 41874, 16 lines modified
41874 ··-·no_reboot_needed41874 ··-·no_reboot_needed
  
41875 -·name:·Test·for·existence·/boot/grub2/user.cfg41875 -·name:·Test·for·existence·/boot/grub2/user.cfg
41876 ··stat:41876 ··stat:
41877 ····path:·/boot/grub2/user.cfg41877 ····path:·/boot/grub2/user.cfg
41878 ··register:·file_exists41878 ··register:·file_exists
41879 ··when:41879 ··when:
41880 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41881 ··-·'"grub2-common"·in·ansible_facts.packages'41880 ··-·'"grub2-common"·in·ansible_facts.packages'
 41881 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41883 ··tags:41883 ··tags:
41884 ··-·CJIS-5.5.2.241884 ··-·CJIS-5.5.2.2
41885 ··-·NIST-800-171-3.4.541885 ··-·NIST-800-171-3.4.5
41886 ··-·NIST-800-53-AC-6(1)41886 ··-·NIST-800-53-AC-6(1)
41887 ··-·NIST-800-53-CM-6(a)41887 ··-·NIST-800-53-CM-6(a)
41888 ··-·PCI-DSS-Req-7.141888 ··-·PCI-DSS-Req-7.1
Offset 41895, 16 lines modifiedOffset 41895, 16 lines modified
41895 ··-·no_reboot_needed41895 ··-·no_reboot_needed
  
41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41897 ··file:41897 ··file:
41898 ····path:·/boot/grub2/user.cfg41898 ····path:·/boot/grub2/user.cfg
41899 ····group:·'0'41899 ····group:·'0'
41900 ··when:41900 ··when:
41901 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41902 ··-·'"grub2-common"·in·ansible_facts.packages'41901 ··-·'"grub2-common"·in·ansible_facts.packages'
 41902 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41905 ··tags:41905 ··tags:
41906 ··-·CJIS-5.5.2.241906 ··-·CJIS-5.5.2.2
41907 ··-·NIST-800-171-3.4.541907 ··-·NIST-800-171-3.4.5
41908 ··-·NIST-800-53-AC-6(1)41908 ··-·NIST-800-53-AC-6(1)
41909 ··-·NIST-800-53-CM-6(a)41909 ··-·NIST-800-53-CM-6(a)
Offset 41916, 15 lines modifiedOffset 41916, 15 lines modified
41916 ··-·medium_severity41916 ··-·medium_severity
41917 ··-·no_reboot_needed41917 ··-·no_reboot_needed
41918 Remediation_Shell_script_⇲41918 Remediation_Shell_script_⇲
41919 Complexity:·low41919 Complexity:·low
41920 Disruption:·low41920 Disruption:·low
41921 Strategy:···configure41921 Strategy:···configure
41922 #·Remediation·is·applicable·only·in·certain·platforms41922 #·Remediation·is·applicable·only·in·certain·platforms
41923 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41923 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41924 chgrp·0·/boot/grub2/user.cfg41924 chgrp·0·/boot/grub2/user.cfg
  
41925 else41925 else
41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41927 fi41927 fi
41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41955, 16 lines modifiedOffset 41955, 16 lines modified
41955 ··-·no_reboot_needed41955 ··-·no_reboot_needed
  
41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41957 ··stat:41957 ··stat:
41958 ····path:·/boot/grub2/grub.cfg41958 ····path:·/boot/grub2/grub.cfg
41959 ··register:·file_exists41959 ··register:·file_exists
41960 ··when:41960 ··when:
41961 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41962 ··-·'"grub2-common"·in·ansible_facts.packages'41961 ··-·'"grub2-common"·in·ansible_facts.packages'
 41962 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41964 ··tags:41964 ··tags:
41965 ··-·CJIS-5.5.2.241965 ··-·CJIS-5.5.2.2
41966 ··-·NIST-800-171-3.4.541966 ··-·NIST-800-171-3.4.5
41967 ··-·NIST-800-53-AC-6(1)41967 ··-·NIST-800-53-AC-6(1)
41968 ··-·NIST-800-53-CM-6(a)41968 ··-·NIST-800-53-CM-6(a)
41969 ··-·PCI-DSS-Req-7.141969 ··-·PCI-DSS-Req-7.1
Offset 41976, 16 lines modifiedOffset 41976, 16 lines modified
41976 ··-·no_reboot_needed41976 ··-·no_reboot_needed
  
41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
41978 ··file:41978 ··file:
41979 ····path:·/boot/grub2/grub.cfg41979 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18069/22482 bytes (80.37%) of diff not shown.
89.9 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_server_l1.html
    
Offset 59536, 22 lines modifiedOffset 59536, 22 lines modified
000e88f0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000e88f0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000e8900:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000e8900:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000e8910:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000e8910:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000e8920:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000e8920:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000e8930:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8930:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8940:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000e8940:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000e8950:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000e8950:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000e8960:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000e8960:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000e8970:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000e8980:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000e8990:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000e89a0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
000e89b0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
000e89c0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000e89d0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000e8970:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 000e8980:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000e8990:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000e89a0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000e89b0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000e89c0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000e89d0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
000e89e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000e89e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000e89f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000e89f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000e8a00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000e8a00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000e8a10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000e8a10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000e8a20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000e8a20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000e8a30:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000e8a30:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000e8a40:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·000e8a40:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 59572, 22 lines modifiedOffset 59572, 22 lines modified
000e8b30:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000e8b30:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000e8b40:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000e8b40:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000e8b50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000e8b50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000e8b60:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000e8b60:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000e8b70:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000e8b70:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000e8b80:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000e8b80:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000e8b90:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000e8b90:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000e8ba0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000e8bb0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000e8bc0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000e8bd0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000e8be0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000e8bf0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
000e8c00:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000e8c10:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000e8ba0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000e8bb0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000e8bc0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000e8bd0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000e8be0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000e8bf0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000e8c00:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000e8c10:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000e8c20:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000e8c20:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000e8c30:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000e8c30:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000e8c40:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000e8c40:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000e8c50:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000e8c50:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000e8c60:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000e8c60:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000e8c70:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis000e8c70:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
000e8c80:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin000e8c80:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 59637, 19 lines modifiedOffset 59637, 19 lines modified
000e8f40:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str000e8f40:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
000e8f50:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c000e8f50:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
000e8f60:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t000e8f60:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
000e8f70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><000e8f70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
000e8f80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000e8f80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000e8f90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000e8f90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000e8fa0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000e8fa0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000e8fb0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000e8fb0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
000e8fc0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
000e8fd0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
000e8fe0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
000e8ff0:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·000e8fc0:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 000e8fd0:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 000e8fe0:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 000e8ff0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
000e9000:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!000e9000:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
000e9010:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000e9010:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000e9020:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000e9020:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000e9030:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000e9030:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000e9040:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the000e9040:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
000e9050:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot000e9050:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
000e9060:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000e9060:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 60140, 21 lines modifiedOffset 60140, 21 lines modified
000eaeb0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000eaeb0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000eaec0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000eaec0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000eaed0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000eaed0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000eaee0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000eaee0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000eaef0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg000eaef0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg
000eaf00:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000eaf00:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000eaf10:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000eaf10:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000eaf20:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000eaf30:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000eaf40:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000eaf50:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000eaf60:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
000eaf70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000eaf80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000eaf20:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000eaf30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000eaf40:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000eaf50:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000eaf60:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000eaf70:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000eaf80:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000eaf90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000eaf90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000eafa0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000eafa0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000eafb0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000eafb0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000eafc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000eafc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000eafd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000eafd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000eafe0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000eafe0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000eaff0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5000eaff0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 60175, 22 lines modifiedOffset 60175, 22 lines modified
000eb0e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000eb0e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000eb0f0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0000eb0f0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
000eb100:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/000eb100:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/
000eb110:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:000eb110:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:
000eb120:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000eb120:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000eb130:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000eb130:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000eb140:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·000eb140:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·
000eb150:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000eb150:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000eb160:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
000eb170:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000eb180:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000eb190:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000eb1a0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
000eb1b0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
000eb1c0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000eb160:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 000eb170:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000eb180:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
Max diff block lines reached; 60008/69522 bytes (86.32%) of diff not shown.
21.9 KB
html2text {}
    
Offset 8118, 16 lines modifiedOffset 8118, 16 lines modified
8118 ··-·no_reboot_needed8118 ··-·no_reboot_needed
  
8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8120 ··stat:8120 ··stat:
8121 ····path:·/boot/grub2/grub.cfg8121 ····path:·/boot/grub2/grub.cfg
8122 ··register:·file_exists8122 ··register:·file_exists
8123 ··when:8123 ··when:
8124 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8125 ··-·'"grub2-common"·in·ansible_facts.packages'8124 ··-·'"grub2-common"·in·ansible_facts.packages'
 8125 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8127 ··tags:8127 ··tags:
8128 ··-·CJIS-5.5.2.28128 ··-·CJIS-5.5.2.2
8129 ··-·NIST-800-171-3.4.58129 ··-·NIST-800-171-3.4.5
8130 ··-·NIST-800-53-AC-6(1)8130 ··-·NIST-800-53-AC-6(1)
8131 ··-·NIST-800-53-CM-6(a)8131 ··-·NIST-800-53-CM-6(a)
8132 ··-·PCI-DSS-Req-7.18132 ··-·PCI-DSS-Req-7.1
Offset 8139, 16 lines modifiedOffset 8139, 16 lines modified
8139 ··-·no_reboot_needed8139 ··-·no_reboot_needed
  
8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8141 ··file:8141 ··file:
8142 ····path:·/boot/grub2/grub.cfg8142 ····path:·/boot/grub2/grub.cfg
8143 ····group:·'0'8143 ····group:·'0'
8144 ··when:8144 ··when:
8145 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8146 ··-·'"grub2-common"·in·ansible_facts.packages'8145 ··-·'"grub2-common"·in·ansible_facts.packages'
 8146 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8149 ··tags:8149 ··tags:
8150 ··-·CJIS-5.5.2.28150 ··-·CJIS-5.5.2.2
8151 ··-·NIST-800-171-3.4.58151 ··-·NIST-800-171-3.4.5
8152 ··-·NIST-800-53-AC-6(1)8152 ··-·NIST-800-53-AC-6(1)
8153 ··-·NIST-800-53-CM-6(a)8153 ··-·NIST-800-53-CM-6(a)
Offset 8160, 15 lines modifiedOffset 8160, 15 lines modified
8160 ··-·medium_severity8160 ··-·medium_severity
8161 ··-·no_reboot_needed8161 ··-·no_reboot_needed
8162 Remediation_Shell_script_⇲8162 Remediation_Shell_script_⇲
8163 Complexity:·low8163 Complexity:·low
8164 Disruption:·low8164 Disruption:·low
8165 Strategy:···configure8165 Strategy:···configure
8166 #·Remediation·is·applicable·only·in·certain·platforms8166 #·Remediation·is·applicable·only·in·certain·platforms
8167 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8167 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8168 chgrp·0·/boot/grub2/grub.cfg8168 chgrp·0·/boot/grub2/grub.cfg
  
8169 else8169 else
8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8171 fi8171 fi
8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8199, 16 lines modifiedOffset 8199, 16 lines modified
8199 ··-·no_reboot_needed8199 ··-·no_reboot_needed
  
8200 -·name:·Test·for·existence·/boot/grub2/user.cfg8200 -·name:·Test·for·existence·/boot/grub2/user.cfg
8201 ··stat:8201 ··stat:
8202 ····path:·/boot/grub2/user.cfg8202 ····path:·/boot/grub2/user.cfg
8203 ··register:·file_exists8203 ··register:·file_exists
8204 ··when:8204 ··when:
8205 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8206 ··-·'"grub2-common"·in·ansible_facts.packages'8205 ··-·'"grub2-common"·in·ansible_facts.packages'
 8206 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8208 ··tags:8208 ··tags:
8209 ··-·CJIS-5.5.2.28209 ··-·CJIS-5.5.2.2
8210 ··-·NIST-800-171-3.4.58210 ··-·NIST-800-171-3.4.5
8211 ··-·NIST-800-53-AC-6(1)8211 ··-·NIST-800-53-AC-6(1)
8212 ··-·NIST-800-53-CM-6(a)8212 ··-·NIST-800-53-CM-6(a)
8213 ··-·PCI-DSS-Req-7.18213 ··-·PCI-DSS-Req-7.1
Offset 8220, 16 lines modifiedOffset 8220, 16 lines modified
8220 ··-·no_reboot_needed8220 ··-·no_reboot_needed
  
8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8222 ··file:8222 ··file:
8223 ····path:·/boot/grub2/user.cfg8223 ····path:·/boot/grub2/user.cfg
8224 ····group:·'0'8224 ····group:·'0'
8225 ··when:8225 ··when:
8226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8227 ··-·'"grub2-common"·in·ansible_facts.packages'8226 ··-·'"grub2-common"·in·ansible_facts.packages'
 8227 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8230 ··tags:8230 ··tags:
8231 ··-·CJIS-5.5.2.28231 ··-·CJIS-5.5.2.2
8232 ··-·NIST-800-171-3.4.58232 ··-·NIST-800-171-3.4.5
8233 ··-·NIST-800-53-AC-6(1)8233 ··-·NIST-800-53-AC-6(1)
8234 ··-·NIST-800-53-CM-6(a)8234 ··-·NIST-800-53-CM-6(a)
Offset 8241, 15 lines modifiedOffset 8241, 15 lines modified
8241 ··-·medium_severity8241 ··-·medium_severity
8242 ··-·no_reboot_needed8242 ··-·no_reboot_needed
8243 Remediation_Shell_script_⇲8243 Remediation_Shell_script_⇲
8244 Complexity:·low8244 Complexity:·low
8245 Disruption:·low8245 Disruption:·low
8246 Strategy:···configure8246 Strategy:···configure
8247 #·Remediation·is·applicable·only·in·certain·platforms8247 #·Remediation·is·applicable·only·in·certain·platforms
8248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8249 chgrp·0·/boot/grub2/user.cfg8249 chgrp·0·/boot/grub2/user.cfg
  
8250 else8250 else
8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8252 fi8252 fi
8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8280, 16 lines modifiedOffset 8280, 16 lines modified
8280 ··-·no_reboot_needed8280 ··-·no_reboot_needed
  
8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8282 ··stat:8282 ··stat:
8283 ····path:·/boot/grub2/grub.cfg8283 ····path:·/boot/grub2/grub.cfg
8284 ··register:·file_exists8284 ··register:·file_exists
8285 ··when:8285 ··when:
8286 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8287 ··-·'"grub2-common"·in·ansible_facts.packages'8286 ··-·'"grub2-common"·in·ansible_facts.packages'
 8287 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8289 ··tags:8289 ··tags:
8290 ··-·CJIS-5.5.2.28290 ··-·CJIS-5.5.2.2
8291 ··-·NIST-800-171-3.4.58291 ··-·NIST-800-171-3.4.5
8292 ··-·NIST-800-53-AC-6(1)8292 ··-·NIST-800-53-AC-6(1)
8293 ··-·NIST-800-53-CM-6(a)8293 ··-·NIST-800-53-CM-6(a)
8294 ··-·PCI-DSS-Req-7.18294 ··-·PCI-DSS-Req-7.1
Offset 8301, 16 lines modifiedOffset 8301, 16 lines modified
8301 ··-·no_reboot_needed8301 ··-·no_reboot_needed
  
8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
8303 ··file:8303 ··file:
8304 ····path:·/boot/grub2/grub.cfg8304 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18013/22410 bytes (80.38%) of diff not shown.
90.2 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l1.html
    
Offset 59532, 22 lines modifiedOffset 59532, 22 lines modified
000e88b0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·000e88b0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
000e88c0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/000e88c0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
000e88d0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000e88d0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000e88e0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:000e88e0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
000e88f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000e88f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000e8900:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register000e8900:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
000e8910:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000e8910:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000e8920:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo000e8920:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
000e8930:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
000e8940:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
000e8950:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
000e8960:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
000e8970:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000e8980:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000e8990:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-000e8930:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 000e8940:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000e8950:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 000e8960:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000e8970:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000e8980:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000e8990:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
000e89a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual000e89a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
000e89b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not000e89b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
000e89c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"000e89c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
000e89d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·000e89d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
000e89e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000e89e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000e89f0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000e89f0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000e8a00:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.000e8a00:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 59568, 22 lines modifiedOffset 59568, 22 lines modified
000e8af0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g000e8af0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
000e8b00:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·000e8b00:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
000e8b10:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8b10:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8b20:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000e8b20:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000e8b30:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000e8b30:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000e8b40:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····000e8b40:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
000e8b50:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe000e8b50:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
000e8b60:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e000e8b60:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
000e8b70:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
000e8b80:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000e8b90:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000e8ba0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
000e8bb0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
000e8bc0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000e8bd0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an000e8b70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 000e8b80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000e8b90:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 000e8ba0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 000e8bb0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000e8bc0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000e8bd0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
000e8be0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza000e8be0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
000e8bf0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in000e8bf0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
000e8c00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc000e8c00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
000e8c10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po000e8c10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
000e8c20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000e8c20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000e8c30:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi000e8c30:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
000e8c40:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi000e8c40:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 59633, 19 lines modifiedOffset 59633, 19 lines modified
000e8f00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St000e8f00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
000e8f10:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>000e8f10:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
000e8f20:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></000e8f20:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
000e8f30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>000e8f30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
000e8f40:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000e8f40:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000e8f50:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000e8f50:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000e8f60:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000e8f60:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000e8f70:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[000e8f70:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
000e8f80:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw 
000e8f90:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
000e8fa0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000e8fb0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common000e8f80:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 000e8f90:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
 000e8fa0:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
 000e8fb0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
000e8fc0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·000e8fc0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
000e8fd0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000e8fd0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000e8fe0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000e8fe0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000e8ff0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000e8ff0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
000e9000:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th000e9000:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
000e9010:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo000e9010:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
000e9020:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000e9020:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 60136, 22 lines modifiedOffset 60136, 22 lines modified
000eae70:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·000eae70:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
000eae80:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000eae80:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000eae90:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···000eae90:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
000eaea0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000eaea0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000eaeb0:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re000eaeb0:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re
000eaec0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi000eaec0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
000eaed0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·000eaed0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
000eaee0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
000eaef0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000eaf00:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000eaf10:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000eaf20:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
000eaf30:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
000eaf40:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000eaee0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000eaef0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000eaf00:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 000eaf10:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 000eaf20:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000eaf30:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000eaf40:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000eaf50:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000eaf50:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000eaf60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000eaf60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000eaf70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000eaf70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000eaf80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000eaf80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000eaf90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000eaf90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000eafa0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000eafa0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000eafb0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000eafb0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000eafc0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8000eafc0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 60171, 22 lines modifiedOffset 60171, 22 lines modified
000eb0a0:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens000eb0a0:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
000eb0b0:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·000eb0b0:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
000eb0c0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2000eb0c0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
000eb0d0:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file000eb0d0:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file
000eb0e0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000eb0e0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000eb0f0:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg000eb0f0:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
000eb100:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.000eb100:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
000eb110:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b000eb110:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
000eb120:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
000eb130:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
000eb140:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
000eb150:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
000eb160:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
000eb170:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
000eb180:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000eb120:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 000eb130:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000eb140:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
Max diff block lines reached; 60146/69798 bytes (86.17%) of diff not shown.
21.9 KB
html2text {}
    
Offset 8118, 16 lines modifiedOffset 8118, 16 lines modified
8118 ··-·no_reboot_needed8118 ··-·no_reboot_needed
  
8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8120 ··stat:8120 ··stat:
8121 ····path:·/boot/grub2/grub.cfg8121 ····path:·/boot/grub2/grub.cfg
8122 ··register:·file_exists8122 ··register:·file_exists
8123 ··when:8123 ··when:
8124 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8125 ··-·'"grub2-common"·in·ansible_facts.packages'8124 ··-·'"grub2-common"·in·ansible_facts.packages'
 8125 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8127 ··tags:8127 ··tags:
8128 ··-·CJIS-5.5.2.28128 ··-·CJIS-5.5.2.2
8129 ··-·NIST-800-171-3.4.58129 ··-·NIST-800-171-3.4.5
8130 ··-·NIST-800-53-AC-6(1)8130 ··-·NIST-800-53-AC-6(1)
8131 ··-·NIST-800-53-CM-6(a)8131 ··-·NIST-800-53-CM-6(a)
8132 ··-·PCI-DSS-Req-7.18132 ··-·PCI-DSS-Req-7.1
Offset 8139, 16 lines modifiedOffset 8139, 16 lines modified
8139 ··-·no_reboot_needed8139 ··-·no_reboot_needed
  
8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8141 ··file:8141 ··file:
8142 ····path:·/boot/grub2/grub.cfg8142 ····path:·/boot/grub2/grub.cfg
8143 ····group:·'0'8143 ····group:·'0'
8144 ··when:8144 ··when:
8145 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8146 ··-·'"grub2-common"·in·ansible_facts.packages'8145 ··-·'"grub2-common"·in·ansible_facts.packages'
 8146 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8149 ··tags:8149 ··tags:
8150 ··-·CJIS-5.5.2.28150 ··-·CJIS-5.5.2.2
8151 ··-·NIST-800-171-3.4.58151 ··-·NIST-800-171-3.4.5
8152 ··-·NIST-800-53-AC-6(1)8152 ··-·NIST-800-53-AC-6(1)
8153 ··-·NIST-800-53-CM-6(a)8153 ··-·NIST-800-53-CM-6(a)
Offset 8160, 15 lines modifiedOffset 8160, 15 lines modified
8160 ··-·medium_severity8160 ··-·medium_severity
8161 ··-·no_reboot_needed8161 ··-·no_reboot_needed
8162 Remediation_Shell_script_⇲8162 Remediation_Shell_script_⇲
8163 Complexity:·low8163 Complexity:·low
8164 Disruption:·low8164 Disruption:·low
8165 Strategy:···configure8165 Strategy:···configure
8166 #·Remediation·is·applicable·only·in·certain·platforms8166 #·Remediation·is·applicable·only·in·certain·platforms
8167 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8167 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8168 chgrp·0·/boot/grub2/grub.cfg8168 chgrp·0·/boot/grub2/grub.cfg
  
8169 else8169 else
8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8171 fi8171 fi
8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8199, 16 lines modifiedOffset 8199, 16 lines modified
8199 ··-·no_reboot_needed8199 ··-·no_reboot_needed
  
8200 -·name:·Test·for·existence·/boot/grub2/user.cfg8200 -·name:·Test·for·existence·/boot/grub2/user.cfg
8201 ··stat:8201 ··stat:
8202 ····path:·/boot/grub2/user.cfg8202 ····path:·/boot/grub2/user.cfg
8203 ··register:·file_exists8203 ··register:·file_exists
8204 ··when:8204 ··when:
8205 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8206 ··-·'"grub2-common"·in·ansible_facts.packages'8205 ··-·'"grub2-common"·in·ansible_facts.packages'
 8206 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8208 ··tags:8208 ··tags:
8209 ··-·CJIS-5.5.2.28209 ··-·CJIS-5.5.2.2
8210 ··-·NIST-800-171-3.4.58210 ··-·NIST-800-171-3.4.5
8211 ··-·NIST-800-53-AC-6(1)8211 ··-·NIST-800-53-AC-6(1)
8212 ··-·NIST-800-53-CM-6(a)8212 ··-·NIST-800-53-CM-6(a)
8213 ··-·PCI-DSS-Req-7.18213 ··-·PCI-DSS-Req-7.1
Offset 8220, 16 lines modifiedOffset 8220, 16 lines modified
8220 ··-·no_reboot_needed8220 ··-·no_reboot_needed
  
8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8222 ··file:8222 ··file:
8223 ····path:·/boot/grub2/user.cfg8223 ····path:·/boot/grub2/user.cfg
8224 ····group:·'0'8224 ····group:·'0'
8225 ··when:8225 ··when:
8226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8227 ··-·'"grub2-common"·in·ansible_facts.packages'8226 ··-·'"grub2-common"·in·ansible_facts.packages'
 8227 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8230 ··tags:8230 ··tags:
8231 ··-·CJIS-5.5.2.28231 ··-·CJIS-5.5.2.2
8232 ··-·NIST-800-171-3.4.58232 ··-·NIST-800-171-3.4.5
8233 ··-·NIST-800-53-AC-6(1)8233 ··-·NIST-800-53-AC-6(1)
8234 ··-·NIST-800-53-CM-6(a)8234 ··-·NIST-800-53-CM-6(a)
Offset 8241, 15 lines modifiedOffset 8241, 15 lines modified
8241 ··-·medium_severity8241 ··-·medium_severity
8242 ··-·no_reboot_needed8242 ··-·no_reboot_needed
8243 Remediation_Shell_script_⇲8243 Remediation_Shell_script_⇲
8244 Complexity:·low8244 Complexity:·low
8245 Disruption:·low8245 Disruption:·low
8246 Strategy:···configure8246 Strategy:···configure
8247 #·Remediation·is·applicable·only·in·certain·platforms8247 #·Remediation·is·applicable·only·in·certain·platforms
8248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8249 chgrp·0·/boot/grub2/user.cfg8249 chgrp·0·/boot/grub2/user.cfg
  
8250 else8250 else
8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8252 fi8252 fi
8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8280, 16 lines modifiedOffset 8280, 16 lines modified
8280 ··-·no_reboot_needed8280 ··-·no_reboot_needed
  
8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8282 ··stat:8282 ··stat:
8283 ····path:·/boot/grub2/grub.cfg8283 ····path:·/boot/grub2/grub.cfg
8284 ··register:·file_exists8284 ··register:·file_exists
8285 ··when:8285 ··when:
8286 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8287 ··-·'"grub2-common"·in·ansible_facts.packages'8286 ··-·'"grub2-common"·in·ansible_facts.packages'
 8287 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8289 ··tags:8289 ··tags:
8290 ··-·CJIS-5.5.2.28290 ··-·CJIS-5.5.2.2
8291 ··-·NIST-800-171-3.4.58291 ··-·NIST-800-171-3.4.5
8292 ··-·NIST-800-53-AC-6(1)8292 ··-·NIST-800-53-AC-6(1)
8293 ··-·NIST-800-53-CM-6(a)8293 ··-·NIST-800-53-CM-6(a)
8294 ··-·PCI-DSS-Req-7.18294 ··-·PCI-DSS-Req-7.1
Offset 8301, 16 lines modifiedOffset 8301, 16 lines modified
8301 ··-·no_reboot_needed8301 ··-·no_reboot_needed
  
8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
8303 ··file:8303 ··file:
8304 ····path:·/boot/grub2/grub.cfg8304 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18013/22410 bytes (80.38%) of diff not shown.
89.8 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l2.html
    
Offset 185602, 22 lines modifiedOffset 185602, 22 lines modified
002d5010:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002d5010:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002d5020:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002d5020:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002d5030:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:002d5030:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
002d5040:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002d5040:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002d5050:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002d5050:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002d5060:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002d5060:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002d5070:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002d5070:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002d5080:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002d5090:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002d50a0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002d50b0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002d50c0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002d50d0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
002d50e0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002d5080:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 002d5090:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 002d50a0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002d50b0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002d50c0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002d50d0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002d50e0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002d50f0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002d50f0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002d5100:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002d5100:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002d5110:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002d5110:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002d5120:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002d5120:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002d5130:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002d5130:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002d5140:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002d5140:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002d5150:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI002d5150:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
002d5160:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI002d5160:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 185638, 22 lines modifiedOffset 185638, 22 lines modified
002d5250:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o002d5250:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
002d5260:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/002d5260:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
002d5270:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002d5270:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002d5280:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002d5280:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002d5290:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002d5290:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002d52a0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:002d52a0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
002d52b0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002d52b0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
002d52c0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002d52d0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002d52e0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002d52f0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002d5300:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002d5310:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002d5320:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002d52c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002d52d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002d52e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002d52f0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002d5300:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002d5310:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002d5320:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002d5330:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002d5330:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002d5340:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002d5340:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002d5350:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002d5350:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002d5360:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002d5360:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002d5370:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002d5370:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002d5380:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002d5380:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002d5390:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002d5390:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002d53a0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002d53a0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 185703, 19 lines modifiedOffset 185703, 19 lines modified
002d5660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002d5660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002d5670:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002d5670:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002d5680:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002d5680:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002d5690:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002d5690:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002d56a0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002d56a0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002d56b0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002d56b0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002d56c0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002d56c0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002d56d0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·002d56d0:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
002d56e0:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef 
002d56f0:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r 
002d5700:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
002d5710:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;002d56e0:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co
 002d56f0:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·
 002d5700:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 002d5710:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
002d5720:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/002d5720:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
002d5730:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am002d5730:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
002d5740:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/002d5740:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
002d5750:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren002d5750:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
002d5760:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch002d5760:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
002d5770:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub002d5770:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
002d5780:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else002d5780:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 186205, 22 lines modifiedOffset 186205, 22 lines modified
002d75c0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002d75c0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002d75d0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002d75d0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002d75e0:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·002d75e0:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
002d75f0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002d75f0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002d7600:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use002d7600:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
002d7610:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register002d7610:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register
002d7620:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002d7620:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002d7630:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002d7630:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002d7640:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002d7650:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002d7660:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002d7670:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002d7680:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
002d7690:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
002d76a0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002d7640:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 002d7650:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002d7660:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002d7670:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 002d7680:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002d7690:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002d76a0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002d76b0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002d76b0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002d76c0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002d76c0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002d76d0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002d76d0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002d76e0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002d76e0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002d76f0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002d76f0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002d7700:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002d7700:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002d7710:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.002d7710:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 186241, 22 lines modifiedOffset 186241, 22 lines modified
002d7800:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr002d7800:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
002d7810:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/002d7810:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
002d7820:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.002d7820:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
002d7830:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····002d7830:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
002d7840:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub002d7840:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
002d7850:·322f·7573·6572·2e63·6667·0a20·2020·2067··2/user.cfg.····g002d7850:·322f·7573·6572·2e63·6667·0a20·2020·2067··2/user.cfg.····g
002d7860:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when002d7860:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
002d7870:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002d7880:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002d7890:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002d78a0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002d78b0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002d78c0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
002d78d0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
002d78e0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans002d7870:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 002d7880:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 002d7890:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
Max diff block lines reached; 59656/69318 bytes (86.06%) of diff not shown.
22.0 KB
html2text {}
    
Offset 41793, 16 lines modifiedOffset 41793, 16 lines modified
41793 ··-·no_reboot_needed41793 ··-·no_reboot_needed
  
41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41795 ··stat:41795 ··stat:
41796 ····path:·/boot/grub2/grub.cfg41796 ····path:·/boot/grub2/grub.cfg
41797 ··register:·file_exists41797 ··register:·file_exists
41798 ··when:41798 ··when:
41799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41800 ··-·'"grub2-common"·in·ansible_facts.packages'41799 ··-·'"grub2-common"·in·ansible_facts.packages'
 41800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41802 ··tags:41802 ··tags:
41803 ··-·CJIS-5.5.2.241803 ··-·CJIS-5.5.2.2
41804 ··-·NIST-800-171-3.4.541804 ··-·NIST-800-171-3.4.5
41805 ··-·NIST-800-53-AC-6(1)41805 ··-·NIST-800-53-AC-6(1)
41806 ··-·NIST-800-53-CM-6(a)41806 ··-·NIST-800-53-CM-6(a)
41807 ··-·PCI-DSS-Req-7.141807 ··-·PCI-DSS-Req-7.1
Offset 41814, 16 lines modifiedOffset 41814, 16 lines modified
41814 ··-·no_reboot_needed41814 ··-·no_reboot_needed
  
41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41816 ··file:41816 ··file:
41817 ····path:·/boot/grub2/grub.cfg41817 ····path:·/boot/grub2/grub.cfg
41818 ····group:·'0'41818 ····group:·'0'
41819 ··when:41819 ··when:
41820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41821 ··-·'"grub2-common"·in·ansible_facts.packages'41820 ··-·'"grub2-common"·in·ansible_facts.packages'
 41821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41824 ··tags:41824 ··tags:
41825 ··-·CJIS-5.5.2.241825 ··-·CJIS-5.5.2.2
41826 ··-·NIST-800-171-3.4.541826 ··-·NIST-800-171-3.4.5
41827 ··-·NIST-800-53-AC-6(1)41827 ··-·NIST-800-53-AC-6(1)
41828 ··-·NIST-800-53-CM-6(a)41828 ··-·NIST-800-53-CM-6(a)
Offset 41835, 15 lines modifiedOffset 41835, 15 lines modified
41835 ··-·medium_severity41835 ··-·medium_severity
41836 ··-·no_reboot_needed41836 ··-·no_reboot_needed
41837 Remediation_Shell_script_⇲41837 Remediation_Shell_script_⇲
41838 Complexity:·low41838 Complexity:·low
41839 Disruption:·low41839 Disruption:·low
41840 Strategy:···configure41840 Strategy:···configure
41841 #·Remediation·is·applicable·only·in·certain·platforms41841 #·Remediation·is·applicable·only·in·certain·platforms
41842 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41842 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41843 chgrp·0·/boot/grub2/grub.cfg41843 chgrp·0·/boot/grub2/grub.cfg
  
41844 else41844 else
41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41846 fi41846 fi
41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41874, 16 lines modifiedOffset 41874, 16 lines modified
41874 ··-·no_reboot_needed41874 ··-·no_reboot_needed
  
41875 -·name:·Test·for·existence·/boot/grub2/user.cfg41875 -·name:·Test·for·existence·/boot/grub2/user.cfg
41876 ··stat:41876 ··stat:
41877 ····path:·/boot/grub2/user.cfg41877 ····path:·/boot/grub2/user.cfg
41878 ··register:·file_exists41878 ··register:·file_exists
41879 ··when:41879 ··when:
41880 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41881 ··-·'"grub2-common"·in·ansible_facts.packages'41880 ··-·'"grub2-common"·in·ansible_facts.packages'
 41881 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41883 ··tags:41883 ··tags:
41884 ··-·CJIS-5.5.2.241884 ··-·CJIS-5.5.2.2
41885 ··-·NIST-800-171-3.4.541885 ··-·NIST-800-171-3.4.5
41886 ··-·NIST-800-53-AC-6(1)41886 ··-·NIST-800-53-AC-6(1)
41887 ··-·NIST-800-53-CM-6(a)41887 ··-·NIST-800-53-CM-6(a)
41888 ··-·PCI-DSS-Req-7.141888 ··-·PCI-DSS-Req-7.1
Offset 41895, 16 lines modifiedOffset 41895, 16 lines modified
41895 ··-·no_reboot_needed41895 ··-·no_reboot_needed
  
41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41897 ··file:41897 ··file:
41898 ····path:·/boot/grub2/user.cfg41898 ····path:·/boot/grub2/user.cfg
41899 ····group:·'0'41899 ····group:·'0'
41900 ··when:41900 ··when:
41901 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41902 ··-·'"grub2-common"·in·ansible_facts.packages'41901 ··-·'"grub2-common"·in·ansible_facts.packages'
 41902 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41905 ··tags:41905 ··tags:
41906 ··-·CJIS-5.5.2.241906 ··-·CJIS-5.5.2.2
41907 ··-·NIST-800-171-3.4.541907 ··-·NIST-800-171-3.4.5
41908 ··-·NIST-800-53-AC-6(1)41908 ··-·NIST-800-53-AC-6(1)
41909 ··-·NIST-800-53-CM-6(a)41909 ··-·NIST-800-53-CM-6(a)
Offset 41916, 15 lines modifiedOffset 41916, 15 lines modified
41916 ··-·medium_severity41916 ··-·medium_severity
41917 ··-·no_reboot_needed41917 ··-·no_reboot_needed
41918 Remediation_Shell_script_⇲41918 Remediation_Shell_script_⇲
41919 Complexity:·low41919 Complexity:·low
41920 Disruption:·low41920 Disruption:·low
41921 Strategy:···configure41921 Strategy:···configure
41922 #·Remediation·is·applicable·only·in·certain·platforms41922 #·Remediation·is·applicable·only·in·certain·platforms
41923 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41923 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41924 chgrp·0·/boot/grub2/user.cfg41924 chgrp·0·/boot/grub2/user.cfg
  
41925 else41925 else
41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41927 fi41927 fi
41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41955, 16 lines modifiedOffset 41955, 16 lines modified
41955 ··-·no_reboot_needed41955 ··-·no_reboot_needed
  
41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41957 ··stat:41957 ··stat:
41958 ····path:·/boot/grub2/grub.cfg41958 ····path:·/boot/grub2/grub.cfg
41959 ··register:·file_exists41959 ··register:·file_exists
41960 ··when:41960 ··when:
41961 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41962 ··-·'"grub2-common"·in·ansible_facts.packages'41961 ··-·'"grub2-common"·in·ansible_facts.packages'
 41962 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41964 ··tags:41964 ··tags:
41965 ··-·CJIS-5.5.2.241965 ··-·CJIS-5.5.2.2
41966 ··-·NIST-800-171-3.4.541966 ··-·NIST-800-171-3.4.5
41967 ··-·NIST-800-53-AC-6(1)41967 ··-·NIST-800-53-AC-6(1)
41968 ··-·NIST-800-53-CM-6(a)41968 ··-·NIST-800-53-CM-6(a)
41969 ··-·PCI-DSS-Req-7.141969 ··-·PCI-DSS-Req-7.1
Offset 41976, 16 lines modifiedOffset 41976, 16 lines modified
41976 ··-·no_reboot_needed41976 ··-·no_reboot_needed
  
41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
41978 ··file:41978 ··file:
41979 ····path:·/boot/grub2/grub.cfg41979 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18069/22482 bytes (80.37%) of diff not shown.
15.1 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cjis.html
    
Offset 134543, 22 lines modifiedOffset 134543, 22 lines modified
0020d8e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc0020d8e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
0020d8f0:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr0020d8f0:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
0020d900:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0020d900:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0020d910:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0020d910:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0020d920:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··0020d920:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
0020d930:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e0020d930:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
0020d940:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··0020d940:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
0020d950:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
0020d960:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
0020d970:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
0020d980:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
0020d990:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
0020d9a0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
0020d9b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0020d950:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 0020d960:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 0020d970:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 0020d980:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 0020d990:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 0020d9a0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 0020d9b0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
0020d9c0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible0020d9c0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
0020d9d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_0020d9d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
0020d9e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do0020d9e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
0020d9f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o0020d9f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
0020da00:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"0020da00:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
0020da10:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·0020da10:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
0020da20:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0020da20:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
0020da30:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST0020da30:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST
Offset 134579, 21 lines modifiedOffset 134579, 21 lines modified
0020db20:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own0020db20:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
0020db30:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0020db30:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0020db40:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f0020db40:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
0020db50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/0020db50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
0020db60:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0020db60:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0020db70:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'0020db70:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
0020db80:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0020db80:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0020db90:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
0020dba0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
0020dbb0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
0020dbc0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
0020dbd0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
0020dbe0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
0020dbf0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0020db90:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 0020dba0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 0020dbb0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 0020dbc0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 0020dbd0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 0020dbe0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 0020dbf0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
0020dc00:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi0020dc00:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
0020dc10:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ0020dc10:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
0020dc20:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke0020dc20:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
0020dc30:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open0020dc30:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
0020dc40:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"0020dc40:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
0020dc50:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·0020dc50:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
0020dc60:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat0020dc60:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 134644, 19 lines modifiedOffset 134644, 19 lines modified
0020df30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0020df30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0020df40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur0020df40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
0020df50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0020df50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0020df60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·0020df60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
0020df70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0020df70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0020df80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i0020df80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0020df90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo0020df90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
0020dfa0:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s 
0020dfb0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi· 
0020dfc0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
0020dfd0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
0020dfe0:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a0020dfa0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 0020dfb0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
 0020dfc0:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 0020dfd0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 0020dfe0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
0020dff0:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d0020dff0:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
0020e000:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;0020e000:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
0020e010:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru0020e010:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
0020e020:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·0020e020:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
0020e030:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr0020e030:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
0020e040:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/0020e040:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
0020e050:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·0020e050:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·
Offset 135122, 22 lines modifiedOffset 135122, 22 lines modified
0020fd10:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex0020fd10:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
0020fd20:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr0020fd20:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
0020fd30:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s0020fd30:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
0020fd40:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/0020fd40:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
0020fd50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0020fd50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0020fd60:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·0020fd60:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
0020fd70:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh0020fd70:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
0020fd80:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/0020fd80:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
0020fd90:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
0020fda0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
0020fdb0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
0020fdc0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
0020fdd0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
0020fde0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0020fdf0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a0020fd90:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 0020fda0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 0020fdb0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 0020fdc0:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 0020fdd0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 0020fde0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 0020fdf0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
0020fe00:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz0020fe00:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
0020fe10:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i0020fe10:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
0020fe20:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx0020fe20:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
0020fe30:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p0020fe30:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
0020fe40:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain0020fe40:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0020fe50:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-0020fe50:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
0020fe60:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··0020fe60:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··
Offset 135157, 22 lines modifiedOffset 135157, 22 lines modified
0020ff40:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:0020ff40:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:
0020ff50:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·0020ff50:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·
0020ff60:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g0020ff60:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g
0020ff70:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.0020ff70:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.
0020ff80:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/0020ff80:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
0020ff90:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·0020ff90:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
0020ffa0:·2020·206f·776e·6572·3a20·2730·270a·2020·····owner:·'0'.··0020ffa0:·2020·206f·776e·6572·3a20·2730·270a·2020·····owner:·'0'.··
0020ffb0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo0020ffb0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
0020ffc0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
0020ffd0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
0020ffe0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
0020fff0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00210000:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00210010:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00210020:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-0020ffc0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 0020ffd0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 0020ffe0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
Max diff block lines reached; 2098/11622 bytes (18.05%) of diff not shown.
3.62 KB
html2text {}
    
Offset 28864, 16 lines modifiedOffset 28864, 16 lines modified
28864 ··-·no_reboot_needed28864 ··-·no_reboot_needed
  
28865 -·name:·Test·for·existence·/boot/grub2/grub.cfg28865 -·name:·Test·for·existence·/boot/grub2/grub.cfg
28866 ··stat:28866 ··stat:
28867 ····path:·/boot/grub2/grub.cfg28867 ····path:·/boot/grub2/grub.cfg
28868 ··register:·file_exists28868 ··register:·file_exists
28869 ··when:28869 ··when:
28870 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28871 ··-·'"grub2-common"·in·ansible_facts.packages'28870 ··-·'"grub2-common"·in·ansible_facts.packages'
 28871 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28872 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28872 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28873 ··tags:28873 ··tags:
28874 ··-·CJIS-5.5.2.228874 ··-·CJIS-5.5.2.2
28875 ··-·NIST-800-171-3.4.528875 ··-·NIST-800-171-3.4.5
28876 ··-·NIST-800-53-AC-6(1)28876 ··-·NIST-800-53-AC-6(1)
28877 ··-·NIST-800-53-CM-6(a)28877 ··-·NIST-800-53-CM-6(a)
28878 ··-·PCI-DSS-Req-7.128878 ··-·PCI-DSS-Req-7.1
Offset 28885, 16 lines modifiedOffset 28885, 16 lines modified
28885 ··-·no_reboot_needed28885 ··-·no_reboot_needed
  
28886 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg28886 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
28887 ··file:28887 ··file:
28888 ····path:·/boot/grub2/grub.cfg28888 ····path:·/boot/grub2/grub.cfg
28889 ····group:·'0'28889 ····group:·'0'
28890 ··when:28890 ··when:
28891 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28892 ··-·'"grub2-common"·in·ansible_facts.packages'28891 ··-·'"grub2-common"·in·ansible_facts.packages'
 28892 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28894 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists28894 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
28895 ··tags:28895 ··tags:
28896 ··-·CJIS-5.5.2.228896 ··-·CJIS-5.5.2.2
28897 ··-·NIST-800-171-3.4.528897 ··-·NIST-800-171-3.4.5
28898 ··-·NIST-800-53-AC-6(1)28898 ··-·NIST-800-53-AC-6(1)
28899 ··-·NIST-800-53-CM-6(a)28899 ··-·NIST-800-53-CM-6(a)
Offset 28906, 15 lines modifiedOffset 28906, 15 lines modified
28906 ··-·medium_severity28906 ··-·medium_severity
28907 ··-·no_reboot_needed28907 ··-·no_reboot_needed
28908 Remediation_Shell_script_⇲28908 Remediation_Shell_script_⇲
28909 Complexity:·low28909 Complexity:·low
28910 Disruption:·low28910 Disruption:·low
28911 Strategy:···configure28911 Strategy:···configure
28912 #·Remediation·is·applicable·only·in·certain·platforms28912 #·Remediation·is·applicable·only·in·certain·platforms
28913 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then28913 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
28914 chgrp·0·/boot/grub2/grub.cfg28914 chgrp·0·/boot/grub2/grub.cfg
  
28915 else28915 else
28916 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'28916 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
28917 fi28917 fi
28918 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***28918 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 28945, 16 lines modifiedOffset 28945, 16 lines modified
28945 ··-·no_reboot_needed28945 ··-·no_reboot_needed
  
28946 -·name:·Test·for·existence·/boot/grub2/grub.cfg28946 -·name:·Test·for·existence·/boot/grub2/grub.cfg
28947 ··stat:28947 ··stat:
28948 ····path:·/boot/grub2/grub.cfg28948 ····path:·/boot/grub2/grub.cfg
28949 ··register:·file_exists28949 ··register:·file_exists
28950 ··when:28950 ··when:
28951 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28952 ··-·'"grub2-common"·in·ansible_facts.packages'28951 ··-·'"grub2-common"·in·ansible_facts.packages'
 28952 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28953 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28953 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28954 ··tags:28954 ··tags:
28955 ··-·CJIS-5.5.2.228955 ··-·CJIS-5.5.2.2
28956 ··-·NIST-800-171-3.4.528956 ··-·NIST-800-171-3.4.5
28957 ··-·NIST-800-53-AC-6(1)28957 ··-·NIST-800-53-AC-6(1)
28958 ··-·NIST-800-53-CM-6(a)28958 ··-·NIST-800-53-CM-6(a)
28959 ··-·PCI-DSS-Req-7.128959 ··-·PCI-DSS-Req-7.1
Offset 28966, 16 lines modifiedOffset 28966, 16 lines modified
28966 ··-·no_reboot_needed28966 ··-·no_reboot_needed
  
28967 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg28967 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
28968 ··file:28968 ··file:
28969 ····path:·/boot/grub2/grub.cfg28969 ····path:·/boot/grub2/grub.cfg
28970 ····owner:·'0'28970 ····owner:·'0'
28971 ··when:28971 ··when:
28972 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28973 ··-·'"grub2-common"·in·ansible_facts.packages'28972 ··-·'"grub2-common"·in·ansible_facts.packages'
 28973 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28974 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28974 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28975 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists28975 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
28976 ··tags:28976 ··tags:
28977 ··-·CJIS-5.5.2.228977 ··-·CJIS-5.5.2.2
28978 ··-·NIST-800-171-3.4.528978 ··-·NIST-800-171-3.4.5
28979 ··-·NIST-800-53-AC-6(1)28979 ··-·NIST-800-53-AC-6(1)
28980 ··-·NIST-800-53-CM-6(a)28980 ··-·NIST-800-53-CM-6(a)
Offset 28987, 15 lines modifiedOffset 28987, 15 lines modified
28987 ··-·medium_severity28987 ··-·medium_severity
28988 ··-·no_reboot_needed28988 ··-·no_reboot_needed
28989 Remediation_Shell_script_⇲28989 Remediation_Shell_script_⇲
28990 Complexity:·low28990 Complexity:·low
28991 Disruption:·low28991 Disruption:·low
28992 Strategy:···configure28992 Strategy:···configure
28993 #·Remediation·is·applicable·only·in·certain·platforms28993 #·Remediation·is·applicable·only·in·certain·platforms
28994 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then28994 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
28995 chown·0·/boot/grub2/grub.cfg28995 chown·0·/boot/grub2/grub.cfg
  
28996 else28996 else
28997 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'28997 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
28998 fi28998 fi
28999 Group  ·Network·Configuration·and·Firewalls·  Group·contains·9·groups·and·12·rules28999 Group  ·Network·Configuration·and·Firewalls·  Group·contains·9·groups·and·12·rules
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-hipaa.html
    
Offset 200621, 22 lines modifiedOffset 200621, 22 lines modified
0030fac0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·0030fac0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
0030fad0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub0030fad0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
0030fae0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···0030fae0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
0030faf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru0030faf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
0030fb00:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re0030fb00:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
0030fb10:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi0030fb10:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
0030fb20:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·0030fb20:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
0030fb30:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
0030fb40:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
0030fb50:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
0030fb60:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
0030fb70:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
0030fb80:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
0030fb90:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0030fb30:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 0030fb40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 0030fb50:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 0030fb60:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 0030fb70:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 0030fb80:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 0030fb90:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
0030fba0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v0030fba0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
0030fbb0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty0030fbb0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
0030fbc0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock0030fbc0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
0030fbd0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope0030fbd0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
0030fbe0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·0030fbe0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
0030fbf0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t0030fbf0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
0030fc00:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0030fc00:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0030fc10:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-80030fc10:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 200656, 22 lines modifiedOffset 200656, 22 lines modified
0030fcf0:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En0030fcf0:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En
0030fd00:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner0030fd00:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner
0030fd10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub0030fd10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
0030fd20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil0030fd20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
0030fd30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo0030fd30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
0030fd40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0030fd40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0030fd50:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'0030fd50:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'
0030fd60:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0030fd60:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0030fd70:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0030fd80:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0030fd90:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0030fda0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0030fdb0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0030fdc0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0030fdd0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0030fd70:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0030fd80:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0030fd90:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0030fda0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 0030fdb0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 0030fdc0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 0030fdd0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
0030fde0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt0030fde0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
0030fdf0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·0030fdf0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
0030fe00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"0030fe00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
0030fe10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz0030fe10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
0030fe20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co0030fe20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
0030fe30:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi0030fe30:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi
0030fe40:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i0030fe40:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i
Offset 200722, 19 lines modifiedOffset 200722, 19 lines modified
00310110:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t00310110:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
00310120:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<00310120:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<
00310130:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table00310130:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
00310140:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re00310140:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
00310150:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app00310150:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
00310160:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·00310160:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
00310170:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform00310170:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
00310180:·730a·6966·205b·2021·202d·6620·2f73·7973··s.if·[·!·-f·/sys 
00310190:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
003101a0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
003101b0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-00310180:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
 00310190:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
 003101a0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 003101b0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
003101c0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp003101c0:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
003101d0:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc003101d0:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
003101e0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a003101e0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
003101f0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/003101f0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
00310200:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];00310200:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
00310210:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·00310210:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
00310220:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr00310220:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
00310230:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···00310230:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 201200, 22 lines modifiedOffset 201200, 22 lines modified
00311ef0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis00311ef0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
00311f00:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub00311f00:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
00311f10:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta00311f10:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
00311f20:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo00311f20:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
00311f30:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00311f30:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00311f40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00311f40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
00311f50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when00311f50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
00311f60:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
00311f70:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00311f80:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00311f90:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
00311fa0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00311fb0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00311fc0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00311fd0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans00311f60:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 00311f70:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00311f80:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00311f90:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00311fa0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00311fb0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00311fc0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00311fd0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00311fe0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00311fe0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00311ff0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00311ff0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00312000:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00312000:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00312010:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00312010:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00312020:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00312020:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00312030:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C00312030:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
00312040:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·00312040:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·
Offset 201235, 22 lines modifiedOffset 201235, 22 lines modified
00312120:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E00312120:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E
00312130:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on00312130:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on
00312140:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00312140:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00312150:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··00312150:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
00312160:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr00312160:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
00312170:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···00312170:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
00312180:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh00312180:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh
00312190:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/00312190:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
003121a0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
003121b0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
003121c0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
003121d0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
003121e0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
003121f0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00312200:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a003121a0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 003121b0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.6 KB
html2text {}
    
Offset 48239, 16 lines modifiedOffset 48239, 16 lines modified
48239 ··-·no_reboot_needed48239 ··-·no_reboot_needed
  
48240 -·name:·Test·for·existence·/boot/grub2/grub.cfg48240 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48241 ··stat:48241 ··stat:
48242 ····path:·/boot/grub2/grub.cfg48242 ····path:·/boot/grub2/grub.cfg
48243 ··register:·file_exists48243 ··register:·file_exists
48244 ··when:48244 ··when:
48245 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48246 ··-·'"grub2-common"·in·ansible_facts.packages'48245 ··-·'"grub2-common"·in·ansible_facts.packages'
 48246 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48247 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48247 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48248 ··tags:48248 ··tags:
48249 ··-·CJIS-5.5.2.248249 ··-·CJIS-5.5.2.2
48250 ··-·NIST-800-171-3.4.548250 ··-·NIST-800-171-3.4.5
48251 ··-·NIST-800-53-AC-6(1)48251 ··-·NIST-800-53-AC-6(1)
48252 ··-·NIST-800-53-CM-6(a)48252 ··-·NIST-800-53-CM-6(a)
48253 ··-·PCI-DSS-Req-7.148253 ··-·PCI-DSS-Req-7.1
Offset 48260, 16 lines modifiedOffset 48260, 16 lines modified
48260 ··-·no_reboot_needed48260 ··-·no_reboot_needed
  
48261 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg48261 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
48262 ··file:48262 ··file:
48263 ····path:·/boot/grub2/grub.cfg48263 ····path:·/boot/grub2/grub.cfg
48264 ····group:·'0'48264 ····group:·'0'
48265 ··when:48265 ··when:
48266 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48267 ··-·'"grub2-common"·in·ansible_facts.packages'48266 ··-·'"grub2-common"·in·ansible_facts.packages'
 48267 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48268 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48268 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48269 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48269 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48270 ··tags:48270 ··tags:
48271 ··-·CJIS-5.5.2.248271 ··-·CJIS-5.5.2.2
48272 ··-·NIST-800-171-3.4.548272 ··-·NIST-800-171-3.4.5
48273 ··-·NIST-800-53-AC-6(1)48273 ··-·NIST-800-53-AC-6(1)
48274 ··-·NIST-800-53-CM-6(a)48274 ··-·NIST-800-53-CM-6(a)
Offset 48281, 15 lines modifiedOffset 48281, 15 lines modified
48281 ··-·medium_severity48281 ··-·medium_severity
48282 ··-·no_reboot_needed48282 ··-·no_reboot_needed
48283 Remediation_Shell_script_⇲48283 Remediation_Shell_script_⇲
48284 Complexity:·low48284 Complexity:·low
48285 Disruption:·low48285 Disruption:·low
48286 Strategy:···configure48286 Strategy:···configure
48287 #·Remediation·is·applicable·only·in·certain·platforms48287 #·Remediation·is·applicable·only·in·certain·platforms
48288 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48288 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48289 chgrp·0·/boot/grub2/grub.cfg48289 chgrp·0·/boot/grub2/grub.cfg
  
48290 else48290 else
48291 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48291 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48292 fi48292 fi
48293 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***48293 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 48320, 16 lines modifiedOffset 48320, 16 lines modified
48320 ··-·no_reboot_needed48320 ··-·no_reboot_needed
  
48321 -·name:·Test·for·existence·/boot/grub2/grub.cfg48321 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48322 ··stat:48322 ··stat:
48323 ····path:·/boot/grub2/grub.cfg48323 ····path:·/boot/grub2/grub.cfg
48324 ··register:·file_exists48324 ··register:·file_exists
48325 ··when:48325 ··when:
48326 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48327 ··-·'"grub2-common"·in·ansible_facts.packages'48326 ··-·'"grub2-common"·in·ansible_facts.packages'
 48327 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48328 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48328 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48329 ··tags:48329 ··tags:
48330 ··-·CJIS-5.5.2.248330 ··-·CJIS-5.5.2.2
48331 ··-·NIST-800-171-3.4.548331 ··-·NIST-800-171-3.4.5
48332 ··-·NIST-800-53-AC-6(1)48332 ··-·NIST-800-53-AC-6(1)
48333 ··-·NIST-800-53-CM-6(a)48333 ··-·NIST-800-53-CM-6(a)
48334 ··-·PCI-DSS-Req-7.148334 ··-·PCI-DSS-Req-7.1
Offset 48341, 16 lines modifiedOffset 48341, 16 lines modified
48341 ··-·no_reboot_needed48341 ··-·no_reboot_needed
  
48342 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg48342 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
48343 ··file:48343 ··file:
48344 ····path:·/boot/grub2/grub.cfg48344 ····path:·/boot/grub2/grub.cfg
48345 ····owner:·'0'48345 ····owner:·'0'
48346 ··when:48346 ··when:
48347 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48348 ··-·'"grub2-common"·in·ansible_facts.packages'48347 ··-·'"grub2-common"·in·ansible_facts.packages'
 48348 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48349 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48349 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48350 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48350 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48351 ··tags:48351 ··tags:
48352 ··-·CJIS-5.5.2.248352 ··-·CJIS-5.5.2.2
48353 ··-·NIST-800-171-3.4.548353 ··-·NIST-800-171-3.4.5
48354 ··-·NIST-800-53-AC-6(1)48354 ··-·NIST-800-53-AC-6(1)
48355 ··-·NIST-800-53-CM-6(a)48355 ··-·NIST-800-53-CM-6(a)
Offset 48362, 15 lines modifiedOffset 48362, 15 lines modified
48362 ··-·medium_severity48362 ··-·medium_severity
48363 ··-·no_reboot_needed48363 ··-·no_reboot_needed
48364 Remediation_Shell_script_⇲48364 Remediation_Shell_script_⇲
48365 Complexity:·low48365 Complexity:·low
48366 Disruption:·low48366 Disruption:·low
48367 Strategy:···configure48367 Strategy:···configure
48368 #·Remediation·is·applicable·only·in·certain·platforms48368 #·Remediation·is·applicable·only·in·certain·platforms
48369 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48369 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48370 chown·0·/boot/grub2/grub.cfg48370 chown·0·/boot/grub2/grub.cfg
  
48371 else48371 else
48372 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48372 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48373 fi48373 fi
48374 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***48374 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-pci-dss.html
    
Offset 192426, 22 lines modifiedOffset 192426, 22 lines modified
002efa90:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002efa90:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002efaa0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002efaa0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002efab0:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:002efab0:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
002efac0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002efac0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002efad0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002efad0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002efae0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002efae0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002efaf0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002efaf0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002efb00:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002efb10:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002efb20:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002efb30:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002efb40:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002efb50:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
002efb60:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002efb00:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 002efb10:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 002efb20:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002efb30:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002efb40:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002efb50:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002efb60:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002efb70:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002efb70:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002efb80:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002efb80:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002efb90:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002efb90:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002efba0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002efba0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002efbb0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002efbb0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002efbc0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002efbc0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002efbd0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI002efbd0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
002efbe0:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI002efbe0:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 192462, 22 lines modifiedOffset 192462, 22 lines modified
002efcd0:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o002efcd0:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
002efce0:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/002efce0:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
002efcf0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002efcf0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002efd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002efd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002efd10:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002efd10:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002efd20:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:002efd20:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
002efd30:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002efd30:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
002efd40:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002efd50:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002efd60:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002efd70:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002efd80:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002efd90:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002efda0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002efd40:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002efd50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002efd60:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002efd70:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002efd80:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002efd90:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002efda0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002efdb0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002efdb0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002efdc0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002efdc0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002efdd0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002efdd0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002efde0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002efde0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002efdf0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002efdf0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002efe00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002efe00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002efe10:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002efe10:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002efe20:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002efe20:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 192527, 19 lines modifiedOffset 192527, 19 lines modified
002f00e0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002f00e0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002f00f0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002f00f0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002f0100:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002f0100:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002f0110:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002f0110:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002f0120:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002f0120:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002f0130:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002f0130:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002f0140:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002f0140:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002f0150:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·002f0150:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
002f0160:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef 
002f0170:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r 
002f0180:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
002f0190:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;002f0160:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co
 002f0170:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·
 002f0180:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 002f0190:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
002f01a0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/002f01a0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
002f01b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am002f01b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
002f01c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/002f01c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
002f01d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren002f01d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
002f01e0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch002f01e0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
002f01f0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub002f01f0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
002f0200:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else002f0200:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 193005, 22 lines modifiedOffset 193005, 22 lines modified
002f1ec0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002f1ec0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002f1ed0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002f1ed0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002f1ee0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002f1ee0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002f1ef0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002f1ef0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002f1f00:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002f1f00:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002f1f10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register002f1f10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
002f1f20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002f1f20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002f1f30:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002f1f30:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002f1f40:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002f1f50:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002f1f60:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002f1f70:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002f1f80:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
002f1f90:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
002f1fa0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002f1f40:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 002f1f50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002f1f60:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002f1f70:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 002f1f80:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002f1f90:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002f1fa0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002f1fb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002f1fb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002f1fc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002f1fc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002f1fd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002f1fd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002f1fe0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002f1fe0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002f1ff0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002f1ff0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002f2000:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002f2000:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002f2010:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.002f2010:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 193040, 22 lines modifiedOffset 193040, 22 lines modified
002f20f0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam002f20f0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
002f2100:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·002f2100:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
002f2110:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002f2110:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002f2120:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file002f2120:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
002f2130:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002f2130:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002f2140:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002f2140:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002f2150:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.002f2150:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.
002f2160:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002f2160:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002f2170:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002f2180:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002f2190:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002f21a0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002f21b0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002f21c0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002f21d0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002f2170:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002f2180:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002f2190:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.6 KB
html2text {}
    
Offset 44623, 16 lines modifiedOffset 44623, 16 lines modified
44623 ··-·no_reboot_needed44623 ··-·no_reboot_needed
  
44624 -·name:·Test·for·existence·/boot/grub2/grub.cfg44624 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44625 ··stat:44625 ··stat:
44626 ····path:·/boot/grub2/grub.cfg44626 ····path:·/boot/grub2/grub.cfg
44627 ··register:·file_exists44627 ··register:·file_exists
44628 ··when:44628 ··when:
44629 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44630 ··-·'"grub2-common"·in·ansible_facts.packages'44629 ··-·'"grub2-common"·in·ansible_facts.packages'
 44630 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44631 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44631 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44632 ··tags:44632 ··tags:
44633 ··-·CJIS-5.5.2.244633 ··-·CJIS-5.5.2.2
44634 ··-·NIST-800-171-3.4.544634 ··-·NIST-800-171-3.4.5
44635 ··-·NIST-800-53-AC-6(1)44635 ··-·NIST-800-53-AC-6(1)
44636 ··-·NIST-800-53-CM-6(a)44636 ··-·NIST-800-53-CM-6(a)
44637 ··-·PCI-DSS-Req-7.144637 ··-·PCI-DSS-Req-7.1
Offset 44644, 16 lines modifiedOffset 44644, 16 lines modified
44644 ··-·no_reboot_needed44644 ··-·no_reboot_needed
  
44645 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg44645 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
44646 ··file:44646 ··file:
44647 ····path:·/boot/grub2/grub.cfg44647 ····path:·/boot/grub2/grub.cfg
44648 ····group:·'0'44648 ····group:·'0'
44649 ··when:44649 ··when:
44650 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44651 ··-·'"grub2-common"·in·ansible_facts.packages'44650 ··-·'"grub2-common"·in·ansible_facts.packages'
 44651 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44653 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44653 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44654 ··tags:44654 ··tags:
44655 ··-·CJIS-5.5.2.244655 ··-·CJIS-5.5.2.2
44656 ··-·NIST-800-171-3.4.544656 ··-·NIST-800-171-3.4.5
44657 ··-·NIST-800-53-AC-6(1)44657 ··-·NIST-800-53-AC-6(1)
44658 ··-·NIST-800-53-CM-6(a)44658 ··-·NIST-800-53-CM-6(a)
Offset 44665, 15 lines modifiedOffset 44665, 15 lines modified
44665 ··-·medium_severity44665 ··-·medium_severity
44666 ··-·no_reboot_needed44666 ··-·no_reboot_needed
44667 Remediation_Shell_script_⇲44667 Remediation_Shell_script_⇲
44668 Complexity:·low44668 Complexity:·low
44669 Disruption:·low44669 Disruption:·low
44670 Strategy:···configure44670 Strategy:···configure
44671 #·Remediation·is·applicable·only·in·certain·platforms44671 #·Remediation·is·applicable·only·in·certain·platforms
44672 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44672 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44673 chgrp·0·/boot/grub2/grub.cfg44673 chgrp·0·/boot/grub2/grub.cfg
  
44674 else44674 else
44675 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44675 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44676 fi44676 fi
44677 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***44677 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 44704, 16 lines modifiedOffset 44704, 16 lines modified
44704 ··-·no_reboot_needed44704 ··-·no_reboot_needed
  
44705 -·name:·Test·for·existence·/boot/grub2/grub.cfg44705 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44706 ··stat:44706 ··stat:
44707 ····path:·/boot/grub2/grub.cfg44707 ····path:·/boot/grub2/grub.cfg
44708 ··register:·file_exists44708 ··register:·file_exists
44709 ··when:44709 ··when:
44710 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44711 ··-·'"grub2-common"·in·ansible_facts.packages'44710 ··-·'"grub2-common"·in·ansible_facts.packages'
 44711 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44712 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44712 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44713 ··tags:44713 ··tags:
44714 ··-·CJIS-5.5.2.244714 ··-·CJIS-5.5.2.2
44715 ··-·NIST-800-171-3.4.544715 ··-·NIST-800-171-3.4.5
44716 ··-·NIST-800-53-AC-6(1)44716 ··-·NIST-800-53-AC-6(1)
44717 ··-·NIST-800-53-CM-6(a)44717 ··-·NIST-800-53-CM-6(a)
44718 ··-·PCI-DSS-Req-7.144718 ··-·PCI-DSS-Req-7.1
Offset 44725, 16 lines modifiedOffset 44725, 16 lines modified
44725 ··-·no_reboot_needed44725 ··-·no_reboot_needed
  
44726 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg44726 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
44727 ··file:44727 ··file:
44728 ····path:·/boot/grub2/grub.cfg44728 ····path:·/boot/grub2/grub.cfg
44729 ····owner:·'0'44729 ····owner:·'0'
44730 ··when:44730 ··when:
44731 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44732 ··-·'"grub2-common"·in·ansible_facts.packages'44731 ··-·'"grub2-common"·in·ansible_facts.packages'
 44732 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44733 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44733 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44734 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44734 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44735 ··tags:44735 ··tags:
44736 ··-·CJIS-5.5.2.244736 ··-·CJIS-5.5.2.2
44737 ··-·NIST-800-171-3.4.544737 ··-·NIST-800-171-3.4.5
44738 ··-·NIST-800-53-AC-6(1)44738 ··-·NIST-800-53-AC-6(1)
44739 ··-·NIST-800-53-CM-6(a)44739 ··-·NIST-800-53-CM-6(a)
Offset 44746, 15 lines modifiedOffset 44746, 15 lines modified
44746 ··-·medium_severity44746 ··-·medium_severity
44747 ··-·no_reboot_needed44747 ··-·no_reboot_needed
44748 Remediation_Shell_script_⇲44748 Remediation_Shell_script_⇲
44749 Complexity:·low44749 Complexity:·low
44750 Disruption:·low44750 Disruption:·low
44751 Strategy:···configure44751 Strategy:···configure
44752 #·Remediation·is·applicable·only·in·certain·platforms44752 #·Remediation·is·applicable·only·in·certain·platforms
44753 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44753 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44754 chown·0·/boot/grub2/grub.cfg44754 chown·0·/boot/grub2/grub.cfg
  
44755 else44755 else
44756 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44756 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44757 fi44757 fi
44758 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules44758 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules
22.8 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-rht-ccp.html
    
Offset 44578, 22 lines modifiedOffset 44578, 22 lines modified
000ae210:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for000ae210:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
000ae220:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot000ae220:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
000ae230:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000ae230:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000ae240:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path000ae240:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
000ae250:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000ae250:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000ae260:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe000ae260:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
000ae270:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·000ae270:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
000ae280:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000ae280:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000ae290:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
000ae2a0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000ae2b0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000ae2c0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000ae2d0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
000ae2e0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
000ae2f0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000ae290:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 000ae2a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000ae2b0:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000ae2c0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000ae2d0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000ae2e0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000ae2f0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000ae300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000ae300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000ae310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000ae310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000ae320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000ae320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000ae330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000ae330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000ae340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000ae340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000ae350:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000ae350:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000ae360:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2000ae360:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2
Offset 44614, 22 lines modifiedOffset 44614, 22 lines modified
000ae450:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·000ae450:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
000ae460:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on000ae460:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
000ae470:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000ae470:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000ae480:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··000ae480:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
000ae490:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr000ae490:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
000ae4a0:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···000ae4a0:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
000ae4b0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh000ae4b0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
000ae4c0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000ae4c0:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000ae4d0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000ae4e0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000ae4f0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000ae500:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
000ae510:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
000ae520:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000ae530:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a000ae4d0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 000ae4e0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000ae4f0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000ae500:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 000ae510:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 000ae520:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 000ae530:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
000ae540:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000ae540:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000ae550:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000ae550:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000ae560:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000ae560:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000ae570:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000ae570:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000ae580:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000ae580:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000ae590:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex000ae590:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
000ae5a0:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def000ae5a0:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 44680, 19 lines modifiedOffset 44680, 19 lines modified
000ae870:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td000ae870:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
000ae880:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><000ae880:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
000ae890:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre000ae890:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
000ae8a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000ae8a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000ae8b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000ae8b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000ae8c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000ae8c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000ae8d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000ae8d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000ae8e0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm 
000ae8f0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
000ae900:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
000ae910:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo000ae8e0:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
 000ae8f0:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
 000ae900:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s
 000ae910:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
000ae920:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[000ae920:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
000ae930:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000ae930:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000ae940:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000ae940:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000ae950:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000ae950:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000ae960:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000ae960:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000ae970:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000ae970:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000ae980:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000ae980:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000ae990:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000ae990:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 45158, 22 lines modifiedOffset 45158, 22 lines modified
000b0650:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence000b0650:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
000b0660:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000b0660:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000b0670:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··000b0670:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
000b0680:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr000b0680:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
000b0690:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r000b0690:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
000b06a0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex000b06a0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
000b06b0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-000b06b0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
000b06c0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
000b06d0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
000b06e0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000b06f0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
000b0700:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
000b0710:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
000b0720:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000b06c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 000b06d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000b06e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000b06f0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 000b0700:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000b0710:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000b0720:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
000b0730:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000b0730:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
000b0740:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t000b0740:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
000b0750:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc000b0750:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
000b0760:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op000b0760:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
000b0770:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",000b0770:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
000b0780:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000b0780:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
000b0790:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5000b0790:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
000b07a0:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-000b07a0:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 45193, 22 lines modifiedOffset 45193, 22 lines modified
000b0880:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure000b0880:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
000b0890:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo000b0890:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
000b08a0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000b08a0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000b08b0:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat000b08b0:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
000b08c0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g000b08c0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
000b08d0:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne000b08d0:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne
000b08e0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·000b08e0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·
000b08f0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000b0900:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000b0910:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000b0920:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000b0930:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000b0940:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000b0950:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000b08f0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000b0900:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000b0910:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000b0920:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
Max diff block lines reached; 7970/17622 bytes (45.23%) of diff not shown.
5.44 KB
html2text {}
    
Offset 4816, 16 lines modifiedOffset 4816, 16 lines modified
4816 ··-·no_reboot_needed4816 ··-·no_reboot_needed
  
4817 -·name:·Test·for·existence·/boot/grub2/grub.cfg4817 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4818 ··stat:4818 ··stat:
4819 ····path:·/boot/grub2/grub.cfg4819 ····path:·/boot/grub2/grub.cfg
4820 ··register:·file_exists4820 ··register:·file_exists
4821 ··when:4821 ··when:
4822 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4823 ··-·'"grub2-common"·in·ansible_facts.packages'4822 ··-·'"grub2-common"·in·ansible_facts.packages'
 4823 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4825 ··tags:4825 ··tags:
4826 ··-·CJIS-5.5.2.24826 ··-·CJIS-5.5.2.2
4827 ··-·NIST-800-171-3.4.54827 ··-·NIST-800-171-3.4.5
4828 ··-·NIST-800-53-AC-6(1)4828 ··-·NIST-800-53-AC-6(1)
4829 ··-·NIST-800-53-CM-6(a)4829 ··-·NIST-800-53-CM-6(a)
4830 ··-·PCI-DSS-Req-7.14830 ··-·PCI-DSS-Req-7.1
Offset 4837, 16 lines modifiedOffset 4837, 16 lines modified
4837 ··-·no_reboot_needed4837 ··-·no_reboot_needed
  
4838 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4838 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4839 ··file:4839 ··file:
4840 ····path:·/boot/grub2/grub.cfg4840 ····path:·/boot/grub2/grub.cfg
4841 ····group:·'0'4841 ····group:·'0'
4842 ··when:4842 ··when:
4843 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4844 ··-·'"grub2-common"·in·ansible_facts.packages'4843 ··-·'"grub2-common"·in·ansible_facts.packages'
 4844 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4846 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4846 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4847 ··tags:4847 ··tags:
4848 ··-·CJIS-5.5.2.24848 ··-·CJIS-5.5.2.2
4849 ··-·NIST-800-171-3.4.54849 ··-·NIST-800-171-3.4.5
4850 ··-·NIST-800-53-AC-6(1)4850 ··-·NIST-800-53-AC-6(1)
4851 ··-·NIST-800-53-CM-6(a)4851 ··-·NIST-800-53-CM-6(a)
Offset 4858, 15 lines modifiedOffset 4858, 15 lines modified
4858 ··-·medium_severity4858 ··-·medium_severity
4859 ··-·no_reboot_needed4859 ··-·no_reboot_needed
4860 Remediation_Shell_script_⇲4860 Remediation_Shell_script_⇲
4861 Complexity:·low4861 Complexity:·low
4862 Disruption:·low4862 Disruption:·low
4863 Strategy:···configure4863 Strategy:···configure
4864 #·Remediation·is·applicable·only·in·certain·platforms4864 #·Remediation·is·applicable·only·in·certain·platforms
4865 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4865 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4866 chgrp·0·/boot/grub2/grub.cfg4866 chgrp·0·/boot/grub2/grub.cfg
  
4867 else4867 else
4868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4869 fi4869 fi
4870 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***4870 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 4897, 16 lines modifiedOffset 4897, 16 lines modified
4897 ··-·no_reboot_needed4897 ··-·no_reboot_needed
  
4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4899 ··stat:4899 ··stat:
4900 ····path:·/boot/grub2/grub.cfg4900 ····path:·/boot/grub2/grub.cfg
4901 ··register:·file_exists4901 ··register:·file_exists
4902 ··when:4902 ··when:
4903 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4904 ··-·'"grub2-common"·in·ansible_facts.packages'4903 ··-·'"grub2-common"·in·ansible_facts.packages'
 4904 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4906 ··tags:4906 ··tags:
4907 ··-·CJIS-5.5.2.24907 ··-·CJIS-5.5.2.2
4908 ··-·NIST-800-171-3.4.54908 ··-·NIST-800-171-3.4.5
4909 ··-·NIST-800-53-AC-6(1)4909 ··-·NIST-800-53-AC-6(1)
4910 ··-·NIST-800-53-CM-6(a)4910 ··-·NIST-800-53-CM-6(a)
4911 ··-·PCI-DSS-Req-7.14911 ··-·PCI-DSS-Req-7.1
Offset 4918, 16 lines modifiedOffset 4918, 16 lines modified
4918 ··-·no_reboot_needed4918 ··-·no_reboot_needed
  
4919 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg4919 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
4920 ··file:4920 ··file:
4921 ····path:·/boot/grub2/grub.cfg4921 ····path:·/boot/grub2/grub.cfg
4922 ····owner:·'0'4922 ····owner:·'0'
4923 ··when:4923 ··when:
4924 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4925 ··-·'"grub2-common"·in·ansible_facts.packages'4924 ··-·'"grub2-common"·in·ansible_facts.packages'
 4925 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4926 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4926 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4927 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4927 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4928 ··tags:4928 ··tags:
4929 ··-·CJIS-5.5.2.24929 ··-·CJIS-5.5.2.2
4930 ··-·NIST-800-171-3.4.54930 ··-·NIST-800-171-3.4.5
4931 ··-·NIST-800-53-AC-6(1)4931 ··-·NIST-800-53-AC-6(1)
4932 ··-·NIST-800-53-CM-6(a)4932 ··-·NIST-800-53-CM-6(a)
Offset 4939, 15 lines modifiedOffset 4939, 15 lines modified
4939 ··-·medium_severity4939 ··-·medium_severity
4940 ··-·no_reboot_needed4940 ··-·no_reboot_needed
4941 Remediation_Shell_script_⇲4941 Remediation_Shell_script_⇲
4942 Complexity:·low4942 Complexity:·low
4943 Disruption:·low4943 Disruption:·low
4944 Strategy:···configure4944 Strategy:···configure
4945 #·Remediation·is·applicable·only·in·certain·platforms4945 #·Remediation·is·applicable·only·in·certain·platforms
4946 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4946 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4947 chown·0·/boot/grub2/grub.cfg4947 chown·0·/boot/grub2/grub.cfg
  
4948 else4948 else
4949 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4949 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4950 fi4950 fi
4951 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***4951 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***
Offset 4976, 16 lines modifiedOffset 4976, 16 lines modified
4976 ··-·no_reboot_needed4976 ··-·no_reboot_needed
  
4977 -·name:·Test·for·existence·/boot/grub2/grub.cfg4977 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4978 ··stat:4978 ··stat:
4979 ····path:·/boot/grub2/grub.cfg4979 ····path:·/boot/grub2/grub.cfg
4980 ··register:·file_exists4980 ··register:·file_exists
4981 ··when:4981 ··when:
4982 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4983 ··-·'"grub2-common"·in·ansible_facts.packages'4982 ··-·'"grub2-common"·in·ansible_facts.packages'
 4983 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4984 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4984 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4985 ··tags:4985 ··tags:
4986 ··-·NIST-800-171-3.4.54986 ··-·NIST-800-171-3.4.5
4987 ··-·NIST-800-53-AC-6(1)4987 ··-·NIST-800-53-AC-6(1)
4988 ··-·NIST-800-53-CM-6(a)4988 ··-·NIST-800-53-CM-6(a)
4989 ··-·configure_strategy4989 ··-·configure_strategy
4990 ··-·file_permissions_grub2_cfg4990 ··-·file_permissions_grub2_cfg
Offset 4995, 16 lines modifiedOffset 4995, 16 lines modified
4995 ··-·no_reboot_needed4995 ··-·no_reboot_needed
  
4996 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg4996 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
4997 ··file:4997 ··file:
4998 ····path:·/boot/grub2/grub.cfg4998 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1108/5548 bytes (19.97%) of diff not shown.
5.23 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig.html
    
Offset 350589, 23 lines modifiedOffset 350589, 23 lines modified
005597c0:·7472·6963·7469·6f6e·735c·732a·3d5c·732a··trictions\s*=\s*005597c0:·7472·6963·7469·6f6e·735c·732a·3d5c·732a··trictions\s*=\s*
005597d0:·0a20·2020·2020·206c·696e·653a·2073·6d74··.······line:·smt005597d0:·0a20·2020·2020·206c·696e·653a·2073·6d74··.······line:·smt
005597e0:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri005597e0:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri
005597f0:·6374·696f·6e73·203d·2070·6572·6d69·745f··ctions·=·permit_005597f0:·6374·696f·6e73·203d·2070·6572·6d69·745f··ctions·=·permit_
00559800:·6d79·6e65·7477·6f72·6b73·2c72·656a·6563··mynetworks,rejec00559800:·6d79·6e65·7477·6f72·6b73·2c72·656a·6563··mynetworks,rejec
00559810:·740a·2020·2020·2020·7374·6174·653a·2070··t.······state:·p00559810:·740a·2020·2020·2020·7374·6174·653a·2070··t.······state:·p
00559820:·7265·7365·6e74·0a20·2077·6865·6e3a·0a20··resent.··when:.·00559820:·7265·7365·6e74·0a20·2077·6865·6e3a·0a20··resent.··when:.·
00559830:·202d·2027·2270·6f73·7466·6978·2220·696e···-·'"postfix"·in 
00559840:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00559850:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
00559860:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
00559870:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
00559880:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
00559890:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
005598a0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00559830:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 00559840:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 00559850:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 00559860:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 00559870:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 00559880:·7461·696e·6572·225d·0a20·202d·2027·2270··tainer"].··-·'"p
 00559890:·6f73·7466·6978·2220·696e·2061·6e73·6962··ostfix"·in·ansib
 005598a0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
005598b0:·225d·0a20·2074·6167·733a·0a20·202d·2044··"].··tags:.··-·D005598b0:·7327·0a20·2074·6167·733a·0a20·202d·2044··s'.··tags:.··-·D
005598c0:·4953·412d·5354·4947·2d52·4845·4c2d·3038··ISA-STIG-RHEL-08005598c0:·4953·412d·5354·4947·2d52·4845·4c2d·3038··ISA-STIG-RHEL-08
005598d0:·2d30·3430·3239·300a·2020·2d20·6c6f·775f··-040290.··-·low_005598d0:·2d30·3430·3239·300a·2020·2d20·6c6f·775f··-040290.··-·low_
005598e0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l005598e0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
005598f0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··005598f0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
00559900:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit00559900:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
00559910:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_00559910:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
00559920:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf00559920:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf
Offset 350629, 20 lines modifiedOffset 350629, 20 lines modified
00559a40:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col00559a40:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
00559a50:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·00559a50:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
00559a60:·6964·3d22·6964·6d37·3238·3533·223e·3c70··id="idm72853"><p00559a60:·6964·3d22·6964·6d37·3238·3533·223e·3c70··id="idm72853"><p
00559a70:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed00559a70:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
00559a80:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic00559a80:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
00559a90:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer00559a90:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
00559aa0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i00559aa0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
00559ab0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
00559ac0:·2070·6f73·7466·6978·2026·616d·703b·2661···postfix·&amp;&a 
00559ad0:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc00559ab0:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
00559ae0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a00559ac0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
00559af0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/00559ad0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
00559b00:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];00559ae0:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 00559af0:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 00559b00:·7569·6574·202d·7120·706f·7374·6669·783b··uiet·-q·postfix;
00559b10:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep00559b10:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep
00559b20:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien00559b20:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien
00559b30:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/00559b30:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/
00559b40:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main00559b40:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main
00559b50:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·00559b50:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·
00559b60:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re00559b60:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re
00559b70:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per00559b70:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per
1.15 KB
html2text {}
    
Offset 74696, 27 lines modifiedOffset 74696, 27 lines modified
74696 ····lineinfile:74696 ····lineinfile:
74697 ······path:·/etc/postfix/main.cf74697 ······path:·/etc/postfix/main.cf
74698 ······create:·true74698 ······create:·true
74699 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*74699 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
74700 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject74700 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
74701 ······state:·present74701 ······state:·present
74702 ··when:74702 ··when:
74703 ··-·'"postfix"·in·ansible_facts.packages' 
74704 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]74703 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 74704 ··-·'"postfix"·in·ansible_facts.packages'
74705 ··tags:74705 ··tags:
74706 ··-·DISA-STIG-RHEL-08-04029074706 ··-·DISA-STIG-RHEL-08-040290
74707 ··-·low_complexity74707 ··-·low_complexity
74708 ··-·low_disruption74708 ··-·low_disruption
74709 ··-·medium_severity74709 ··-·medium_severity
74710 ··-·no_reboot_needed74710 ··-·no_reboot_needed
74711 ··-·postfix_prevent_unrestricted_relay74711 ··-·postfix_prevent_unrestricted_relay
74712 ··-·restrict_strategy74712 ··-·restrict_strategy
74713 Remediation_Shell_script_⇲74713 Remediation_Shell_script_⇲
74714 #·Remediation·is·applicable·only·in·certain·platforms74714 #·Remediation·is·applicable·only·in·certain·platforms
74715 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then74715 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
74716 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then74716 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
74717 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf74717 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
74718 else74718 else
74719 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf74719 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
74720 fi74720 fi
  
5.37 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig_gui.html
    
Offset 350299, 23 lines modifiedOffset 350299, 23 lines modified
005585a0:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict005585a0:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict
005585b0:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····005585b0:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····
005585c0:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl005585c0:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl
005585d0:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction005585d0:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction
005585e0:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet005585e0:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet
005585f0:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···005585f0:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···
00558600:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen00558600:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
00558610:·740a·2020·7768·656e·3a0a·2020·2d20·2722··t.··when:.··-·'"00558610:·740a·2020·7768·656e·3a0a·2020·2d20·616e··t.··when:.··-·an
00558620:·706f·7374·6669·7822·2069·6e20·616e·7369··postfix"·in·ansi 
00558630:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
00558640:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
00558650:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
00558660:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
00558670:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
00558680:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00558690:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00558620:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 00558630:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 00558640:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 00558650:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 00558660:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 00558670:·7222·5d0a·2020·2d20·2722·706f·7374·6669··r"].··-·'"postfi
 00558680:·7822·2069·6e20·616e·7369·626c·655f·6661··x"·in·ansible_fa
 00558690:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
005586a0:·7461·6773·3a0a·2020·2d20·4449·5341·2d53··tags:.··-·DISA-S005586a0:·7461·6773·3a0a·2020·2d20·4449·5341·2d53··tags:.··-·DISA-S
005586b0:·5449·472d·5248·454c·2d30·382d·3034·3032··TIG-RHEL-08-0402005586b0:·5449·472d·5248·454c·2d30·382d·3034·3032··TIG-RHEL-08-0402
005586c0:·3930·0a20·202d·206c·6f77·5f63·6f6d·706c··90.··-·low_compl005586c0:·3930·0a20·202d·206c·6f77·5f63·6f6d·706c··90.··-·low_compl
005586d0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di005586d0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di
005586e0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med005586e0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med
005586f0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-005586f0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-
00558700:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede00558700:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
Offset 350339, 21 lines modifiedOffset 350339, 21 lines modified
00558820:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class00558820:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
00558830:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse00558830:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
00558840:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i00558840:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
00558850:·646d·3732·3835·3322·3e3c·7072·653e·3c63··dm72853"><pre><c00558850:·646d·3732·3835·3322·3e3c·7072·653e·3c63··dm72853"><pre><c
00558860:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio00558860:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
00558870:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·00558870:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
00558880:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·00558880:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
00558890:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm00558890:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
005588a0:·202d·2d71·7569·6574·202d·7120·706f·7374···--quiet·-q·post 
005588b0:·6669·7820·2661·6d70·3b26·616d·703b·205b··fix·&amp;&amp;·[ 
005588c0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren005588a0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
005588d0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[005588b0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
005588e0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont005588c0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
005588f0:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then005588d0:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 005588e0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 005588f0:·2d71·2070·6f73·7466·6978·3b20·7468·656e··-q·postfix;·then
00558900:·0a0a·6966·2021·2067·7265·7020·2d71·205e··..if·!·grep·-q·^00558900:·0a0a·6966·2021·2067·7265·7020·2d71·205e··..if·!·grep·-q·^
00558910:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res00558910:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res
00558920:·7472·6963·7469·6f6e·7320·2f65·7463·2f70··trictions·/etc/p00558920:·7472·6963·7469·6f6e·7320·2f65·7463·2f70··trictions·/etc/p
00558930:·6f73·7466·6978·2f6d·6169·6e2e·6366·3b20··ostfix/main.cf;·00558930:·6f73·7466·6978·2f6d·6169·6e2e·6366·3b20··ostfix/main.cf;·
00558940:·7468·656e·0a09·6563·686f·2022·736d·7470··then..echo·"smtp00558940:·7468·656e·0a09·6563·686f·2022·736d·7470··then..echo·"smtp
00558950:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric00558950:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
00558960:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m00558960:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m
1.15 KB
html2text {}
    
Offset 74645, 27 lines modifiedOffset 74645, 27 lines modified
74645 ····lineinfile:74645 ····lineinfile:
74646 ······path:·/etc/postfix/main.cf74646 ······path:·/etc/postfix/main.cf
74647 ······create:·true74647 ······create:·true
74648 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*74648 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
74649 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject74649 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
74650 ······state:·present74650 ······state:·present
74651 ··when:74651 ··when:
74652 ··-·'"postfix"·in·ansible_facts.packages' 
74653 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]74652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 74653 ··-·'"postfix"·in·ansible_facts.packages'
74654 ··tags:74654 ··tags:
74655 ··-·DISA-STIG-RHEL-08-04029074655 ··-·DISA-STIG-RHEL-08-040290
74656 ··-·low_complexity74656 ··-·low_complexity
74657 ··-·low_disruption74657 ··-·low_disruption
74658 ··-·medium_severity74658 ··-·medium_severity
74659 ··-·no_reboot_needed74659 ··-·no_reboot_needed
74660 ··-·postfix_prevent_unrestricted_relay74660 ··-·postfix_prevent_unrestricted_relay
74661 ··-·restrict_strategy74661 ··-·restrict_strategy
74662 Remediation_Shell_script_⇲74662 Remediation_Shell_script_⇲
74663 #·Remediation·is·applicable·only·in·certain·platforms74663 #·Remediation·is·applicable·only·in·certain·platforms
74664 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then74664 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
74665 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then74665 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
74666 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf74666 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
74667 else74667 else
74668 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf74668 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
74669 fi74669 fi
  
29.7 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis.html
    
Offset 186674, 22 lines modifiedOffset 186674, 22 lines modified
002d9310:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f002d9310:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f
002d9320:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo002d9320:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo
002d9330:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf002d9330:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
002d9340:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa002d9340:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
002d9350:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/002d9350:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
002d9360:·7573·6572·2e63·6667·0a20·2072·6567·6973··user.cfg.··regis002d9360:·7573·6572·2e63·6667·0a20·2072·6567·6973··user.cfg.··regis
002d9370:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists002d9370:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
002d9380:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/002d9380:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
002d9390:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans 
002d93a0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002d93b0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002d93c0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002d93d0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"002d9390:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
002d93e0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact002d93a0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
002d93f0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002d93b0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 002d93c0:·6f6f·742f·6566·6922·2069·6e20·616e·7369··oot/efi"·in·ansi
 002d93d0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002d93e0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002d93f0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002d9400:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002d9400:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002d9410:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002d9410:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002d9420:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002d9420:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002d9430:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002d9430:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002d9440:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002d9440:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002d9450:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··002d9450:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
002d9460:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·002d9460:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 186710, 22 lines modifiedOffset 186710, 22 lines modified
002d9550:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002d9550:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002d9560:·2067·726f·7570·206f·776e·6572·2030·206f···group·owner·0·o002d9560:·2067·726f·7570·206f·776e·6572·2030·206f···group·owner·0·o
002d9570:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us002d9570:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us
002d9580:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·002d9580:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·
002d9590:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002d9590:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002d95a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002d95a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002d95b0:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w002d95b0:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w
002d95c0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002d95c0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002d95d0:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible 
002d95e0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
002d95f0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
002d9600:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
002d9610:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·002d95d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
002d9620:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa002d95e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002d95f0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002d9600:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_
 002d9610:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002d9620:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
002d9630:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi002d9630:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
002d9640:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002d9640:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002d9650:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002d9650:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002d9660:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002d9660:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002d9670:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002d9670:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002d9680:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002d9680:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002d9690:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist002d9690:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
002d96a0:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define002d96a0:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 186776, 18 lines modifiedOffset 186776, 18 lines modified
002d9970:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td002d9970:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
002d9980:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><002d9980:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
002d9990:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre002d9990:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
002d99a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia002d99a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
002d99b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab002d99b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
002d99c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa002d99c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
002d99d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·002d99d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
002d99e0:·5b20·2d66·202f·7379·732f·6669·726d·7761··[·-f·/sys/firmwa 
002d99f0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
002d9a00:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·002d99e0:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
002d9a10:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·002d99f0:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
 002d9a00:·3b26·616d·703b·205b·202d·6620·2f73·7973··;&amp;·[·-f·/sys
 002d9a10:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
002d9a20:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!002d9a20:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
002d9a30:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·002d9a30:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
002d9a40:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!002d9a40:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
002d9a50:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai002d9a50:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
002d9a60:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the002d9a60:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
002d9a70:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot002d9a70:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
002d9a80:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.002d9a80:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
Offset 187170, 21 lines modifiedOffset 187170, 21 lines modified
002db210:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002db210:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002db220:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us002db220:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
002db230:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·002db230:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
002db240:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002db240:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002db250:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002db250:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002db260:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e002db260:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
002db270:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··002db270:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
002db280:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
002db290:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002db2a0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002db2b0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002db2c0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co002db280:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
002db2d0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible002db290:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
002db2e0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002db2a0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002db2b0:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 002db2c0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002db2d0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002db2e0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002db2f0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002db2f0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002db300:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002db300:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002db310:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002db310:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002db320:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002db320:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002db330:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002db330:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002db340:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag002db340:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
002db350:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.002db350:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 187205, 21 lines modifiedOffset 187205, 21 lines modified
002db440:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002db440:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002db450:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo002db450:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
002db460:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg002db460:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
002db470:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat002db470:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
002db480:·683a·202f·626f·6f74·2f67·7275·6232·2f75··h:·/boot/grub2/u002db480:·683a·202f·626f·6f74·2f67·7275·6232·2f75··h:·/boot/grub2/u
002db490:·7365·722e·6366·670a·2020·2020·6f77·6e65··ser.cfg.····owne002db490:·7365·722e·6366·670a·2020·2020·6f77·6e65··ser.cfg.····owne
002db4a0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·002db4a0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·
002db4b0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002db4c0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002db4d0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002db4e0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
002db4f0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c002db4b0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
002db500:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl002db4c0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
002db510:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages002db4d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 002db4e0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i
 002db4f0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 002db500:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 002db510:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
002db520:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi002db520:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
002db530:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ002db530:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
002db540:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke002db540:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
002db550:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open002db550:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
002db560:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"002db560:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
002db570:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·002db570:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
002db580:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat002db580:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 187270, 19 lines modifiedOffset 187270, 19 lines modified
Max diff block lines reached; 13140/22830 bytes (57.56%) of diff not shown.
7.25 KB
html2text {}
    
Offset 41738, 16 lines modifiedOffset 41738, 16 lines modified
41738 ··-·no_reboot_needed41738 ··-·no_reboot_needed
  
41739 -·name:·Test·for·existence·/boot/grub2/user.cfg41739 -·name:·Test·for·existence·/boot/grub2/user.cfg
41740 ··stat:41740 ··stat:
41741 ····path:·/boot/grub2/user.cfg41741 ····path:·/boot/grub2/user.cfg
41742 ··register:·file_exists41742 ··register:·file_exists
41743 ··when:41743 ··when:
41744 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41745 ··-·'"grub2-common"·in·ansible_facts.packages'41744 ··-·'"grub2-common"·in·ansible_facts.packages'
 41745 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41746 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41746 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41747 ··tags:41747 ··tags:
41748 ··-·CJIS-5.5.2.241748 ··-·CJIS-5.5.2.2
41749 ··-·NIST-800-171-3.4.541749 ··-·NIST-800-171-3.4.5
41750 ··-·NIST-800-53-AC-6(1)41750 ··-·NIST-800-53-AC-6(1)
41751 ··-·NIST-800-53-CM-6(a)41751 ··-·NIST-800-53-CM-6(a)
41752 ··-·PCI-DSS-Req-7.141752 ··-·PCI-DSS-Req-7.1
Offset 41759, 16 lines modifiedOffset 41759, 16 lines modified
41759 ··-·no_reboot_needed41759 ··-·no_reboot_needed
  
41760 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41760 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41761 ··file:41761 ··file:
41762 ····path:·/boot/grub2/user.cfg41762 ····path:·/boot/grub2/user.cfg
41763 ····group:·'0'41763 ····group:·'0'
41764 ··when:41764 ··when:
41765 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41766 ··-·'"grub2-common"·in·ansible_facts.packages'41765 ··-·'"grub2-common"·in·ansible_facts.packages'
 41766 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41767 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41767 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41768 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41768 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41769 ··tags:41769 ··tags:
41770 ··-·CJIS-5.5.2.241770 ··-·CJIS-5.5.2.2
41771 ··-·NIST-800-171-3.4.541771 ··-·NIST-800-171-3.4.5
41772 ··-·NIST-800-53-AC-6(1)41772 ··-·NIST-800-53-AC-6(1)
41773 ··-·NIST-800-53-CM-6(a)41773 ··-·NIST-800-53-CM-6(a)
Offset 41780, 15 lines modifiedOffset 41780, 15 lines modified
41780 ··-·medium_severity41780 ··-·medium_severity
41781 ··-·no_reboot_needed41781 ··-·no_reboot_needed
41782 Remediation_Shell_script_⇲41782 Remediation_Shell_script_⇲
41783 Complexity:·low41783 Complexity:·low
41784 Disruption:·low41784 Disruption:·low
41785 Strategy:···configure41785 Strategy:···configure
41786 #·Remediation·is·applicable·only·in·certain·platforms41786 #·Remediation·is·applicable·only·in·certain·platforms
41787 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41787 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41788 chgrp·0·/boot/grub2/user.cfg41788 chgrp·0·/boot/grub2/user.cfg
  
41789 else41789 else
41790 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41790 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41791 fi41791 fi
41792 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***41792 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 41819, 16 lines modifiedOffset 41819, 16 lines modified
41819 ··-·no_reboot_needed41819 ··-·no_reboot_needed
  
41820 -·name:·Test·for·existence·/boot/grub2/user.cfg41820 -·name:·Test·for·existence·/boot/grub2/user.cfg
41821 ··stat:41821 ··stat:
41822 ····path:·/boot/grub2/user.cfg41822 ····path:·/boot/grub2/user.cfg
41823 ··register:·file_exists41823 ··register:·file_exists
41824 ··when:41824 ··when:
41825 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41826 ··-·'"grub2-common"·in·ansible_facts.packages'41825 ··-·'"grub2-common"·in·ansible_facts.packages'
 41826 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41828 ··tags:41828 ··tags:
41829 ··-·CJIS-5.5.2.241829 ··-·CJIS-5.5.2.2
41830 ··-·NIST-800-171-3.4.541830 ··-·NIST-800-171-3.4.5
41831 ··-·NIST-800-53-AC-6(1)41831 ··-·NIST-800-53-AC-6(1)
41832 ··-·NIST-800-53-CM-6(a)41832 ··-·NIST-800-53-CM-6(a)
41833 ··-·PCI-DSS-Req-7.141833 ··-·PCI-DSS-Req-7.1
Offset 41840, 16 lines modifiedOffset 41840, 16 lines modified
41840 ··-·no_reboot_needed41840 ··-·no_reboot_needed
  
41841 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg41841 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
41842 ··file:41842 ··file:
41843 ····path:·/boot/grub2/user.cfg41843 ····path:·/boot/grub2/user.cfg
41844 ····owner:·'0'41844 ····owner:·'0'
41845 ··when:41845 ··when:
41846 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41847 ··-·'"grub2-common"·in·ansible_facts.packages'41846 ··-·'"grub2-common"·in·ansible_facts.packages'
 41847 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41848 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41848 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41849 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41849 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41850 ··tags:41850 ··tags:
41851 ··-·CJIS-5.5.2.241851 ··-·CJIS-5.5.2.2
41852 ··-·NIST-800-171-3.4.541852 ··-·NIST-800-171-3.4.5
41853 ··-·NIST-800-53-AC-6(1)41853 ··-·NIST-800-53-AC-6(1)
41854 ··-·NIST-800-53-CM-6(a)41854 ··-·NIST-800-53-CM-6(a)
Offset 41861, 15 lines modifiedOffset 41861, 15 lines modified
41861 ··-·medium_severity41861 ··-·medium_severity
41862 ··-·no_reboot_needed41862 ··-·no_reboot_needed
41863 Remediation_Shell_script_⇲41863 Remediation_Shell_script_⇲
41864 Complexity:·low41864 Complexity:·low
41865 Disruption:·low41865 Disruption:·low
41866 Strategy:···configure41866 Strategy:···configure
41867 #·Remediation·is·applicable·only·in·certain·platforms41867 #·Remediation·is·applicable·only·in·certain·platforms
41868 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41868 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41869 chown·0·/boot/grub2/user.cfg41869 chown·0·/boot/grub2/user.cfg
  
41870 else41870 else
41871 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41871 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41872 fi41872 fi
41873 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***41873 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 41898, 16 lines modifiedOffset 41898, 16 lines modified
41898 ··-·no_reboot_needed41898 ··-·no_reboot_needed
  
41899 -·name:·Test·for·existence·/boot/grub2/grub.cfg41899 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41900 ··stat:41900 ··stat:
41901 ····path:·/boot/grub2/grub.cfg41901 ····path:·/boot/grub2/grub.cfg
41902 ··register:·file_exists41902 ··register:·file_exists
41903 ··when:41903 ··when:
41904 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41905 ··-·'"grub2-common"·in·ansible_facts.packages'41904 ··-·'"grub2-common"·in·ansible_facts.packages'
 41905 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41906 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41906 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41907 ··tags:41907 ··tags:
41908 ··-·NIST-800-171-3.4.541908 ··-·NIST-800-171-3.4.5
41909 ··-·NIST-800-53-AC-6(1)41909 ··-·NIST-800-53-AC-6(1)
41910 ··-·NIST-800-53-CM-6(a)41910 ··-·NIST-800-53-CM-6(a)
41911 ··-·configure_strategy41911 ··-·configure_strategy
41912 ··-·file_permissions_efi_grub2_cfg41912 ··-·file_permissions_efi_grub2_cfg
Offset 41917, 16 lines modifiedOffset 41917, 16 lines modified
41917 ··-·no_reboot_needed41917 ··-·no_reboot_needed
  
41918 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg41918 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
41919 ··file:41919 ··file:
41920 ····path:·/boot/grub2/grub.cfg41920 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2985/7404 bytes (40.32%) of diff not shown.
29.8 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_server_l1.html
    
Offset 61428, 21 lines modifiedOffset 61428, 21 lines modified
000eff30:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen000eff30:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
000eff40:·6365·202f·626f·6f74·2f67·7275·6232·2f75··ce·/boot/grub2/u000eff40:·6365·202f·626f·6f74·2f67·7275·6232·2f75··ce·/boot/grub2/u
000eff50:·7365·722e·6366·670a·2020·7374·6174·3a0a··ser.cfg.··stat:.000eff50:·7365·722e·6366·670a·2020·7374·6174·3a0a··ser.cfg.··stat:.
000eff60:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000eff60:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000eff70:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·000eff70:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
000eff80:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_000eff80:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
000eff90:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·000eff90:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
000effa0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000effb0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000effc0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000effd0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000effe0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c000effa0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
000efff0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl000effb0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
000f0000:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000effc0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000effd0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i
 000effe0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000efff0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000f0000:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000f0010:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000f0010:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000f0020:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000f0020:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000f0030:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000f0030:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000f0040:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000f0040:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000f0050:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000f0050:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000f0060:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000f0060:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000f0070:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5000f0070:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 61464, 21 lines modifiedOffset 61464, 21 lines modified
000f0170:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own000f0170:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
000f0180:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr000f0180:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
000f0190:·7562·322f·7573·6572·2e63·6667·0a20·2066··ub2/user.cfg.··f000f0190:·7562·322f·7573·6572·2e63·6667·0a20·2066··ub2/user.cfg.··f
000f01a0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000f01a0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000f01b0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000f01b0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000f01c0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'000f01c0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
000f01d0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'000f01d0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
000f01e0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
000f01f0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000f0200:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000f0210:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000f0220:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo000f01e0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
000f0230:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa000f01f0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
000f0240:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000f0200:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000f0210:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 000f0220:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000f0230:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000f0240:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000f0250:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000f0250:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000f0260:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000f0260:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000f0270:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000f0270:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000f0280:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000f0280:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000f0290:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f0290:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000f02a0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file000f02a0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
000f02b0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·000f02b0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 61529, 19 lines modifiedOffset 61529, 19 lines modified
000f0580:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</000f0580:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
000f0590:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure000f0590:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
000f05a0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl000f05a0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
000f05b0:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R000f05b0:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
000f05c0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap000f05c0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
000f05d0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in000f05d0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
000f05e0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor000f05e0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 000f05f0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
000f05f0:·6d73·0a69·6620·5b20·2d66·202f·7379·732f··ms.if·[·-f·/sys/ 
000f0600:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·& 
000f0610:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
000f0620:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c000f0600:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
 000f0610:·6e20·2661·6d70·3b26·616d·703b·205b·202d··n·&amp;&amp;·[·-
 000f0620:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/
000f0630:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;000f0630:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp;
000f0640:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock000f0640:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock
000f0650:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000f0650:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000f0660:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000f0660:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000f0670:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000f0670:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
000f0680:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0000f0680:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0
000f0690:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use000f0690:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
000f06a0:·722e·6366·670a·0a65·6c73·650a·2020·2020··r.cfg..else.····000f06a0:·722e·6366·670a·0a65·6c73·650a·2020·2020··r.cfg..else.····
Offset 61923, 22 lines modifiedOffset 61923, 22 lines modified
000f1e20:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000f1e20:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000f1e30:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000f1e30:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000f1e40:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s000f1e40:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s
000f1e50:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000f1e50:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000f1e60:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000f1e60:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000f1e70:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·000f1e70:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
000f1e80:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh000f1e80:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
000f1e90:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000f1e90:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000f1ea0:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
000f1eb0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000f1ec0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000f1ed0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000f1ee0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a000f1ea0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
000f1ef0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000f1eb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000f1ec0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000f1ed0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 000f1ee0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 000f1ef0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
000f1f00:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000f1f00:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
000f1f10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio000f1f10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
000f1f20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["000f1f20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
000f1f30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·000f1f30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
000f1f40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma000f1f40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
000f1f50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000f1f50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000f1f60:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI000f1f60:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
000f1f70:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI000f1f70:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 61958, 22 lines modifiedOffset 61958, 22 lines modified
000f2050:·6e65·6564·6564·0a0a·2d20·6e61·6d65·3a20··needed..-·name:·000f2050:·6e65·6564·6564·0a0a·2d20·6e61·6d65·3a20··needed..-·name:·
000f2060:·456e·7375·7265·206f·776e·6572·2030·206f··Ensure·owner·0·o000f2060:·456e·7375·7265·206f·776e·6572·2030·206f··Ensure·owner·0·o
000f2070:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us000f2070:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us
000f2080:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·000f2080:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·
000f2090:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000f2090:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000f20a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000f20a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000f20b0:·2020·6f77·6e65·723a·2027·3027·0a20·2077····owner:·'0'.··w000f20b0:·2020·6f77·6e65·723a·2027·3027·0a20·2077····owner:·'0'.··w
000f20c0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000f20c0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000f20d0:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible 
000f20e0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000f20f0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000f2100:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000f2110:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·000f20d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
000f2120:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000f20e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000f20f0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000f2100:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_
 000f2110:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 000f2120:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
000f2130:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000f2130:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
000f2140:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000f2140:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000f2150:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000f2150:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000f2160:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000f2160:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000f2170:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000f2170:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000f2180:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000f2180:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000f2190:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist000f2190:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
Max diff block lines reached; 13154/22944 bytes (57.33%) of diff not shown.
7.23 KB
html2text {}
    
Offset 8245, 16 lines modifiedOffset 8245, 16 lines modified
8245 ··-·no_reboot_needed8245 ··-·no_reboot_needed
  
8246 -·name:·Test·for·existence·/boot/grub2/user.cfg8246 -·name:·Test·for·existence·/boot/grub2/user.cfg
8247 ··stat:8247 ··stat:
8248 ····path:·/boot/grub2/user.cfg8248 ····path:·/boot/grub2/user.cfg
8249 ··register:·file_exists8249 ··register:·file_exists
8250 ··when:8250 ··when:
8251 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8252 ··-·'"grub2-common"·in·ansible_facts.packages'8251 ··-·'"grub2-common"·in·ansible_facts.packages'
 8252 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8254 ··tags:8254 ··tags:
8255 ··-·CJIS-5.5.2.28255 ··-·CJIS-5.5.2.2
8256 ··-·NIST-800-171-3.4.58256 ··-·NIST-800-171-3.4.5
8257 ··-·NIST-800-53-AC-6(1)8257 ··-·NIST-800-53-AC-6(1)
8258 ··-·NIST-800-53-CM-6(a)8258 ··-·NIST-800-53-CM-6(a)
8259 ··-·PCI-DSS-Req-7.18259 ··-·PCI-DSS-Req-7.1
Offset 8266, 16 lines modifiedOffset 8266, 16 lines modified
8266 ··-·no_reboot_needed8266 ··-·no_reboot_needed
  
8267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8268 ··file:8268 ··file:
8269 ····path:·/boot/grub2/user.cfg8269 ····path:·/boot/grub2/user.cfg
8270 ····group:·'0'8270 ····group:·'0'
8271 ··when:8271 ··when:
8272 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8273 ··-·'"grub2-common"·in·ansible_facts.packages'8272 ··-·'"grub2-common"·in·ansible_facts.packages'
 8273 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8274 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8274 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8276 ··tags:8276 ··tags:
8277 ··-·CJIS-5.5.2.28277 ··-·CJIS-5.5.2.2
8278 ··-·NIST-800-171-3.4.58278 ··-·NIST-800-171-3.4.5
8279 ··-·NIST-800-53-AC-6(1)8279 ··-·NIST-800-53-AC-6(1)
8280 ··-·NIST-800-53-CM-6(a)8280 ··-·NIST-800-53-CM-6(a)
Offset 8287, 15 lines modifiedOffset 8287, 15 lines modified
8287 ··-·medium_severity8287 ··-·medium_severity
8288 ··-·no_reboot_needed8288 ··-·no_reboot_needed
8289 Remediation_Shell_script_⇲8289 Remediation_Shell_script_⇲
8290 Complexity:·low8290 Complexity:·low
8291 Disruption:·low8291 Disruption:·low
8292 Strategy:···configure8292 Strategy:···configure
8293 #·Remediation·is·applicable·only·in·certain·platforms8293 #·Remediation·is·applicable·only·in·certain·platforms
8294 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8294 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8295 chgrp·0·/boot/grub2/user.cfg8295 chgrp·0·/boot/grub2/user.cfg
  
8296 else8296 else
8297 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8297 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8298 fi8298 fi
8299 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***8299 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 8326, 16 lines modifiedOffset 8326, 16 lines modified
8326 ··-·no_reboot_needed8326 ··-·no_reboot_needed
  
8327 -·name:·Test·for·existence·/boot/grub2/user.cfg8327 -·name:·Test·for·existence·/boot/grub2/user.cfg
8328 ··stat:8328 ··stat:
8329 ····path:·/boot/grub2/user.cfg8329 ····path:·/boot/grub2/user.cfg
8330 ··register:·file_exists8330 ··register:·file_exists
8331 ··when:8331 ··when:
8332 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8333 ··-·'"grub2-common"·in·ansible_facts.packages'8332 ··-·'"grub2-common"·in·ansible_facts.packages'
 8333 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8334 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8334 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8335 ··tags:8335 ··tags:
8336 ··-·CJIS-5.5.2.28336 ··-·CJIS-5.5.2.2
8337 ··-·NIST-800-171-3.4.58337 ··-·NIST-800-171-3.4.5
8338 ··-·NIST-800-53-AC-6(1)8338 ··-·NIST-800-53-AC-6(1)
8339 ··-·NIST-800-53-CM-6(a)8339 ··-·NIST-800-53-CM-6(a)
8340 ··-·PCI-DSS-Req-7.18340 ··-·PCI-DSS-Req-7.1
Offset 8347, 16 lines modifiedOffset 8347, 16 lines modified
8347 ··-·no_reboot_needed8347 ··-·no_reboot_needed
  
8348 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg8348 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
8349 ··file:8349 ··file:
8350 ····path:·/boot/grub2/user.cfg8350 ····path:·/boot/grub2/user.cfg
8351 ····owner:·'0'8351 ····owner:·'0'
8352 ··when:8352 ··when:
8353 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8354 ··-·'"grub2-common"·in·ansible_facts.packages'8353 ··-·'"grub2-common"·in·ansible_facts.packages'
 8354 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8355 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8355 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8356 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8356 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8357 ··tags:8357 ··tags:
8358 ··-·CJIS-5.5.2.28358 ··-·CJIS-5.5.2.2
8359 ··-·NIST-800-171-3.4.58359 ··-·NIST-800-171-3.4.5
8360 ··-·NIST-800-53-AC-6(1)8360 ··-·NIST-800-53-AC-6(1)
8361 ··-·NIST-800-53-CM-6(a)8361 ··-·NIST-800-53-CM-6(a)
Offset 8368, 15 lines modifiedOffset 8368, 15 lines modified
8368 ··-·medium_severity8368 ··-·medium_severity
8369 ··-·no_reboot_needed8369 ··-·no_reboot_needed
8370 Remediation_Shell_script_⇲8370 Remediation_Shell_script_⇲
8371 Complexity:·low8371 Complexity:·low
8372 Disruption:·low8372 Disruption:·low
8373 Strategy:···configure8373 Strategy:···configure
8374 #·Remediation·is·applicable·only·in·certain·platforms8374 #·Remediation·is·applicable·only·in·certain·platforms
8375 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8375 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8376 chown·0·/boot/grub2/user.cfg8376 chown·0·/boot/grub2/user.cfg
  
8377 else8377 else
8378 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8378 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8379 fi8379 fi
8380 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***8380 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 8405, 16 lines modifiedOffset 8405, 16 lines modified
8405 ··-·no_reboot_needed8405 ··-·no_reboot_needed
  
8406 -·name:·Test·for·existence·/boot/grub2/grub.cfg8406 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8407 ··stat:8407 ··stat:
8408 ····path:·/boot/grub2/grub.cfg8408 ····path:·/boot/grub2/grub.cfg
8409 ··register:·file_exists8409 ··register:·file_exists
8410 ··when:8410 ··when:
8411 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8412 ··-·'"grub2-common"·in·ansible_facts.packages'8411 ··-·'"grub2-common"·in·ansible_facts.packages'
 8412 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8413 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8413 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8414 ··tags:8414 ··tags:
8415 ··-·NIST-800-171-3.4.58415 ··-·NIST-800-171-3.4.5
8416 ··-·NIST-800-53-AC-6(1)8416 ··-·NIST-800-53-AC-6(1)
8417 ··-·NIST-800-53-CM-6(a)8417 ··-·NIST-800-53-CM-6(a)
8418 ··-·configure_strategy8418 ··-·configure_strategy
8419 ··-·file_permissions_efi_grub2_cfg8419 ··-·file_permissions_efi_grub2_cfg
Offset 8424, 16 lines modifiedOffset 8424, 16 lines modified
8424 ··-·no_reboot_needed8424 ··-·no_reboot_needed
  
8425 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg8425 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
8426 ··file:8426 ··file:
8427 ····path:·/boot/grub2/grub.cfg8427 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2977/7380 bytes (40.34%) of diff not shown.
29.9 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l1.html
    
Offset 61424, 21 lines modifiedOffset 61424, 21 lines modified
000efef0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000efef0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000eff00:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000eff00:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000eff10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000eff10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000eff20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000eff20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000eff30:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg000eff30:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg
000eff40:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000eff40:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000eff50:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000eff50:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000eff60:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
000eff70:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000eff80:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000eff90:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000effa0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo000eff60:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
000effb0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa000eff70:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
000effc0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000eff80:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000eff90:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 000effa0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000effb0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000effc0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000effd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000effd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000effe0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000effe0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000efff0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000efff0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000f0000:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000f0000:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000f0010:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f0010:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000f0020:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000f0020:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000f0030:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2000f0030:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2
Offset 61459, 22 lines modifiedOffset 61459, 22 lines modified
000f0120:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000f0120:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000f0130:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0000f0130:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
000f0140:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/000f0140:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/
000f0150:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:000f0150:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:
000f0160:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000f0160:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000f0170:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000f0170:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000f0180:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·000f0180:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·
000f0190:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000f0190:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000f01a0:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
000f01b0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000f01c0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000f01d0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
000f01e0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i000f01a0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
000f01f0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.000f01b0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000f0200:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an000f01c0:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000f01d0:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 000f01e0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000f01f0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000f0200:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
000f0210:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza000f0210:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
000f0220:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in000f0220:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
000f0230:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc000f0230:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
000f0240:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po000f0240:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
000f0250:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000f0250:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000f0260:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi000f0260:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
000f0270:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi000f0270:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 61525, 19 lines modifiedOffset 61525, 19 lines modified
000f0540:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><000f0540:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
000f0550:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td000f0550:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td
000f0560:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p000f0560:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
000f0570:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000f0570:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000f0580:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000f0580:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000f0590:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000f0590:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000f05a0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000f05a0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
000f05b0:·6620·5b20·2d66·202f·7379·732f·6669·726d··f·[·-f·/sys/firm 
000f05c0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
000f05d0:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie000f05b0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q
000f05e0:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo000f05c0:·2067·7275·6232·2d63·6f6d·6d6f·6e20·2661···grub2-common·&a
 000f05d0:·6d70·3b26·616d·703b·205b·202d·6620·2f73··mp;&amp;·[·-f·/s
 000f05e0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
000f05f0:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[000f05f0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
000f0600:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000f0600:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000f0610:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000f0610:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000f0620:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000f0620:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000f0630:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000f0630:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000f0640:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000f0640:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000f0650:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf000f0650:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
000f0660:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000f0660:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 61919, 22 lines modifiedOffset 61919, 22 lines modified
000f1de0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe000f1de0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
000f1df0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/000f1df0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
000f1e00:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:000f1e00:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:
000f1e10:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000f1e10:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000f1e20:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000f1e20:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000f1e30:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file000f1e30:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
000f1e40:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.000f1e40:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
000f1e50:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000f1e60:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000f1e70:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000f1e80:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000f1e90:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000f1e50:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000f1ea0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000f1e60:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000f1eb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000f1e70:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000f1e80:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000f1e90:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000f1ea0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000f1eb0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000f1ec0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000f1ec0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000f1ed0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000f1ed0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000f1ee0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000f1ee0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000f1ef0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000f1ef0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000f1f00:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000f1f00:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000f1f10:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000f1f10:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000f1f20:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000f1f20:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000f1f30:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8000f1f30:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 61954, 22 lines modifiedOffset 61954, 22 lines modified
000f2010:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000f2010:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000f2020:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b000f2020:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b
000f2030:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c000f2030:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
000f2040:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000f2040:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000f2050:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000f2050:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000f2060:·2f75·7365·722e·6366·670a·2020·2020·6f77··/user.cfg.····ow000f2060:·2f75·7365·722e·6366·670a·2020·2020·6f77··/user.cfg.····ow
000f2070:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:000f2070:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:
000f2080:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000f2090:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou 
000f20a0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000f20b0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
000f20c0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2000f2080:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
000f20d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi000f2090:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
000f20e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000f20a0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000f20b0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000f20c0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000f20d0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000f20e0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
000f20f0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000f20f0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
000f2100:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t000f2100:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
000f2110:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc000f2110:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
000f2120:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op000f2120:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
000f2130:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",000f2130:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
000f2140:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000f2140:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
000f2150:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st000f2150:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
Max diff block lines reached; 13154/23082 bytes (56.99%) of diff not shown.
7.23 KB
html2text {}
    
Offset 8244, 16 lines modifiedOffset 8244, 16 lines modified
8244 ··-·no_reboot_needed8244 ··-·no_reboot_needed
  
8245 -·name:·Test·for·existence·/boot/grub2/user.cfg8245 -·name:·Test·for·existence·/boot/grub2/user.cfg
8246 ··stat:8246 ··stat:
8247 ····path:·/boot/grub2/user.cfg8247 ····path:·/boot/grub2/user.cfg
8248 ··register:·file_exists8248 ··register:·file_exists
8249 ··when:8249 ··when:
8250 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8251 ··-·'"grub2-common"·in·ansible_facts.packages'8250 ··-·'"grub2-common"·in·ansible_facts.packages'
 8251 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8253 ··tags:8253 ··tags:
8254 ··-·CJIS-5.5.2.28254 ··-·CJIS-5.5.2.2
8255 ··-·NIST-800-171-3.4.58255 ··-·NIST-800-171-3.4.5
8256 ··-·NIST-800-53-AC-6(1)8256 ··-·NIST-800-53-AC-6(1)
8257 ··-·NIST-800-53-CM-6(a)8257 ··-·NIST-800-53-CM-6(a)
8258 ··-·PCI-DSS-Req-7.18258 ··-·PCI-DSS-Req-7.1
Offset 8265, 16 lines modifiedOffset 8265, 16 lines modified
8265 ··-·no_reboot_needed8265 ··-·no_reboot_needed
  
8266 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8266 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8267 ··file:8267 ··file:
8268 ····path:·/boot/grub2/user.cfg8268 ····path:·/boot/grub2/user.cfg
8269 ····group:·'0'8269 ····group:·'0'
8270 ··when:8270 ··when:
8271 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8272 ··-·'"grub2-common"·in·ansible_facts.packages'8271 ··-·'"grub2-common"·in·ansible_facts.packages'
 8272 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8273 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8273 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8274 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8274 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8275 ··tags:8275 ··tags:
8276 ··-·CJIS-5.5.2.28276 ··-·CJIS-5.5.2.2
8277 ··-·NIST-800-171-3.4.58277 ··-·NIST-800-171-3.4.5
8278 ··-·NIST-800-53-AC-6(1)8278 ··-·NIST-800-53-AC-6(1)
8279 ··-·NIST-800-53-CM-6(a)8279 ··-·NIST-800-53-CM-6(a)
Offset 8286, 15 lines modifiedOffset 8286, 15 lines modified
8286 ··-·medium_severity8286 ··-·medium_severity
8287 ··-·no_reboot_needed8287 ··-·no_reboot_needed
8288 Remediation_Shell_script_⇲8288 Remediation_Shell_script_⇲
8289 Complexity:·low8289 Complexity:·low
8290 Disruption:·low8290 Disruption:·low
8291 Strategy:···configure8291 Strategy:···configure
8292 #·Remediation·is·applicable·only·in·certain·platforms8292 #·Remediation·is·applicable·only·in·certain·platforms
8293 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8293 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8294 chgrp·0·/boot/grub2/user.cfg8294 chgrp·0·/boot/grub2/user.cfg
  
8295 else8295 else
8296 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8296 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8297 fi8297 fi
8298 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***8298 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 8325, 16 lines modifiedOffset 8325, 16 lines modified
8325 ··-·no_reboot_needed8325 ··-·no_reboot_needed
  
8326 -·name:·Test·for·existence·/boot/grub2/user.cfg8326 -·name:·Test·for·existence·/boot/grub2/user.cfg
8327 ··stat:8327 ··stat:
8328 ····path:·/boot/grub2/user.cfg8328 ····path:·/boot/grub2/user.cfg
8329 ··register:·file_exists8329 ··register:·file_exists
8330 ··when:8330 ··when:
8331 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8332 ··-·'"grub2-common"·in·ansible_facts.packages'8331 ··-·'"grub2-common"·in·ansible_facts.packages'
 8332 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8333 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8333 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8334 ··tags:8334 ··tags:
8335 ··-·CJIS-5.5.2.28335 ··-·CJIS-5.5.2.2
8336 ··-·NIST-800-171-3.4.58336 ··-·NIST-800-171-3.4.5
8337 ··-·NIST-800-53-AC-6(1)8337 ··-·NIST-800-53-AC-6(1)
8338 ··-·NIST-800-53-CM-6(a)8338 ··-·NIST-800-53-CM-6(a)
8339 ··-·PCI-DSS-Req-7.18339 ··-·PCI-DSS-Req-7.1
Offset 8346, 16 lines modifiedOffset 8346, 16 lines modified
8346 ··-·no_reboot_needed8346 ··-·no_reboot_needed
  
8347 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg8347 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
8348 ··file:8348 ··file:
8349 ····path:·/boot/grub2/user.cfg8349 ····path:·/boot/grub2/user.cfg
8350 ····owner:·'0'8350 ····owner:·'0'
8351 ··when:8351 ··when:
8352 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8353 ··-·'"grub2-common"·in·ansible_facts.packages'8352 ··-·'"grub2-common"·in·ansible_facts.packages'
 8353 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8354 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8354 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8355 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8355 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8356 ··tags:8356 ··tags:
8357 ··-·CJIS-5.5.2.28357 ··-·CJIS-5.5.2.2
8358 ··-·NIST-800-171-3.4.58358 ··-·NIST-800-171-3.4.5
8359 ··-·NIST-800-53-AC-6(1)8359 ··-·NIST-800-53-AC-6(1)
8360 ··-·NIST-800-53-CM-6(a)8360 ··-·NIST-800-53-CM-6(a)
Offset 8367, 15 lines modifiedOffset 8367, 15 lines modified
8367 ··-·medium_severity8367 ··-·medium_severity
8368 ··-·no_reboot_needed8368 ··-·no_reboot_needed
8369 Remediation_Shell_script_⇲8369 Remediation_Shell_script_⇲
8370 Complexity:·low8370 Complexity:·low
8371 Disruption:·low8371 Disruption:·low
8372 Strategy:···configure8372 Strategy:···configure
8373 #·Remediation·is·applicable·only·in·certain·platforms8373 #·Remediation·is·applicable·only·in·certain·platforms
8374 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8374 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8375 chown·0·/boot/grub2/user.cfg8375 chown·0·/boot/grub2/user.cfg
  
8376 else8376 else
8377 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8377 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8378 fi8378 fi
8379 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***8379 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 8404, 16 lines modifiedOffset 8404, 16 lines modified
8404 ··-·no_reboot_needed8404 ··-·no_reboot_needed
  
8405 -·name:·Test·for·existence·/boot/grub2/grub.cfg8405 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8406 ··stat:8406 ··stat:
8407 ····path:·/boot/grub2/grub.cfg8407 ····path:·/boot/grub2/grub.cfg
8408 ··register:·file_exists8408 ··register:·file_exists
8409 ··when:8409 ··when:
8410 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8411 ··-·'"grub2-common"·in·ansible_facts.packages'8410 ··-·'"grub2-common"·in·ansible_facts.packages'
 8411 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8412 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8412 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8413 ··tags:8413 ··tags:
8414 ··-·NIST-800-171-3.4.58414 ··-·NIST-800-171-3.4.5
8415 ··-·NIST-800-53-AC-6(1)8415 ··-·NIST-800-53-AC-6(1)
8416 ··-·NIST-800-53-CM-6(a)8416 ··-·NIST-800-53-CM-6(a)
8417 ··-·configure_strategy8417 ··-·configure_strategy
8418 ··-·file_permissions_efi_grub2_cfg8418 ··-·file_permissions_efi_grub2_cfg
Offset 8423, 16 lines modifiedOffset 8423, 16 lines modified
8423 ··-·no_reboot_needed8423 ··-·no_reboot_needed
  
8424 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg8424 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
8425 ··file:8425 ··file:
8426 ····path:·/boot/grub2/grub.cfg8426 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2977/7380 bytes (40.34%) of diff not shown.
29.8 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l2.html
    
Offset 186671, 21 lines modifiedOffset 186671, 21 lines modified
002d92e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002d92e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002d92f0:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us002d92f0:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
002d9300:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·002d9300:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
002d9310:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002d9310:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002d9320:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002d9320:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002d9330:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e002d9330:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
002d9340:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··002d9340:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
002d9350:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
002d9360:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002d9370:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002d9380:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002d9390:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co002d9350:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
002d93a0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible002d9360:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
002d93b0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002d9370:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002d9380:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 002d9390:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002d93a0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002d93b0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002d93c0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002d93c0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002d93d0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002d93d0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002d93e0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002d93e0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002d93f0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002d93f0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002d9400:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002d9400:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002d9410:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag002d9410:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
002d9420:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.002d9420:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 186707, 21 lines modifiedOffset 186707, 21 lines modified
002d9520:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne002d9520:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
002d9530:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru002d9530:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
002d9540:·6232·2f75·7365·722e·6366·670a·2020·6669··b2/user.cfg.··fi002d9540:·6232·2f75·7365·722e·6366·670a·2020·6669··b2/user.cfg.··fi
002d9550:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b002d9550:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
002d9560:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c002d9560:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
002d9570:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0002d9570:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
002d9580:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"002d9580:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
002d9590:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an 
002d95a0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002d95b0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002d95c0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002d95d0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common002d9590:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
002d95e0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac002d95a0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
002d95f0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002d95b0:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 002d95c0:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans
 002d95d0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002d95e0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002d95f0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002d9600:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002d9600:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002d9610:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002d9610:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002d9620:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002d9620:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002d9630:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002d9630:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002d9640:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002d9640:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002d9650:·696e·6572·225d·0a20·202d·2066·696c·655f··iner"].··-·file_002d9650:·696e·6572·225d·0a20·202d·2066·696c·655f··iner"].··-·file_
002d9660:·6578·6973·7473·2e73·7461·7420·6973·2064··exists.stat·is·d002d9660:·6578·6973·7473·2e73·7461·7420·6973·2064··exists.stat·is·d
Offset 186772, 19 lines modifiedOffset 186772, 19 lines modified
002d9930:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t002d9930:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
002d9940:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<002d9940:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<
002d9950:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table002d9950:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
002d9960:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re002d9960:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
002d9970:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app002d9970:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
002d9980:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·002d9980:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
002d9990:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform002d9990:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
 002d99a0:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
002d99a0:·730a·6966·205b·202d·6620·2f73·7973·2f66··s.if·[·-f·/sys/f 
002d99b0:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a 
002d99c0:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
002d99d0:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co002d99b0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
 002d99c0:·2026·616d·703b·2661·6d70·3b20·5b20·2d66···&amp;&amp;·[·-f
 002d99d0:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e
002d99e0:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·002d99e0:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;·
002d99f0:·7b20·5b20·2120·2d66·202f·2e64·6f63·6b65··{·[·!·-f·/.docke002d99f0:·7b20·5b20·2120·2d66·202f·2e64·6f63·6b65··{·[·!·-f·/.docke
002d9a00:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp002d9a00:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
002d9a10:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c002d9a10:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
002d9a20:·6f6e·7461·696e·6572·656e·7620·5d3b·207d··ontainerenv·];·}002d9a20:·6f6e·7461·696e·6572·656e·7620·5d3b·207d··ontainerenv·];·}
002d9a30:·3b20·7468·656e·0a0a·6368·6772·7020·3020··;·then..chgrp·0·002d9a30:·3b20·7468·656e·0a0a·6368·6772·7020·3020··;·then..chgrp·0·
002d9a40:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002d9a40:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002d9a50:·2e63·6667·0a0a·656c·7365·0a20·2020·2026··.cfg..else.····&002d9a50:·2e63·6667·0a0a·656c·7365·0a20·2020·2026··.cfg..else.····&
Offset 187166, 22 lines modifiedOffset 187166, 22 lines modified
002db1d0:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi002db1d0:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
002db1e0:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru002db1e0:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
002db1f0:·6232·2f75·7365·722e·6366·670a·2020·7374··b2/user.cfg.··st002db1f0:·6232·2f75·7365·722e·6366·670a·2020·7374··b2/user.cfg.··st
002db200:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b002db200:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
002db210:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c002db210:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
002db220:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f002db220:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
002db230:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe002db230:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
002db240:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e002db240:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
002db250:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m 
002db260:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002db270:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
002db280:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
002db290:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an002db250:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
002db2a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack002db260:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 002db270:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002db280:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo
 002db290:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 002db2a0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
002db2b0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl002db2b0:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
002db2c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization002db2c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
002db2d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d002db2d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
002db2e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"002db2e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
002db2f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman002db2f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
002db300:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].002db300:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
002db310:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS002db310:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
002db320:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS002db320:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 187201, 22 lines modifiedOffset 187201, 22 lines modified
002db400:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E002db400:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E
002db410:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on002db410:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on
002db420:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use002db420:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
002db430:·722e·6366·670a·2020·6669·6c65·3a0a·2020··r.cfg.··file:.··002db430:·722e·6366·670a·2020·6669·6c65·3a0a·2020··r.cfg.··file:.··
002db440:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002db440:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002db450:·7562·322f·7573·6572·2e63·6667·0a20·2020··ub2/user.cfg.···002db450:·7562·322f·7573·6572·2e63·6667·0a20·2020··ub2/user.cfg.···
002db460:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh002db460:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh
002db470:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/002db470:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
002db480:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
002db490:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002db4a0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002db4b0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002db4c0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a002db480:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
002db4d0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002db490:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 002db4a0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 002db4b0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 002db4c0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002db4d0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002db4e0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002db4e0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002db4f0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002db4f0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002db500:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002db500:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002db510:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002db510:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002db520:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002db520:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002db530:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002db530:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002db540:·0a20·202d·2066·696c·655f·6578·6973·7473··.··-·file_exists002db540:·0a20·202d·2066·696c·655f·6578·6973·7473··.··-·file_exists
Max diff block lines reached; 13168/22968 bytes (57.33%) of diff not shown.
7.25 KB
html2text {}
    
Offset 41737, 16 lines modifiedOffset 41737, 16 lines modified
41737 ··-·no_reboot_needed41737 ··-·no_reboot_needed
  
41738 -·name:·Test·for·existence·/boot/grub2/user.cfg41738 -·name:·Test·for·existence·/boot/grub2/user.cfg
41739 ··stat:41739 ··stat:
41740 ····path:·/boot/grub2/user.cfg41740 ····path:·/boot/grub2/user.cfg
41741 ··register:·file_exists41741 ··register:·file_exists
41742 ··when:41742 ··when:
41743 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41744 ··-·'"grub2-common"·in·ansible_facts.packages'41743 ··-·'"grub2-common"·in·ansible_facts.packages'
 41744 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41745 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41745 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41746 ··tags:41746 ··tags:
41747 ··-·CJIS-5.5.2.241747 ··-·CJIS-5.5.2.2
41748 ··-·NIST-800-171-3.4.541748 ··-·NIST-800-171-3.4.5
41749 ··-·NIST-800-53-AC-6(1)41749 ··-·NIST-800-53-AC-6(1)
41750 ··-·NIST-800-53-CM-6(a)41750 ··-·NIST-800-53-CM-6(a)
41751 ··-·PCI-DSS-Req-7.141751 ··-·PCI-DSS-Req-7.1
Offset 41758, 16 lines modifiedOffset 41758, 16 lines modified
41758 ··-·no_reboot_needed41758 ··-·no_reboot_needed
  
41759 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41759 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41760 ··file:41760 ··file:
41761 ····path:·/boot/grub2/user.cfg41761 ····path:·/boot/grub2/user.cfg
41762 ····group:·'0'41762 ····group:·'0'
41763 ··when:41763 ··when:
41764 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41765 ··-·'"grub2-common"·in·ansible_facts.packages'41764 ··-·'"grub2-common"·in·ansible_facts.packages'
 41765 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41767 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41767 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41768 ··tags:41768 ··tags:
41769 ··-·CJIS-5.5.2.241769 ··-·CJIS-5.5.2.2
41770 ··-·NIST-800-171-3.4.541770 ··-·NIST-800-171-3.4.5
41771 ··-·NIST-800-53-AC-6(1)41771 ··-·NIST-800-53-AC-6(1)
41772 ··-·NIST-800-53-CM-6(a)41772 ··-·NIST-800-53-CM-6(a)
Offset 41779, 15 lines modifiedOffset 41779, 15 lines modified
41779 ··-·medium_severity41779 ··-·medium_severity
41780 ··-·no_reboot_needed41780 ··-·no_reboot_needed
41781 Remediation_Shell_script_⇲41781 Remediation_Shell_script_⇲
41782 Complexity:·low41782 Complexity:·low
41783 Disruption:·low41783 Disruption:·low
41784 Strategy:···configure41784 Strategy:···configure
41785 #·Remediation·is·applicable·only·in·certain·platforms41785 #·Remediation·is·applicable·only·in·certain·platforms
41786 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41786 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41787 chgrp·0·/boot/grub2/user.cfg41787 chgrp·0·/boot/grub2/user.cfg
  
41788 else41788 else
41789 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41789 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41790 fi41790 fi
41791 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***41791 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 41818, 16 lines modifiedOffset 41818, 16 lines modified
41818 ··-·no_reboot_needed41818 ··-·no_reboot_needed
  
41819 -·name:·Test·for·existence·/boot/grub2/user.cfg41819 -·name:·Test·for·existence·/boot/grub2/user.cfg
41820 ··stat:41820 ··stat:
41821 ····path:·/boot/grub2/user.cfg41821 ····path:·/boot/grub2/user.cfg
41822 ··register:·file_exists41822 ··register:·file_exists
41823 ··when:41823 ··when:
41824 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41825 ··-·'"grub2-common"·in·ansible_facts.packages'41824 ··-·'"grub2-common"·in·ansible_facts.packages'
 41825 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41827 ··tags:41827 ··tags:
41828 ··-·CJIS-5.5.2.241828 ··-·CJIS-5.5.2.2
41829 ··-·NIST-800-171-3.4.541829 ··-·NIST-800-171-3.4.5
41830 ··-·NIST-800-53-AC-6(1)41830 ··-·NIST-800-53-AC-6(1)
41831 ··-·NIST-800-53-CM-6(a)41831 ··-·NIST-800-53-CM-6(a)
41832 ··-·PCI-DSS-Req-7.141832 ··-·PCI-DSS-Req-7.1
Offset 41839, 16 lines modifiedOffset 41839, 16 lines modified
41839 ··-·no_reboot_needed41839 ··-·no_reboot_needed
  
41840 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg41840 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
41841 ··file:41841 ··file:
41842 ····path:·/boot/grub2/user.cfg41842 ····path:·/boot/grub2/user.cfg
41843 ····owner:·'0'41843 ····owner:·'0'
41844 ··when:41844 ··when:
41845 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41846 ··-·'"grub2-common"·in·ansible_facts.packages'41845 ··-·'"grub2-common"·in·ansible_facts.packages'
 41846 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41847 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41847 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41848 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41848 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41849 ··tags:41849 ··tags:
41850 ··-·CJIS-5.5.2.241850 ··-·CJIS-5.5.2.2
41851 ··-·NIST-800-171-3.4.541851 ··-·NIST-800-171-3.4.5
41852 ··-·NIST-800-53-AC-6(1)41852 ··-·NIST-800-53-AC-6(1)
41853 ··-·NIST-800-53-CM-6(a)41853 ··-·NIST-800-53-CM-6(a)
Offset 41860, 15 lines modifiedOffset 41860, 15 lines modified
41860 ··-·medium_severity41860 ··-·medium_severity
41861 ··-·no_reboot_needed41861 ··-·no_reboot_needed
41862 Remediation_Shell_script_⇲41862 Remediation_Shell_script_⇲
41863 Complexity:·low41863 Complexity:·low
41864 Disruption:·low41864 Disruption:·low
41865 Strategy:···configure41865 Strategy:···configure
41866 #·Remediation·is·applicable·only·in·certain·platforms41866 #·Remediation·is·applicable·only·in·certain·platforms
41867 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41867 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41868 chown·0·/boot/grub2/user.cfg41868 chown·0·/boot/grub2/user.cfg
  
41869 else41869 else
41870 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41870 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41871 fi41871 fi
41872 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***41872 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 41897, 16 lines modifiedOffset 41897, 16 lines modified
41897 ··-·no_reboot_needed41897 ··-·no_reboot_needed
  
41898 -·name:·Test·for·existence·/boot/grub2/grub.cfg41898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41899 ··stat:41899 ··stat:
41900 ····path:·/boot/grub2/grub.cfg41900 ····path:·/boot/grub2/grub.cfg
41901 ··register:·file_exists41901 ··register:·file_exists
41902 ··when:41902 ··when:
41903 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41904 ··-·'"grub2-common"·in·ansible_facts.packages'41903 ··-·'"grub2-common"·in·ansible_facts.packages'
 41904 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41906 ··tags:41906 ··tags:
41907 ··-·NIST-800-171-3.4.541907 ··-·NIST-800-171-3.4.5
41908 ··-·NIST-800-53-AC-6(1)41908 ··-·NIST-800-53-AC-6(1)
41909 ··-·NIST-800-53-CM-6(a)41909 ··-·NIST-800-53-CM-6(a)
41910 ··-·configure_strategy41910 ··-·configure_strategy
41911 ··-·file_permissions_efi_grub2_cfg41911 ··-·file_permissions_efi_grub2_cfg
Offset 41916, 16 lines modifiedOffset 41916, 16 lines modified
41916 ··-·no_reboot_needed41916 ··-·no_reboot_needed
  
41917 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg41917 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
41918 ··file:41918 ··file:
41919 ····path:·/boot/grub2/grub.cfg41919 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2985/7404 bytes (40.32%) of diff not shown.
5.05 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig.html
    
Offset 416870, 22 lines modifiedOffset 416870, 22 lines modified
0065c650:·6374·696f·6e73·5c73·2a3d·5c73·2a0a·2020··ctions\s*=\s*.··0065c650:·6374·696f·6e73·5c73·2a3d·5c73·2a0a·2020··ctions\s*=\s*.··
0065c660:·2020·2020·6c69·6e65·3a20·736d·7470·645f······line:·smtpd_0065c660:·2020·2020·6c69·6e65·3a20·736d·7470·645f······line:·smtpd_
0065c670:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti0065c670:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti
0065c680:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn0065c680:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn
0065c690:·6574·776f·726b·732c·7265·6a65·6374·0a20··etworks,reject.·0065c690:·6574·776f·726b·732c·7265·6a65·6374·0a20··etworks,reject.·
0065c6a0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres0065c6a0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
0065c6b0:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·0065c6b0:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·
0065c6c0:·2722·706f·7374·6669·7822·2069·6e20·616e··'"postfix"·in·an 
0065c6d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0065c6e0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
0065c6f0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0065c700:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0065c710:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0065c720:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0065c730:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0065c6c0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 0065c6d0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 0065c6e0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 0065c6f0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 0065c700:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 0065c710:·6e65·7222·5d0a·2020·2d20·2722·706f·7374··ner"].··-·'"post
 0065c720:·6669·7822·2069·6e20·616e·7369·626c·655f··fix"·in·ansible_
 0065c730:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
0065c740:·2020·7461·6773·3a0a·2020·2d20·6c6f·775f····tags:.··-·low_0065c740:·2020·7461·6773·3a0a·2020·2d20·6c6f·775f····tags:.··-·low_
0065c750:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l0065c750:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
0065c760:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··0065c760:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
0065c770:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit0065c770:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
0065c780:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_0065c780:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
0065c790:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf0065c790:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf
0065c7a0:·6978·5f70·7265·7665·6e74·5f75·6e72·6573··ix_prevent_unres0065c7a0:·6978·5f70·7265·7665·6e74·5f75·6e72·6573··ix_prevent_unres
Offset 416908, 20 lines modifiedOffset 416908, 20 lines modified
0065c8b0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0065c8b0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0065c8c0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0065c8c0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0065c8d0:·6964·3d22·6964·6d36·3632·3934·223e·3c70··id="idm66294"><p0065c8d0:·6964·3d22·6964·6d36·3632·3934·223e·3c70··id="idm66294"><p
0065c8e0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed0065c8e0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0065c8f0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic0065c8f0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0065c900:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer0065c900:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0065c910:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i0065c910:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0065c920:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
0065c930:·2070·6f73·7466·6978·2026·616d·703b·2661···postfix·&amp;&a 
0065c940:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc0065c920:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
0065c950:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a0065c930:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
0065c960:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/0065c940:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
0065c970:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];0065c950:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 0065c960:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 0065c970:·7569·6574·202d·7120·706f·7374·6669·783b··uiet·-q·postfix;
0065c980:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep0065c980:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep
0065c990:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien0065c990:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien
0065c9a0:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/0065c9a0:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/
0065c9b0:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main0065c9b0:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main
0065c9c0:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·0065c9c0:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·
0065c9d0:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re0065c9d0:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re
0065c9e0:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per0065c9e0:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per
1.12 KB
html2text {}
    
Offset 88767, 26 lines modifiedOffset 88767, 26 lines modified
88767 ····lineinfile:88767 ····lineinfile:
88768 ······path:·/etc/postfix/main.cf88768 ······path:·/etc/postfix/main.cf
88769 ······create:·true88769 ······create:·true
88770 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*88770 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
88771 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject88771 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
88772 ······state:·present88772 ······state:·present
88773 ··when:88773 ··when:
88774 ··-·'"postfix"·in·ansible_facts.packages' 
88775 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]88774 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 88775 ··-·'"postfix"·in·ansible_facts.packages'
88776 ··tags:88776 ··tags:
88777 ··-·low_complexity88777 ··-·low_complexity
88778 ··-·low_disruption88778 ··-·low_disruption
88779 ··-·medium_severity88779 ··-·medium_severity
88780 ··-·no_reboot_needed88780 ··-·no_reboot_needed
88781 ··-·postfix_prevent_unrestricted_relay88781 ··-·postfix_prevent_unrestricted_relay
88782 ··-·restrict_strategy88782 ··-·restrict_strategy
88783 Remediation_Shell_script_⇲88783 Remediation_Shell_script_⇲
88784 #·Remediation·is·applicable·only·in·certain·platforms88784 #·Remediation·is·applicable·only·in·certain·platforms
88785 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then88785 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
88786 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then88786 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
88787 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf88787 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
88788 else88788 else
88789 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf88789 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
88790 fi88790 fi
  
5.2 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig_gui.html
    
Offset 416544, 23 lines modifiedOffset 416544, 23 lines modified
0065b1f0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric0065b1f0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
0065b200:·7469·6f6e·735c·732a·3d5c·732a·0a20·2020··tions\s*=\s*.···0065b200:·7469·6f6e·735c·732a·3d5c·732a·0a20·2020··tions\s*=\s*.···
0065b210:·2020·206c·696e·653a·2073·6d74·7064·5f63·····line:·smtpd_c0065b210:·2020·206c·696e·653a·2073·6d74·7064·5f63·····line:·smtpd_c
0065b220:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio0065b220:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
0065b230:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne0065b230:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne
0065b240:·7477·6f72·6b73·2c72·656a·6563·740a·2020··tworks,reject.··0065b240:·7477·6f72·6b73·2c72·656a·6563·740a·2020··tworks,reject.··
0065b250:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese0065b250:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
0065b260:·6e74·0a20·2077·6865·6e3a·0a20·202d·2027··nt.··when:.··-·'0065b260:·6e74·0a20·2077·6865·6e3a·0a20·202d·2061··nt.··when:.··-·a
0065b270:·2270·6f73·7466·6978·2220·696e·2061·6e73··"postfix"·in·ans 
0065b280:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
0065b290:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
0065b2a0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
0065b2b0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
0065b2c0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
0065b2d0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
0065b2e0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·0065b270:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0065b280:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0065b290:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0065b2a0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0065b2b0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 0065b2c0:·6572·225d·0a20·202d·2027·2270·6f73·7466··er"].··-·'"postf
 0065b2d0:·6978·2220·696e·2061·6e73·6962·6c65·5f66··ix"·in·ansible_f
 0065b2e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
0065b2f0:·2074·6167·733a·0a20·202d·206c·6f77·5f63···tags:.··-·low_c0065b2f0:·2074·6167·733a·0a20·202d·206c·6f77·5f63···tags:.··-·low_c
0065b300:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo0065b300:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo
0065b310:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-0065b310:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-
0065b320:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity0065b320:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity
0065b330:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0065b330:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n
0065b340:·6565·6465·640a·2020·2d20·706f·7374·6669··eeded.··-·postfi0065b340:·6565·6465·640a·2020·2d20·706f·7374·6669··eeded.··-·postfi
0065b350:·785f·7072·6576·656e·745f·756e·7265·7374··x_prevent_unrest0065b350:·785f·7072·6576·656e·745f·756e·7265·7374··x_prevent_unrest
Offset 416583, 20 lines modifiedOffset 416583, 20 lines modified
0065b460:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0065b460:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0065b470:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0065b470:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0065b480:·643d·2269·646d·3636·3239·3422·3e3c·7072··d="idm66294"><pr0065b480:·643d·2269·646d·3636·3239·3422·3e3c·7072··d="idm66294"><pr
0065b490:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi0065b490:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0065b4a0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica0065b4a0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0065b4b0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert0065b4b0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0065b4c0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if0065b4c0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0065b4d0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
0065b4e0:·706f·7374·6669·7820·2661·6d70·3b26·616d··postfix·&amp;&am 
0065b4f0:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock0065b4d0:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
0065b500:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am0065b4e0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
0065b510:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.0065b4f0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
0065b520:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·0065b500:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am
 0065b510:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu
 0065b520:·6965·7420·2d71·2070·6f73·7466·6978·3b20··iet·-q·postfix;·
0065b530:·7468·656e·0a0a·6966·2021·2067·7265·7020··then..if·!·grep·0065b530:·7468·656e·0a0a·6966·2021·2067·7265·7020··then..if·!·grep·
0065b540:·2d71·205e·736d·7470·645f·636c·6965·6e74··-q·^smtpd_client0065b540:·2d71·205e·736d·7470·645f·636c·6965·6e74··-q·^smtpd_client
0065b550:·5f72·6573·7472·6963·7469·6f6e·7320·2f65··_restrictions·/e0065b550:·5f72·6573·7472·6963·7469·6f6e·7320·2f65··_restrictions·/e
0065b560:·7463·2f70·6f73·7466·6978·2f6d·6169·6e2e··tc/postfix/main.0065b560:·7463·2f70·6f73·7466·6978·2f6d·6169·6e2e··tc/postfix/main.
0065b570:·6366·3b20·7468·656e·0a09·6563·686f·2022··cf;·then..echo·"0065b570:·6366·3b20·7468·656e·0a09·6563·686f·2022··cf;·then..echo·"
0065b580:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res0065b580:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res
0065b590:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm0065b590:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm
1.12 KB
html2text {}
    
Offset 88694, 26 lines modifiedOffset 88694, 26 lines modified
88694 ····lineinfile:88694 ····lineinfile:
88695 ······path:·/etc/postfix/main.cf88695 ······path:·/etc/postfix/main.cf
88696 ······create:·true88696 ······create:·true
88697 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*88697 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
88698 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject88698 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
88699 ······state:·present88699 ······state:·present
88700 ··when:88700 ··when:
88701 ··-·'"postfix"·in·ansible_facts.packages' 
88702 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]88701 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 88702 ··-·'"postfix"·in·ansible_facts.packages'
88703 ··tags:88703 ··tags:
88704 ··-·low_complexity88704 ··-·low_complexity
88705 ··-·low_disruption88705 ··-·low_disruption
88706 ··-·medium_severity88706 ··-·medium_severity
88707 ··-·no_reboot_needed88707 ··-·no_reboot_needed
88708 ··-·postfix_prevent_unrestricted_relay88708 ··-·postfix_prevent_unrestricted_relay
88709 ··-·restrict_strategy88709 ··-·restrict_strategy
88710 Remediation_Shell_script_⇲88710 Remediation_Shell_script_⇲
88711 #·Remediation·is·applicable·only·in·certain·platforms88711 #·Remediation·is·applicable·only·in·certain·platforms
88712 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then88712 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
88713 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then88713 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
88714 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf88714 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
88715 else88715 else
88716 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf88716 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
88717 fi88717 fi
  
1.18 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-ospp.html
    
Offset 54073, 23 lines modifiedOffset 54073, 23 lines modified
000d3380:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·000d3380:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
000d3390:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg000d3390:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
000d33a0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a000d33a0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
000d33b0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·000d33b0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
000d33c0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task000d33c0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task
000d33d0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··000d33d0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
000d33e0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6000d33e0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
000d33f0:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an000d33f0:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
000d3400:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000d3410:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000d3420:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000d3430:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000d3440:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
000d3450:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit" 
000d3460:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000d3470:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000d3400:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000d3410:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000d3420:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 000d3430:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000d3440:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000d3450:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000d3460:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000d3470:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000d3480:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000d3480:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000d3490:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64000d3490:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64
000d34a0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc000d34a0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
000d34b0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp000d34b0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp
000d34c0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_000d34c0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_
000d34d0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···000d34d0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···
000d34e0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or000d34e0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or
Offset 54395, 23 lines modifiedOffset 54395, 23 lines modified
000d47a0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre000d47a0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre
000d47b0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······000d47b0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
000d47c0:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····000d47c0:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····
000d47d0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present000d47d0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
000d47e0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca000d47e0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca
000d47f0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng000d47f0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng
000d4800:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.000d4800:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.
000d4810:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000d4820:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000d4830:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000d4840:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000d4850:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000d4860:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000d4870:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000d4880:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000d4810:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000d4820:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000d4830:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000d4840:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000d4850:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000d4860:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000d4870:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000d4880:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000d4890:·270a·2020·7461·6773·3a0a·2020·2d20·434a··'.··tags:.··-·CJ000d4890:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ
000d48a0:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N000d48a0:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N
000d48b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000d48b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000d48c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000d48c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000d48d0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000d48d0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000d48e0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000d48e0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
000d48f0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-000d48f0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-
000d4900:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P000d4900:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P
Offset 54705, 22 lines modifiedOffset 54705, 22 lines modified
000d5b00:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000d5b00:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000d5b10:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000d5b10:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000d5b20:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000d5b20:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000d5b30:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000d5b30:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000d5b40:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000d5b40:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000d5b50:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000d5b50:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000d5b60:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000d5b60:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000d5b70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000d5b80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000d5b90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000d5ba0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000d5bb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
000d5bc0:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
000d5bd0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000d5be0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000d5b70:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000d5b80:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000d5b90:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 000d5ba0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000d5bb0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000d5bc0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000d5bd0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000d5be0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000d5bf0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000d5bf0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000d5c00:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000d5c00:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000d5c10:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000d5c10:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000d5c20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000d5c20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000d5c30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000d5c30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000d5c40:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000d5c40:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
000d5c50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000d5c50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 54753, 20 lines modifiedOffset 54753, 20 lines modified
000d5e00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000d5e00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000d5e10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000d5e10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000d5e20:·3d22·6964·6d31·3632·3838·223e·3c70·7265··="idm16288"><pre000d5e20:·3d22·6964·6d31·3632·3838·223e·3c70·7265··="idm16288"><pre
000d5e30:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000d5e30:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000d5e40:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000d5e40:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000d5e50:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000d5e50:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000d5e60:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000d5e60:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 000d5e70:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
 000d5e80:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;·
000d5e70:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000d5e90:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000d5e80:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000d5ea0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000d5e90:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000d5eb0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000d5ea0:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp000d5ec0:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the
000d5eb0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
000d5ec0:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the 
000d5ed0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000d5ed0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000d5ee0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000d5ee0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000d5ef0:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000d5ef0:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
000d5f00:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev000d5f00:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
000d5f10:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi000d5f10:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi
000d5f20:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u000d5f20:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u
000d5f30:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system000d5f30:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system
Offset 56550, 23 lines modifiedOffset 56550, 23 lines modified
000dce50:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr000dce50:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
000dce60:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000dce60:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000dce70:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000dce70:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000dce80:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000dce80:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000dce90:·2063·686f·776e·2074·6173·6b73·0a20·2073···chown·tasks.··s000dce90:·2063·686f·776e·2074·6173·6b73·0a20·2073···chown·tasks.··s
000dcea0:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud000dcea0:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud
000dceb0:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w000dceb0:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w
000dcec0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000dcec0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000dced0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000dcee0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000dcef0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000dcf00:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
Max diff block lines reached; 930910/941114 bytes (98.92%) of diff not shown.
287 KB
html2text {}
    
Offset 7722, 16 lines modifiedOffset 7722, 16 lines modified
7722 ··-·reboot_required7722 ··-·reboot_required
7723 ··-·restrict_strategy7723 ··-·restrict_strategy
  
7724 -·name:·Set·architecture·for·audit·chmod·tasks7724 -·name:·Set·architecture·for·audit·chmod·tasks
7725 ··set_fact:7725 ··set_fact:
7726 ····audit_arch:·b647726 ····audit_arch:·b64
7727 ··when:7727 ··when:
7728 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7729 ··-·'"audit"·in·ansible_facts.packages'7728 ··-·'"audit"·in·ansible_facts.packages'
 7729 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7730 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7730 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7731 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7731 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7732 ··tags:7732 ··tags:
7733 ··-·CJIS-5.4.1.17733 ··-·CJIS-5.4.1.1
7734 ··-·NIST-800-171-3.1.77734 ··-·NIST-800-171-3.1.7
7735 ··-·NIST-800-53-AU-12(c)7735 ··-·NIST-800-53-AU-12(c)
7736 ··-·NIST-800-53-AU-2(d)7736 ··-·NIST-800-53-AU-2(d)
Offset 7867, 16 lines modifiedOffset 7867, 16 lines modified
7867 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007867 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7868 ········-F·auid!=unset·-F·key=perm_mod7868 ········-F·auid!=unset·-F·key=perm_mod
7869 ······create:·true7869 ······create:·true
7870 ······mode:·o-rwx7870 ······mode:·o-rwx
7871 ······state:·present7871 ······state:·present
7872 ····when:·syscalls_found·|·length·==·07872 ····when:·syscalls_found·|·length·==·0
7873 ··when:7873 ··when:
7874 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7875 ··-·'"audit"·in·ansible_facts.packages'7874 ··-·'"audit"·in·ansible_facts.packages'
 7875 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7876 ··tags:7876 ··tags:
7877 ··-·CJIS-5.4.1.17877 ··-·CJIS-5.4.1.1
7878 ··-·NIST-800-171-3.1.77878 ··-·NIST-800-171-3.1.7
7879 ··-·NIST-800-53-AU-12(c)7879 ··-·NIST-800-53-AU-12(c)
7880 ··-·NIST-800-53-AU-2(d)7880 ··-·NIST-800-53-AU-2(d)
7881 ··-·NIST-800-53-CM-6(a)7881 ··-·NIST-800-53-CM-6(a)
7882 ··-·PCI-DSS-Req-10.5.57882 ··-·PCI-DSS-Req-10.5.5
Offset 8010, 16 lines modifiedOffset 8010, 16 lines modified
8010 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008010 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8011 ········-F·auid!=unset·-F·key=perm_mod8011 ········-F·auid!=unset·-F·key=perm_mod
8012 ······create:·true8012 ······create:·true
8013 ······mode:·o-rwx8013 ······mode:·o-rwx
8014 ······state:·present8014 ······state:·present
8015 ····when:·syscalls_found·|·length·==·08015 ····when:·syscalls_found·|·length·==·0
8016 ··when:8016 ··when:
8017 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8018 ··-·'"audit"·in·ansible_facts.packages'8017 ··-·'"audit"·in·ansible_facts.packages'
 8018 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8019 ··-·audit_arch·==·"b64"8019 ··-·audit_arch·==·"b64"
8020 ··tags:8020 ··tags:
8021 ··-·CJIS-5.4.1.18021 ··-·CJIS-5.4.1.1
8022 ··-·NIST-800-171-3.1.78022 ··-·NIST-800-171-3.1.7
8023 ··-·NIST-800-53-AU-12(c)8023 ··-·NIST-800-53-AU-12(c)
8024 ··-·NIST-800-53-AU-2(d)8024 ··-·NIST-800-53-AU-2(d)
8025 ··-·NIST-800-53-CM-6(a)8025 ··-·NIST-800-53-CM-6(a)
Offset 8028, 15 lines modifiedOffset 8028, 15 lines modified
8028 ··-·low_complexity8028 ··-·low_complexity
8029 ··-·low_disruption8029 ··-·low_disruption
8030 ··-·medium_severity8030 ··-·medium_severity
8031 ··-·reboot_required8031 ··-·reboot_required
8032 ··-·restrict_strategy8032 ··-·restrict_strategy
8033 Remediation_Shell_script_⇲8033 Remediation_Shell_script_⇲
8034 #·Remediation·is·applicable·only·in·certain·platforms8034 #·Remediation·is·applicable·only·in·certain·platforms
8035 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8035 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8036 #·First·perform·the·remediation·of·the·syscall·rule8036 #·First·perform·the·remediation·of·the·syscall·rule
8037 #·Retrieve·hardware·architecture·of·the·underlying·system8037 #·Retrieve·hardware·architecture·of·the·underlying·system
8038 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8038 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8039 for·ARCH·in·"${RULE_ARCHS[@]}"8039 for·ARCH·in·"${RULE_ARCHS[@]}"
8040 do8040 do
Offset 8396, 16 lines modifiedOffset 8396, 16 lines modified
8396 ··-·reboot_required8396 ··-·reboot_required
8397 ··-·restrict_strategy8397 ··-·restrict_strategy
  
8398 -·name:·Set·architecture·for·audit·chown·tasks8398 -·name:·Set·architecture·for·audit·chown·tasks
8399 ··set_fact:8399 ··set_fact:
8400 ····audit_arch:·b648400 ····audit_arch:·b64
8401 ··when:8401 ··when:
8402 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8403 ··-·'"audit"·in·ansible_facts.packages'8402 ··-·'"audit"·in·ansible_facts.packages'
 8403 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8404 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8404 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8405 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8405 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8406 ··tags:8406 ··tags:
8407 ··-·CJIS-5.4.1.18407 ··-·CJIS-5.4.1.1
8408 ··-·NIST-800-171-3.1.78408 ··-·NIST-800-171-3.1.7
8409 ··-·NIST-800-53-AU-12(c)8409 ··-·NIST-800-53-AU-12(c)
8410 ··-·NIST-800-53-AU-2(d)8410 ··-·NIST-800-53-AU-2(d)
Offset 8543, 16 lines modifiedOffset 8543, 16 lines modified
8543 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008543 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8544 ········-F·auid!=unset·-F·key=perm_mod8544 ········-F·auid!=unset·-F·key=perm_mod
8545 ······create:·true8545 ······create:·true
8546 ······mode:·o-rwx8546 ······mode:·o-rwx
8547 ······state:·present8547 ······state:·present
8548 ····when:·syscalls_found·|·length·==·08548 ····when:·syscalls_found·|·length·==·0
8549 ··when:8549 ··when:
8550 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8551 ··-·'"audit"·in·ansible_facts.packages'8550 ··-·'"audit"·in·ansible_facts.packages'
 8551 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8552 ··tags:8552 ··tags:
8553 ··-·CJIS-5.4.1.18553 ··-·CJIS-5.4.1.1
8554 ··-·NIST-800-171-3.1.78554 ··-·NIST-800-171-3.1.7
8555 ··-·NIST-800-53-AU-12(c)8555 ··-·NIST-800-53-AU-12(c)
8556 ··-·NIST-800-53-AU-2(d)8556 ··-·NIST-800-53-AU-2(d)
8557 ··-·NIST-800-53-CM-6(a)8557 ··-·NIST-800-53-CM-6(a)
8558 ··-·PCI-DSS-Req-10.5.58558 ··-·PCI-DSS-Req-10.5.5
Offset 8688, 16 lines modifiedOffset 8688, 16 lines modified
8688 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008688 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8689 ········-F·auid!=unset·-F·key=perm_mod8689 ········-F·auid!=unset·-F·key=perm_mod
8690 ······create:·true8690 ······create:·true
8691 ······mode:·o-rwx8691 ······mode:·o-rwx
8692 ······state:·present8692 ······state:·present
8693 ····when:·syscalls_found·|·length·==·08693 ····when:·syscalls_found·|·length·==·0
8694 ··when:8694 ··when:
8695 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8696 ··-·'"audit"·in·ansible_facts.packages'8695 ··-·'"audit"·in·ansible_facts.packages'
 8696 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8697 ··-·audit_arch·==·"b64"8697 ··-·audit_arch·==·"b64"
8698 ··tags:8698 ··tags:
8699 ··-·CJIS-5.4.1.18699 ··-·CJIS-5.4.1.1
8700 ··-·NIST-800-171-3.1.78700 ··-·NIST-800-171-3.1.7
8701 ··-·NIST-800-53-AU-12(c)8701 ··-·NIST-800-53-AU-12(c)
8702 ··-·NIST-800-53-AU-2(d)8702 ··-·NIST-800-53-AU-2(d)
8703 ··-·NIST-800-53-CM-6(a)8703 ··-·NIST-800-53-CM-6(a)
Offset 8706, 15 lines modifiedOffset 8706, 15 lines modified
8706 ··-·low_complexity8706 ··-·low_complexity
8707 ··-·low_disruption8707 ··-·low_disruption
8708 ··-·medium_severity8708 ··-·medium_severity
Max diff block lines reached; 289549/294151 bytes (98.44%) of diff not shown.
774 KB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-pci-dss.html
    
Offset 51695, 23 lines modifiedOffset 51695, 23 lines modified
000c9ee0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict000c9ee0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
000c9ef0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam000c9ef0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
000c9f00:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect000c9f00:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
000c9f10:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch000c9f10:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
000c9f20:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_000c9f20:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
000c9f30:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_000c9f30:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
000c9f40:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when000c9f40:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
000c9f50:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000c9f60:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000c9f70:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000c9f80:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000c9f90:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000c9fa0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000c9fb0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000c9fc0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000c9f50:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000c9f60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000c9f70:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 000c9f80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000c9f90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000c9fa0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000c9fb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000c9fc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000c9fd0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000c9fd0:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_
000c9fe0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·000c9fe0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
000c9ff0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans000c9ff0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
000ca000:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000ca000:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000ca010:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·000ca010:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
000ca020:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000ca020:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000ca030:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc000ca030:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
000ca040:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible000ca040:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 52016, 23 lines modifiedOffset 52016, 23 lines modified
000cb2f0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000cb2f0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000cb300:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000cb300:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000cb310:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000cb310:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000cb320:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000cb320:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000cb330:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000cb330:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000cb340:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000cb340:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000cb350:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000cb350:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000cb360:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi000cb360:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
000cb370:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000cb380:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000cb390:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000cb3a0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000cb3b0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
000cb3c0:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i 
000cb3d0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000cb3e0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags000cb370:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000cb380:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000cb390:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000cb3a0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000cb3b0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000cb3c0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000cb3d0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000cb3e0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
000cb3f0:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1000cb3f0:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
000cb400:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-000cb400:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
000cb410:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI000cb410:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
000cb420:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000cb420:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
000cb430:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-000cb430:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-
000cb440:·3533·2d41·552d·3228·6429·0a20·202d·204e··53-AU-2(d).··-·N000cb440:·3533·2d41·552d·3228·6429·0a20·202d·204e··53-AU-2(d).··-·N
000cb450:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(000cb450:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
Offset 52326, 23 lines modifiedOffset 52326, 23 lines modified
000cc650:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····000cc650:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
000cc660:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000cc660:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000cc670:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000cc670:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000cc680:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000cc680:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000cc690:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000cc690:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000cc6a0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000cc6a0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000cc6b0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000cc6b0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000cc6c0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000cc6c0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000cc6d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000cc6e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000cc6f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000cc700:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000cc710:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
000cc720:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000cc730:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000cc6d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000cc6e0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000cc6f0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000cc700:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000cc710:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000cc720:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000cc730:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000cc740:·6b61·6765·7327·0a20·202d·2061·7564·6974··kages'.··-·audit000cc740:·696e·6572·225d·0a20·202d·2061·7564·6974··iner"].··-·audit
000cc750:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·000cc750:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·
000cc760:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-000cc760:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
000cc770:·352e·342e·312e·310a·2020·2d20·4e49·5354··5.4.1.1.··-·NIST000cc770:·352e·342e·312e·310a·2020·2d20·4e49·5354··5.4.1.1.··-·NIST
000cc780:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·000cc780:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·
000cc790:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000cc790:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
000cc7a0:·552d·3132·2863·290a·2020·2d20·4e49·5354··U-12(c).··-·NIST000cc7a0:·552d·3132·2863·290a·2020·2d20·4e49·5354··U-12(c).··-·NIST
000cc7b0:·2d38·3030·2d35·332d·4155·2d32·2864·290a··-800-53-AU-2(d).000cc7b0:·2d38·3030·2d35·332d·4155·2d32·2864·290a··-800-53-AU-2(d).
Offset 52374, 21 lines modifiedOffset 52374, 21 lines modified
000cc950:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan000cc950:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
000cc960:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll000cc960:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
000cc970:·6170·7365·2220·6964·3d22·6964·6d31·3632··apse"·id="idm162000cc970:·6170·7365·2220·6964·3d22·6964·6d31·3632··apse"·id="idm162
000cc980:·3838·223e·3c70·7265·3e3c·636f·6465·3e23··88"><pre><code>#000cc980:·3838·223e·3c70·7265·3e3c·636f·6465·3e23··88"><pre><code>#
000cc990:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000cc990:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000cc9a0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000cc9a0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000cc9b0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000cc9b0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000cc9c0:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/000cc9c0:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu
000cc9d0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am000cc9d0:·6965·7420·2d71·2061·7564·6974·2026·616d··iet·-q·audit·&am
000cc9e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000cc9e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
 000cc9f0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
 000cca00:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000cc9f0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000cca10:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
000cca00:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r 
000cca10:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000cca20:·6469·743b·2074·6865·6e0a·0a23·2046·6972··dit;·then..#·Fir000cca20:·7620·5d3b·2074·6865·6e0a·0a23·2046·6972··v·];·then..#·Fir
000cca30:·7374·2070·6572·666f·726d·2074·6865·2072··st·perform·the·r000cca30:·7374·2070·6572·666f·726d·2074·6865·2072··st·perform·the·r
000cca40:·656d·6564·6961·7469·6f6e·206f·6620·7468··emediation·of·th000cca40:·656d·6564·6961·7469·6f6e·206f·6620·7468··emediation·of·th
000cca50:·6520·7379·7363·616c·6c20·7275·6c65·0a23··e·syscall·rule.#000cca50:·6520·7379·7363·616c·6c20·7275·6c65·0a23··e·syscall·rule.#
000cca60:·2052·6574·7269·6576·6520·6861·7264·7761···Retrieve·hardwa000cca60:·2052·6574·7269·6576·6520·6861·7264·7761···Retrieve·hardwa
000cca70:·7265·2061·7263·6869·7465·6374·7572·6520··re·architecture·000cca70:·7265·2061·7263·6869·7465·6374·7572·6520··re·architecture·
000cca80:·6f66·2074·6865·2075·6e64·6572·6c79·696e··of·the·underlyin000cca80:·6f66·2074·6865·2075·6e64·6572·6c79·696e··of·the·underlyin
000cca90:·6720·7379·7374·656d·0a5b·2022·2428·6765··g·system.[·"$(ge000cca90:·6720·7379·7374·656d·0a5b·2022·2428·6765··g·system.[·"$(ge
Offset 54172, 22 lines modifiedOffset 54172, 22 lines modified
000d39b0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra000d39b0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
000d39c0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se000d39c0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se
000d39d0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f000d39d0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f
000d39e0:·6f72·2061·7564·6974·2063·686f·776e·2074··or·audit·chown·t000d39e0:·6f72·2061·7564·6974·2063·686f·776e·2074··or·audit·chown·t
000d39f0:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:000d39f0:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:
000d3a00:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:000d3a00:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:
000d3a10:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-000d3a10:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-
000d3a20:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000d3a30:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000d3a40:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000d3a50:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
Max diff block lines reached; 591736/602009 bytes (98.29%) of diff not shown.
186 KB
html2text {}
    
Offset 6714, 16 lines modifiedOffset 6714, 16 lines modified
6714 ··-·reboot_required6714 ··-·reboot_required
6715 ··-·restrict_strategy6715 ··-·restrict_strategy
  
6716 -·name:·Set·architecture·for·audit·chmod·tasks6716 -·name:·Set·architecture·for·audit·chmod·tasks
6717 ··set_fact:6717 ··set_fact:
6718 ····audit_arch:·b646718 ····audit_arch:·b64
6719 ··when:6719 ··when:
6720 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6721 ··-·'"audit"·in·ansible_facts.packages'6720 ··-·'"audit"·in·ansible_facts.packages'
 6721 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6722 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6722 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6723 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6723 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6724 ··tags:6724 ··tags:
6725 ··-·CJIS-5.4.1.16725 ··-·CJIS-5.4.1.1
6726 ··-·NIST-800-171-3.1.76726 ··-·NIST-800-171-3.1.7
6727 ··-·NIST-800-53-AU-12(c)6727 ··-·NIST-800-53-AU-12(c)
6728 ··-·NIST-800-53-AU-2(d)6728 ··-·NIST-800-53-AU-2(d)
Offset 6859, 16 lines modifiedOffset 6859, 16 lines modified
6859 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006859 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6860 ········-F·auid!=unset·-F·key=perm_mod6860 ········-F·auid!=unset·-F·key=perm_mod
6861 ······create:·true6861 ······create:·true
6862 ······mode:·o-rwx6862 ······mode:·o-rwx
6863 ······state:·present6863 ······state:·present
6864 ····when:·syscalls_found·|·length·==·06864 ····when:·syscalls_found·|·length·==·0
6865 ··when:6865 ··when:
6866 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6867 ··-·'"audit"·in·ansible_facts.packages'6866 ··-·'"audit"·in·ansible_facts.packages'
 6867 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6868 ··tags:6868 ··tags:
6869 ··-·CJIS-5.4.1.16869 ··-·CJIS-5.4.1.1
6870 ··-·NIST-800-171-3.1.76870 ··-·NIST-800-171-3.1.7
6871 ··-·NIST-800-53-AU-12(c)6871 ··-·NIST-800-53-AU-12(c)
6872 ··-·NIST-800-53-AU-2(d)6872 ··-·NIST-800-53-AU-2(d)
6873 ··-·NIST-800-53-CM-6(a)6873 ··-·NIST-800-53-CM-6(a)
6874 ··-·PCI-DSS-Req-10.5.56874 ··-·PCI-DSS-Req-10.5.5
Offset 7002, 16 lines modifiedOffset 7002, 16 lines modified
7002 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007002 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7003 ········-F·auid!=unset·-F·key=perm_mod7003 ········-F·auid!=unset·-F·key=perm_mod
7004 ······create:·true7004 ······create:·true
7005 ······mode:·o-rwx7005 ······mode:·o-rwx
7006 ······state:·present7006 ······state:·present
7007 ····when:·syscalls_found·|·length·==·07007 ····when:·syscalls_found·|·length·==·0
7008 ··when:7008 ··when:
7009 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7010 ··-·'"audit"·in·ansible_facts.packages'7009 ··-·'"audit"·in·ansible_facts.packages'
 7010 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7011 ··-·audit_arch·==·"b64"7011 ··-·audit_arch·==·"b64"
7012 ··tags:7012 ··tags:
7013 ··-·CJIS-5.4.1.17013 ··-·CJIS-5.4.1.1
7014 ··-·NIST-800-171-3.1.77014 ··-·NIST-800-171-3.1.7
7015 ··-·NIST-800-53-AU-12(c)7015 ··-·NIST-800-53-AU-12(c)
7016 ··-·NIST-800-53-AU-2(d)7016 ··-·NIST-800-53-AU-2(d)
7017 ··-·NIST-800-53-CM-6(a)7017 ··-·NIST-800-53-CM-6(a)
Offset 7020, 15 lines modifiedOffset 7020, 15 lines modified
7020 ··-·low_complexity7020 ··-·low_complexity
7021 ··-·low_disruption7021 ··-·low_disruption
7022 ··-·medium_severity7022 ··-·medium_severity
7023 ··-·reboot_required7023 ··-·reboot_required
7024 ··-·restrict_strategy7024 ··-·restrict_strategy
7025 Remediation_Shell_script_⇲7025 Remediation_Shell_script_⇲
7026 #·Remediation·is·applicable·only·in·certain·platforms7026 #·Remediation·is·applicable·only·in·certain·platforms
7027 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7027 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7028 #·First·perform·the·remediation·of·the·syscall·rule7028 #·First·perform·the·remediation·of·the·syscall·rule
7029 #·Retrieve·hardware·architecture·of·the·underlying·system7029 #·Retrieve·hardware·architecture·of·the·underlying·system
7030 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")7030 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
7031 for·ARCH·in·"${RULE_ARCHS[@]}"7031 for·ARCH·in·"${RULE_ARCHS[@]}"
7032 do7032 do
Offset 7388, 16 lines modifiedOffset 7388, 16 lines modified
7388 ··-·reboot_required7388 ··-·reboot_required
7389 ··-·restrict_strategy7389 ··-·restrict_strategy
  
7390 -·name:·Set·architecture·for·audit·chown·tasks7390 -·name:·Set·architecture·for·audit·chown·tasks
7391 ··set_fact:7391 ··set_fact:
7392 ····audit_arch:·b647392 ····audit_arch:·b64
7393 ··when:7393 ··when:
7394 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7395 ··-·'"audit"·in·ansible_facts.packages'7394 ··-·'"audit"·in·ansible_facts.packages'
 7395 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7396 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7396 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7397 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7397 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7398 ··tags:7398 ··tags:
7399 ··-·CJIS-5.4.1.17399 ··-·CJIS-5.4.1.1
7400 ··-·NIST-800-171-3.1.77400 ··-·NIST-800-171-3.1.7
7401 ··-·NIST-800-53-AU-12(c)7401 ··-·NIST-800-53-AU-12(c)
7402 ··-·NIST-800-53-AU-2(d)7402 ··-·NIST-800-53-AU-2(d)
Offset 7535, 16 lines modifiedOffset 7535, 16 lines modified
7535 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007535 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7536 ········-F·auid!=unset·-F·key=perm_mod7536 ········-F·auid!=unset·-F·key=perm_mod
7537 ······create:·true7537 ······create:·true
7538 ······mode:·o-rwx7538 ······mode:·o-rwx
7539 ······state:·present7539 ······state:·present
7540 ····when:·syscalls_found·|·length·==·07540 ····when:·syscalls_found·|·length·==·0
7541 ··when:7541 ··when:
7542 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7543 ··-·'"audit"·in·ansible_facts.packages'7542 ··-·'"audit"·in·ansible_facts.packages'
 7543 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7544 ··tags:7544 ··tags:
7545 ··-·CJIS-5.4.1.17545 ··-·CJIS-5.4.1.1
7546 ··-·NIST-800-171-3.1.77546 ··-·NIST-800-171-3.1.7
7547 ··-·NIST-800-53-AU-12(c)7547 ··-·NIST-800-53-AU-12(c)
7548 ··-·NIST-800-53-AU-2(d)7548 ··-·NIST-800-53-AU-2(d)
7549 ··-·NIST-800-53-CM-6(a)7549 ··-·NIST-800-53-CM-6(a)
7550 ··-·PCI-DSS-Req-10.5.57550 ··-·PCI-DSS-Req-10.5.5
Offset 7680, 16 lines modifiedOffset 7680, 16 lines modified
7680 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007680 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7681 ········-F·auid!=unset·-F·key=perm_mod7681 ········-F·auid!=unset·-F·key=perm_mod
7682 ······create:·true7682 ······create:·true
7683 ······mode:·o-rwx7683 ······mode:·o-rwx
7684 ······state:·present7684 ······state:·present
7685 ····when:·syscalls_found·|·length·==·07685 ····when:·syscalls_found·|·length·==·0
7686 ··when:7686 ··when:
7687 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7688 ··-·'"audit"·in·ansible_facts.packages'7687 ··-·'"audit"·in·ansible_facts.packages'
 7688 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7689 ··-·audit_arch·==·"b64"7689 ··-·audit_arch·==·"b64"
7690 ··tags:7690 ··tags:
7691 ··-·CJIS-5.4.1.17691 ··-·CJIS-5.4.1.1
7692 ··-·NIST-800-171-3.1.77692 ··-·NIST-800-171-3.1.7
7693 ··-·NIST-800-53-AU-12(c)7693 ··-·NIST-800-53-AU-12(c)
7694 ··-·NIST-800-53-AU-2(d)7694 ··-·NIST-800-53-AU-2(d)
7695 ··-·NIST-800-53-CM-6(a)7695 ··-·NIST-800-53-CM-6(a)
Offset 7698, 15 lines modifiedOffset 7698, 15 lines modified
7698 ··-·low_complexity7698 ··-·low_complexity
7699 ··-·low_disruption7699 ··-·low_disruption
7700 ··-·medium_severity7700 ··-·medium_severity
Max diff block lines reached; 185477/190079 bytes (97.58%) of diff not shown.
509 KB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-standard.html
    
Offset 33607, 22 lines modifiedOffset 33607, 22 lines modified
00083460:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str00083460:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
00083470:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S00083470:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
00083480:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·00083480:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
00083490:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·00083490:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·
000834a0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact000834a0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
000834b0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch000834b0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
000834c0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··000834c0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
000834d0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000834e0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000834f0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
00083500:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
00083510:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
00083520:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
00083530:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00083540:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000834d0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000834e0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000834f0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 00083500:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 00083510:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 00083520:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 00083530:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 00083540:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
00083550:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch00083550:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
00083560:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar00083560:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
00083570:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible00083570:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
00083580:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==00083580:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
00083590:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi00083590:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
000835a0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000835a0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000835b0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le000835b0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 33928, 23 lines modifiedOffset 33928, 23 lines modified
00084870:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····00084870:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
00084880:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··00084880:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
00084890:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.00084890:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000848a0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000848a0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000848b0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000848b0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000848c0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000848c0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000848d0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000848d0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000848e0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000848f0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
00084900:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
00084910:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
00084920:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00084930:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
00084940:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
00084950:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000848e0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000848f0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 00084900:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 00084910:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 00084920:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 00084930:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 00084940:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 00084950:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
00084960:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··00084960:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
00084970:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·00084970:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
00084980:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-00084980:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
00084990:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-800084990:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
000849a0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·000849a0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·
000849b0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000849b0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
000849c0:·552d·3228·6429·0a20·202d·204e·4953·542d··U-2(d).··-·NIST-000849c0:·552d·3228·6429·0a20·202d·204e·4953·542d··U-2(d).··-·NIST-
000849d0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·000849d0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
Offset 34238, 23 lines modifiedOffset 34238, 23 lines modified
00085bd0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr00085bd0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
00085be0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····00085be0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
00085bf0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···00085bf0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
00085c00:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen00085c00:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
00085c10:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc00085c10:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
00085c20:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len00085c20:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
00085c30:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:00085c30:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
00085c40:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
00085c50:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
00085c60:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
00085c70:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
00085c80:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
00085c90:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
00085ca0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
00085cb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package00085c40:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 00085c50:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 00085c60:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 00085c70:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 00085c80:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 00085c90:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 00085ca0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 00085cb0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00085cc0:·7327·0a20·202d·2061·7564·6974·5f61·7263··s'.··-·audit_arc00085cc0:·225d·0a20·202d·2061·7564·6974·5f61·7263··"].··-·audit_arc
00085cd0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag00085cd0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag
00085ce0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.00085ce0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
00085cf0:·312e·310a·2020·2d20·4e49·5354·2d38·3030··1.1.··-·NIST-80000085cf0:·312e·310a·2020·2d20·4e49·5354·2d38·3030··1.1.··-·NIST-800
00085d00:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N00085d00:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
00085d10:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-1200085d10:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
00085d20:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-80000085d20:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-800
00085d30:·2d35·332d·4155·2d32·2864·290a·2020·2d20··-53-AU-2(d).··-·00085d30:·2d35·332d·4155·2d32·2864·290a·2020·2d20··-53-AU-2(d).··-·
Offset 34286, 20 lines modifiedOffset 34286, 20 lines modified
00085ed0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c00085ed0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
00085ee0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse00085ee0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
00085ef0:·2220·6964·3d22·6964·6d31·3632·3838·223e··"·id="idm16288">00085ef0:·2220·6964·3d22·6964·6d31·3632·3838·223e··"·id="idm16288">
00085f00:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem00085f00:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
00085f10:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl00085f10:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
00085f20:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c00085f20:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
00085f30:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms00085f30:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 00085f40:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 00085f50:·2d71·2061·7564·6974·2026·616d·703b·2661··-q·audit·&amp;&a
00085f40:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc00085f60:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc
00085f50:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a00085f70:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
00085f60:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/00085f80:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
00085f70:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·00085f90:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
00085f80:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
00085f90:·2d71·7569·6574·202d·7120·6175·6469·743b··-quiet·-q·audit; 
00085fa0:·2074·6865·6e0a·0a23·2046·6972·7374·2070···then..#·First·p00085fa0:·2074·6865·6e0a·0a23·2046·6972·7374·2070···then..#·First·p
00085fb0:·6572·666f·726d·2074·6865·2072·656d·6564··erform·the·remed00085fb0:·6572·666f·726d·2074·6865·2072·656d·6564··erform·the·remed
00085fc0:·6961·7469·6f6e·206f·6620·7468·6520·7379··iation·of·the·sy00085fc0:·6961·7469·6f6e·206f·6620·7468·6520·7379··iation·of·the·sy
00085fd0:·7363·616c·6c20·7275·6c65·0a23·2052·6574··scall·rule.#·Ret00085fd0:·7363·616c·6c20·7275·6c65·0a23·2052·6574··scall·rule.#·Ret
00085fe0:·7269·6576·6520·6861·7264·7761·7265·2061··rieve·hardware·a00085fe0:·7269·6576·6520·6861·7264·7761·7265·2061··rieve·hardware·a
00085ff0:·7263·6869·7465·6374·7572·6520·6f66·2074··rchitecture·of·t00085ff0:·7263·6869·7465·6374·7572·6520·6f66·2074··rchitecture·of·t
00086000:·6865·2075·6e64·6572·6c79·696e·6720·7379··he·underlying·sy00086000:·6865·2075·6e64·6572·6c79·696e·6720·7379··he·underlying·sy
Offset 36083, 23 lines modifiedOffset 36083, 23 lines modified
0008cf20:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r0008cf20:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
0008cf30:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0008cf30:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
0008cf40:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar0008cf40:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
0008cf50:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a0008cf50:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
0008cf60:·7564·6974·2063·686f·776e·2074·6173·6b73··udit·chown·tasks0008cf60:·7564·6974·2063·686f·776e·2074·6173·6b73··udit·chown·tasks
0008cf70:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0008cf70:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
0008cf80:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b640008cf80:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
0008cf90:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0008cf90:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0008cfa0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0008cfb0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0008cfc0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0008cfd0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
Max diff block lines reached; 387055/397259 bytes (97.43%) of diff not shown.
121 KB
html2text {}
    
Offset 2327, 16 lines modifiedOffset 2327, 16 lines modified
2327 ··-·reboot_required2327 ··-·reboot_required
2328 ··-·restrict_strategy2328 ··-·restrict_strategy
  
2329 -·name:·Set·architecture·for·audit·chmod·tasks2329 -·name:·Set·architecture·for·audit·chmod·tasks
2330 ··set_fact:2330 ··set_fact:
2331 ····audit_arch:·b642331 ····audit_arch:·b64
2332 ··when:2332 ··when:
2333 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2334 ··-·'"audit"·in·ansible_facts.packages'2333 ··-·'"audit"·in·ansible_facts.packages'
 2334 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2335 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2335 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2336 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2336 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2337 ··tags:2337 ··tags:
2338 ··-·CJIS-5.4.1.12338 ··-·CJIS-5.4.1.1
2339 ··-·NIST-800-171-3.1.72339 ··-·NIST-800-171-3.1.7
2340 ··-·NIST-800-53-AU-12(c)2340 ··-·NIST-800-53-AU-12(c)
2341 ··-·NIST-800-53-AU-2(d)2341 ··-·NIST-800-53-AU-2(d)
Offset 2472, 16 lines modifiedOffset 2472, 16 lines modified
2472 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002472 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2473 ········-F·auid!=unset·-F·key=perm_mod2473 ········-F·auid!=unset·-F·key=perm_mod
2474 ······create:·true2474 ······create:·true
2475 ······mode:·o-rwx2475 ······mode:·o-rwx
2476 ······state:·present2476 ······state:·present
2477 ····when:·syscalls_found·|·length·==·02477 ····when:·syscalls_found·|·length·==·0
2478 ··when:2478 ··when:
2479 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2480 ··-·'"audit"·in·ansible_facts.packages'2479 ··-·'"audit"·in·ansible_facts.packages'
 2480 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2481 ··tags:2481 ··tags:
2482 ··-·CJIS-5.4.1.12482 ··-·CJIS-5.4.1.1
2483 ··-·NIST-800-171-3.1.72483 ··-·NIST-800-171-3.1.7
2484 ··-·NIST-800-53-AU-12(c)2484 ··-·NIST-800-53-AU-12(c)
2485 ··-·NIST-800-53-AU-2(d)2485 ··-·NIST-800-53-AU-2(d)
2486 ··-·NIST-800-53-CM-6(a)2486 ··-·NIST-800-53-CM-6(a)
2487 ··-·PCI-DSS-Req-10.5.52487 ··-·PCI-DSS-Req-10.5.5
Offset 2615, 16 lines modifiedOffset 2615, 16 lines modified
2615 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002615 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2616 ········-F·auid!=unset·-F·key=perm_mod2616 ········-F·auid!=unset·-F·key=perm_mod
2617 ······create:·true2617 ······create:·true
2618 ······mode:·o-rwx2618 ······mode:·o-rwx
2619 ······state:·present2619 ······state:·present
2620 ····when:·syscalls_found·|·length·==·02620 ····when:·syscalls_found·|·length·==·0
2621 ··when:2621 ··when:
2622 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2623 ··-·'"audit"·in·ansible_facts.packages'2622 ··-·'"audit"·in·ansible_facts.packages'
 2623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2624 ··-·audit_arch·==·"b64"2624 ··-·audit_arch·==·"b64"
2625 ··tags:2625 ··tags:
2626 ··-·CJIS-5.4.1.12626 ··-·CJIS-5.4.1.1
2627 ··-·NIST-800-171-3.1.72627 ··-·NIST-800-171-3.1.7
2628 ··-·NIST-800-53-AU-12(c)2628 ··-·NIST-800-53-AU-12(c)
2629 ··-·NIST-800-53-AU-2(d)2629 ··-·NIST-800-53-AU-2(d)
2630 ··-·NIST-800-53-CM-6(a)2630 ··-·NIST-800-53-CM-6(a)
Offset 2633, 15 lines modifiedOffset 2633, 15 lines modified
2633 ··-·low_complexity2633 ··-·low_complexity
2634 ··-·low_disruption2634 ··-·low_disruption
2635 ··-·medium_severity2635 ··-·medium_severity
2636 ··-·reboot_required2636 ··-·reboot_required
2637 ··-·restrict_strategy2637 ··-·restrict_strategy
2638 Remediation_Shell_script_⇲2638 Remediation_Shell_script_⇲
2639 #·Remediation·is·applicable·only·in·certain·platforms2639 #·Remediation·is·applicable·only·in·certain·platforms
2640 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then2640 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
2641 #·First·perform·the·remediation·of·the·syscall·rule2641 #·First·perform·the·remediation·of·the·syscall·rule
2642 #·Retrieve·hardware·architecture·of·the·underlying·system2642 #·Retrieve·hardware·architecture·of·the·underlying·system
2643 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2643 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2644 for·ARCH·in·"${RULE_ARCHS[@]}"2644 for·ARCH·in·"${RULE_ARCHS[@]}"
2645 do2645 do
Offset 3001, 16 lines modifiedOffset 3001, 16 lines modified
3001 ··-·reboot_required3001 ··-·reboot_required
3002 ··-·restrict_strategy3002 ··-·restrict_strategy
  
3003 -·name:·Set·architecture·for·audit·chown·tasks3003 -·name:·Set·architecture·for·audit·chown·tasks
3004 ··set_fact:3004 ··set_fact:
3005 ····audit_arch:·b643005 ····audit_arch:·b64
3006 ··when:3006 ··when:
3007 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3008 ··-·'"audit"·in·ansible_facts.packages'3007 ··-·'"audit"·in·ansible_facts.packages'
 3008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3009 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3009 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3010 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3010 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3011 ··tags:3011 ··tags:
3012 ··-·CJIS-5.4.1.13012 ··-·CJIS-5.4.1.1
3013 ··-·NIST-800-171-3.1.73013 ··-·NIST-800-171-3.1.7
3014 ··-·NIST-800-53-AU-12(c)3014 ··-·NIST-800-53-AU-12(c)
3015 ··-·NIST-800-53-AU-2(d)3015 ··-·NIST-800-53-AU-2(d)
Offset 3148, 16 lines modifiedOffset 3148, 16 lines modified
3148 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003148 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3149 ········-F·auid!=unset·-F·key=perm_mod3149 ········-F·auid!=unset·-F·key=perm_mod
3150 ······create:·true3150 ······create:·true
3151 ······mode:·o-rwx3151 ······mode:·o-rwx
3152 ······state:·present3152 ······state:·present
3153 ····when:·syscalls_found·|·length·==·03153 ····when:·syscalls_found·|·length·==·0
3154 ··when:3154 ··when:
3155 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3156 ··-·'"audit"·in·ansible_facts.packages'3155 ··-·'"audit"·in·ansible_facts.packages'
 3156 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3157 ··tags:3157 ··tags:
3158 ··-·CJIS-5.4.1.13158 ··-·CJIS-5.4.1.1
3159 ··-·NIST-800-171-3.1.73159 ··-·NIST-800-171-3.1.7
3160 ··-·NIST-800-53-AU-12(c)3160 ··-·NIST-800-53-AU-12(c)
3161 ··-·NIST-800-53-AU-2(d)3161 ··-·NIST-800-53-AU-2(d)
3162 ··-·NIST-800-53-CM-6(a)3162 ··-·NIST-800-53-CM-6(a)
3163 ··-·PCI-DSS-Req-10.5.53163 ··-·PCI-DSS-Req-10.5.5
Offset 3293, 16 lines modifiedOffset 3293, 16 lines modified
3293 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003293 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3294 ········-F·auid!=unset·-F·key=perm_mod3294 ········-F·auid!=unset·-F·key=perm_mod
3295 ······create:·true3295 ······create:·true
3296 ······mode:·o-rwx3296 ······mode:·o-rwx
3297 ······state:·present3297 ······state:·present
3298 ····when:·syscalls_found·|·length·==·03298 ····when:·syscalls_found·|·length·==·0
3299 ··when:3299 ··when:
3300 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3301 ··-·'"audit"·in·ansible_facts.packages'3300 ··-·'"audit"·in·ansible_facts.packages'
 3301 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3302 ··-·audit_arch·==·"b64"3302 ··-·audit_arch·==·"b64"
3303 ··tags:3303 ··tags:
3304 ··-·CJIS-5.4.1.13304 ··-·CJIS-5.4.1.1
3305 ··-·NIST-800-171-3.1.73305 ··-·NIST-800-171-3.1.7
3306 ··-·NIST-800-53-AU-12(c)3306 ··-·NIST-800-53-AU-12(c)
3307 ··-·NIST-800-53-AU-2(d)3307 ··-·NIST-800-53-AU-2(d)
3308 ··-·NIST-800-53-CM-6(a)3308 ··-·NIST-800-53-CM-6(a)
Offset 3311, 15 lines modifiedOffset 3311, 15 lines modified
3311 ··-·low_complexity3311 ··-·low_complexity
3312 ··-·low_disruption3312 ··-·low_disruption
3313 ··-·medium_severity3313 ··-·medium_severity
Max diff block lines reached; 118894/123496 bytes (96.27%) of diff not shown.
5.32 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_enhanced.html
    
Offset 52177, 23 lines modifiedOffset 52177, 23 lines modified
000cbd00:·6b65·793d·7072·6976·696c·6567·6564·0a20··key=privileged.·000cbd00:·6b65·793d·7072·6976·696c·6567·6564·0a20··key=privileged.·
000cbd10:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000cbd10:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000cbd20:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000cbd20:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000cbd30:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000cbd30:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000cbd40:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000cbd40:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000cbd50:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000cbd50:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000cbd60:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000cbd60:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000cbd70:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi000cbd70:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
000cbd80:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000cbd90:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000cbda0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000cbdb0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000cbdc0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
000cbdd0:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i 
000cbde0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000cbdf0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags000cbd80:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000cbd90:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000cbda0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000cbdb0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000cbdc0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000cbdd0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000cbde0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000cbdf0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
000cbe00:·3a0a·2020·2d20·4449·5341·2d53·5449·472d··:.··-·DISA-STIG-000cbe00:·3a0a·2020·2d20·4449·5341·2d53·5449·472d··:.··-·DISA-STIG-
000cbe10:·4f4c·3037·2d30·302d·3033·3036·3930·0a20··OL07-00-030690.·000cbe10:·4f4c·3037·2d30·302d·3033·3036·3930·0a20··OL07-00-030690.·
000cbe20:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000cbe20:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000cbe30:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8000cbe30:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
000cbe40:·3030·2d35·332d·4143·2d36·2839·290a·2020··00-53-AC-6(9).··000cbe40:·3030·2d35·332d·4143·2d36·2839·290a·2020··00-53-AC-6(9).··
000cbe50:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU000cbe50:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU
000cbe60:·2d31·3228·6329·0a20·202d·204e·4953·542d··-12(c).··-·NIST-000cbe60:·2d31·3228·6329·0a20·202d·204e·4953·542d··-12(c).··-·NIST-
Offset 52225, 20 lines modifiedOffset 52225, 20 lines modified
000cc000:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000cc000:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
000cc010:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000cc010:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
000cc020:·2069·643d·2269·646d·3331·3839·3422·3e3c···id="idm31894"><000cc020:·2069·643d·2269·646d·3331·3839·3422·3e3c···id="idm31894"><
000cc030:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000cc030:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000cc040:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000cc040:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000cc050:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000cc050:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000cc060:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000cc060:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 000cc070:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 000cc080:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
000cc070:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock000cc090:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
000cc080:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000cc0a0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000cc090:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000cc0b0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000cc0a0:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&000cc0c0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
000cc0b0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
000cc0c0:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
000cc0d0:·7468·656e·0a0a·4143·5449·4f4e·5f41·5243··then..ACTION_ARC000cc0d0:·7468·656e·0a0a·4143·5449·4f4e·5f41·5243··then..ACTION_ARC
000cc0e0:·485f·4649·4c54·4552·533d·222d·6120·616c··H_FILTERS="-a·al000cc0e0:·485f·4649·4c54·4552·533d·222d·6120·616c··H_FILTERS="-a·al
000cc0f0:·7761·7973·2c65·7869·7422·0a4f·5448·4552··ways,exit".OTHER000cc0f0:·7761·7973·2c65·7869·7422·0a4f·5448·4552··ways,exit".OTHER
000cc100:·5f46·494c·5445·5253·3d22·2d46·2070·6174··_FILTERS="-F·pat000cc100:·5f46·494c·5445·5253·3d22·2d46·2070·6174··_FILTERS="-F·pat
000cc110:·683d·2f75·7372·2f62·696e·2f73·7564·6f20··h=/usr/bin/sudo·000cc110:·683d·2f75·7372·2f62·696e·2f73·7564·6f20··h=/usr/bin/sudo·
000cc120:·2d46·2070·6572·6d3d·7822·0a41·5549·445f··-F·perm=x".AUID_000cc120:·2d46·2070·6572·6d3d·7822·0a41·5549·445f··-F·perm=x".AUID_
000cc130:·4649·4c54·4552·533d·222d·4620·6175·6964··FILTERS="-F·auid000cc130:·4649·4c54·4552·533d·222d·4620·6175·6964··FILTERS="-F·auid
1.23 KB
html2text {}
    
Offset 8269, 16 lines modifiedOffset 8269, 16 lines modified
8269 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8269 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8270 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8270 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8271 ······create:·true8271 ······create:·true
8272 ······mode:·o-rwx8272 ······mode:·o-rwx
8273 ······state:·present8273 ······state:·present
8274 ····when:·syscalls_found·|·length·==·08274 ····when:·syscalls_found·|·length·==·0
8275 ··when:8275 ··when:
8276 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8277 ··-·'"audit"·in·ansible_facts.packages'8276 ··-·'"audit"·in·ansible_facts.packages'
 8277 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8278 ··tags:8278 ··tags:
8279 ··-·DISA-STIG-OL07-00-0306908279 ··-·DISA-STIG-OL07-00-030690
8280 ··-·NIST-800-171-3.1.78280 ··-·NIST-800-171-3.1.7
8281 ··-·NIST-800-53-AC-6(9)8281 ··-·NIST-800-53-AC-6(9)
8282 ··-·NIST-800-53-AU-12(c)8282 ··-·NIST-800-53-AU-12(c)
8283 ··-·NIST-800-53-AU-2(d)8283 ··-·NIST-800-53-AU-2(d)
8284 ··-·NIST-800-53-CM-6(a)8284 ··-·NIST-800-53-CM-6(a)
Offset 8286, 15 lines modifiedOffset 8286, 15 lines modified
8286 ··-·low_complexity8286 ··-·low_complexity
8287 ··-·low_disruption8287 ··-·low_disruption
8288 ··-·medium_severity8288 ··-·medium_severity
8289 ··-·no_reboot_needed8289 ··-·no_reboot_needed
8290 ··-·restrict_strategy8290 ··-·restrict_strategy
8291 Remediation_Shell_script_⇲8291 Remediation_Shell_script_⇲
8292 #·Remediation·is·applicable·only·in·certain·platforms8292 #·Remediation·is·applicable·only·in·certain·platforms
8293 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8293 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8294 ACTION_ARCH_FILTERS="-a·always,exit"8294 ACTION_ARCH_FILTERS="-a·always,exit"
8295 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8295 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8296 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8296 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8297 SYSCALL=""8297 SYSCALL=""
8298 KEY="privileged"8298 KEY="privileged"
8299 SYSCALL_GROUPING=""8299 SYSCALL_GROUPING=""
5.31 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_high.html
    
Offset 54225, 23 lines modifiedOffset 54225, 23 lines modified
000d3d00:·206b·6579·3d70·7269·7669·6c65·6765·640a···key=privileged.000d3d00:·206b·6579·3d70·7269·7669·6c65·6765·640a···key=privileged.
000d3d10:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr000d3d10:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
000d3d20:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o000d3d20:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
000d3d30:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state000d3d30:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000d3d40:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000d3d40:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000d3d50:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000d3d50:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000d3d60:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000d3d60:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000d3d70:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans000d3d70:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
000d3d80:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000d3d90:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
000d3da0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
000d3db0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
000d3dc0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
000d3dd0:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
000d3de0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000d3df0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag000d3d80:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 000d3d90:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000d3da0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000d3db0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 000d3dc0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 000d3dd0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 000d3de0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 000d3df0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
000d3e00:·733a·0a20·202d·2044·4953·412d·5354·4947··s:.··-·DISA-STIG000d3e00:·733a·0a20·202d·2044·4953·412d·5354·4947··s:.··-·DISA-STIG
000d3e10:·2d4f·4c30·372d·3030·2d30·3330·3639·300a··-OL07-00-030690.000d3e10:·2d4f·4c30·372d·3030·2d30·3330·3639·300a··-OL07-00-030690.
000d3e20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000d3e20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000d3e30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000d3e30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000d3e40:·3830·302d·3533·2d41·432d·3628·3929·0a20··800-53-AC-6(9).·000d3e40:·3830·302d·3533·2d41·432d·3628·3929·0a20··800-53-AC-6(9).·
000d3e50:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000d3e50:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
000d3e60:·552d·3132·2863·290a·2020·2d20·4e49·5354··U-12(c).··-·NIST000d3e60:·552d·3132·2863·290a·2020·2d20·4e49·5354··U-12(c).··-·NIST
Offset 54273, 20 lines modifiedOffset 54273, 20 lines modified
000d4000:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c000d4000:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
000d4010:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse000d4010:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
000d4020:·2220·6964·3d22·6964·6d33·3138·3934·223e··"·id="idm31894">000d4020:·2220·6964·3d22·6964·6d33·3138·3934·223e··"·id="idm31894">
000d4030:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000d4030:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000d4040:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000d4040:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000d4050:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000d4050:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000d4060:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000d4060:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 000d4070:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 000d4080:·2d71·2061·7564·6974·2026·616d·703b·2661··-q·audit·&amp;&a
000d4070:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc000d4090:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc
000d4080:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a000d40a0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
000d4090:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/000d40b0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
000d40a0:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·000d40c0:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
000d40b0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
000d40c0:·2d71·7569·6574·202d·7120·6175·6469·743b··-quiet·-q·audit; 
000d40d0:·2074·6865·6e0a·0a41·4354·494f·4e5f·4152···then..ACTION_AR000d40d0:·2074·6865·6e0a·0a41·4354·494f·4e5f·4152···then..ACTION_AR
000d40e0:·4348·5f46·494c·5445·5253·3d22·2d61·2061··CH_FILTERS="-a·a000d40e0:·4348·5f46·494c·5445·5253·3d22·2d61·2061··CH_FILTERS="-a·a
000d40f0:·6c77·6179·732c·6578·6974·220a·4f54·4845··lways,exit".OTHE000d40f0:·6c77·6179·732c·6578·6974·220a·4f54·4845··lways,exit".OTHE
000d4100:·525f·4649·4c54·4552·533d·222d·4620·7061··R_FILTERS="-F·pa000d4100:·525f·4649·4c54·4552·533d·222d·4620·7061··R_FILTERS="-F·pa
000d4110:·7468·3d2f·7573·722f·6269·6e2f·7375·646f··th=/usr/bin/sudo000d4110:·7468·3d2f·7573·722f·6269·6e2f·7375·646f··th=/usr/bin/sudo
000d4120:·202d·4620·7065·726d·3d78·220a·4155·4944···-F·perm=x".AUID000d4120:·202d·4620·7065·726d·3d78·220a·4155·4944···-F·perm=x".AUID
000d4130:·5f46·494c·5445·5253·3d22·2d46·2061·7569··_FILTERS="-F·aui000d4130:·5f46·494c·5445·5253·3d22·2d46·2061·7569··_FILTERS="-F·aui
1.23 KB
html2text {}
    
Offset 8618, 16 lines modifiedOffset 8618, 16 lines modified
8618 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8618 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8619 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8619 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8620 ······create:·true8620 ······create:·true
8621 ······mode:·o-rwx8621 ······mode:·o-rwx
8622 ······state:·present8622 ······state:·present
8623 ····when:·syscalls_found·|·length·==·08623 ····when:·syscalls_found·|·length·==·0
8624 ··when:8624 ··when:
8625 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8626 ··-·'"audit"·in·ansible_facts.packages'8625 ··-·'"audit"·in·ansible_facts.packages'
 8626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8627 ··tags:8627 ··tags:
8628 ··-·DISA-STIG-OL07-00-0306908628 ··-·DISA-STIG-OL07-00-030690
8629 ··-·NIST-800-171-3.1.78629 ··-·NIST-800-171-3.1.7
8630 ··-·NIST-800-53-AC-6(9)8630 ··-·NIST-800-53-AC-6(9)
8631 ··-·NIST-800-53-AU-12(c)8631 ··-·NIST-800-53-AU-12(c)
8632 ··-·NIST-800-53-AU-2(d)8632 ··-·NIST-800-53-AU-2(d)
8633 ··-·NIST-800-53-CM-6(a)8633 ··-·NIST-800-53-CM-6(a)
Offset 8635, 15 lines modifiedOffset 8635, 15 lines modified
8635 ··-·low_complexity8635 ··-·low_complexity
8636 ··-·low_disruption8636 ··-·low_disruption
8637 ··-·medium_severity8637 ··-·medium_severity
8638 ··-·no_reboot_needed8638 ··-·no_reboot_needed
8639 ··-·restrict_strategy8639 ··-·restrict_strategy
8640 Remediation_Shell_script_⇲8640 Remediation_Shell_script_⇲
8641 #·Remediation·is·applicable·only·in·certain·platforms8641 #·Remediation·is·applicable·only·in·certain·platforms
8642 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8642 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8643 ACTION_ARCH_FILTERS="-a·always,exit"8643 ACTION_ARCH_FILTERS="-a·always,exit"
8644 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8644 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8645 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8645 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8646 SYSCALL=""8646 SYSCALL=""
8647 KEY="privileged"8647 KEY="privileged"
8648 SYSCALL_GROUPING=""8648 SYSCALL_GROUPING=""
5.39 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_intermediary.html
    
Offset 49869, 23 lines modifiedOffset 49869, 23 lines modified
000c2cc0:·7669·6c65·6765·640a·2020·2020·2020·6372··vileged.······cr000c2cc0:·7669·6c65·6765·640a·2020·2020·2020·6372··vileged.······cr
000c2cd0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000c2cd0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000c2ce0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···000c2ce0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
000c2cf0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000c2cf0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000c2d00:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc000c2d00:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
000c2d10:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len000c2d10:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
000c2d20:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:000c2d20:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
000c2d30:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000c2d40:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000c2d50:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000c2d60:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000c2d70:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000c2d80:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
000c2d90:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000c2da0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000c2d30:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000c2d40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000c2d50:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 000c2d60:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000c2d70:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000c2d80:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000c2d90:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000c2da0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000c2db0:·7327·0a20·2074·6167·733a·0a20·202d·2044··s'.··tags:.··-·D000c2db0:·225d·0a20·2074·6167·733a·0a20·202d·2044··"].··tags:.··-·D
000c2dc0:·4953·412d·5354·4947·2d4f·4c30·372d·3030··ISA-STIG-OL07-00000c2dc0:·4953·412d·5354·4947·2d4f·4c30·372d·3030··ISA-STIG-OL07-00
000c2dd0:·2d30·3330·3639·300a·2020·2d20·4e49·5354··-030690.··-·NIST000c2dd0:·2d30·3330·3639·300a·2020·2d20·4e49·5354··-030690.··-·NIST
000c2de0:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·000c2de0:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·
000c2df0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000c2df0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
000c2e00:·432d·3628·3929·0a20·202d·204e·4953·542d··C-6(9).··-·NIST-000c2e00:·432d·3628·3929·0a20·202d·204e·4953·542d··C-6(9).··-·NIST-
000c2e10:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000c2e10:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
000c2e20:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000c2e20:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 49916, 21 lines modifiedOffset 49916, 21 lines modified
000c2fb0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=000c2fb0:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
000c2fc0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·000c2fc0:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
000c2fd0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id000c2fd0:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
000c2fe0:·6d33·3138·3934·223e·3c70·7265·3e3c·636f··m31894"><pre><co000c2fe0:·6d33·3138·3934·223e·3c70·7265·3e3c·636f··m31894"><pre><co
000c2ff0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation000c2ff0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
000c3000:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o000c3000:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
000c3010:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p000c3010:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
000c3020:·6c61·7466·6f72·6d73·0a69·6620·5b20·2120··latforms.if·[·!·000c3020:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
000c3030:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000c3030:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
000c3040:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000c3040:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 000c3050:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
 000c3060:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
000c3050:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000c3070:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
 000c3080:·6572·656e·7620·5d3b·2074·6865·6e0a·0a41··erenv·];·then..A
000c3060:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am 
000c3070:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·- 
000c3080:·7120·6175·6469·743b·2074·6865·6e0a·0a41··q·audit;·then..A 
000c3090:·4354·494f·4e5f·4152·4348·5f46·494c·5445··CTION_ARCH_FILTE000c3090:·4354·494f·4e5f·4152·4348·5f46·494c·5445··CTION_ARCH_FILTE
000c30a0:·5253·3d22·2d61·2061·6c77·6179·732c·6578··RS="-a·always,ex000c30a0:·5253·3d22·2d61·2061·6c77·6179·732c·6578··RS="-a·always,ex
000c30b0:·6974·220a·4f54·4845·525f·4649·4c54·4552··it".OTHER_FILTER000c30b0:·6974·220a·4f54·4845·525f·4649·4c54·4552··it".OTHER_FILTER
000c30c0:·533d·222d·4620·7061·7468·3d2f·7573·722f··S="-F·path=/usr/000c30c0:·533d·222d·4620·7061·7468·3d2f·7573·722f··S="-F·path=/usr/
000c30d0:·6269·6e2f·7375·646f·202d·4620·7065·726d··bin/sudo·-F·perm000c30d0:·6269·6e2f·7375·646f·202d·4620·7065·726d··bin/sudo·-F·perm
000c30e0:·3d78·220a·4155·4944·5f46·494c·5445·5253··=x".AUID_FILTERS000c30e0:·3d78·220a·4155·4944·5f46·494c·5445·5253··=x".AUID_FILTERS
000c30f0:·3d22·2d46·2061·7569·6426·6774·3b3d·3130··="-F·auid&gt;=10000c30f0:·3d22·2d46·2061·7569·6426·6774·3b3d·3130··="-F·auid&gt;=10
1.23 KB
html2text {}
    
Offset 7827, 16 lines modifiedOffset 7827, 16 lines modified
7827 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x7827 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
7828 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged7828 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
7829 ······create:·true7829 ······create:·true
7830 ······mode:·o-rwx7830 ······mode:·o-rwx
7831 ······state:·present7831 ······state:·present
7832 ····when:·syscalls_found·|·length·==·07832 ····when:·syscalls_found·|·length·==·0
7833 ··when:7833 ··when:
7834 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7835 ··-·'"audit"·in·ansible_facts.packages'7834 ··-·'"audit"·in·ansible_facts.packages'
 7835 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7836 ··tags:7836 ··tags:
7837 ··-·DISA-STIG-OL07-00-0306907837 ··-·DISA-STIG-OL07-00-030690
7838 ··-·NIST-800-171-3.1.77838 ··-·NIST-800-171-3.1.7
7839 ··-·NIST-800-53-AC-6(9)7839 ··-·NIST-800-53-AC-6(9)
7840 ··-·NIST-800-53-AU-12(c)7840 ··-·NIST-800-53-AU-12(c)
7841 ··-·NIST-800-53-AU-2(d)7841 ··-·NIST-800-53-AU-2(d)
7842 ··-·NIST-800-53-CM-6(a)7842 ··-·NIST-800-53-CM-6(a)
Offset 7844, 15 lines modifiedOffset 7844, 15 lines modified
7844 ··-·low_complexity7844 ··-·low_complexity
7845 ··-·low_disruption7845 ··-·low_disruption
7846 ··-·medium_severity7846 ··-·medium_severity
7847 ··-·no_reboot_needed7847 ··-·no_reboot_needed
7848 ··-·restrict_strategy7848 ··-·restrict_strategy
7849 Remediation_Shell_script_⇲7849 Remediation_Shell_script_⇲
7850 #·Remediation·is·applicable·only·in·certain·platforms7850 #·Remediation·is·applicable·only·in·certain·platforms
7851 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7851 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7852 ACTION_ARCH_FILTERS="-a·always,exit"7852 ACTION_ARCH_FILTERS="-a·always,exit"
7853 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"7853 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
7854 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"7854 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
7855 SYSCALL=""7855 SYSCALL=""
7856 KEY="privileged"7856 KEY="privileged"
7857 SYSCALL_GROUPING=""7857 SYSCALL_GROUPING=""
523 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-cjis.html
    
Offset 38595, 23 lines modifiedOffset 38595, 23 lines modified
00096c20:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s00096c20:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
00096c30:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:00096c30:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
00096c40:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur00096c40:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
00096c50:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo00096c50:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
00096c60:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa00096c60:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
00096c70:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar00096c70:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
00096c80:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.00096c80:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
00096c90:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
00096ca0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
00096cb0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
00096cc0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
00096cd0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
00096ce0:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
00096cf0:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
00096d00:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00096c90:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 00096ca0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 00096cb0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 00096cc0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 00096cd0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 00096ce0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 00096cf0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 00096d00:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
00096d10:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar00096d10:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar
00096d20:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a00096d20:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
00096d30:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib00096d30:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
00096d40:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·00096d40:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
00096d50:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an00096d50:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
00096d60:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu00096d60:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
00096d70:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc6400096d70:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
00096d80:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a00096d80:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 38918, 23 lines modifiedOffset 38918, 23 lines modified
00098050:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······00098050:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
00098060:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···00098060:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
00098070:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·00098070:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
00098080:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres00098080:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
00098090:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy00098090:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000980a0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000980a0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000980b0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000980b0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000980c0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
000980d0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000980e0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000980f0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
00098100:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
00098110:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
00098120:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
00098130:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000980c0:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 000980d0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000980e0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 000980f0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 00098100:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 00098110:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 00098120:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 00098130:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
00098140:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-00098140:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
00098150:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··00098150:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
00098160:·2d20·4449·5341·2d53·5449·472d·4f4c·3037··-·DISA-STIG-OL0700098160:·2d20·4449·5341·2d53·5449·472d·4f4c·3037··-·DISA-STIG-OL07
00098170:·2d30·302d·3033·3034·3130·0a20·202d·204e··-00-030410.··-·N00098170:·2d30·302d·3033·3034·3130·0a20·202d·204e··-00-030410.··-·N
00098180:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.00098180:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
00098190:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-500098190:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000981a0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000981a0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000981b0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000981b0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
Offset 39230, 22 lines modifiedOffset 39230, 22 lines modified
000993d0:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000993d0:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000993e0:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000993e0:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000993f0:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000993f0:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
00099400:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··00099400:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
00099410:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls00099410:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
00099420:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·00099420:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
00099430:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-00099430:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
00099440:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
00099450:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
00099460:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
00099470:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
00099480:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
00099490:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
000994a0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000994b0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·00099440:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 00099450:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00099460:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 00099470:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 00099480:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 00099490:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000994a0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000994b0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000994c0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000994c0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000994d0:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000994d0:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000994e0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000994e0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000994f0:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL000994f0:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL
00099500:·3037·2d30·302d·3033·3034·3130·0a20·202d··07-00-030410.··-00099500:·3037·2d30·302d·3033·3034·3130·0a20·202d··07-00-030410.··-
00099510:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.00099510:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
00099520:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-80000099520:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
Offset 39279, 21 lines modifiedOffset 39279, 21 lines modified
000996e0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000996e0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000996f0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000996f0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
00099700:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i00099700:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
00099710:·646d·3231·3535·3222·3e3c·7072·653e·3c63··dm21552"><pre><c00099710:·646d·3231·3535·3222·3e3c·7072·653e·3c63··dm21552"><pre><c
00099720:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio00099720:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
00099730:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·00099730:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
00099740:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·00099740:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
00099750:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!00099750:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 00099760:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
 00099770:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·!
00099760:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·00099780:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
00099770:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!00099790:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
00099780:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000997a0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 000997b0:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..
00099790:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a 
000997a0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
000997b0:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then.. 
000997c0:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·000997c0:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
000997d0:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·000997d0:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
000997e0:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r000997e0:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r
000997f0:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h000997f0:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h
00099800:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec00099800:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec
00099810:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde00099810:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde
00099820:·726c·7969·6e67·2073·7973·7465·6d0a·5b20··rlying·system.[·00099820:·726c·7969·6e67·2073·7973·7465·6d0a·5b20··rlying·system.[·
Offset 41091, 23 lines modifiedOffset 41091, 23 lines modified
000a0820:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·000a0820:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
000a0830:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg000a0830:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
000a0840:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a000a0840:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
000a0850:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·000a0850:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
000a0860:·6175·6469·7420·6368·6f77·6e20·7461·736b··audit·chown·task000a0860:·6175·6469·7420·6368·6f77·6e20·7461·736b··audit·chown·task
000a0870:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··000a0870:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
000a0880:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6000a0880:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
000a0890:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an000a0890:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
000a08a0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000a08b0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
Max diff block lines reached; 392268/402610 bytes (97.43%) of diff not shown.
130 KB
html2text {}
    
Offset 3751, 16 lines modifiedOffset 3751, 16 lines modified
3751 ··-·reboot_required3751 ··-·reboot_required
3752 ··-·restrict_strategy3752 ··-·restrict_strategy
  
3753 -·name:·Set·architecture·for·audit·chmod·tasks3753 -·name:·Set·architecture·for·audit·chmod·tasks
3754 ··set_fact:3754 ··set_fact:
3755 ····audit_arch:·b643755 ····audit_arch:·b64
3756 ··when:3756 ··when:
3757 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3758 ··-·'"audit"·in·ansible_facts.packages'3757 ··-·'"audit"·in·ansible_facts.packages'
 3758 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3759 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3759 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3760 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3760 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3761 ··tags:3761 ··tags:
3762 ··-·CJIS-5.4.1.13762 ··-·CJIS-5.4.1.1
3763 ··-·DISA-STIG-OL07-00-0304103763 ··-·DISA-STIG-OL07-00-030410
3764 ··-·NIST-800-171-3.1.73764 ··-·NIST-800-171-3.1.7
3765 ··-·NIST-800-53-AU-12(c)3765 ··-·NIST-800-53-AU-12(c)
Offset 3897, 16 lines modifiedOffset 3897, 16 lines modified
3897 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003897 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3898 ········-F·auid!=unset·-F·key=perm_mod3898 ········-F·auid!=unset·-F·key=perm_mod
3899 ······create:·true3899 ······create:·true
3900 ······mode:·o-rwx3900 ······mode:·o-rwx
3901 ······state:·present3901 ······state:·present
3902 ····when:·syscalls_found·|·length·==·03902 ····when:·syscalls_found·|·length·==·0
3903 ··when:3903 ··when:
3904 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3905 ··-·'"audit"·in·ansible_facts.packages'3904 ··-·'"audit"·in·ansible_facts.packages'
 3905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3906 ··tags:3906 ··tags:
3907 ··-·CJIS-5.4.1.13907 ··-·CJIS-5.4.1.1
3908 ··-·DISA-STIG-OL07-00-0304103908 ··-·DISA-STIG-OL07-00-030410
3909 ··-·NIST-800-171-3.1.73909 ··-·NIST-800-171-3.1.7
3910 ··-·NIST-800-53-AU-12(c)3910 ··-·NIST-800-53-AU-12(c)
3911 ··-·NIST-800-53-AU-2(d)3911 ··-·NIST-800-53-AU-2(d)
3912 ··-·NIST-800-53-CM-6(a)3912 ··-·NIST-800-53-CM-6(a)
Offset 4041, 16 lines modifiedOffset 4041, 16 lines modified
4041 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004041 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4042 ········-F·auid!=unset·-F·key=perm_mod4042 ········-F·auid!=unset·-F·key=perm_mod
4043 ······create:·true4043 ······create:·true
4044 ······mode:·o-rwx4044 ······mode:·o-rwx
4045 ······state:·present4045 ······state:·present
4046 ····when:·syscalls_found·|·length·==·04046 ····when:·syscalls_found·|·length·==·0
4047 ··when:4047 ··when:
4048 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4049 ··-·'"audit"·in·ansible_facts.packages'4048 ··-·'"audit"·in·ansible_facts.packages'
 4049 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4050 ··-·audit_arch·==·"b64"4050 ··-·audit_arch·==·"b64"
4051 ··tags:4051 ··tags:
4052 ··-·CJIS-5.4.1.14052 ··-·CJIS-5.4.1.1
4053 ··-·DISA-STIG-OL07-00-0304104053 ··-·DISA-STIG-OL07-00-030410
4054 ··-·NIST-800-171-3.1.74054 ··-·NIST-800-171-3.1.7
4055 ··-·NIST-800-53-AU-12(c)4055 ··-·NIST-800-53-AU-12(c)
4056 ··-·NIST-800-53-AU-2(d)4056 ··-·NIST-800-53-AU-2(d)
Offset 4060, 15 lines modifiedOffset 4060, 15 lines modified
4060 ··-·low_complexity4060 ··-·low_complexity
4061 ··-·low_disruption4061 ··-·low_disruption
4062 ··-·medium_severity4062 ··-·medium_severity
4063 ··-·reboot_required4063 ··-·reboot_required
4064 ··-·restrict_strategy4064 ··-·restrict_strategy
4065 Remediation_Shell_script_⇲4065 Remediation_Shell_script_⇲
4066 #·Remediation·is·applicable·only·in·certain·platforms4066 #·Remediation·is·applicable·only·in·certain·platforms
4067 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then4067 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
4068 #·First·perform·the·remediation·of·the·syscall·rule4068 #·First·perform·the·remediation·of·the·syscall·rule
4069 #·Retrieve·hardware·architecture·of·the·underlying·system4069 #·Retrieve·hardware·architecture·of·the·underlying·system
4070 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4070 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4071 for·ARCH·in·"${RULE_ARCHS[@]}"4071 for·ARCH·in·"${RULE_ARCHS[@]}"
4072 do4072 do
Offset 4429, 16 lines modifiedOffset 4429, 16 lines modified
4429 ··-·reboot_required4429 ··-·reboot_required
4430 ··-·restrict_strategy4430 ··-·restrict_strategy
  
4431 -·name:·Set·architecture·for·audit·chown·tasks4431 -·name:·Set·architecture·for·audit·chown·tasks
4432 ··set_fact:4432 ··set_fact:
4433 ····audit_arch:·b644433 ····audit_arch:·b64
4434 ··when:4434 ··when:
4435 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4436 ··-·'"audit"·in·ansible_facts.packages'4435 ··-·'"audit"·in·ansible_facts.packages'
 4436 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4437 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4437 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4438 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4438 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4439 ··tags:4439 ··tags:
4440 ··-·CJIS-5.4.1.14440 ··-·CJIS-5.4.1.1
4441 ··-·DISA-STIG-OL07-00-0303704441 ··-·DISA-STIG-OL07-00-030370
4442 ··-·NIST-800-171-3.1.74442 ··-·NIST-800-171-3.1.7
4443 ··-·NIST-800-53-AU-12(c)4443 ··-·NIST-800-53-AU-12(c)
Offset 4577, 16 lines modifiedOffset 4577, 16 lines modified
4577 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004577 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4578 ········-F·auid!=unset·-F·key=perm_mod4578 ········-F·auid!=unset·-F·key=perm_mod
4579 ······create:·true4579 ······create:·true
4580 ······mode:·o-rwx4580 ······mode:·o-rwx
4581 ······state:·present4581 ······state:·present
4582 ····when:·syscalls_found·|·length·==·04582 ····when:·syscalls_found·|·length·==·0
4583 ··when:4583 ··when:
4584 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4585 ··-·'"audit"·in·ansible_facts.packages'4584 ··-·'"audit"·in·ansible_facts.packages'
 4585 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4586 ··tags:4586 ··tags:
4587 ··-·CJIS-5.4.1.14587 ··-·CJIS-5.4.1.1
4588 ··-·DISA-STIG-OL07-00-0303704588 ··-·DISA-STIG-OL07-00-030370
4589 ··-·NIST-800-171-3.1.74589 ··-·NIST-800-171-3.1.7
4590 ··-·NIST-800-53-AU-12(c)4590 ··-·NIST-800-53-AU-12(c)
4591 ··-·NIST-800-53-AU-2(d)4591 ··-·NIST-800-53-AU-2(d)
4592 ··-·NIST-800-53-CM-6(a)4592 ··-·NIST-800-53-CM-6(a)
Offset 4723, 16 lines modifiedOffset 4723, 16 lines modified
4723 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004723 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4724 ········-F·auid!=unset·-F·key=perm_mod4724 ········-F·auid!=unset·-F·key=perm_mod
4725 ······create:·true4725 ······create:·true
4726 ······mode:·o-rwx4726 ······mode:·o-rwx
4727 ······state:·present4727 ······state:·present
4728 ····when:·syscalls_found·|·length·==·04728 ····when:·syscalls_found·|·length·==·0
4729 ··when:4729 ··when:
4730 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4731 ··-·'"audit"·in·ansible_facts.packages'4730 ··-·'"audit"·in·ansible_facts.packages'
 4731 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4732 ··-·audit_arch·==·"b64"4732 ··-·audit_arch·==·"b64"
4733 ··tags:4733 ··tags:
4734 ··-·CJIS-5.4.1.14734 ··-·CJIS-5.4.1.1
4735 ··-·DISA-STIG-OL07-00-0303704735 ··-·DISA-STIG-OL07-00-030370
4736 ··-·NIST-800-171-3.1.74736 ··-·NIST-800-171-3.1.7
4737 ··-·NIST-800-53-AU-12(c)4737 ··-·NIST-800-53-AU-12(c)
4738 ··-·NIST-800-53-AU-2(d)4738 ··-·NIST-800-53-AU-2(d)
Offset 4742, 15 lines modifiedOffset 4742, 15 lines modified
4742 ··-·low_complexity4742 ··-·low_complexity
4743 ··-·low_disruption4743 ··-·low_disruption
4744 ··-·medium_severity4744 ··-·medium_severity
Max diff block lines reached; 127963/132597 bytes (96.51%) of diff not shown.
5.17 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-cui.html
    
Offset 46153, 23 lines modifiedOffset 46153, 23 lines modified
000b4480:·660a·2020·2020·7265·6765·7870·3a20·5e5c··f.····regexp:·^\000b4480:·660a·2020·2020·7265·6765·7870·3a20·5e5c··f.····regexp:·^\
000b4490:·732a·666c·7573·685c·732a·3d5c·732a·2e2a··s*flush\s*=\s*.*000b4490:·732a·666c·7573·685c·732a·3d5c·732a·2e2a··s*flush\s*=\s*.*
000b44a0:·240a·2020·2020·6c69·6e65·3a20·666c·7573··$.····line:·flus000b44a0:·240a·2020·2020·6c69·6e65·3a20·666c·7573··$.····line:·flus
000b44b0:·6820·3d20·7b7b·2076·6172·5f61·7564·6974··h·=·{{·var_audit000b44b0:·6820·3d20·7b7b·2076·6172·5f61·7564·6974··h·=·{{·var_audit
000b44c0:·645f·666c·7573·6820·7d7d·0a20·2020·2073··d_flush·}}.····s000b44c0:·645f·666c·7573·6820·7d7d·0a20·2020·2073··d_flush·}}.····s
000b44d0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000b44d0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000b44e0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000b44e0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000b44f0:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib000b44f0:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
000b4500:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000b4510:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000b4520:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000b4530:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000b4540:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
000b4550:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
000b4560:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000b4570:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:000b4500:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000b4510:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000b4520:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000b4530:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000b4540:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000b4550:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000b4560:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000b4570:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
000b4580:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000b4580:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000b4590:·312d·332e·332e·310a·2020·2d20·4e49·5354··1-3.3.1.··-·NIST000b4590:·312d·332e·332e·310a·2020·2d20·4e49·5354··1-3.3.1.··-·NIST
000b45a0:·2d38·3030·2d35·332d·4155·2d31·310a·2020··-800-53-AU-11.··000b45a0:·2d38·3030·2d35·332d·4155·2d31·310a·2020··-800-53-AU-11.··
000b45b0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM000b45b0:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
000b45c0:·2d36·2861·290a·2020·2d20·6175·6469·7464··-6(a).··-·auditd000b45c0:·2d36·2861·290a·2020·2d20·6175·6469·7464··-6(a).··-·auditd
000b45d0:·5f64·6174·615f·7265·7465·6e74·696f·6e5f··_data_retention_000b45d0:·5f64·6174·615f·7265·7465·6e74·696f·6e5f··_data_retention_
000b45e0:·666c·7573·680a·2020·2d20·6c6f·775f·636f··flush.··-·low_co000b45e0:·666c·7573·680a·2020·2d20·6c6f·775f·636f··flush.··-·low_co
Offset 46195, 21 lines modifiedOffset 46195, 21 lines modified
000b4720:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa000b4720:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
000b4730:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col000b4730:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
000b4740:·6c61·7073·6522·2069·643d·2269·646d·3334··lapse"·id="idm34000b4740:·6c61·7073·6522·2069·643d·2269·646d·3334··lapse"·id="idm34
000b4750:·3132·3322·3e3c·7072·653e·3c63·6f64·653e··123"><pre><code>000b4750:·3132·3322·3e3c·7072·653e·3c63·6f64·653e··123"><pre><code>
000b4760:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is000b4760:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
000b4770:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only000b4770:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
000b4780:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat000b4780:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
000b4790:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·000b4790:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
000b47a0:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a000b47a0:·7569·6574·202d·7120·6175·6469·7420·2661··uiet·-q·audit·&a
000b47b0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000b47b0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
 000b47c0:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
 000b47d0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000b47c0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000b47e0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
000b47d0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;· 
000b47e0:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a 
000b47f0:·7564·6974·3b20·7468·656e·0a0a·7661·725f··udit;·then..var_000b47f0:·6e76·205d·3b20·7468·656e·0a0a·7661·725f··nv·];·then..var_
000b4800:·6175·6469·7464·5f66·6c75·7368·3d27·3c61··auditd_flush='<a000b4800:·6175·6469·7464·5f66·6c75·7368·3d27·3c61··auditd_flush='<a
000b4810:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·000b4810:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·
000b4820:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v000b4820:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v
000b4830:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.000b4830:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.
000b4840:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte000b4840:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
000b4850:·6e74·5f76·616c·7565·5f76·6172·5f61·7564··nt_value_var_aud000b4850:·6e74·5f76·616c·7565·5f76·6172·5f61·7564··nt_value_var_aud
000b4860:·6974·645f·666c·7573·6822·3e69·6e63·7265··itd_flush">incre000b4860:·6974·645f·666c·7573·6822·3e69·6e63·7265··itd_flush">incre
1.04 KB
html2text {}
    
Offset 6008, 29 lines modifiedOffset 6008, 29 lines modified
6008 ··lineinfile:6008 ··lineinfile:
6009 ····dest:·/etc/audit/auditd.conf6009 ····dest:·/etc/audit/auditd.conf
6010 ····regexp:·^\s*flush\s*=\s*.*$6010 ····regexp:·^\s*flush\s*=\s*.*$
6011 ····line:·flush·=·{{·var_auditd_flush·}}6011 ····line:·flush·=·{{·var_auditd_flush·}}
6012 ····state:·present6012 ····state:·present
6013 ····create:·true6013 ····create:·true
6014 ··when:6014 ··when:
6015 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6016 ··-·'"audit"·in·ansible_facts.packages'6015 ··-·'"audit"·in·ansible_facts.packages'
 6016 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6017 ··tags:6017 ··tags:
6018 ··-·NIST-800-171-3.3.16018 ··-·NIST-800-171-3.3.1
6019 ··-·NIST-800-53-AU-116019 ··-·NIST-800-53-AU-11
6020 ··-·NIST-800-53-CM-6(a)6020 ··-·NIST-800-53-CM-6(a)
6021 ··-·auditd_data_retention_flush6021 ··-·auditd_data_retention_flush
6022 ··-·low_complexity6022 ··-·low_complexity
6023 ··-·low_disruption6023 ··-·low_disruption
6024 ··-·medium_severity6024 ··-·medium_severity
6025 ··-·no_reboot_needed6025 ··-·no_reboot_needed
6026 ··-·restrict_strategy6026 ··-·restrict_strategy
6027 Remediation_Shell_script_⇲6027 Remediation_Shell_script_⇲
6028 #·Remediation·is·applicable·only·in·certain·platforms6028 #·Remediation·is·applicable·only·in·certain·platforms
6029 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6029 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6030 var_auditd_flush='incremental_async'6030 var_auditd_flush='incremental_async'
  
  
6031 AUDITCONFIG=/etc/audit/auditd.conf6031 AUDITCONFIG=/etc/audit/auditd.conf
  
6032 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush6032 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
361 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-e8.html
    
Offset 26752, 23 lines modifiedOffset 26752, 23 lines modified
000687f0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict000687f0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
00068800:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam00068800:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
00068810:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect00068810:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
00068820:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch00068820:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
00068830:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_00068830:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
00068840:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_00068840:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
00068850:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when00068850:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
00068860:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
00068870:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
00068880:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
00068890:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000688a0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000688b0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000688c0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000688d0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag00068860:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 00068870:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00068880:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 00068890:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000688a0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000688b0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000688c0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000688d0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000688e0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000688e0:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_
000688f0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·000688f0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
00068900:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans00068900:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
00068910:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur00068910:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
00068920:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·00068920:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
00068930:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec00068930:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
00068940:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc00068940:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
00068950:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible00068950:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 27075, 23 lines modifiedOffset 27075, 23 lines modified
00069c20:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····00069c20:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
00069c30:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·00069c30:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
00069c40:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx00069c40:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
00069c50:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr00069c50:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
00069c60:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·00069c60:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
00069c70:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|00069c70:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
00069c80:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w00069c80:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
00069c90:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible00069c90:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
00069ca0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
00069cb0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
00069cc0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
00069cd0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
00069ce0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
00069cf0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
00069d00:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac00069ca0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 00069cb0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 00069cc0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 00069cd0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 00069ce0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 00069cf0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 00069d00:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00069d10:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·00069d10:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00069d20:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.00069d20:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
00069d30:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL00069d30:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL
00069d40:·3037·2d30·302d·3033·3034·3130·0a20·202d··07-00-030410.··-00069d40:·3037·2d30·302d·3033·3034·3130·0a20·202d··07-00-030410.··-
00069d50:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.00069d50:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
00069d60:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-80000069d60:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
00069d70:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-00069d70:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
00069d80:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-00069d80:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 27387, 22 lines modifiedOffset 27387, 22 lines modified
0006afa0:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea0006afa0:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
0006afb0:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m0006afb0:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
0006afc0:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····0006afc0:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
0006afd0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.0006afd0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
0006afe0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal0006afe0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
0006aff0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt0006aff0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
0006b000:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·0006b000:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
0006b010:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
0006b020:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
0006b030:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
0006b040:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
0006b050:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
0006b060:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a 
0006b070:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
0006b080:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0006b010:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 0006b020:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 0006b030:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
 0006b040:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 0006b050:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 0006b060:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 0006b070:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 0006b080:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
0006b090:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·0006b090:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·
0006b0a0:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:0006b0a0:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:
0006b0b0:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.0006b0b0:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
0006b0c0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-0006b0c0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
0006b0d0:·4f4c·3037·2d30·302d·3033·3034·3130·0a20··OL07-00-030410.·0006b0d0:·4f4c·3037·2d30·302d·3033·3034·3130·0a20··OL07-00-030410.·
0006b0e0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0006b0e0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0006b0f0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-80006b0f0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
Offset 27436, 21 lines modifiedOffset 27436, 21 lines modified
0006b2b0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla0006b2b0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0006b2c0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap0006b2c0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0006b2d0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=0006b2d0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0006b2e0:·2269·646d·3231·3535·3222·3e3c·7072·653e··"idm21552"><pre>0006b2e0:·2269·646d·3231·3535·3222·3e3c·7072·653e··"idm21552"><pre>
0006b2f0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat0006b2f0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
0006b300:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl0006b300:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
0006b310:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai0006b310:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
0006b320:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[0006b320:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
 0006b330:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au
 0006b340:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[
0006b330:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren0006b350:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
0006b340:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[0006b360:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
0006b350:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont0006b370:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
0006b360:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;0006b380:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then
0006b370:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
0006b380:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then 
0006b390:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor0006b390:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor
0006b3a0:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio0006b3a0:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio
0006b3b0:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall0006b3b0:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall
0006b3c0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve0006b3c0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve
0006b3d0:·2068·6172·6477·6172·6520·6172·6368·6974···hardware·archit0006b3d0:·2068·6172·6477·6172·6520·6172·6368·6974···hardware·archit
0006b3e0:·6563·7475·7265·206f·6620·7468·6520·756e··ecture·of·the·un0006b3e0:·6563·7475·7265·206f·6620·7468·6520·756e··ecture·of·the·un
0006b3f0:·6465·726c·7969·6e67·2073·7973·7465·6d0a··derlying·system.0006b3f0:·6465·726c·7969·6e67·2073·7973·7465·6d0a··derlying·system.
Offset 29249, 22 lines modifiedOffset 29249, 22 lines modified
00072400:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat00072400:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat
00072410:·6567·790a·0a2d·206e·616d·653a·2053·6574··egy..-·name:·Set00072410:·6567·790a·0a2d·206e·616d·653a·2053·6574··egy..-·name:·Set
00072420:·2061·7263·6869·7465·6374·7572·6520·666f···architecture·fo00072420:·2061·7263·6869·7465·6374·7572·6520·666f···architecture·fo
00072430:·7220·6175·6469·7420·6368·6f77·6e20·7461··r·audit·chown·ta00072430:·7220·6175·6469·7420·6368·6f77·6e20·7461··r·audit·chown·ta
00072440:·736b·730a·2020·7365·745f·6661·6374·3a0a··sks.··set_fact:.00072440:·736b·730a·2020·7365·745f·6661·6374·3a0a··sks.··set_fact:.
00072450:·2020·2020·6175·6469·745f·6172·6368·3a20······audit_arch:·00072450:·2020·2020·6175·6469·745f·6172·6368·3a20······audit_arch:·
00072460:·6236·340a·2020·7768·656e·3a0a·2020·2d20··b64.··when:.··-·00072460:·6236·340a·2020·7768·656e·3a0a·2020·2d20··b64.··when:.··-·
00072470:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
00072480:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
00072490:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000724a0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000724b0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai 
Max diff block lines reached; 269409/279613 bytes (96.35%) of diff not shown.
87.5 KB
html2text {}
    
Offset 1472, 16 lines modifiedOffset 1472, 16 lines modified
1472 ··-·reboot_required1472 ··-·reboot_required
1473 ··-·restrict_strategy1473 ··-·restrict_strategy
  
1474 -·name:·Set·architecture·for·audit·chmod·tasks1474 -·name:·Set·architecture·for·audit·chmod·tasks
1475 ··set_fact:1475 ··set_fact:
1476 ····audit_arch:·b641476 ····audit_arch:·b64
1477 ··when:1477 ··when:
1478 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1479 ··-·'"audit"·in·ansible_facts.packages'1478 ··-·'"audit"·in·ansible_facts.packages'
 1479 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1480 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1480 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1481 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1481 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1482 ··tags:1482 ··tags:
1483 ··-·CJIS-5.4.1.11483 ··-·CJIS-5.4.1.1
1484 ··-·DISA-STIG-OL07-00-0304101484 ··-·DISA-STIG-OL07-00-030410
1485 ··-·NIST-800-171-3.1.71485 ··-·NIST-800-171-3.1.7
1486 ··-·NIST-800-53-AU-12(c)1486 ··-·NIST-800-53-AU-12(c)
Offset 1618, 16 lines modifiedOffset 1618, 16 lines modified
1618 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001618 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1619 ········-F·auid!=unset·-F·key=perm_mod1619 ········-F·auid!=unset·-F·key=perm_mod
1620 ······create:·true1620 ······create:·true
1621 ······mode:·o-rwx1621 ······mode:·o-rwx
1622 ······state:·present1622 ······state:·present
1623 ····when:·syscalls_found·|·length·==·01623 ····when:·syscalls_found·|·length·==·0
1624 ··when:1624 ··when:
1625 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1626 ··-·'"audit"·in·ansible_facts.packages'1625 ··-·'"audit"·in·ansible_facts.packages'
 1626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1627 ··tags:1627 ··tags:
1628 ··-·CJIS-5.4.1.11628 ··-·CJIS-5.4.1.1
1629 ··-·DISA-STIG-OL07-00-0304101629 ··-·DISA-STIG-OL07-00-030410
1630 ··-·NIST-800-171-3.1.71630 ··-·NIST-800-171-3.1.7
1631 ··-·NIST-800-53-AU-12(c)1631 ··-·NIST-800-53-AU-12(c)
1632 ··-·NIST-800-53-AU-2(d)1632 ··-·NIST-800-53-AU-2(d)
1633 ··-·NIST-800-53-CM-6(a)1633 ··-·NIST-800-53-CM-6(a)
Offset 1762, 16 lines modifiedOffset 1762, 16 lines modified
1762 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001762 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1763 ········-F·auid!=unset·-F·key=perm_mod1763 ········-F·auid!=unset·-F·key=perm_mod
1764 ······create:·true1764 ······create:·true
1765 ······mode:·o-rwx1765 ······mode:·o-rwx
1766 ······state:·present1766 ······state:·present
1767 ····when:·syscalls_found·|·length·==·01767 ····when:·syscalls_found·|·length·==·0
1768 ··when:1768 ··when:
1769 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1770 ··-·'"audit"·in·ansible_facts.packages'1769 ··-·'"audit"·in·ansible_facts.packages'
 1770 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1771 ··-·audit_arch·==·"b64"1771 ··-·audit_arch·==·"b64"
1772 ··tags:1772 ··tags:
1773 ··-·CJIS-5.4.1.11773 ··-·CJIS-5.4.1.1
1774 ··-·DISA-STIG-OL07-00-0304101774 ··-·DISA-STIG-OL07-00-030410
1775 ··-·NIST-800-171-3.1.71775 ··-·NIST-800-171-3.1.7
1776 ··-·NIST-800-53-AU-12(c)1776 ··-·NIST-800-53-AU-12(c)
1777 ··-·NIST-800-53-AU-2(d)1777 ··-·NIST-800-53-AU-2(d)
Offset 1781, 15 lines modifiedOffset 1781, 15 lines modified
1781 ··-·low_complexity1781 ··-·low_complexity
1782 ··-·low_disruption1782 ··-·low_disruption
1783 ··-·medium_severity1783 ··-·medium_severity
1784 ··-·reboot_required1784 ··-·reboot_required
1785 ··-·restrict_strategy1785 ··-·restrict_strategy
1786 Remediation_Shell_script_⇲1786 Remediation_Shell_script_⇲
1787 #·Remediation·is·applicable·only·in·certain·platforms1787 #·Remediation·is·applicable·only·in·certain·platforms
1788 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1788 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1789 #·First·perform·the·remediation·of·the·syscall·rule1789 #·First·perform·the·remediation·of·the·syscall·rule
1790 #·Retrieve·hardware·architecture·of·the·underlying·system1790 #·Retrieve·hardware·architecture·of·the·underlying·system
1791 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1791 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1792 for·ARCH·in·"${RULE_ARCHS[@]}"1792 for·ARCH·in·"${RULE_ARCHS[@]}"
1793 do1793 do
Offset 2150, 16 lines modifiedOffset 2150, 16 lines modified
2150 ··-·reboot_required2150 ··-·reboot_required
2151 ··-·restrict_strategy2151 ··-·restrict_strategy
  
2152 -·name:·Set·architecture·for·audit·chown·tasks2152 -·name:·Set·architecture·for·audit·chown·tasks
2153 ··set_fact:2153 ··set_fact:
2154 ····audit_arch:·b642154 ····audit_arch:·b64
2155 ··when:2155 ··when:
2156 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2157 ··-·'"audit"·in·ansible_facts.packages'2156 ··-·'"audit"·in·ansible_facts.packages'
 2157 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2158 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2158 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2159 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2159 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2160 ··tags:2160 ··tags:
2161 ··-·CJIS-5.4.1.12161 ··-·CJIS-5.4.1.1
2162 ··-·DISA-STIG-OL07-00-0303702162 ··-·DISA-STIG-OL07-00-030370
2163 ··-·NIST-800-171-3.1.72163 ··-·NIST-800-171-3.1.7
2164 ··-·NIST-800-53-AU-12(c)2164 ··-·NIST-800-53-AU-12(c)
Offset 2298, 16 lines modifiedOffset 2298, 16 lines modified
2298 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002298 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2299 ········-F·auid!=unset·-F·key=perm_mod2299 ········-F·auid!=unset·-F·key=perm_mod
2300 ······create:·true2300 ······create:·true
2301 ······mode:·o-rwx2301 ······mode:·o-rwx
2302 ······state:·present2302 ······state:·present
2303 ····when:·syscalls_found·|·length·==·02303 ····when:·syscalls_found·|·length·==·0
2304 ··when:2304 ··when:
2305 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2306 ··-·'"audit"·in·ansible_facts.packages'2305 ··-·'"audit"·in·ansible_facts.packages'
 2306 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2307 ··tags:2307 ··tags:
2308 ··-·CJIS-5.4.1.12308 ··-·CJIS-5.4.1.1
2309 ··-·DISA-STIG-OL07-00-0303702309 ··-·DISA-STIG-OL07-00-030370
2310 ··-·NIST-800-171-3.1.72310 ··-·NIST-800-171-3.1.7
2311 ··-·NIST-800-53-AU-12(c)2311 ··-·NIST-800-53-AU-12(c)
2312 ··-·NIST-800-53-AU-2(d)2312 ··-·NIST-800-53-AU-2(d)
2313 ··-·NIST-800-53-CM-6(a)2313 ··-·NIST-800-53-CM-6(a)
Offset 2444, 16 lines modifiedOffset 2444, 16 lines modified
2444 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002444 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2445 ········-F·auid!=unset·-F·key=perm_mod2445 ········-F·auid!=unset·-F·key=perm_mod
2446 ······create:·true2446 ······create:·true
2447 ······mode:·o-rwx2447 ······mode:·o-rwx
2448 ······state:·present2448 ······state:·present
2449 ····when:·syscalls_found·|·length·==·02449 ····when:·syscalls_found·|·length·==·0
2450 ··when:2450 ··when:
2451 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2452 ··-·'"audit"·in·ansible_facts.packages'2451 ··-·'"audit"·in·ansible_facts.packages'
 2452 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2453 ··-·audit_arch·==·"b64"2453 ··-·audit_arch·==·"b64"
2454 ··tags:2454 ··tags:
2455 ··-·CJIS-5.4.1.12455 ··-·CJIS-5.4.1.1
2456 ··-·DISA-STIG-OL07-00-0303702456 ··-·DISA-STIG-OL07-00-030370
2457 ··-·NIST-800-171-3.1.72457 ··-·NIST-800-171-3.1.7
2458 ··-·NIST-800-53-AU-12(c)2458 ··-·NIST-800-53-AU-12(c)
2459 ··-·NIST-800-53-AU-2(d)2459 ··-·NIST-800-53-AU-2(d)
Offset 2463, 15 lines modifiedOffset 2463, 15 lines modified
2463 ··-·low_complexity2463 ··-·low_complexity
2464 ··-·low_disruption2464 ··-·low_disruption
2465 ··-·medium_severity2465 ··-·medium_severity
Max diff block lines reached; 84956/89590 bytes (94.83%) of diff not shown.
915 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-hipaa.html
    
Offset 30548, 23 lines modifiedOffset 30548, 23 lines modified
00077530:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest00077530:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
00077540:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-00077540:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
00077550:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi00077550:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
00077560:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi00077560:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
00077570:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··00077570:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
00077580:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au00077580:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
00077590:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··00077590:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
000775a0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl000775a0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
000775b0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000775c0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000775d0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000775e0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000775f0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
00077600:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
00077610:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000775b0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000775c0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000775d0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000775e0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000775f0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 00077600:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 00077610:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
00077620:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi00077620:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi
00077630:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture00077630:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
00077640:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or00077640:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
00077650:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite00077650:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
00077660:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"00077660:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
00077670:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch00077670:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
00077680:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·00077680:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
00077690:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans00077690:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 30871, 23 lines modifiedOffset 30871, 23 lines modified
00078960:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.00078960:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
00078970:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr00078970:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
00078980:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o00078980:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
00078990:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state00078990:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000789a0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000789a0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000789b0:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000789b0:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000789c0:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000789c0:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000789d0:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans000789d0:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
000789e0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000789f0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
00078a00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
00078a10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
00078a20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
00078a30:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
00078a40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00078a50:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag000789e0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 000789f0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00078a00:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 00078a10:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 00078a20:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 00078a30:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 00078a40:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 00078a50:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
00078a60:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.00078a60:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
00078a70:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI00078a70:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
00078a80:·472d·4f4c·3037·2d30·302d·3033·3034·3130··G-OL07-00-03041000078a80:·472d·4f4c·3037·2d30·302d·3033·3034·3130··G-OL07-00-030410
00078a90:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-1700078a90:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
00078aa0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST00078aa0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
00078ab0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)00078ab0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
00078ac0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-5300078ac0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 31183, 23 lines modifiedOffset 31183, 23 lines modified
00079ce0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······00079ce0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
00079cf0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···00079cf0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
00079d00:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·00079d00:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
00079d10:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres00079d10:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
00079d20:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy00079d20:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
00079d30:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l00079d30:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
00079d40:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe00079d40:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
00079d50:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
00079d60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
00079d70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
00079d80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
00079d90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
00079da0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
00079db0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
00079dc0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa00079d50:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 00079d60:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 00079d70:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 00079d80:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 00079d90:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 00079da0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 00079db0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 00079dc0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
00079dd0:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a00079dd0:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a
00079de0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t00079de0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
00079df0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.00079df0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
00079e00:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S00079e00:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
00079e10:·5449·472d·4f4c·3037·2d30·302d·3033·3034··TIG-OL07-00-030400079e10:·5449·472d·4f4c·3037·2d30·302d·3033·3034··TIG-OL07-00-0304
00079e20:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-00079e20:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
00079e30:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI00079e30:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
00079e40:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(00079e40:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 31233, 20 lines modifiedOffset 31233, 20 lines modified
0007a000:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0007a000:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0007a010:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0007a010:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0007a020:·2069·643d·2269·646d·3231·3535·3222·3e3c···id="idm21552"><0007a020:·2069·643d·2269·646d·3231·3535·3222·3e3c···id="idm21552"><
0007a030:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme0007a030:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0007a040:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli0007a040:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0007a050:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce0007a050:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0007a060:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.0007a060:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 0007a070:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 0007a080:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
0007a070:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock0007a090:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
0007a080:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am0007a0a0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
0007a090:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.0007a0b0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
0007a0a0:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&0007a0c0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
0007a0b0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
0007a0c0:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
0007a0d0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe0007a0d0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
0007a0e0:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi0007a0e0:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
0007a0f0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys0007a0f0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
0007a100:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr0007a100:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
0007a110:·6965·7665·2068·6172·6477·6172·6520·6172··ieve·hardware·ar0007a110:·6965·7665·2068·6172·6477·6172·6520·6172··ieve·hardware·ar
0007a120:·6368·6974·6563·7475·7265·206f·6620·7468··chitecture·of·th0007a120:·6368·6974·6563·7475·7265·206f·6620·7468··chitecture·of·th
0007a130:·6520·756e·6465·726c·7969·6e67·2073·7973··e·underlying·sys0007a130:·6520·756e·6465·726c·7969·6e67·2073·7973··e·underlying·sys
Offset 33045, 23 lines modifiedOffset 33045, 23 lines modified
00081140:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s00081140:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
00081150:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:00081150:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
00081160:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur00081160:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
00081170:·6520·666f·7220·6175·6469·7420·6368·6f77··e·for·audit·chow00081170:·6520·666f·7220·6175·6469·7420·6368·6f77··e·for·audit·chow
00081180:·6e20·7461·736b·730a·2020·7365·745f·6661··n·tasks.··set_fa00081180:·6e20·7461·736b·730a·2020·7365·745f·6661··n·tasks.··set_fa
00081190:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar00081190:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000811a0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000811a0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000811b0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000811c0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000811d0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000811e0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000811f0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
Max diff block lines reached; 704213/714555 bytes (98.55%) of diff not shown.
217 KB
html2text {}
    
Offset 1871, 16 lines modifiedOffset 1871, 16 lines modified
1871 ··-·reboot_required1871 ··-·reboot_required
1872 ··-·restrict_strategy1872 ··-·restrict_strategy
  
1873 -·name:·Set·architecture·for·audit·chmod·tasks1873 -·name:·Set·architecture·for·audit·chmod·tasks
1874 ··set_fact:1874 ··set_fact:
1875 ····audit_arch:·b641875 ····audit_arch:·b64
1876 ··when:1876 ··when:
1877 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1878 ··-·'"audit"·in·ansible_facts.packages'1877 ··-·'"audit"·in·ansible_facts.packages'
 1878 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1879 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1879 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1880 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1880 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1881 ··tags:1881 ··tags:
1882 ··-·CJIS-5.4.1.11882 ··-·CJIS-5.4.1.1
1883 ··-·DISA-STIG-OL07-00-0304101883 ··-·DISA-STIG-OL07-00-030410
1884 ··-·NIST-800-171-3.1.71884 ··-·NIST-800-171-3.1.7
1885 ··-·NIST-800-53-AU-12(c)1885 ··-·NIST-800-53-AU-12(c)
Offset 2017, 16 lines modifiedOffset 2017, 16 lines modified
2017 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002017 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2018 ········-F·auid!=unset·-F·key=perm_mod2018 ········-F·auid!=unset·-F·key=perm_mod
2019 ······create:·true2019 ······create:·true
2020 ······mode:·o-rwx2020 ······mode:·o-rwx
2021 ······state:·present2021 ······state:·present
2022 ····when:·syscalls_found·|·length·==·02022 ····when:·syscalls_found·|·length·==·0
2023 ··when:2023 ··when:
2024 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2025 ··-·'"audit"·in·ansible_facts.packages'2024 ··-·'"audit"·in·ansible_facts.packages'
 2025 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2026 ··tags:2026 ··tags:
2027 ··-·CJIS-5.4.1.12027 ··-·CJIS-5.4.1.1
2028 ··-·DISA-STIG-OL07-00-0304102028 ··-·DISA-STIG-OL07-00-030410
2029 ··-·NIST-800-171-3.1.72029 ··-·NIST-800-171-3.1.7
2030 ··-·NIST-800-53-AU-12(c)2030 ··-·NIST-800-53-AU-12(c)
2031 ··-·NIST-800-53-AU-2(d)2031 ··-·NIST-800-53-AU-2(d)
2032 ··-·NIST-800-53-CM-6(a)2032 ··-·NIST-800-53-CM-6(a)
Offset 2161, 16 lines modifiedOffset 2161, 16 lines modified
2161 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002161 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2162 ········-F·auid!=unset·-F·key=perm_mod2162 ········-F·auid!=unset·-F·key=perm_mod
2163 ······create:·true2163 ······create:·true
2164 ······mode:·o-rwx2164 ······mode:·o-rwx
2165 ······state:·present2165 ······state:·present
2166 ····when:·syscalls_found·|·length·==·02166 ····when:·syscalls_found·|·length·==·0
2167 ··when:2167 ··when:
2168 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2169 ··-·'"audit"·in·ansible_facts.packages'2168 ··-·'"audit"·in·ansible_facts.packages'
 2169 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2170 ··-·audit_arch·==·"b64"2170 ··-·audit_arch·==·"b64"
2171 ··tags:2171 ··tags:
2172 ··-·CJIS-5.4.1.12172 ··-·CJIS-5.4.1.1
2173 ··-·DISA-STIG-OL07-00-0304102173 ··-·DISA-STIG-OL07-00-030410
2174 ··-·NIST-800-171-3.1.72174 ··-·NIST-800-171-3.1.7
2175 ··-·NIST-800-53-AU-12(c)2175 ··-·NIST-800-53-AU-12(c)
2176 ··-·NIST-800-53-AU-2(d)2176 ··-·NIST-800-53-AU-2(d)
Offset 2180, 15 lines modifiedOffset 2180, 15 lines modified
2180 ··-·low_complexity2180 ··-·low_complexity
2181 ··-·low_disruption2181 ··-·low_disruption
2182 ··-·medium_severity2182 ··-·medium_severity
2183 ··-·reboot_required2183 ··-·reboot_required
2184 ··-·restrict_strategy2184 ··-·restrict_strategy
2185 Remediation_Shell_script_⇲2185 Remediation_Shell_script_⇲
2186 #·Remediation·is·applicable·only·in·certain·platforms2186 #·Remediation·is·applicable·only·in·certain·platforms
2187 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then2187 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
2188 #·First·perform·the·remediation·of·the·syscall·rule2188 #·First·perform·the·remediation·of·the·syscall·rule
2189 #·Retrieve·hardware·architecture·of·the·underlying·system2189 #·Retrieve·hardware·architecture·of·the·underlying·system
2190 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2190 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2191 for·ARCH·in·"${RULE_ARCHS[@]}"2191 for·ARCH·in·"${RULE_ARCHS[@]}"
2192 do2192 do
Offset 2549, 16 lines modifiedOffset 2549, 16 lines modified
2549 ··-·reboot_required2549 ··-·reboot_required
2550 ··-·restrict_strategy2550 ··-·restrict_strategy
  
2551 -·name:·Set·architecture·for·audit·chown·tasks2551 -·name:·Set·architecture·for·audit·chown·tasks
2552 ··set_fact:2552 ··set_fact:
2553 ····audit_arch:·b642553 ····audit_arch:·b64
2554 ··when:2554 ··when:
2555 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2556 ··-·'"audit"·in·ansible_facts.packages'2555 ··-·'"audit"·in·ansible_facts.packages'
 2556 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2557 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2557 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2558 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2558 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2559 ··tags:2559 ··tags:
2560 ··-·CJIS-5.4.1.12560 ··-·CJIS-5.4.1.1
2561 ··-·DISA-STIG-OL07-00-0303702561 ··-·DISA-STIG-OL07-00-030370
2562 ··-·NIST-800-171-3.1.72562 ··-·NIST-800-171-3.1.7
2563 ··-·NIST-800-53-AU-12(c)2563 ··-·NIST-800-53-AU-12(c)
Offset 2697, 16 lines modifiedOffset 2697, 16 lines modified
2697 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002697 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2698 ········-F·auid!=unset·-F·key=perm_mod2698 ········-F·auid!=unset·-F·key=perm_mod
2699 ······create:·true2699 ······create:·true
2700 ······mode:·o-rwx2700 ······mode:·o-rwx
2701 ······state:·present2701 ······state:·present
2702 ····when:·syscalls_found·|·length·==·02702 ····when:·syscalls_found·|·length·==·0
2703 ··when:2703 ··when:
2704 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2705 ··-·'"audit"·in·ansible_facts.packages'2704 ··-·'"audit"·in·ansible_facts.packages'
 2705 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2706 ··tags:2706 ··tags:
2707 ··-·CJIS-5.4.1.12707 ··-·CJIS-5.4.1.1
2708 ··-·DISA-STIG-OL07-00-0303702708 ··-·DISA-STIG-OL07-00-030370
2709 ··-·NIST-800-171-3.1.72709 ··-·NIST-800-171-3.1.7
2710 ··-·NIST-800-53-AU-12(c)2710 ··-·NIST-800-53-AU-12(c)
2711 ··-·NIST-800-53-AU-2(d)2711 ··-·NIST-800-53-AU-2(d)
2712 ··-·NIST-800-53-CM-6(a)2712 ··-·NIST-800-53-CM-6(a)
Offset 2843, 16 lines modifiedOffset 2843, 16 lines modified
2843 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002843 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2844 ········-F·auid!=unset·-F·key=perm_mod2844 ········-F·auid!=unset·-F·key=perm_mod
2845 ······create:·true2845 ······create:·true
2846 ······mode:·o-rwx2846 ······mode:·o-rwx
2847 ······state:·present2847 ······state:·present
2848 ····when:·syscalls_found·|·length·==·02848 ····when:·syscalls_found·|·length·==·0
2849 ··when:2849 ··when:
2850 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2851 ··-·'"audit"·in·ansible_facts.packages'2850 ··-·'"audit"·in·ansible_facts.packages'
 2851 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2852 ··-·audit_arch·==·"b64"2852 ··-·audit_arch·==·"b64"
2853 ··tags:2853 ··tags:
2854 ··-·CJIS-5.4.1.12854 ··-·CJIS-5.4.1.1
2855 ··-·DISA-STIG-OL07-00-0303702855 ··-·DISA-STIG-OL07-00-030370
2856 ··-·NIST-800-171-3.1.72856 ··-·NIST-800-171-3.1.7
2857 ··-·NIST-800-53-AU-12(c)2857 ··-·NIST-800-53-AU-12(c)
2858 ··-·NIST-800-53-AU-2(d)2858 ··-·NIST-800-53-AU-2(d)
Offset 2862, 15 lines modifiedOffset 2862, 15 lines modified
2862 ··-·low_complexity2862 ··-·low_complexity
2863 ··-·low_disruption2863 ··-·low_disruption
2864 ··-·medium_severity2864 ··-·medium_severity
Max diff block lines reached; 217306/221940 bytes (97.91%) of diff not shown.
975 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-ncp.html
    
Offset 94118, 22 lines modifiedOffset 94118, 22 lines modified
0016fa50:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st0016fa50:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
0016fa60:·7261·7465·6779·0a0a·2d20·6e61·6d65·3a20··rategy..-·name:·0016fa60:·7261·7465·6779·0a0a·2d20·6e61·6d65·3a20··rategy..-·name:·
0016fa70:·5365·7420·6172·6368·6974·6563·7475·7265··Set·architecture0016fa70:·5365·7420·6172·6368·6974·6563·7475·7265··Set·architecture
0016fa80:·2066·6f72·2061·7564·6974·2063·686d·6f64···for·audit·chmod0016fa80:·2066·6f72·2061·7564·6974·2063·686d·6f64···for·audit·chmod
0016fa90:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac0016fa90:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac
0016faa0:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc0016faa0:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc
0016fab0:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·0016fab0:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·
0016fac0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
0016fad0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
0016fae0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
0016faf0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
0016fb00:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
0016fb10:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a 
0016fb20:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
0016fb30:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0016fac0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 0016fad0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 0016fae0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
 0016faf0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 0016fb00:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 0016fb10:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 0016fb20:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 0016fb30:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
0016fb40:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc0016fb40:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc
0016fb50:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa0016fb50:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa
0016fb60:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl0016fb60:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl
0016fb70:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=0016fb70:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
0016fb80:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans0016fb80:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans
0016fb90:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur0016fb90:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
0016fba0:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l0016fba0:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l
Offset 94441, 23 lines modifiedOffset 94441, 23 lines modified
00170e80:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c00170e80:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c
00170e90:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····00170e90:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
00170ea0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··00170ea0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
00170eb0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese00170eb0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
00170ec0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys00170ec0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
00170ed0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le00170ed0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
00170ee0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when00170ee0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00170ef0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
00170f00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
00170f10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
00170f20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
00170f30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
00170f40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
00170f50:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
00170f60:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag00170ef0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 00170f00:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00170f10:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 00170f20:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 00170f30:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 00170f40:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 00170f50:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 00170f60:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00170f70:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·00170f70:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
00170f80:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-00170f80:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
00170f90:·2044·4953·412d·5354·4947·2d4f·4c30·372d···DISA-STIG-OL07-00170f90:·2044·4953·412d·5354·4947·2d4f·4c30·372d···DISA-STIG-OL07-
00170fa0:·3030·2d30·3330·3431·300a·2020·2d20·4e49··00-030410.··-·NI00170fa0:·3030·2d30·3330·3431·300a·2020·2d20·4e49··00-030410.··-·NI
00170fb0:·5354·2d38·3030·2d31·3731·2d33·2e31·2e37··ST-800-171-3.1.700170fb0:·5354·2d38·3030·2d31·3731·2d33·2e31·2e37··ST-800-171-3.1.7
00170fc0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-5300170fc0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
00170fd0:·2d41·552d·3132·2863·290a·2020·2d20·4e49··-AU-12(c).··-·NI00170fd0:·2d41·552d·3132·2863·290a·2020·2d20·4e49··-AU-12(c).··-·NI
00170fe0:·5354·2d38·3030·2d35·332d·4155·2d32·2864··ST-800-53-AU-2(d00170fe0:·5354·2d38·3030·2d35·332d·4155·2d32·2864··ST-800-53-AU-2(d
Offset 94753, 22 lines modifiedOffset 94753, 22 lines modified
00172200:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:00172200:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
00172210:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode00172210:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
00172220:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st00172220:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
00172230:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···00172230:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
00172240:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_00172240:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
00172250:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=00172250:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
00172260:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·00172260:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
00172270:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
00172280:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
00172290:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
001722a0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
001722b0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai 
001722c0:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi 
001722d0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
001722e0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··00172270:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00172280:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 00172290:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
 001722a0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 001722b0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 001722c0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 001722d0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 001722e0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
001722f0:·2d20·6175·6469·745f·6172·6368·203d·3d20··-·audit_arch·==·001722f0:·2d20·6175·6469·745f·6172·6368·203d·3d20··-·audit_arch·==·
00172300:·2262·3634·220a·2020·7461·6773·3a0a·2020··"b64".··tags:.··00172300:·2262·3634·220a·2020·7461·6773·3a0a·2020··"b64".··tags:.··
00172310:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·00172310:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
00172320:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL000172320:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL0
00172330:·372d·3030·2d30·3330·3431·300a·2020·2d20··7-00-030410.··-·00172330:·372d·3030·2d30·3330·3431·300a·2020·2d20··7-00-030410.··-·
00172340:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.100172340:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
00172350:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-00172350:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
Offset 94802, 21 lines modifiedOffset 94802, 21 lines modified
00172510:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=00172510:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
00172520:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·00172520:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
00172530:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id00172530:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
00172540:·6d32·3135·3532·223e·3c70·7265·3e3c·636f··m21552"><pre><co00172540:·6d32·3135·3532·223e·3c70·7265·3e3c·636f··m21552"><pre><co
00172550:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation00172550:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
00172560:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o00172560:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
00172570:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p00172570:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
00172580:·6c61·7466·6f72·6d73·0a69·6620·5b20·2120··latforms.if·[·!·00172580:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
00172590:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]00172590:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
001725a0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·001725a0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 001725b0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
 001725c0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
001725b0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain001725d0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
 001725e0:·6572·656e·7620·5d3b·2074·6865·6e0a·0a23··erenv·];·then..#
001725c0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am 
001725d0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·- 
001725e0:·7120·6175·6469·743b·2074·6865·6e0a·0a23··q·audit;·then..# 
001725f0:·2046·6972·7374·2070·6572·666f·726d·2074···First·perform·t001725f0:·2046·6972·7374·2070·6572·666f·726d·2074···First·perform·t
00172600:·6865·2072·656d·6564·6961·7469·6f6e·206f··he·remediation·o00172600:·6865·2072·656d·6564·6961·7469·6f6e·206f··he·remediation·o
00172610:·6620·7468·6520·7379·7363·616c·6c20·7275··f·the·syscall·ru00172610:·6620·7468·6520·7379·7363·616c·6c20·7275··f·the·syscall·ru
00172620:·6c65·0a23·2052·6574·7269·6576·6520·6861··le.#·Retrieve·ha00172620:·6c65·0a23·2052·6574·7269·6576·6520·6861··le.#·Retrieve·ha
00172630:·7264·7761·7265·2061·7263·6869·7465·6374··rdware·architect00172630:·7264·7761·7265·2061·7263·6869·7465·6374··rdware·architect
00172640:·7572·6520·6f66·2074·6865·2075·6e64·6572··ure·of·the·under00172640:·7572·6520·6f66·2074·6865·2075·6e64·6572··ure·of·the·under
00172650:·6c79·696e·6720·7379·7374·656d·0a5b·2022··lying·system.[·"00172650:·6c79·696e·6720·7379·7374·656d·0a5b·2022··lying·system.[·"
Offset 96614, 23 lines modifiedOffset 96614, 23 lines modified
00179650:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r00179650:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
00179660:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy00179660:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
00179670:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar00179670:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
00179680:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a00179680:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
00179690:·7564·6974·2063·686f·776e·2074·6173·6b73··udit·chown·tasks00179690:·7564·6974·2063·686f·776e·2074·6173·6b73··udit·chown·tasks
001796a0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···001796a0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
001796b0:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64001796b0:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
001796c0:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans001796c0:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
001796d0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
001796e0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
001796f0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
Max diff block lines reached; 749839/759974 bytes (98.67%) of diff not shown.
233 KB
html2text {}
    
Offset 14689, 16 lines modifiedOffset 14689, 16 lines modified
14689 ··-·reboot_required14689 ··-·reboot_required
14690 ··-·restrict_strategy14690 ··-·restrict_strategy
  
14691 -·name:·Set·architecture·for·audit·chmod·tasks14691 -·name:·Set·architecture·for·audit·chmod·tasks
14692 ··set_fact:14692 ··set_fact:
14693 ····audit_arch:·b6414693 ····audit_arch:·b64
14694 ··when:14694 ··when:
14695 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14696 ··-·'"audit"·in·ansible_facts.packages'14695 ··-·'"audit"·in·ansible_facts.packages'
 14696 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14697 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14697 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14698 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14698 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14699 ··tags:14699 ··tags:
14700 ··-·CJIS-5.4.1.114700 ··-·CJIS-5.4.1.1
14701 ··-·DISA-STIG-OL07-00-03041014701 ··-·DISA-STIG-OL07-00-030410
14702 ··-·NIST-800-171-3.1.714702 ··-·NIST-800-171-3.1.7
14703 ··-·NIST-800-53-AU-12(c)14703 ··-·NIST-800-53-AU-12(c)
Offset 14835, 16 lines modifiedOffset 14835, 16 lines modified
14835 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014835 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14836 ········-F·auid!=unset·-F·key=perm_mod14836 ········-F·auid!=unset·-F·key=perm_mod
14837 ······create:·true14837 ······create:·true
14838 ······mode:·o-rwx14838 ······mode:·o-rwx
14839 ······state:·present14839 ······state:·present
14840 ····when:·syscalls_found·|·length·==·014840 ····when:·syscalls_found·|·length·==·0
14841 ··when:14841 ··when:
14842 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14843 ··-·'"audit"·in·ansible_facts.packages'14842 ··-·'"audit"·in·ansible_facts.packages'
 14843 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14844 ··tags:14844 ··tags:
14845 ··-·CJIS-5.4.1.114845 ··-·CJIS-5.4.1.1
14846 ··-·DISA-STIG-OL07-00-03041014846 ··-·DISA-STIG-OL07-00-030410
14847 ··-·NIST-800-171-3.1.714847 ··-·NIST-800-171-3.1.7
14848 ··-·NIST-800-53-AU-12(c)14848 ··-·NIST-800-53-AU-12(c)
14849 ··-·NIST-800-53-AU-2(d)14849 ··-·NIST-800-53-AU-2(d)
14850 ··-·NIST-800-53-CM-6(a)14850 ··-·NIST-800-53-CM-6(a)
Offset 14979, 16 lines modifiedOffset 14979, 16 lines modified
14979 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014979 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14980 ········-F·auid!=unset·-F·key=perm_mod14980 ········-F·auid!=unset·-F·key=perm_mod
14981 ······create:·true14981 ······create:·true
14982 ······mode:·o-rwx14982 ······mode:·o-rwx
14983 ······state:·present14983 ······state:·present
14984 ····when:·syscalls_found·|·length·==·014984 ····when:·syscalls_found·|·length·==·0
14985 ··when:14985 ··when:
14986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14987 ··-·'"audit"·in·ansible_facts.packages'14986 ··-·'"audit"·in·ansible_facts.packages'
 14987 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14988 ··-·audit_arch·==·"b64"14988 ··-·audit_arch·==·"b64"
14989 ··tags:14989 ··tags:
14990 ··-·CJIS-5.4.1.114990 ··-·CJIS-5.4.1.1
14991 ··-·DISA-STIG-OL07-00-03041014991 ··-·DISA-STIG-OL07-00-030410
14992 ··-·NIST-800-171-3.1.714992 ··-·NIST-800-171-3.1.7
14993 ··-·NIST-800-53-AU-12(c)14993 ··-·NIST-800-53-AU-12(c)
14994 ··-·NIST-800-53-AU-2(d)14994 ··-·NIST-800-53-AU-2(d)
Offset 14998, 15 lines modifiedOffset 14998, 15 lines modified
14998 ··-·low_complexity14998 ··-·low_complexity
14999 ··-·low_disruption14999 ··-·low_disruption
15000 ··-·medium_severity15000 ··-·medium_severity
15001 ··-·reboot_required15001 ··-·reboot_required
15002 ··-·restrict_strategy15002 ··-·restrict_strategy
15003 Remediation_Shell_script_⇲15003 Remediation_Shell_script_⇲
15004 #·Remediation·is·applicable·only·in·certain·platforms15004 #·Remediation·is·applicable·only·in·certain·platforms
15005 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then15005 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
15006 #·First·perform·the·remediation·of·the·syscall·rule15006 #·First·perform·the·remediation·of·the·syscall·rule
15007 #·Retrieve·hardware·architecture·of·the·underlying·system15007 #·Retrieve·hardware·architecture·of·the·underlying·system
15008 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")15008 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
15009 for·ARCH·in·"${RULE_ARCHS[@]}"15009 for·ARCH·in·"${RULE_ARCHS[@]}"
15010 do15010 do
Offset 15367, 16 lines modifiedOffset 15367, 16 lines modified
15367 ··-·reboot_required15367 ··-·reboot_required
15368 ··-·restrict_strategy15368 ··-·restrict_strategy
  
15369 -·name:·Set·architecture·for·audit·chown·tasks15369 -·name:·Set·architecture·for·audit·chown·tasks
15370 ··set_fact:15370 ··set_fact:
15371 ····audit_arch:·b6415371 ····audit_arch:·b64
15372 ··when:15372 ··when:
15373 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15374 ··-·'"audit"·in·ansible_facts.packages'15373 ··-·'"audit"·in·ansible_facts.packages'
 15374 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15375 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture15375 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
15376 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"15376 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
15377 ··tags:15377 ··tags:
15378 ··-·CJIS-5.4.1.115378 ··-·CJIS-5.4.1.1
15379 ··-·DISA-STIG-OL07-00-03037015379 ··-·DISA-STIG-OL07-00-030370
15380 ··-·NIST-800-171-3.1.715380 ··-·NIST-800-171-3.1.7
15381 ··-·NIST-800-53-AU-12(c)15381 ··-·NIST-800-53-AU-12(c)
Offset 15515, 16 lines modifiedOffset 15515, 16 lines modified
15515 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015515 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15516 ········-F·auid!=unset·-F·key=perm_mod15516 ········-F·auid!=unset·-F·key=perm_mod
15517 ······create:·true15517 ······create:·true
15518 ······mode:·o-rwx15518 ······mode:·o-rwx
15519 ······state:·present15519 ······state:·present
15520 ····when:·syscalls_found·|·length·==·015520 ····when:·syscalls_found·|·length·==·0
15521 ··when:15521 ··when:
15522 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15523 ··-·'"audit"·in·ansible_facts.packages'15522 ··-·'"audit"·in·ansible_facts.packages'
 15523 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15524 ··tags:15524 ··tags:
15525 ··-·CJIS-5.4.1.115525 ··-·CJIS-5.4.1.1
15526 ··-·DISA-STIG-OL07-00-03037015526 ··-·DISA-STIG-OL07-00-030370
15527 ··-·NIST-800-171-3.1.715527 ··-·NIST-800-171-3.1.7
15528 ··-·NIST-800-53-AU-12(c)15528 ··-·NIST-800-53-AU-12(c)
15529 ··-·NIST-800-53-AU-2(d)15529 ··-·NIST-800-53-AU-2(d)
15530 ··-·NIST-800-53-CM-6(a)15530 ··-·NIST-800-53-CM-6(a)
Offset 15661, 16 lines modifiedOffset 15661, 16 lines modified
15661 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015661 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15662 ········-F·auid!=unset·-F·key=perm_mod15662 ········-F·auid!=unset·-F·key=perm_mod
15663 ······create:·true15663 ······create:·true
15664 ······mode:·o-rwx15664 ······mode:·o-rwx
15665 ······state:·present15665 ······state:·present
15666 ····when:·syscalls_found·|·length·==·015666 ····when:·syscalls_found·|·length·==·0
15667 ··when:15667 ··when:
15668 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15669 ··-·'"audit"·in·ansible_facts.packages'15668 ··-·'"audit"·in·ansible_facts.packages'
 15669 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15670 ··-·audit_arch·==·"b64"15670 ··-·audit_arch·==·"b64"
15671 ··tags:15671 ··tags:
15672 ··-·CJIS-5.4.1.115672 ··-·CJIS-5.4.1.1
15673 ··-·DISA-STIG-OL07-00-03037015673 ··-·DISA-STIG-OL07-00-030370
15674 ··-·NIST-800-171-3.1.715674 ··-·NIST-800-171-3.1.7
15675 ··-·NIST-800-53-AU-12(c)15675 ··-·NIST-800-53-AU-12(c)
15676 ··-·NIST-800-53-AU-2(d)15676 ··-·NIST-800-53-AU-2(d)
Offset 15680, 15 lines modifiedOffset 15680, 15 lines modified
15680 ··-·low_complexity15680 ··-·low_complexity
15681 ··-·low_disruption15681 ··-·low_disruption
15682 ··-·medium_severity15682 ··-·medium_severity
Max diff block lines reached; 233867/238517 bytes (98.05%) of diff not shown.
5.17 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-ospp.html
    
Offset 46128, 23 lines modifiedOffset 46128, 23 lines modified
000b42f0:·660a·2020·2020·7265·6765·7870·3a20·5e5c··f.····regexp:·^\000b42f0:·660a·2020·2020·7265·6765·7870·3a20·5e5c··f.····regexp:·^\
000b4300:·732a·666c·7573·685c·732a·3d5c·732a·2e2a··s*flush\s*=\s*.*000b4300:·732a·666c·7573·685c·732a·3d5c·732a·2e2a··s*flush\s*=\s*.*
000b4310:·240a·2020·2020·6c69·6e65·3a20·666c·7573··$.····line:·flus000b4310:·240a·2020·2020·6c69·6e65·3a20·666c·7573··$.····line:·flus
000b4320:·6820·3d20·7b7b·2076·6172·5f61·7564·6974··h·=·{{·var_audit000b4320:·6820·3d20·7b7b·2076·6172·5f61·7564·6974··h·=·{{·var_audit
000b4330:·645f·666c·7573·6820·7d7d·0a20·2020·2073··d_flush·}}.····s000b4330:·645f·666c·7573·6820·7d7d·0a20·2020·2073··d_flush·}}.····s
000b4340:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000b4340:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000b4350:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000b4350:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000b4360:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib000b4360:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
000b4370:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000b4380:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000b4390:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000b43a0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000b43b0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
000b43c0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
000b43d0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000b43e0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:000b4370:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000b4380:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000b4390:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000b43a0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000b43b0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000b43c0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000b43d0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000b43e0:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
000b43f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000b43f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000b4400:·312d·332e·332e·310a·2020·2d20·4e49·5354··1-3.3.1.··-·NIST000b4400:·312d·332e·332e·310a·2020·2d20·4e49·5354··1-3.3.1.··-·NIST
000b4410:·2d38·3030·2d35·332d·4155·2d31·310a·2020··-800-53-AU-11.··000b4410:·2d38·3030·2d35·332d·4155·2d31·310a·2020··-800-53-AU-11.··
000b4420:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM000b4420:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
000b4430:·2d36·2861·290a·2020·2d20·6175·6469·7464··-6(a).··-·auditd000b4430:·2d36·2861·290a·2020·2d20·6175·6469·7464··-6(a).··-·auditd
000b4440:·5f64·6174·615f·7265·7465·6e74·696f·6e5f··_data_retention_000b4440:·5f64·6174·615f·7265·7465·6e74·696f·6e5f··_data_retention_
000b4450:·666c·7573·680a·2020·2d20·6c6f·775f·636f··flush.··-·low_co000b4450:·666c·7573·680a·2020·2d20·6c6f·775f·636f··flush.··-·low_co
Offset 46170, 21 lines modifiedOffset 46170, 21 lines modified
000b4590:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa000b4590:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
000b45a0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col000b45a0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
000b45b0:·6c61·7073·6522·2069·643d·2269·646d·3334··lapse"·id="idm34000b45b0:·6c61·7073·6522·2069·643d·2269·646d·3334··lapse"·id="idm34
000b45c0:·3132·3322·3e3c·7072·653e·3c63·6f64·653e··123"><pre><code>000b45c0:·3132·3322·3e3c·7072·653e·3c63·6f64·653e··123"><pre><code>
000b45d0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is000b45d0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
000b45e0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only000b45e0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
000b45f0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat000b45f0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
000b4600:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·000b4600:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
000b4610:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a000b4610:·7569·6574·202d·7120·6175·6469·7420·2661··uiet·-q·audit·&a
000b4620:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000b4620:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
 000b4630:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
 000b4640:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000b4630:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000b4650:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
000b4640:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;· 
000b4650:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a 
000b4660:·7564·6974·3b20·7468·656e·0a0a·7661·725f··udit;·then..var_000b4660:·6e76·205d·3b20·7468·656e·0a0a·7661·725f··nv·];·then..var_
000b4670:·6175·6469·7464·5f66·6c75·7368·3d27·3c61··auditd_flush='<a000b4670:·6175·6469·7464·5f66·6c75·7368·3d27·3c61··auditd_flush='<a
000b4680:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·000b4680:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·
000b4690:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v000b4690:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v
000b46a0:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.000b46a0:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.
000b46b0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte000b46b0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
000b46c0:·6e74·5f76·616c·7565·5f76·6172·5f61·7564··nt_value_var_aud000b46c0:·6e74·5f76·616c·7565·5f76·6172·5f61·7564··nt_value_var_aud
000b46d0:·6974·645f·666c·7573·6822·3e69·6e63·7265··itd_flush">incre000b46d0:·6974·645f·666c·7573·6822·3e69·6e63·7265··itd_flush">incre
1.04 KB
html2text {}
    
Offset 6001, 29 lines modifiedOffset 6001, 29 lines modified
6001 ··lineinfile:6001 ··lineinfile:
6002 ····dest:·/etc/audit/auditd.conf6002 ····dest:·/etc/audit/auditd.conf
6003 ····regexp:·^\s*flush\s*=\s*.*$6003 ····regexp:·^\s*flush\s*=\s*.*$
6004 ····line:·flush·=·{{·var_auditd_flush·}}6004 ····line:·flush·=·{{·var_auditd_flush·}}
6005 ····state:·present6005 ····state:·present
6006 ····create:·true6006 ····create:·true
6007 ··when:6007 ··when:
6008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6009 ··-·'"audit"·in·ansible_facts.packages'6008 ··-·'"audit"·in·ansible_facts.packages'
 6009 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6010 ··tags:6010 ··tags:
6011 ··-·NIST-800-171-3.3.16011 ··-·NIST-800-171-3.3.1
6012 ··-·NIST-800-53-AU-116012 ··-·NIST-800-53-AU-11
6013 ··-·NIST-800-53-CM-6(a)6013 ··-·NIST-800-53-CM-6(a)
6014 ··-·auditd_data_retention_flush6014 ··-·auditd_data_retention_flush
6015 ··-·low_complexity6015 ··-·low_complexity
6016 ··-·low_disruption6016 ··-·low_disruption
6017 ··-·medium_severity6017 ··-·medium_severity
6018 ··-·no_reboot_needed6018 ··-·no_reboot_needed
6019 ··-·restrict_strategy6019 ··-·restrict_strategy
6020 Remediation_Shell_script_⇲6020 Remediation_Shell_script_⇲
6021 #·Remediation·is·applicable·only·in·certain·platforms6021 #·Remediation·is·applicable·only·in·certain·platforms
6022 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6022 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6023 var_auditd_flush='incremental_async'6023 var_auditd_flush='incremental_async'
  
  
6024 AUDITCONFIG=/etc/audit/auditd.conf6024 AUDITCONFIG=/etc/audit/auditd.conf
  
6025 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush6025 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
539 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-pci-dss.html
    
Offset 48580, 23 lines modifiedOffset 48580, 23 lines modified
000bdc30:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_000bdc30:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
000bdc40:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name000bdc40:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name
000bdc50:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu000bdc50:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu
000bdc60:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm000bdc60:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm
000bdc70:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f000bdc70:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f
000bdc80:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a000bdc80:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a
000bdc90:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:000bdc90:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:
000bdca0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000bdcb0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000bdcc0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000bdcd0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000bdce0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000bdcf0:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
000bdd00:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000bdd10:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000bdca0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000bdcb0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000bdcc0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 000bdcd0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000bdce0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000bdcf0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000bdd00:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000bdd10:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000bdd20:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a000bdd20:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a
000bdd30:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"000bdd30:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
000bdd40:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi000bdd40:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
000bdd50:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000bdd50:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000bdd60:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000bdd60:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000bdd70:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000bdd70:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000bdd80:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000bdd80:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000bdd90:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000bdd90:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 48903, 23 lines modifiedOffset 48903, 23 lines modified
000bf060:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000bf060:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000bf070:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000bf070:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000bf080:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000bf080:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000bf090:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000bf090:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000bf0a0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000bf0a0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000bf0b0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000bf0b0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000bf0c0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000bf0c0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000bf0d0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000bf0e0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000bf0f0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000bf100:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000bf110:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000bf120:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
000bf130:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000bf140:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000bf0d0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000bf0e0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000bf0f0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000bf100:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000bf110:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000bf120:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000bf130:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000bf140:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000bf150:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··000bf150:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000bf160:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·000bf160:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
000bf170:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL0000bf170:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL0
000bf180:·372d·3030·2d30·3330·3431·300a·2020·2d20··7-00-030410.··-·000bf180:·372d·3030·2d30·3330·3431·300a·2020·2d20··7-00-030410.··-·
000bf190:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1000bf190:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
000bf1a0:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-000bf1a0:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
000bf1b0:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·000bf1b0:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
000bf1c0:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2000bf1c0:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2
Offset 49215, 22 lines modifiedOffset 49215, 22 lines modified
000c03e0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat000c03e0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
000c03f0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000c03f0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000c0400:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000c0400:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000c0410:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000c0410:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000c0420:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000c0420:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000c0430:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000c0430:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000c0440:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000c0440:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000c0450:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000c0460:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000c0470:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000c0480:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000c0490:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000c04a0:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000c04b0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000c04c0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000c0450:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000c0460:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000c0470:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000c0480:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000c0490:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000c04a0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000c04b0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000c04c0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000c04d0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=000c04d0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
000c04e0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.000c04e0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
000c04f0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000c04f0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000c0500:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O000c0500:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O
000c0510:·4c30·372d·3030·2d30·3330·3431·300a·2020··L07-00-030410.··000c0510:·4c30·372d·3030·2d30·3330·3431·300a·2020··L07-00-030410.··
000c0520:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000c0520:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
000c0530:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80000c0530:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
Offset 49264, 21 lines modifiedOffset 49264, 21 lines modified
000c06f0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas000c06f0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
000c0700:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps000c0700:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
000c0710:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="000c0710:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
000c0720:·6964·6d32·3135·3532·223e·3c70·7265·3e3c··idm21552"><pre><000c0720:·6964·6d32·3135·3532·223e·3c70·7265·3e3c··idm21552"><pre><
000c0730:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000c0730:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000c0740:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000c0740:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000c0750:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000c0750:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000c0760:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000c0760:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 000c0770:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
 000c0780:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[·
000c0770:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000c0790:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000c0780:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000c07a0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000c0790:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000c07b0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
 000c07c0:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.
000c07a0:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;& 
000c07b0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000c07c0:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then. 
000c07d0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000c07d0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000c07e0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000c07e0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
000c07f0:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·000c07f0:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
000c0800:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·000c0800:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·
000c0810:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite000c0810:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite
000c0820:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und000c0820:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und
000c0830:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[000c0830:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[
Offset 51076, 23 lines modifiedOffset 51076, 23 lines modified
000c7830:·6f6f·745f·7265·7175·6972·6564·0a20·202d··oot_required.··-000c7830:·6f6f·745f·7265·7175·6972·6564·0a20·202d··oot_required.··-
000c7840:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate000c7840:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
000c7850:·6779·0a0a·2d20·6e61·6d65·3a20·5365·7420··gy..-·name:·Set·000c7850:·6779·0a0a·2d20·6e61·6d65·3a20·5365·7420··gy..-·name:·Set·
000c7860:·6172·6368·6974·6563·7475·7265·2066·6f72··architecture·for000c7860:·6172·6368·6974·6563·7475·7265·2066·6f72··architecture·for
000c7870:·2061·7564·6974·2063·686f·776e·2074·6173···audit·chown·tas000c7870:·2061·7564·6974·2063·686f·776e·2074·6173···audit·chown·tas
000c7880:·6b73·0a20·2073·6574·5f66·6163·743a·0a20··ks.··set_fact:.·000c7880:·6b73·0a20·2073·6574·5f66·6163·743a·0a20··ks.··set_fact:.·
000c7890:·2020·2061·7564·6974·5f61·7263·683a·2062·····audit_arch:·b000c7890:·2020·2061·7564·6974·5f61·7263·683a·2062·····audit_arch:·b
000c78a0:·3634·0a20·2077·6865·6e3a·0a20·202d·2061··64.··when:.··-·a000c78a0:·3634·0a20·2077·6865·6e3a·0a20·202d·2027··64.··when:.··-·'
000c78b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000c78c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
Max diff block lines reached; 404751/415093 bytes (97.51%) of diff not shown.
133 KB
html2text {}
    
Offset 6245, 16 lines modifiedOffset 6245, 16 lines modified
6245 ··-·reboot_required6245 ··-·reboot_required
6246 ··-·restrict_strategy6246 ··-·restrict_strategy
  
6247 -·name:·Set·architecture·for·audit·chmod·tasks6247 -·name:·Set·architecture·for·audit·chmod·tasks
6248 ··set_fact:6248 ··set_fact:
6249 ····audit_arch:·b646249 ····audit_arch:·b64
6250 ··when:6250 ··when:
6251 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6252 ··-·'"audit"·in·ansible_facts.packages'6251 ··-·'"audit"·in·ansible_facts.packages'
 6252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6253 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6253 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6254 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6254 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6255 ··tags:6255 ··tags:
6256 ··-·CJIS-5.4.1.16256 ··-·CJIS-5.4.1.1
6257 ··-·DISA-STIG-OL07-00-0304106257 ··-·DISA-STIG-OL07-00-030410
6258 ··-·NIST-800-171-3.1.76258 ··-·NIST-800-171-3.1.7
6259 ··-·NIST-800-53-AU-12(c)6259 ··-·NIST-800-53-AU-12(c)
Offset 6391, 16 lines modifiedOffset 6391, 16 lines modified
6391 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006391 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6392 ········-F·auid!=unset·-F·key=perm_mod6392 ········-F·auid!=unset·-F·key=perm_mod
6393 ······create:·true6393 ······create:·true
6394 ······mode:·o-rwx6394 ······mode:·o-rwx
6395 ······state:·present6395 ······state:·present
6396 ····when:·syscalls_found·|·length·==·06396 ····when:·syscalls_found·|·length·==·0
6397 ··when:6397 ··when:
6398 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6399 ··-·'"audit"·in·ansible_facts.packages'6398 ··-·'"audit"·in·ansible_facts.packages'
 6399 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6400 ··tags:6400 ··tags:
6401 ··-·CJIS-5.4.1.16401 ··-·CJIS-5.4.1.1
6402 ··-·DISA-STIG-OL07-00-0304106402 ··-·DISA-STIG-OL07-00-030410
6403 ··-·NIST-800-171-3.1.76403 ··-·NIST-800-171-3.1.7
6404 ··-·NIST-800-53-AU-12(c)6404 ··-·NIST-800-53-AU-12(c)
6405 ··-·NIST-800-53-AU-2(d)6405 ··-·NIST-800-53-AU-2(d)
6406 ··-·NIST-800-53-CM-6(a)6406 ··-·NIST-800-53-CM-6(a)
Offset 6535, 16 lines modifiedOffset 6535, 16 lines modified
6535 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006535 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6536 ········-F·auid!=unset·-F·key=perm_mod6536 ········-F·auid!=unset·-F·key=perm_mod
6537 ······create:·true6537 ······create:·true
6538 ······mode:·o-rwx6538 ······mode:·o-rwx
6539 ······state:·present6539 ······state:·present
6540 ····when:·syscalls_found·|·length·==·06540 ····when:·syscalls_found·|·length·==·0
6541 ··when:6541 ··when:
6542 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6543 ··-·'"audit"·in·ansible_facts.packages'6542 ··-·'"audit"·in·ansible_facts.packages'
 6543 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6544 ··-·audit_arch·==·"b64"6544 ··-·audit_arch·==·"b64"
6545 ··tags:6545 ··tags:
6546 ··-·CJIS-5.4.1.16546 ··-·CJIS-5.4.1.1
6547 ··-·DISA-STIG-OL07-00-0304106547 ··-·DISA-STIG-OL07-00-030410
6548 ··-·NIST-800-171-3.1.76548 ··-·NIST-800-171-3.1.7
6549 ··-·NIST-800-53-AU-12(c)6549 ··-·NIST-800-53-AU-12(c)
6550 ··-·NIST-800-53-AU-2(d)6550 ··-·NIST-800-53-AU-2(d)
Offset 6554, 15 lines modifiedOffset 6554, 15 lines modified
6554 ··-·low_complexity6554 ··-·low_complexity
6555 ··-·low_disruption6555 ··-·low_disruption
6556 ··-·medium_severity6556 ··-·medium_severity
6557 ··-·reboot_required6557 ··-·reboot_required
6558 ··-·restrict_strategy6558 ··-·restrict_strategy
6559 Remediation_Shell_script_⇲6559 Remediation_Shell_script_⇲
6560 #·Remediation·is·applicable·only·in·certain·platforms6560 #·Remediation·is·applicable·only·in·certain·platforms
6561 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6561 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6562 #·First·perform·the·remediation·of·the·syscall·rule6562 #·First·perform·the·remediation·of·the·syscall·rule
6563 #·Retrieve·hardware·architecture·of·the·underlying·system6563 #·Retrieve·hardware·architecture·of·the·underlying·system
6564 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6564 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6565 for·ARCH·in·"${RULE_ARCHS[@]}"6565 for·ARCH·in·"${RULE_ARCHS[@]}"
6566 do6566 do
Offset 6923, 16 lines modifiedOffset 6923, 16 lines modified
6923 ··-·reboot_required6923 ··-·reboot_required
6924 ··-·restrict_strategy6924 ··-·restrict_strategy
  
6925 -·name:·Set·architecture·for·audit·chown·tasks6925 -·name:·Set·architecture·for·audit·chown·tasks
6926 ··set_fact:6926 ··set_fact:
6927 ····audit_arch:·b646927 ····audit_arch:·b64
6928 ··when:6928 ··when:
6929 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6930 ··-·'"audit"·in·ansible_facts.packages'6929 ··-·'"audit"·in·ansible_facts.packages'
 6930 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6931 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6931 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6932 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6932 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6933 ··tags:6933 ··tags:
6934 ··-·CJIS-5.4.1.16934 ··-·CJIS-5.4.1.1
6935 ··-·DISA-STIG-OL07-00-0303706935 ··-·DISA-STIG-OL07-00-030370
6936 ··-·NIST-800-171-3.1.76936 ··-·NIST-800-171-3.1.7
6937 ··-·NIST-800-53-AU-12(c)6937 ··-·NIST-800-53-AU-12(c)
Offset 7071, 16 lines modifiedOffset 7071, 16 lines modified
7071 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007071 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7072 ········-F·auid!=unset·-F·key=perm_mod7072 ········-F·auid!=unset·-F·key=perm_mod
7073 ······create:·true7073 ······create:·true
7074 ······mode:·o-rwx7074 ······mode:·o-rwx
7075 ······state:·present7075 ······state:·present
7076 ····when:·syscalls_found·|·length·==·07076 ····when:·syscalls_found·|·length·==·0
7077 ··when:7077 ··when:
7078 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7079 ··-·'"audit"·in·ansible_facts.packages'7078 ··-·'"audit"·in·ansible_facts.packages'
 7079 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7080 ··tags:7080 ··tags:
7081 ··-·CJIS-5.4.1.17081 ··-·CJIS-5.4.1.1
7082 ··-·DISA-STIG-OL07-00-0303707082 ··-·DISA-STIG-OL07-00-030370
7083 ··-·NIST-800-171-3.1.77083 ··-·NIST-800-171-3.1.7
7084 ··-·NIST-800-53-AU-12(c)7084 ··-·NIST-800-53-AU-12(c)
7085 ··-·NIST-800-53-AU-2(d)7085 ··-·NIST-800-53-AU-2(d)
7086 ··-·NIST-800-53-CM-6(a)7086 ··-·NIST-800-53-CM-6(a)
Offset 7217, 16 lines modifiedOffset 7217, 16 lines modified
7217 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007217 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7218 ········-F·auid!=unset·-F·key=perm_mod7218 ········-F·auid!=unset·-F·key=perm_mod
7219 ······create:·true7219 ······create:·true
7220 ······mode:·o-rwx7220 ······mode:·o-rwx
7221 ······state:·present7221 ······state:·present
7222 ····when:·syscalls_found·|·length·==·07222 ····when:·syscalls_found·|·length·==·0
7223 ··when:7223 ··when:
7224 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7225 ··-·'"audit"·in·ansible_facts.packages'7224 ··-·'"audit"·in·ansible_facts.packages'
 7225 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7226 ··-·audit_arch·==·"b64"7226 ··-·audit_arch·==·"b64"
7227 ··tags:7227 ··tags:
7228 ··-·CJIS-5.4.1.17228 ··-·CJIS-5.4.1.1
7229 ··-·DISA-STIG-OL07-00-0303707229 ··-·DISA-STIG-OL07-00-030370
7230 ··-·NIST-800-171-3.1.77230 ··-·NIST-800-171-3.1.7
7231 ··-·NIST-800-53-AU-12(c)7231 ··-·NIST-800-53-AU-12(c)
7232 ··-·NIST-800-53-AU-2(d)7232 ··-·NIST-800-53-AU-2(d)
Offset 7236, 15 lines modifiedOffset 7236, 15 lines modified
7236 ··-·low_complexity7236 ··-·low_complexity
7237 ··-·low_disruption7237 ··-·low_disruption
7238 ··-·medium_severity7238 ··-·medium_severity
Max diff block lines reached; 131715/136349 bytes (96.60%) of diff not shown.
504 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-standard.html
    
Offset 24017, 23 lines modifiedOffset 24017, 23 lines modified
0005dd00:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest0005dd00:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
0005dd10:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-0005dd10:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
0005dd20:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi0005dd20:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
0005dd30:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi0005dd30:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
0005dd40:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··0005dd40:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
0005dd50:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au0005dd50:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
0005dd60:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··0005dd60:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
0005dd70:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl0005dd70:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
0005dd80:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0005dd90:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0005dda0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0005ddb0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0005ddc0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
0005ddd0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
0005dde0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0005dd80:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 0005dd90:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 0005dda0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0005ddb0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0005ddc0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0005ddd0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0005dde0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0005ddf0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi0005ddf0:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi
0005de00:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture0005de00:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
0005de10:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or0005de10:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
0005de20:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite0005de20:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
0005de30:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"0005de30:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
0005de40:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch0005de40:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
0005de50:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·0005de50:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
0005de60:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans0005de60:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 24340, 23 lines modifiedOffset 24340, 23 lines modified
0005f130:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.0005f130:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
0005f140:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr0005f140:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
0005f150:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o0005f150:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
0005f160:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state0005f160:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
0005f170:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh0005f170:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
0005f180:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou0005f180:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
0005f190:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·00005f190:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
0005f1a0:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0005f1a0:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0005f1b0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0005f1c0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0005f1d0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0005f1e0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0005f1f0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
0005f200:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
0005f210:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0005f220:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag0005f1b0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 0005f1c0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0005f1d0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0005f1e0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0005f1f0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0005f200:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0005f210:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0005f220:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0005f230:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.0005f230:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
0005f240:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI0005f240:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
0005f250:·472d·4f4c·3037·2d30·302d·3033·3034·3130··G-OL07-00-0304100005f250:·472d·4f4c·3037·2d30·302d·3033·3034·3130··G-OL07-00-030410
0005f260:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170005f260:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0005f270:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0005f270:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0005f280:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)0005f280:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
0005f290:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530005f290:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 24652, 23 lines modifiedOffset 24652, 23 lines modified
000604b0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000604b0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000604c0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000604c0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000604d0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000604d0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000604e0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000604e0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000604f0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000604f0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
00060500:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l00060500:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
00060510:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe00060510:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
00060520:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
00060530:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
00060540:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
00060550:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
00060560:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
00060570:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
00060580:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
00060590:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa00060520:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 00060530:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 00060540:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 00060550:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 00060560:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 00060570:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 00060580:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 00060590:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000605a0:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a000605a0:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a
000605b0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t000605b0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
000605c0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000605c0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000605d0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S000605d0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
000605e0:·5449·472d·4f4c·3037·2d30·302d·3033·3034··TIG-OL07-00-0304000605e0:·5449·472d·4f4c·3037·2d30·302d·3033·3034··TIG-OL07-00-0304
000605f0:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-000605f0:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
00060600:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI00060600:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
00060610:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(00060610:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 24702, 20 lines modifiedOffset 24702, 20 lines modified
000607d0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000607d0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
000607e0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000607e0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
000607f0:·2069·643d·2269·646d·3231·3535·3222·3e3c···id="idm21552"><000607f0:·2069·643d·2269·646d·3231·3535·3222·3e3c···id="idm21552"><
00060800:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme00060800:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
00060810:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli00060810:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
00060820:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce00060820:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
00060830:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.00060830:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 00060840:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 00060850:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
00060840:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock00060860:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
00060850:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am00060870:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
00060860:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.00060880:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
00060870:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&00060890:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
00060880:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
00060890:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
000608a0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe000608a0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
000608b0:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi000608b0:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
000608c0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys000608c0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
000608d0:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr000608d0:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
000608e0:·6965·7665·2068·6172·6477·6172·6520·6172··ieve·hardware·ar000608e0:·6965·7665·2068·6172·6477·6172·6520·6172··ieve·hardware·ar
000608f0:·6368·6974·6563·7475·7265·206f·6620·7468··chitecture·of·th000608f0:·6368·6974·6563·7475·7265·206f·6620·7468··chitecture·of·th
00060900:·6520·756e·6465·726c·7969·6e67·2073·7973··e·underlying·sys00060900:·6520·756e·6465·726c·7969·6e67·2073·7973··e·underlying·sys
Offset 26514, 23 lines modifiedOffset 26514, 23 lines modified
00067910:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s00067910:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
00067920:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:00067920:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
00067930:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur00067930:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
00067940:·6520·666f·7220·6175·6469·7420·6368·6f77··e·for·audit·chow00067940:·6520·666f·7220·6175·6469·7420·6368·6f77··e·for·audit·chow
00067950:·6e20·7461·736b·730a·2020·7365·745f·6661··n·tasks.··set_fa00067950:·6e20·7461·736b·730a·2020·7365·745f·6661··n·tasks.··set_fa
00067960:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar00067960:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
00067970:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.00067970:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
00067980:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
00067990:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000679a0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000679b0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000679c0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
Max diff block lines reached; 380245/390587 bytes (97.35%) of diff not shown.
122 KB
html2text {}
    
Offset 980, 16 lines modifiedOffset 980, 16 lines modified
980 ··-·reboot_required980 ··-·reboot_required
981 ··-·restrict_strategy981 ··-·restrict_strategy
  
982 -·name:·Set·architecture·for·audit·chmod·tasks982 -·name:·Set·architecture·for·audit·chmod·tasks
983 ··set_fact:983 ··set_fact:
984 ····audit_arch:·b64984 ····audit_arch:·b64
985 ··when:985 ··when:
986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
987 ··-·'"audit"·in·ansible_facts.packages'986 ··-·'"audit"·in·ansible_facts.packages'
 987 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
988 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture988 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
989 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"989 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
990 ··tags:990 ··tags:
991 ··-·CJIS-5.4.1.1991 ··-·CJIS-5.4.1.1
992 ··-·DISA-STIG-OL07-00-030410992 ··-·DISA-STIG-OL07-00-030410
993 ··-·NIST-800-171-3.1.7993 ··-·NIST-800-171-3.1.7
994 ··-·NIST-800-53-AU-12(c)994 ··-·NIST-800-53-AU-12(c)
Offset 1126, 16 lines modifiedOffset 1126, 16 lines modified
1126 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001126 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1127 ········-F·auid!=unset·-F·key=perm_mod1127 ········-F·auid!=unset·-F·key=perm_mod
1128 ······create:·true1128 ······create:·true
1129 ······mode:·o-rwx1129 ······mode:·o-rwx
1130 ······state:·present1130 ······state:·present
1131 ····when:·syscalls_found·|·length·==·01131 ····when:·syscalls_found·|·length·==·0
1132 ··when:1132 ··when:
1133 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1134 ··-·'"audit"·in·ansible_facts.packages'1133 ··-·'"audit"·in·ansible_facts.packages'
 1134 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1135 ··tags:1135 ··tags:
1136 ··-·CJIS-5.4.1.11136 ··-·CJIS-5.4.1.1
1137 ··-·DISA-STIG-OL07-00-0304101137 ··-·DISA-STIG-OL07-00-030410
1138 ··-·NIST-800-171-3.1.71138 ··-·NIST-800-171-3.1.7
1139 ··-·NIST-800-53-AU-12(c)1139 ··-·NIST-800-53-AU-12(c)
1140 ··-·NIST-800-53-AU-2(d)1140 ··-·NIST-800-53-AU-2(d)
1141 ··-·NIST-800-53-CM-6(a)1141 ··-·NIST-800-53-CM-6(a)
Offset 1270, 16 lines modifiedOffset 1270, 16 lines modified
1270 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001270 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1271 ········-F·auid!=unset·-F·key=perm_mod1271 ········-F·auid!=unset·-F·key=perm_mod
1272 ······create:·true1272 ······create:·true
1273 ······mode:·o-rwx1273 ······mode:·o-rwx
1274 ······state:·present1274 ······state:·present
1275 ····when:·syscalls_found·|·length·==·01275 ····when:·syscalls_found·|·length·==·0
1276 ··when:1276 ··when:
1277 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1278 ··-·'"audit"·in·ansible_facts.packages'1277 ··-·'"audit"·in·ansible_facts.packages'
 1278 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1279 ··-·audit_arch·==·"b64"1279 ··-·audit_arch·==·"b64"
1280 ··tags:1280 ··tags:
1281 ··-·CJIS-5.4.1.11281 ··-·CJIS-5.4.1.1
1282 ··-·DISA-STIG-OL07-00-0304101282 ··-·DISA-STIG-OL07-00-030410
1283 ··-·NIST-800-171-3.1.71283 ··-·NIST-800-171-3.1.7
1284 ··-·NIST-800-53-AU-12(c)1284 ··-·NIST-800-53-AU-12(c)
1285 ··-·NIST-800-53-AU-2(d)1285 ··-·NIST-800-53-AU-2(d)
Offset 1289, 15 lines modifiedOffset 1289, 15 lines modified
1289 ··-·low_complexity1289 ··-·low_complexity
1290 ··-·low_disruption1290 ··-·low_disruption
1291 ··-·medium_severity1291 ··-·medium_severity
1292 ··-·reboot_required1292 ··-·reboot_required
1293 ··-·restrict_strategy1293 ··-·restrict_strategy
1294 Remediation_Shell_script_⇲1294 Remediation_Shell_script_⇲
1295 #·Remediation·is·applicable·only·in·certain·platforms1295 #·Remediation·is·applicable·only·in·certain·platforms
1296 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1296 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1297 #·First·perform·the·remediation·of·the·syscall·rule1297 #·First·perform·the·remediation·of·the·syscall·rule
1298 #·Retrieve·hardware·architecture·of·the·underlying·system1298 #·Retrieve·hardware·architecture·of·the·underlying·system
1299 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1299 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1300 for·ARCH·in·"${RULE_ARCHS[@]}"1300 for·ARCH·in·"${RULE_ARCHS[@]}"
1301 do1301 do
Offset 1658, 16 lines modifiedOffset 1658, 16 lines modified
1658 ··-·reboot_required1658 ··-·reboot_required
1659 ··-·restrict_strategy1659 ··-·restrict_strategy
  
1660 -·name:·Set·architecture·for·audit·chown·tasks1660 -·name:·Set·architecture·for·audit·chown·tasks
1661 ··set_fact:1661 ··set_fact:
1662 ····audit_arch:·b641662 ····audit_arch:·b64
1663 ··when:1663 ··when:
1664 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1665 ··-·'"audit"·in·ansible_facts.packages'1664 ··-·'"audit"·in·ansible_facts.packages'
 1665 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1666 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1666 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1667 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1667 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1668 ··tags:1668 ··tags:
1669 ··-·CJIS-5.4.1.11669 ··-·CJIS-5.4.1.1
1670 ··-·DISA-STIG-OL07-00-0303701670 ··-·DISA-STIG-OL07-00-030370
1671 ··-·NIST-800-171-3.1.71671 ··-·NIST-800-171-3.1.7
1672 ··-·NIST-800-53-AU-12(c)1672 ··-·NIST-800-53-AU-12(c)
Offset 1806, 16 lines modifiedOffset 1806, 16 lines modified
1806 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001806 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1807 ········-F·auid!=unset·-F·key=perm_mod1807 ········-F·auid!=unset·-F·key=perm_mod
1808 ······create:·true1808 ······create:·true
1809 ······mode:·o-rwx1809 ······mode:·o-rwx
1810 ······state:·present1810 ······state:·present
1811 ····when:·syscalls_found·|·length·==·01811 ····when:·syscalls_found·|·length·==·0
1812 ··when:1812 ··when:
1813 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1814 ··-·'"audit"·in·ansible_facts.packages'1813 ··-·'"audit"·in·ansible_facts.packages'
 1814 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1815 ··tags:1815 ··tags:
1816 ··-·CJIS-5.4.1.11816 ··-·CJIS-5.4.1.1
1817 ··-·DISA-STIG-OL07-00-0303701817 ··-·DISA-STIG-OL07-00-030370
1818 ··-·NIST-800-171-3.1.71818 ··-·NIST-800-171-3.1.7
1819 ··-·NIST-800-53-AU-12(c)1819 ··-·NIST-800-53-AU-12(c)
1820 ··-·NIST-800-53-AU-2(d)1820 ··-·NIST-800-53-AU-2(d)
1821 ··-·NIST-800-53-CM-6(a)1821 ··-·NIST-800-53-CM-6(a)
Offset 1952, 16 lines modifiedOffset 1952, 16 lines modified
1952 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001952 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1953 ········-F·auid!=unset·-F·key=perm_mod1953 ········-F·auid!=unset·-F·key=perm_mod
1954 ······create:·true1954 ······create:·true
1955 ······mode:·o-rwx1955 ······mode:·o-rwx
1956 ······state:·present1956 ······state:·present
1957 ····when:·syscalls_found·|·length·==·01957 ····when:·syscalls_found·|·length·==·0
1958 ··when:1958 ··when:
1959 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1960 ··-·'"audit"·in·ansible_facts.packages'1959 ··-·'"audit"·in·ansible_facts.packages'
 1960 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1961 ··-·audit_arch·==·"b64"1961 ··-·audit_arch·==·"b64"
1962 ··tags:1962 ··tags:
1963 ··-·CJIS-5.4.1.11963 ··-·CJIS-5.4.1.1
1964 ··-·DISA-STIG-OL07-00-0303701964 ··-·DISA-STIG-OL07-00-030370
1965 ··-·NIST-800-171-3.1.71965 ··-·NIST-800-171-3.1.7
1966 ··-·NIST-800-53-AU-12(c)1966 ··-·NIST-800-53-AU-12(c)
1967 ··-·NIST-800-53-AU-2(d)1967 ··-·NIST-800-53-AU-2(d)
Offset 1971, 15 lines modifiedOffset 1971, 15 lines modified
1971 ··-·low_complexity1971 ··-·low_complexity
1972 ··-·low_disruption1972 ··-·low_disruption
1973 ··-·medium_severity1973 ··-·medium_severity
Max diff block lines reached; 120690/125322 bytes (96.30%) of diff not shown.
773 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-stig.html
    
Offset 88477, 23 lines modifiedOffset 88477, 23 lines modified
001599c0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_001599c0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
001599d0:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name001599d0:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name
001599e0:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu001599e0:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu
001599f0:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm001599f0:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm
00159a00:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f00159a00:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f
00159a10:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a00159a10:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a
00159a20:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:00159a20:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:
00159a30:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
00159a40:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
00159a50:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
00159a60:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
00159a70:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
00159a80:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
00159a90:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
00159aa0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package00159a30:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 00159a40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 00159a50:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 00159a60:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 00159a70:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 00159a80:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 00159a90:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 00159aa0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00159ab0:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a00159ab0:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a
00159ac0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"00159ac0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
00159ad0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi00159ad0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
00159ae0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture00159ae0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
00159af0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a00159af0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
00159b00:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect00159b00:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
00159b10:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc600159b10:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
00159b20:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_00159b20:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 88800, 23 lines modifiedOffset 88800, 23 lines modified
0015adf0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····0015adf0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
0015ae00:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··0015ae00:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
0015ae10:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.0015ae10:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
0015ae20:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre0015ae20:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
0015ae30:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s0015ae30:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
0015ae40:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·0015ae40:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
0015ae50:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh0015ae50:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
0015ae60:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
0015ae70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
0015ae80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
0015ae90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
0015aea0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
0015aeb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
0015aec0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
0015aed0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0015ae60:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 0015ae70:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 0015ae80:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 0015ae90:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 0015aea0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 0015aeb0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 0015aec0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 0015aed0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0015aee0:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··0015aee0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
0015aef0:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·0015aef0:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
0015af00:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL00015af00:·202d·2044·4953·412d·5354·4947·2d4f·4c30···-·DISA-STIG-OL0
0015af10:·372d·3030·2d30·3330·3431·300a·2020·2d20··7-00-030410.··-·0015af10:·372d·3030·2d30·3330·3431·300a·2020·2d20··7-00-030410.··-·
0015af20:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.10015af20:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
0015af30:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-0015af30:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
0015af40:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·0015af40:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
0015af50:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-20015af50:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2
Offset 89112, 22 lines modifiedOffset 89112, 22 lines modified
0015c170:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat0015c170:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
0015c180:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo0015c180:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
0015c190:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······0015c190:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
0015c1a0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·0015c1a0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
0015c1b0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall0015c1b0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
0015c1c0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length0015c1c0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
0015c1d0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··0015c1d0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
0015c1e0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
0015c1f0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
0015c200:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
0015c210:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
0015c220:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
0015c230:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
0015c240:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
0015c250:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0015c1e0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 0015c1f0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 0015c200:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 0015c210:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 0015c220:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 0015c230:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 0015c240:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 0015c250:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0015c260:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=0015c260:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
0015c270:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.0015c270:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
0015c280:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.10015c280:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
0015c290:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O0015c290:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O
0015c2a0:·4c30·372d·3030·2d30·3330·3431·300a·2020··L07-00-030410.··0015c2a0:·4c30·372d·3030·2d30·3330·3431·300a·2020··L07-00-030410.··
0015c2b0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-30015c2b0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
0015c2c0:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-800015c2c0:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
Offset 89161, 21 lines modifiedOffset 89161, 21 lines modified
0015c480:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas0015c480:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
0015c490:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps0015c490:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
0015c4a0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="0015c4a0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
0015c4b0:·6964·6d32·3135·3532·223e·3c70·7265·3e3c··idm21552"><pre><0015c4b0:·6964·6d32·3135·3532·223e·3c70·7265·3e3c··idm21552"><pre><
0015c4c0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati0015c4c0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0015c4d0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable0015c4d0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0015c4e0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain0015c4e0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0015c4f0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·0015c4f0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 0015c500:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
 0015c510:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[·
0015c500:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv0015c520:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
0015c510:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·0015c530:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
0015c520:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta0015c540:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
 0015c550:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.
0015c530:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;& 
0015c540:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
0015c550:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then. 
0015c560:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform0015c560:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
0015c570:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation0015c570:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
0015c580:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·0015c580:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
0015c590:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·0015c590:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·
0015c5a0:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite0015c5a0:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite
0015c5b0:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und0015c5b0:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und
0015c5c0:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[0015c5c0:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[
Offset 90973, 23 lines modifiedOffset 90973, 23 lines modified
001635c0:·6f6f·745f·7265·7175·6972·6564·0a20·202d··oot_required.··-001635c0:·6f6f·745f·7265·7175·6972·6564·0a20·202d··oot_required.··-
001635d0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate001635d0:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
001635e0:·6779·0a0a·2d20·6e61·6d65·3a20·5365·7420··gy..-·name:·Set·001635e0:·6779·0a0a·2d20·6e61·6d65·3a20·5365·7420··gy..-·name:·Set·
001635f0:·6172·6368·6974·6563·7475·7265·2066·6f72··architecture·for001635f0:·6172·6368·6974·6563·7475·7265·2066·6f72··architecture·for
00163600:·2061·7564·6974·2063·686f·776e·2074·6173···audit·chown·tas00163600:·2061·7564·6974·2063·686f·776e·2074·6173···audit·chown·tas
00163610:·6b73·0a20·2073·6574·5f66·6163·743a·0a20··ks.··set_fact:.·00163610:·6b73·0a20·2073·6574·5f66·6163·743a·0a20··ks.··set_fact:.·
00163620:·2020·2061·7564·6974·5f61·7263·683a·2062·····audit_arch:·b00163620:·2020·2061·7564·6974·5f61·7263·683a·2062·····audit_arch:·b
00163630:·3634·0a20·2077·6865·6e3a·0a20·202d·2061··64.··when:.··-·a00163630:·3634·0a20·2077·6865·6e3a·0a20·202d·2027··64.··when:.··-·'
00163640:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
00163650:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
Max diff block lines reached; 593150/603492 bytes (98.29%) of diff not shown.
184 KB
html2text {}
    
Offset 13533, 16 lines modifiedOffset 13533, 16 lines modified
13533 ··-·reboot_required13533 ··-·reboot_required
13534 ··-·restrict_strategy13534 ··-·restrict_strategy
  
13535 -·name:·Set·architecture·for·audit·chmod·tasks13535 -·name:·Set·architecture·for·audit·chmod·tasks
13536 ··set_fact:13536 ··set_fact:
13537 ····audit_arch:·b6413537 ····audit_arch:·b64
13538 ··when:13538 ··when:
13539 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13540 ··-·'"audit"·in·ansible_facts.packages'13539 ··-·'"audit"·in·ansible_facts.packages'
 13540 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13541 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture13541 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
13542 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"13542 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
13543 ··tags:13543 ··tags:
13544 ··-·CJIS-5.4.1.113544 ··-·CJIS-5.4.1.1
13545 ··-·DISA-STIG-OL07-00-03041013545 ··-·DISA-STIG-OL07-00-030410
13546 ··-·NIST-800-171-3.1.713546 ··-·NIST-800-171-3.1.7
13547 ··-·NIST-800-53-AU-12(c)13547 ··-·NIST-800-53-AU-12(c)
Offset 13679, 16 lines modifiedOffset 13679, 16 lines modified
13679 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013679 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13680 ········-F·auid!=unset·-F·key=perm_mod13680 ········-F·auid!=unset·-F·key=perm_mod
13681 ······create:·true13681 ······create:·true
13682 ······mode:·o-rwx13682 ······mode:·o-rwx
13683 ······state:·present13683 ······state:·present
13684 ····when:·syscalls_found·|·length·==·013684 ····when:·syscalls_found·|·length·==·0
13685 ··when:13685 ··when:
13686 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13687 ··-·'"audit"·in·ansible_facts.packages'13686 ··-·'"audit"·in·ansible_facts.packages'
 13687 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13688 ··tags:13688 ··tags:
13689 ··-·CJIS-5.4.1.113689 ··-·CJIS-5.4.1.1
13690 ··-·DISA-STIG-OL07-00-03041013690 ··-·DISA-STIG-OL07-00-030410
13691 ··-·NIST-800-171-3.1.713691 ··-·NIST-800-171-3.1.7
13692 ··-·NIST-800-53-AU-12(c)13692 ··-·NIST-800-53-AU-12(c)
13693 ··-·NIST-800-53-AU-2(d)13693 ··-·NIST-800-53-AU-2(d)
13694 ··-·NIST-800-53-CM-6(a)13694 ··-·NIST-800-53-CM-6(a)
Offset 13823, 16 lines modifiedOffset 13823, 16 lines modified
13823 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013823 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13824 ········-F·auid!=unset·-F·key=perm_mod13824 ········-F·auid!=unset·-F·key=perm_mod
13825 ······create:·true13825 ······create:·true
13826 ······mode:·o-rwx13826 ······mode:·o-rwx
13827 ······state:·present13827 ······state:·present
13828 ····when:·syscalls_found·|·length·==·013828 ····when:·syscalls_found·|·length·==·0
13829 ··when:13829 ··when:
13830 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13831 ··-·'"audit"·in·ansible_facts.packages'13830 ··-·'"audit"·in·ansible_facts.packages'
 13831 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13832 ··-·audit_arch·==·"b64"13832 ··-·audit_arch·==·"b64"
13833 ··tags:13833 ··tags:
13834 ··-·CJIS-5.4.1.113834 ··-·CJIS-5.4.1.1
13835 ··-·DISA-STIG-OL07-00-03041013835 ··-·DISA-STIG-OL07-00-030410
13836 ··-·NIST-800-171-3.1.713836 ··-·NIST-800-171-3.1.7
13837 ··-·NIST-800-53-AU-12(c)13837 ··-·NIST-800-53-AU-12(c)
13838 ··-·NIST-800-53-AU-2(d)13838 ··-·NIST-800-53-AU-2(d)
Offset 13842, 15 lines modifiedOffset 13842, 15 lines modified
13842 ··-·low_complexity13842 ··-·low_complexity
13843 ··-·low_disruption13843 ··-·low_disruption
13844 ··-·medium_severity13844 ··-·medium_severity
13845 ··-·reboot_required13845 ··-·reboot_required
13846 ··-·restrict_strategy13846 ··-·restrict_strategy
13847 Remediation_Shell_script_⇲13847 Remediation_Shell_script_⇲
13848 #·Remediation·is·applicable·only·in·certain·platforms13848 #·Remediation·is·applicable·only·in·certain·platforms
13849 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then13849 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
13850 #·First·perform·the·remediation·of·the·syscall·rule13850 #·First·perform·the·remediation·of·the·syscall·rule
13851 #·Retrieve·hardware·architecture·of·the·underlying·system13851 #·Retrieve·hardware·architecture·of·the·underlying·system
13852 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")13852 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
13853 for·ARCH·in·"${RULE_ARCHS[@]}"13853 for·ARCH·in·"${RULE_ARCHS[@]}"
13854 do13854 do
Offset 14211, 16 lines modifiedOffset 14211, 16 lines modified
14211 ··-·reboot_required14211 ··-·reboot_required
14212 ··-·restrict_strategy14212 ··-·restrict_strategy
  
14213 -·name:·Set·architecture·for·audit·chown·tasks14213 -·name:·Set·architecture·for·audit·chown·tasks
14214 ··set_fact:14214 ··set_fact:
14215 ····audit_arch:·b6414215 ····audit_arch:·b64
14216 ··when:14216 ··when:
14217 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14218 ··-·'"audit"·in·ansible_facts.packages'14217 ··-·'"audit"·in·ansible_facts.packages'
 14218 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14219 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14219 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14220 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14220 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14221 ··tags:14221 ··tags:
14222 ··-·CJIS-5.4.1.114222 ··-·CJIS-5.4.1.1
14223 ··-·DISA-STIG-OL07-00-03037014223 ··-·DISA-STIG-OL07-00-030370
14224 ··-·NIST-800-171-3.1.714224 ··-·NIST-800-171-3.1.7
14225 ··-·NIST-800-53-AU-12(c)14225 ··-·NIST-800-53-AU-12(c)
Offset 14359, 16 lines modifiedOffset 14359, 16 lines modified
14359 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014359 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14360 ········-F·auid!=unset·-F·key=perm_mod14360 ········-F·auid!=unset·-F·key=perm_mod
14361 ······create:·true14361 ······create:·true
14362 ······mode:·o-rwx14362 ······mode:·o-rwx
14363 ······state:·present14363 ······state:·present
14364 ····when:·syscalls_found·|·length·==·014364 ····when:·syscalls_found·|·length·==·0
14365 ··when:14365 ··when:
14366 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14367 ··-·'"audit"·in·ansible_facts.packages'14366 ··-·'"audit"·in·ansible_facts.packages'
 14367 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14368 ··tags:14368 ··tags:
14369 ··-·CJIS-5.4.1.114369 ··-·CJIS-5.4.1.1
14370 ··-·DISA-STIG-OL07-00-03037014370 ··-·DISA-STIG-OL07-00-030370
14371 ··-·NIST-800-171-3.1.714371 ··-·NIST-800-171-3.1.7
14372 ··-·NIST-800-53-AU-12(c)14372 ··-·NIST-800-53-AU-12(c)
14373 ··-·NIST-800-53-AU-2(d)14373 ··-·NIST-800-53-AU-2(d)
14374 ··-·NIST-800-53-CM-6(a)14374 ··-·NIST-800-53-CM-6(a)
Offset 14505, 16 lines modifiedOffset 14505, 16 lines modified
14505 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014505 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14506 ········-F·auid!=unset·-F·key=perm_mod14506 ········-F·auid!=unset·-F·key=perm_mod
14507 ······create:·true14507 ······create:·true
14508 ······mode:·o-rwx14508 ······mode:·o-rwx
14509 ······state:·present14509 ······state:·present
14510 ····when:·syscalls_found·|·length·==·014510 ····when:·syscalls_found·|·length·==·0
14511 ··when:14511 ··when:
14512 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14513 ··-·'"audit"·in·ansible_facts.packages'14512 ··-·'"audit"·in·ansible_facts.packages'
 14513 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14514 ··-·audit_arch·==·"b64"14514 ··-·audit_arch·==·"b64"
14515 ··tags:14515 ··tags:
14516 ··-·CJIS-5.4.1.114516 ··-·CJIS-5.4.1.1
14517 ··-·DISA-STIG-OL07-00-03037014517 ··-·DISA-STIG-OL07-00-030370
14518 ··-·NIST-800-171-3.1.714518 ··-·NIST-800-171-3.1.7
14519 ··-·NIST-800-53-AU-12(c)14519 ··-·NIST-800-53-AU-12(c)
14520 ··-·NIST-800-53-AU-2(d)14520 ··-·NIST-800-53-AU-2(d)
Offset 14524, 15 lines modifiedOffset 14524, 15 lines modified
14524 ··-·low_complexity14524 ··-·low_complexity
14525 ··-·low_disruption14525 ··-·low_disruption
14526 ··-·medium_severity14526 ··-·medium_severity
Max diff block lines reached; 183702/188352 bytes (97.53%) of diff not shown.
772 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-stig_gui.html
    
Offset 88495, 23 lines modifiedOffset 88495, 23 lines modified
00159ae0:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest00159ae0:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
00159af0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-00159af0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
00159b00:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi00159b00:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
00159b10:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi00159b10:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
00159b20:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··00159b20:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
00159b30:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au00159b30:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
00159b40:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··00159b40:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
00159b50:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl00159b50:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
00159b60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
00159b70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
00159b80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
00159b90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
00159ba0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
00159bb0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
00159bc0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa00159b60:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 00159b70:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 00159b80:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 00159b90:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 00159ba0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 00159bb0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 00159bc0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
00159bd0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi00159bd0:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi
00159be0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture00159be0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
00159bf0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or00159bf0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
00159c00:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite00159c00:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
00159c10:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"00159c10:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
00159c20:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch00159c20:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
00159c30:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·00159c30:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
00159c40:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans00159c40:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 88818, 23 lines modifiedOffset 88818, 23 lines modified
0015af10:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.0015af10:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
0015af20:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr0015af20:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
0015af30:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o0015af30:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
0015af40:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state0015af40:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
0015af50:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh0015af50:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
0015af60:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou0015af60:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
0015af70:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·00015af70:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
0015af80:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0015af80:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0015af90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0015afa0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0015afb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0015afc0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0015afd0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
0015afe0:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
0015aff0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0015b000:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag0015af90:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 0015afa0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0015afb0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0015afc0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0015afd0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0015afe0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0015aff0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0015b000:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0015b010:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.0015b010:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
0015b020:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI0015b020:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
0015b030:·472d·4f4c·3037·2d30·302d·3033·3034·3130··G-OL07-00-0304100015b030:·472d·4f4c·3037·2d30·302d·3033·3034·3130··G-OL07-00-030410
0015b040:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170015b040:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0015b050:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0015b050:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0015b060:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)0015b060:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
0015b070:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530015b070:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 89130, 23 lines modifiedOffset 89130, 23 lines modified
0015c290:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······0015c290:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
0015c2a0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···0015c2a0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
0015c2b0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·0015c2b0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
0015c2c0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres0015c2c0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
0015c2d0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy0015c2d0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
0015c2e0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l0015c2e0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
0015c2f0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe0015c2f0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
0015c300:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
0015c310:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
0015c320:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
0015c330:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
0015c340:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
0015c350:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
0015c360:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
0015c370:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0015c300:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 0015c310:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 0015c320:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 0015c330:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0015c340:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0015c350:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0015c360:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0015c370:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0015c380:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a0015c380:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a
0015c390:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t0015c390:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
0015c3a0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0015c3a0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0015c3b0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S0015c3b0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
0015c3c0:·5449·472d·4f4c·3037·2d30·302d·3033·3034··TIG-OL07-00-03040015c3c0:·5449·472d·4f4c·3037·2d30·302d·3033·3034··TIG-OL07-00-0304
0015c3d0:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-0015c3d0:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
0015c3e0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI0015c3e0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
0015c3f0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(0015c3f0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 89180, 20 lines modifiedOffset 89180, 20 lines modified
0015c5b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0015c5b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0015c5c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0015c5c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0015c5d0:·2069·643d·2269·646d·3231·3535·3222·3e3c···id="idm21552"><0015c5d0:·2069·643d·2269·646d·3231·3535·3222·3e3c···id="idm21552"><
0015c5e0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme0015c5e0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0015c5f0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli0015c5f0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0015c600:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce0015c600:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0015c610:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.0015c610:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 0015c620:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 0015c630:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
0015c620:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock0015c640:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
0015c630:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am0015c650:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
0015c640:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.0015c660:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
0015c650:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&0015c670:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
0015c660:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
0015c670:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
0015c680:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe0015c680:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
0015c690:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi0015c690:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
0015c6a0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys0015c6a0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
0015c6b0:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr0015c6b0:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
0015c6c0:·6965·7665·2068·6172·6477·6172·6520·6172··ieve·hardware·ar0015c6c0:·6965·7665·2068·6172·6477·6172·6520·6172··ieve·hardware·ar
0015c6d0:·6368·6974·6563·7475·7265·206f·6620·7468··chitecture·of·th0015c6d0:·6368·6974·6563·7475·7265·206f·6620·7468··chitecture·of·th
0015c6e0:·6520·756e·6465·726c·7969·6e67·2073·7973··e·underlying·sys0015c6e0:·6520·756e·6465·726c·7969·6e67·2073·7973··e·underlying·sys
Offset 90992, 23 lines modifiedOffset 90992, 23 lines modified
001636f0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s001636f0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
00163700:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:00163700:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
00163710:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur00163710:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
00163720:·6520·666f·7220·6175·6469·7420·6368·6f77··e·for·audit·chow00163720:·6520·666f·7220·6175·6469·7420·6368·6f77··e·for·audit·chow
00163730:·6e20·7461·736b·730a·2020·7365·745f·6661··n·tasks.··set_fa00163730:·6e20·7461·736b·730a·2020·7365·745f·6661··n·tasks.··set_fa
00163740:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar00163740:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
00163750:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.00163750:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
00163760:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
00163770:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
00163780:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
00163790:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
001637a0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
Max diff block lines reached; 591218/601560 bytes (98.28%) of diff not shown.
184 KB
html2text {}
    
Offset 13537, 16 lines modifiedOffset 13537, 16 lines modified
13537 ··-·reboot_required13537 ··-·reboot_required
13538 ··-·restrict_strategy13538 ··-·restrict_strategy
  
13539 -·name:·Set·architecture·for·audit·chmod·tasks13539 -·name:·Set·architecture·for·audit·chmod·tasks
13540 ··set_fact:13540 ··set_fact:
13541 ····audit_arch:·b6413541 ····audit_arch:·b64
13542 ··when:13542 ··when:
13543 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13544 ··-·'"audit"·in·ansible_facts.packages'13543 ··-·'"audit"·in·ansible_facts.packages'
 13544 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13545 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture13545 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
13546 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"13546 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
13547 ··tags:13547 ··tags:
13548 ··-·CJIS-5.4.1.113548 ··-·CJIS-5.4.1.1
13549 ··-·DISA-STIG-OL07-00-03041013549 ··-·DISA-STIG-OL07-00-030410
13550 ··-·NIST-800-171-3.1.713550 ··-·NIST-800-171-3.1.7
13551 ··-·NIST-800-53-AU-12(c)13551 ··-·NIST-800-53-AU-12(c)
Offset 13683, 16 lines modifiedOffset 13683, 16 lines modified
13683 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013683 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13684 ········-F·auid!=unset·-F·key=perm_mod13684 ········-F·auid!=unset·-F·key=perm_mod
13685 ······create:·true13685 ······create:·true
13686 ······mode:·o-rwx13686 ······mode:·o-rwx
13687 ······state:·present13687 ······state:·present
13688 ····when:·syscalls_found·|·length·==·013688 ····when:·syscalls_found·|·length·==·0
13689 ··when:13689 ··when:
13690 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13691 ··-·'"audit"·in·ansible_facts.packages'13690 ··-·'"audit"·in·ansible_facts.packages'
 13691 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13692 ··tags:13692 ··tags:
13693 ··-·CJIS-5.4.1.113693 ··-·CJIS-5.4.1.1
13694 ··-·DISA-STIG-OL07-00-03041013694 ··-·DISA-STIG-OL07-00-030410
13695 ··-·NIST-800-171-3.1.713695 ··-·NIST-800-171-3.1.7
13696 ··-·NIST-800-53-AU-12(c)13696 ··-·NIST-800-53-AU-12(c)
13697 ··-·NIST-800-53-AU-2(d)13697 ··-·NIST-800-53-AU-2(d)
13698 ··-·NIST-800-53-CM-6(a)13698 ··-·NIST-800-53-CM-6(a)
Offset 13827, 16 lines modifiedOffset 13827, 16 lines modified
13827 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013827 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13828 ········-F·auid!=unset·-F·key=perm_mod13828 ········-F·auid!=unset·-F·key=perm_mod
13829 ······create:·true13829 ······create:·true
13830 ······mode:·o-rwx13830 ······mode:·o-rwx
13831 ······state:·present13831 ······state:·present
13832 ····when:·syscalls_found·|·length·==·013832 ····when:·syscalls_found·|·length·==·0
13833 ··when:13833 ··when:
13834 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13835 ··-·'"audit"·in·ansible_facts.packages'13834 ··-·'"audit"·in·ansible_facts.packages'
 13835 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13836 ··-·audit_arch·==·"b64"13836 ··-·audit_arch·==·"b64"
13837 ··tags:13837 ··tags:
13838 ··-·CJIS-5.4.1.113838 ··-·CJIS-5.4.1.1
13839 ··-·DISA-STIG-OL07-00-03041013839 ··-·DISA-STIG-OL07-00-030410
13840 ··-·NIST-800-171-3.1.713840 ··-·NIST-800-171-3.1.7
13841 ··-·NIST-800-53-AU-12(c)13841 ··-·NIST-800-53-AU-12(c)
13842 ··-·NIST-800-53-AU-2(d)13842 ··-·NIST-800-53-AU-2(d)
Offset 13846, 15 lines modifiedOffset 13846, 15 lines modified
13846 ··-·low_complexity13846 ··-·low_complexity
13847 ··-·low_disruption13847 ··-·low_disruption
13848 ··-·medium_severity13848 ··-·medium_severity
13849 ··-·reboot_required13849 ··-·reboot_required
13850 ··-·restrict_strategy13850 ··-·restrict_strategy
13851 Remediation_Shell_script_⇲13851 Remediation_Shell_script_⇲
13852 #·Remediation·is·applicable·only·in·certain·platforms13852 #·Remediation·is·applicable·only·in·certain·platforms
13853 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then13853 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
13854 #·First·perform·the·remediation·of·the·syscall·rule13854 #·First·perform·the·remediation·of·the·syscall·rule
13855 #·Retrieve·hardware·architecture·of·the·underlying·system13855 #·Retrieve·hardware·architecture·of·the·underlying·system
13856 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")13856 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
13857 for·ARCH·in·"${RULE_ARCHS[@]}"13857 for·ARCH·in·"${RULE_ARCHS[@]}"
13858 do13858 do
Offset 14215, 16 lines modifiedOffset 14215, 16 lines modified
14215 ··-·reboot_required14215 ··-·reboot_required
14216 ··-·restrict_strategy14216 ··-·restrict_strategy
  
14217 -·name:·Set·architecture·for·audit·chown·tasks14217 -·name:·Set·architecture·for·audit·chown·tasks
14218 ··set_fact:14218 ··set_fact:
14219 ····audit_arch:·b6414219 ····audit_arch:·b64
14220 ··when:14220 ··when:
14221 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14222 ··-·'"audit"·in·ansible_facts.packages'14221 ··-·'"audit"·in·ansible_facts.packages'
 14222 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14223 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14223 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14224 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14224 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14225 ··tags:14225 ··tags:
14226 ··-·CJIS-5.4.1.114226 ··-·CJIS-5.4.1.1
14227 ··-·DISA-STIG-OL07-00-03037014227 ··-·DISA-STIG-OL07-00-030370
14228 ··-·NIST-800-171-3.1.714228 ··-·NIST-800-171-3.1.7
14229 ··-·NIST-800-53-AU-12(c)14229 ··-·NIST-800-53-AU-12(c)
Offset 14363, 16 lines modifiedOffset 14363, 16 lines modified
14363 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014363 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14364 ········-F·auid!=unset·-F·key=perm_mod14364 ········-F·auid!=unset·-F·key=perm_mod
14365 ······create:·true14365 ······create:·true
14366 ······mode:·o-rwx14366 ······mode:·o-rwx
14367 ······state:·present14367 ······state:·present
14368 ····when:·syscalls_found·|·length·==·014368 ····when:·syscalls_found·|·length·==·0
14369 ··when:14369 ··when:
14370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14371 ··-·'"audit"·in·ansible_facts.packages'14370 ··-·'"audit"·in·ansible_facts.packages'
 14371 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14372 ··tags:14372 ··tags:
14373 ··-·CJIS-5.4.1.114373 ··-·CJIS-5.4.1.1
14374 ··-·DISA-STIG-OL07-00-03037014374 ··-·DISA-STIG-OL07-00-030370
14375 ··-·NIST-800-171-3.1.714375 ··-·NIST-800-171-3.1.7
14376 ··-·NIST-800-53-AU-12(c)14376 ··-·NIST-800-53-AU-12(c)
14377 ··-·NIST-800-53-AU-2(d)14377 ··-·NIST-800-53-AU-2(d)
14378 ··-·NIST-800-53-CM-6(a)14378 ··-·NIST-800-53-CM-6(a)
Offset 14509, 16 lines modifiedOffset 14509, 16 lines modified
14509 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014509 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14510 ········-F·auid!=unset·-F·key=perm_mod14510 ········-F·auid!=unset·-F·key=perm_mod
14511 ······create:·true14511 ······create:·true
14512 ······mode:·o-rwx14512 ······mode:·o-rwx
14513 ······state:·present14513 ······state:·present
14514 ····when:·syscalls_found·|·length·==·014514 ····when:·syscalls_found·|·length·==·0
14515 ··when:14515 ··when:
14516 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14517 ··-·'"audit"·in·ansible_facts.packages'14516 ··-·'"audit"·in·ansible_facts.packages'
 14517 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14518 ··-·audit_arch·==·"b64"14518 ··-·audit_arch·==·"b64"
14519 ··tags:14519 ··tags:
14520 ··-·CJIS-5.4.1.114520 ··-·CJIS-5.4.1.1
14521 ··-·DISA-STIG-OL07-00-03037014521 ··-·DISA-STIG-OL07-00-030370
14522 ··-·NIST-800-171-3.1.714522 ··-·NIST-800-171-3.1.7
14523 ··-·NIST-800-53-AU-12(c)14523 ··-·NIST-800-53-AU-12(c)
14524 ··-·NIST-800-53-AU-2(d)14524 ··-·NIST-800-53-AU-2(d)
Offset 14528, 15 lines modifiedOffset 14528, 15 lines modified
14528 ··-·low_complexity14528 ··-·low_complexity
14529 ··-·low_disruption14529 ··-·low_disruption
14530 ··-·medium_severity14530 ··-·medium_severity
Max diff block lines reached; 183702/188352 bytes (97.53%) of diff not shown.
5.25 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_enhanced.html
    
Offset 53942, 22 lines modifiedOffset 53942, 22 lines modified
000d2b50:·6c65·6765·640a·2020·2020·2020·6372·6561··leged.······crea000d2b50:·6c65·6765·640a·2020·2020·2020·6372·6561··leged.······crea
000d2b60:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000d2b60:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000d2b70:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000d2b70:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000d2b80:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000d2b80:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000d2b90:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000d2b90:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000d2ba0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000d2ba0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000d2bb0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000d2bb0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000d2bc0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000d2bd0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000d2be0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000d2bf0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000d2c00:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000d2c10:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a 
000d2c20:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000d2c30:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'000d2bc0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000d2bd0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000d2be0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
 000d2bf0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000d2c00:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000d2c10:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000d2c20:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000d2c30:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000d2c40:·0a20·2074·6167·733a·0a20·202d·2044·4953··.··tags:.··-·DIS000d2c40:·0a20·2074·6167·733a·0a20·202d·2044·4953··.··tags:.··-·DIS
000d2c50:·412d·5354·4947·2d4f·4c30·382d·3030·2d30··A-STIG-OL08-00-0000d2c50:·412d·5354·4947·2d4f·4c30·382d·3030·2d30··A-STIG-OL08-00-0
000d2c60:·3330·3535·300a·2020·2d20·4e49·5354·2d38··30550.··-·NIST-8000d2c60:·3330·3535·300a·2020·2d20·4e49·5354·2d38··30550.··-·NIST-8
000d2c70:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-000d2c70:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
000d2c80:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-000d2c80:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-
000d2c90:·3628·3929·0a20·202d·204e·4953·542d·3830··6(9).··-·NIST-80000d2c90:·3628·3929·0a20·202d·204e·4953·542d·3830··6(9).··-·NIST-80
000d2ca0:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··000d2ca0:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··
Offset 53989, 21 lines modifiedOffset 53989, 21 lines modified
000d2e40:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p000d2e40:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
000d2e50:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co000d2e50:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
000d2e60:·6c6c·6170·7365·2220·6964·3d22·6964·6d33··llapse"·id="idm3000d2e60:·6c6c·6170·7365·2220·6964·3d22·6964·6d33··llapse"·id="idm3
000d2e70:·3331·3335·223e·3c70·7265·3e3c·636f·6465··3135"><pre><code000d2e70:·3331·3335·223e·3c70·7265·3e3c·636f·6465··3135"><pre><code
000d2e80:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i000d2e80:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
000d2e90:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl000d2e90:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
000d2ea0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla000d2ea0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
000d2eb0:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f000d2eb0:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
000d2ec0:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&000d2ec0:·7175·6965·7420·2d71·2061·7564·6974·2026··quiet·-q·audit·&
000d2ed0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f000d2ed0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
 000d2ee0:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
 000d2ef0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
000d2ee0:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container000d2f00:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
000d2ef0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp; 
000d2f00:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
000d2f10:·6175·6469·743b·2074·6865·6e0a·0a41·4354··audit;·then..ACT000d2f10:·656e·7620·5d3b·2074·6865·6e0a·0a41·4354··env·];·then..ACT
000d2f20:·494f·4e5f·4152·4348·5f46·494c·5445·5253··ION_ARCH_FILTERS000d2f20:·494f·4e5f·4152·4348·5f46·494c·5445·5253··ION_ARCH_FILTERS
000d2f30:·3d22·2d61·2061·6c77·6179·732c·6578·6974··="-a·always,exit000d2f30:·3d22·2d61·2061·6c77·6179·732c·6578·6974··="-a·always,exit
000d2f40:·220a·4f54·4845·525f·4649·4c54·4552·533d··".OTHER_FILTERS=000d2f40:·220a·4f54·4845·525f·4649·4c54·4552·533d··".OTHER_FILTERS=
000d2f50:·222d·4620·7061·7468·3d2f·7573·722f·6269··"-F·path=/usr/bi000d2f50:·222d·4620·7061·7468·3d2f·7573·722f·6269··"-F·path=/usr/bi
000d2f60:·6e2f·7375·646f·202d·4620·7065·726d·3d78··n/sudo·-F·perm=x000d2f60:·6e2f·7375·646f·202d·4620·7065·726d·3d78··n/sudo·-F·perm=x
000d2f70:·220a·4155·4944·5f46·494c·5445·5253·3d22··".AUID_FILTERS="000d2f70:·220a·4155·4944·5f46·494c·5445·5253·3d22··".AUID_FILTERS="
000d2f80:·2d46·2061·7569·6426·6774·3b3d·3130·3030··-F·auid&gt;=1000000d2f80:·2d46·2061·7569·6426·6774·3b3d·3130·3030··-F·auid&gt;=1000
1.23 KB
html2text {}
    
Offset 8620, 16 lines modifiedOffset 8620, 16 lines modified
8620 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8620 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8621 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8621 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8622 ······create:·true8622 ······create:·true
8623 ······mode:·o-rwx8623 ······mode:·o-rwx
8624 ······state:·present8624 ······state:·present
8625 ····when:·syscalls_found·|·length·==·08625 ····when:·syscalls_found·|·length·==·0
8626 ··when:8626 ··when:
8627 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8628 ··-·'"audit"·in·ansible_facts.packages'8627 ··-·'"audit"·in·ansible_facts.packages'
 8628 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8629 ··tags:8629 ··tags:
8630 ··-·DISA-STIG-OL08-00-0305508630 ··-·DISA-STIG-OL08-00-030550
8631 ··-·NIST-800-171-3.1.78631 ··-·NIST-800-171-3.1.7
8632 ··-·NIST-800-53-AC-6(9)8632 ··-·NIST-800-53-AC-6(9)
8633 ··-·NIST-800-53-AU-12(c)8633 ··-·NIST-800-53-AU-12(c)
8634 ··-·NIST-800-53-AU-2(d)8634 ··-·NIST-800-53-AU-2(d)
8635 ··-·NIST-800-53-CM-6(a)8635 ··-·NIST-800-53-CM-6(a)
Offset 8637, 15 lines modifiedOffset 8637, 15 lines modified
8637 ··-·low_complexity8637 ··-·low_complexity
8638 ··-·low_disruption8638 ··-·low_disruption
8639 ··-·medium_severity8639 ··-·medium_severity
8640 ··-·no_reboot_needed8640 ··-·no_reboot_needed
8641 ··-·restrict_strategy8641 ··-·restrict_strategy
8642 Remediation_Shell_script_⇲8642 Remediation_Shell_script_⇲
8643 #·Remediation·is·applicable·only·in·certain·platforms8643 #·Remediation·is·applicable·only·in·certain·platforms
8644 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8644 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8645 ACTION_ARCH_FILTERS="-a·always,exit"8645 ACTION_ARCH_FILTERS="-a·always,exit"
8646 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8646 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8647 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8647 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8648 SYSCALL=""8648 SYSCALL=""
8649 KEY="privileged"8649 KEY="privileged"
8650 SYSCALL_GROUPING=""8650 SYSCALL_GROUPING=""
5.45 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_high.html
    
Offset 55967, 23 lines modifiedOffset 55967, 23 lines modified
000da9e0:·7072·6976·696c·6567·6564·0a20·2020·2020··privileged.·····000da9e0:·7072·6976·696c·6567·6564·0a20·2020·2020··privileged.·····
000da9f0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000da9f0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000daa00:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000daa00:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000daa10:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000daa10:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000daa20:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000daa20:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000daa30:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000daa30:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000daa40:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000daa40:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000daa50:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000daa60:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000daa70:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000daa80:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000daa90:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000daaa0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
000daab0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000daac0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000daa50:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000daa60:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000daa70:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000daa80:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000daa90:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000daaa0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000daab0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000daac0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000daad0:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··000daad0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000daae0:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08000daae0:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08
000daaf0:·2d30·302d·3033·3035·3530·0a20·202d·204e··-00-030550.··-·N000daaf0:·2d30·302d·3033·3035·3530·0a20·202d·204e··-00-030550.··-·N
000dab00:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000dab00:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000dab10:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000dab10:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000dab20:·332d·4143·2d36·2839·290a·2020·2d20·4e49··3-AC-6(9).··-·NI000dab20:·332d·4143·2d36·2839·290a·2020·2d20·4e49··3-AC-6(9).··-·NI
000dab30:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000dab30:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
000dab40:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-000dab40:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-
Offset 56014, 21 lines modifiedOffset 56014, 21 lines modified
000dacd0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla000dacd0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
000dace0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap000dace0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
000dacf0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=000dacf0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
000dad00:·2269·646d·3333·3133·3522·3e3c·7072·653e··"idm33135"><pre>000dad00:·2269·646d·3333·3133·3522·3e3c·7072·653e··"idm33135"><pre>
000dad10:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000dad10:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000dad20:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000dad20:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000dad30:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000dad30:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000dad40:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[000dad40:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
 000dad50:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au
 000dad60:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[
000dad50:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000dad70:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000dad60:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000dad80:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000dad70:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000dad90:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000dad80:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;000dada0:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then
000dad90:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
000dada0:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then 
000dadb0:·0a0a·4143·5449·4f4e·5f41·5243·485f·4649··..ACTION_ARCH_FI000dadb0:·0a0a·4143·5449·4f4e·5f41·5243·485f·4649··..ACTION_ARCH_FI
000dadc0:·4c54·4552·533d·222d·6120·616c·7761·7973··LTERS="-a·always000dadc0:·4c54·4552·533d·222d·6120·616c·7761·7973··LTERS="-a·always
000dadd0:·2c65·7869·7422·0a4f·5448·4552·5f46·494c··,exit".OTHER_FIL000dadd0:·2c65·7869·7422·0a4f·5448·4552·5f46·494c··,exit".OTHER_FIL
000dade0:·5445·5253·3d22·2d46·2070·6174·683d·2f75··TERS="-F·path=/u000dade0:·5445·5253·3d22·2d46·2070·6174·683d·2f75··TERS="-F·path=/u
000dadf0:·7372·2f62·696e·2f73·7564·6f20·2d46·2070··sr/bin/sudo·-F·p000dadf0:·7372·2f62·696e·2f73·7564·6f20·2d46·2070··sr/bin/sudo·-F·p
000dae00:·6572·6d3d·7822·0a41·5549·445f·4649·4c54··erm=x".AUID_FILT000dae00:·6572·6d3d·7822·0a41·5549·445f·4649·4c54··erm=x".AUID_FILT
000dae10:·4552·533d·222d·4620·6175·6964·2667·743b··ERS="-F·auid&gt;000dae10:·4552·533d·222d·4620·6175·6964·2667·743b··ERS="-F·auid&gt;
1.23 KB
html2text {}
    
Offset 8964, 16 lines modifiedOffset 8964, 16 lines modified
8964 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8964 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8965 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8965 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8966 ······create:·true8966 ······create:·true
8967 ······mode:·o-rwx8967 ······mode:·o-rwx
8968 ······state:·present8968 ······state:·present
8969 ····when:·syscalls_found·|·length·==·08969 ····when:·syscalls_found·|·length·==·0
8970 ··when:8970 ··when:
8971 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8972 ··-·'"audit"·in·ansible_facts.packages'8971 ··-·'"audit"·in·ansible_facts.packages'
 8972 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8973 ··tags:8973 ··tags:
8974 ··-·DISA-STIG-OL08-00-0305508974 ··-·DISA-STIG-OL08-00-030550
8975 ··-·NIST-800-171-3.1.78975 ··-·NIST-800-171-3.1.7
8976 ··-·NIST-800-53-AC-6(9)8976 ··-·NIST-800-53-AC-6(9)
8977 ··-·NIST-800-53-AU-12(c)8977 ··-·NIST-800-53-AU-12(c)
8978 ··-·NIST-800-53-AU-2(d)8978 ··-·NIST-800-53-AU-2(d)
8979 ··-·NIST-800-53-CM-6(a)8979 ··-·NIST-800-53-CM-6(a)
Offset 8981, 15 lines modifiedOffset 8981, 15 lines modified
8981 ··-·low_complexity8981 ··-·low_complexity
8982 ··-·low_disruption8982 ··-·low_disruption
8983 ··-·medium_severity8983 ··-·medium_severity
8984 ··-·no_reboot_needed8984 ··-·no_reboot_needed
8985 ··-·restrict_strategy8985 ··-·restrict_strategy
8986 Remediation_Shell_script_⇲8986 Remediation_Shell_script_⇲
8987 #·Remediation·is·applicable·only·in·certain·platforms8987 #·Remediation·is·applicable·only·in·certain·platforms
8988 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8988 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8989 ACTION_ARCH_FILTERS="-a·always,exit"8989 ACTION_ARCH_FILTERS="-a·always,exit"
8990 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8990 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8991 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8991 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8992 SYSCALL=""8992 SYSCALL=""
8993 KEY="privileged"8993 KEY="privileged"
8994 SYSCALL_GROUPING=""8994 SYSCALL_GROUPING=""
5.33 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_intermediary.html
    
Offset 51615, 23 lines modifiedOffset 51615, 23 lines modified
000c99e0:·793d·7072·6976·696c·6567·6564·0a20·2020··y=privileged.···000c99e0:·793d·7072·6976·696c·6567·6564·0a20·2020··y=privileged.···
000c99f0:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.000c99f0:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
000c9a00:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw000c9a00:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
000c9a10:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p000c9a10:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000c9a20:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000c9a20:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000c9a30:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000c9a30:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000c9a40:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000c9a40:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000c9a50:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl000c9a50:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
000c9a60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000c9a70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000c9a80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000c9a90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000c9aa0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
000c9ab0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000c9ac0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000c9a60:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000c9a70:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000c9a80:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000c9a90:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000c9aa0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000c9ab0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000c9ac0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000c9ad0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.000c9ad0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000c9ae0:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL000c9ae0:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL
000c9af0:·3038·2d30·302d·3033·3035·3530·0a20·202d··08-00-030550.··-000c9af0:·3038·2d30·302d·3033·3035·3530·0a20·202d··08-00-030550.··-
000c9b00:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000c9b00:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000c9b10:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000c9b10:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000c9b20:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·000c9b20:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·
000c9b30:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1000c9b30:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
000c9b40:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80000c9b40:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
Offset 51663, 20 lines modifiedOffset 51663, 20 lines modified
000c9ce0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll000c9ce0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
000c9cf0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i000c9cf0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
000c9d00:·643d·2269·646d·3333·3133·3522·3e3c·7072··d="idm33135"><pr000c9d00:·643d·2269·646d·3333·3133·3522·3e3c·7072··d="idm33135"><pr
000c9d10:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi000c9d10:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
000c9d20:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica000c9d20:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
000c9d30:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert000c9d30:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
000c9d40:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if000c9d40:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 000c9d50:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 000c9d60:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp;
000c9d50:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker000c9d70:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
000c9d60:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;000c9d80:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
000c9d70:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co000c9d90:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
000c9d80:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am000c9da0:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th
000c9d90:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu 
000c9da0:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th 
000c9db0:·656e·0a0a·4143·5449·4f4e·5f41·5243·485f··en..ACTION_ARCH_000c9db0:·656e·0a0a·4143·5449·4f4e·5f41·5243·485f··en..ACTION_ARCH_
000c9dc0:·4649·4c54·4552·533d·222d·6120·616c·7761··FILTERS="-a·alwa000c9dc0:·4649·4c54·4552·533d·222d·6120·616c·7761··FILTERS="-a·alwa
000c9dd0:·7973·2c65·7869·7422·0a4f·5448·4552·5f46··ys,exit".OTHER_F000c9dd0:·7973·2c65·7869·7422·0a4f·5448·4552·5f46··ys,exit".OTHER_F
000c9de0:·494c·5445·5253·3d22·2d46·2070·6174·683d··ILTERS="-F·path=000c9de0:·494c·5445·5253·3d22·2d46·2070·6174·683d··ILTERS="-F·path=
000c9df0:·2f75·7372·2f62·696e·2f73·7564·6f20·2d46··/usr/bin/sudo·-F000c9df0:·2f75·7372·2f62·696e·2f73·7564·6f20·2d46··/usr/bin/sudo·-F
000c9e00:·2070·6572·6d3d·7822·0a41·5549·445f·4649···perm=x".AUID_FI000c9e00:·2070·6572·6d3d·7822·0a41·5549·445f·4649···perm=x".AUID_FI
000c9e10:·4c54·4552·533d·222d·4620·6175·6964·2667··LTERS="-F·auid&g000c9e10:·4c54·4552·533d·222d·4620·6175·6964·2667··LTERS="-F·auid&g
1.23 KB
html2text {}
    
Offset 8173, 16 lines modifiedOffset 8173, 16 lines modified
8173 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8173 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8174 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8174 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8175 ······create:·true8175 ······create:·true
8176 ······mode:·o-rwx8176 ······mode:·o-rwx
8177 ······state:·present8177 ······state:·present
8178 ····when:·syscalls_found·|·length·==·08178 ····when:·syscalls_found·|·length·==·0
8179 ··when:8179 ··when:
8180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8181 ··-·'"audit"·in·ansible_facts.packages'8180 ··-·'"audit"·in·ansible_facts.packages'
 8181 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8182 ··tags:8182 ··tags:
8183 ··-·DISA-STIG-OL08-00-0305508183 ··-·DISA-STIG-OL08-00-030550
8184 ··-·NIST-800-171-3.1.78184 ··-·NIST-800-171-3.1.7
8185 ··-·NIST-800-53-AC-6(9)8185 ··-·NIST-800-53-AC-6(9)
8186 ··-·NIST-800-53-AU-12(c)8186 ··-·NIST-800-53-AU-12(c)
8187 ··-·NIST-800-53-AU-2(d)8187 ··-·NIST-800-53-AU-2(d)
8188 ··-·NIST-800-53-CM-6(a)8188 ··-·NIST-800-53-CM-6(a)
Offset 8190, 15 lines modifiedOffset 8190, 15 lines modified
8190 ··-·low_complexity8190 ··-·low_complexity
8191 ··-·low_disruption8191 ··-·low_disruption
8192 ··-·medium_severity8192 ··-·medium_severity
8193 ··-·no_reboot_needed8193 ··-·no_reboot_needed
8194 ··-·restrict_strategy8194 ··-·restrict_strategy
8195 Remediation_Shell_script_⇲8195 Remediation_Shell_script_⇲
8196 #·Remediation·is·applicable·only·in·certain·platforms8196 #·Remediation·is·applicable·only·in·certain·platforms
8197 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8197 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8198 ACTION_ARCH_FILTERS="-a·always,exit"8198 ACTION_ARCH_FILTERS="-a·always,exit"
8199 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8199 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8200 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8200 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8201 SYSCALL=""8201 SYSCALL=""
8202 KEY="privileged"8202 KEY="privileged"
8203 SYSCALL_GROUPING=""8203 SYSCALL_GROUPING=""
538 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-cjis.html
    
Offset 39267, 22 lines modifiedOffset 39267, 22 lines modified
00099620:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str00099620:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
00099630:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S00099630:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
00099640:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·00099640:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
00099650:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·00099650:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·
00099660:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact00099660:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
00099670:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch00099670:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
00099680:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··00099680:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
00099690:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000996a0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000996b0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000996c0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000996d0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000996e0:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000996f0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00099700:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.00099690:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000996a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000996b0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000996c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000996d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000996e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000996f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 00099700:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
00099710:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch00099710:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
00099720:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar00099720:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
00099730:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible00099730:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
00099740:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==00099740:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
00099750:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi00099750:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
00099760:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture00099760:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
00099770:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le00099770:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 39590, 23 lines modifiedOffset 39590, 23 lines modified
0009aa50:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr0009aa50:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
0009aa60:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····0009aa60:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
0009aa70:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···0009aa70:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
0009aa80:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen0009aa80:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
0009aa90:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc0009aa90:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
0009aaa0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len0009aaa0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
0009aab0:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:0009aab0:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
0009aac0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
0009aad0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
0009aae0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
0009aaf0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
0009ab00:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
0009ab10:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
0009ab20:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
0009ab30:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0009aac0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 0009aad0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0009aae0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 0009aaf0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 0009ab00:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 0009ab10:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 0009ab20:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 0009ab30:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0009ab40:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C0009ab40:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
0009ab50:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·0009ab50:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·
0009ab60:·4449·5341·2d53·5449·472d·4f4c·3038·2d30··DISA-STIG-OL08-00009ab60:·4449·5341·2d53·5449·472d·4f4c·3038·2d30··DISA-STIG-OL08-0
0009ab70:·302d·3033·3034·3930·0a20·202d·204e·4953··0-030490.··-·NIS0009ab70:·302d·3033·3034·3930·0a20·202d·204e·4953··0-030490.··-·NIS
0009ab80:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.0009ab80:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.
0009ab90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0009ab90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0009aba0:·4155·2d31·3228·6329·0a20·202d·204e·4953··AU-12(c).··-·NIS0009aba0:·4155·2d31·3228·6329·0a20·202d·204e·4953··AU-12(c).··-·NIS
0009abb0:·542d·3830·302d·3533·2d41·552d·3228·6429··T-800-53-AU-2(d)0009abb0:·542d·3830·302d·3533·2d41·552d·3228·6429··T-800-53-AU-2(d)
Offset 39901, 23 lines modifiedOffset 39901, 23 lines modified
0009bdc0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo0009bdc0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo
0009bdd0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·0009bdd0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·
0009bde0:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:0009bde0:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:
0009bdf0:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta0009bdf0:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta
0009be00:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····0009be00:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
0009be10:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f0009be10:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f
0009be20:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==0009be20:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==
0009be30:·2030·0a20·2077·6865·6e3a·0a20·202d·2061···0.··when:.··-·a0009be30:·2030·0a20·2077·6865·6e3a·0a20·202d·2027···0.··when:.··-·'
0009be40:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
0009be50:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
0009be60:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
0009be70:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
0009be80:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain 
0009be90:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit 
0009bea0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0009beb0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-0009be40:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 0009be50:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 0009be60:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
 0009be70:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 0009be80:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 0009be90:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 0009bea0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 0009beb0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
0009bec0:·2061·7564·6974·5f61·7263·6820·3d3d·2022···audit_arch·==·"0009bec0:·2061·7564·6974·5f61·7263·6820·3d3d·2022···audit_arch·==·"
0009bed0:·6236·3422·0a20·2074·6167·733a·0a20·202d··b64".··tags:.··-0009bed0:·6236·3422·0a20·2074·6167·733a·0a20·202d··b64".··tags:.··-
0009bee0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··0009bee0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
0009bef0:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL080009bef0:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08
0009bf00:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N0009bf00:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N
0009bf10:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.0009bf10:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
0009bf20:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50009bf20:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
Offset 39951, 21 lines modifiedOffset 39951, 21 lines modified
0009c0e0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="0009c0e0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0009c0f0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c0009c0f0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0009c100:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm0009c100:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0009c110:·3232·3636·3922·3e3c·7072·653e·3c63·6f64··22669"><pre><cod0009c110:·3232·3636·3922·3e3c·7072·653e·3c63·6f64··22669"><pre><cod
0009c120:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·0009c120:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0009c130:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on0009c130:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0009c140:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl0009c140:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0009c150:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-0009c150:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
0009c160:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·0009c160:·2d71·7569·6574·202d·7120·6175·6469·7420··-quiet·-q·audit·
0009c170:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-0009c170:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
 0009c180:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
 0009c190:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
0009c180:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe0009c1a0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
0009c190:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp 
0009c1a0:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q 
0009c1b0:·2061·7564·6974·3b20·7468·656e·0a0a·2320···audit;·then..#·0009c1b0:·7265·6e76·205d·3b20·7468·656e·0a0a·2320··renv·];·then..#·
0009c1c0:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th0009c1c0:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th
0009c1d0:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of0009c1d0:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of
0009c1e0:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul0009c1e0:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul
0009c1f0:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har0009c1f0:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har
0009c200:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu0009c200:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu
0009c210:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl0009c210:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl
0009c220:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$0009c220:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$
Offset 41763, 23 lines modifiedOffset 41763, 23 lines modified
000a3220:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re000a3220:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re
000a3230:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.000a3230:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
000a3240:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc000a3240:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc
000a3250:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au000a3250:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au
000a3260:·6469·7420·6368·6f77·6e20·7461·736b·730a··dit·chown·tasks.000a3260:·6469·7420·6368·6f77·6e20·7461·736b·730a··dit·chown·tasks.
000a3270:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····000a3270:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····
000a3280:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.000a3280:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.
000a3290:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi000a3290:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
000a32a0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000a32b0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000a32c0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
Max diff block lines reached; 404268/414541 bytes (97.52%) of diff not shown.
133 KB
html2text {}
    
Offset 3819, 16 lines modifiedOffset 3819, 16 lines modified
3819 ··-·reboot_required3819 ··-·reboot_required
3820 ··-·restrict_strategy3820 ··-·restrict_strategy
  
3821 -·name:·Set·architecture·for·audit·chmod·tasks3821 -·name:·Set·architecture·for·audit·chmod·tasks
3822 ··set_fact:3822 ··set_fact:
3823 ····audit_arch:·b643823 ····audit_arch:·b64
3824 ··when:3824 ··when:
3825 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3826 ··-·'"audit"·in·ansible_facts.packages'3825 ··-·'"audit"·in·ansible_facts.packages'
 3826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3827 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3827 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3828 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3828 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3829 ··tags:3829 ··tags:
3830 ··-·CJIS-5.4.1.13830 ··-·CJIS-5.4.1.1
3831 ··-·DISA-STIG-OL08-00-0304903831 ··-·DISA-STIG-OL08-00-030490
3832 ··-·NIST-800-171-3.1.73832 ··-·NIST-800-171-3.1.7
3833 ··-·NIST-800-53-AU-12(c)3833 ··-·NIST-800-53-AU-12(c)
Offset 3965, 16 lines modifiedOffset 3965, 16 lines modified
3965 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003965 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3966 ········-F·auid!=unset·-F·key=perm_mod3966 ········-F·auid!=unset·-F·key=perm_mod
3967 ······create:·true3967 ······create:·true
3968 ······mode:·o-rwx3968 ······mode:·o-rwx
3969 ······state:·present3969 ······state:·present
3970 ····when:·syscalls_found·|·length·==·03970 ····when:·syscalls_found·|·length·==·0
3971 ··when:3971 ··when:
3972 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3973 ··-·'"audit"·in·ansible_facts.packages'3972 ··-·'"audit"·in·ansible_facts.packages'
 3973 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3974 ··tags:3974 ··tags:
3975 ··-·CJIS-5.4.1.13975 ··-·CJIS-5.4.1.1
3976 ··-·DISA-STIG-OL08-00-0304903976 ··-·DISA-STIG-OL08-00-030490
3977 ··-·NIST-800-171-3.1.73977 ··-·NIST-800-171-3.1.7
3978 ··-·NIST-800-53-AU-12(c)3978 ··-·NIST-800-53-AU-12(c)
3979 ··-·NIST-800-53-AU-2(d)3979 ··-·NIST-800-53-AU-2(d)
3980 ··-·NIST-800-53-CM-6(a)3980 ··-·NIST-800-53-CM-6(a)
Offset 4109, 16 lines modifiedOffset 4109, 16 lines modified
4109 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004109 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4110 ········-F·auid!=unset·-F·key=perm_mod4110 ········-F·auid!=unset·-F·key=perm_mod
4111 ······create:·true4111 ······create:·true
4112 ······mode:·o-rwx4112 ······mode:·o-rwx
4113 ······state:·present4113 ······state:·present
4114 ····when:·syscalls_found·|·length·==·04114 ····when:·syscalls_found·|·length·==·0
4115 ··when:4115 ··when:
4116 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4117 ··-·'"audit"·in·ansible_facts.packages'4116 ··-·'"audit"·in·ansible_facts.packages'
 4117 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4118 ··-·audit_arch·==·"b64"4118 ··-·audit_arch·==·"b64"
4119 ··tags:4119 ··tags:
4120 ··-·CJIS-5.4.1.14120 ··-·CJIS-5.4.1.1
4121 ··-·DISA-STIG-OL08-00-0304904121 ··-·DISA-STIG-OL08-00-030490
4122 ··-·NIST-800-171-3.1.74122 ··-·NIST-800-171-3.1.7
4123 ··-·NIST-800-53-AU-12(c)4123 ··-·NIST-800-53-AU-12(c)
4124 ··-·NIST-800-53-AU-2(d)4124 ··-·NIST-800-53-AU-2(d)
Offset 4128, 15 lines modifiedOffset 4128, 15 lines modified
4128 ··-·low_complexity4128 ··-·low_complexity
4129 ··-·low_disruption4129 ··-·low_disruption
4130 ··-·medium_severity4130 ··-·medium_severity
4131 ··-·reboot_required4131 ··-·reboot_required
4132 ··-·restrict_strategy4132 ··-·restrict_strategy
4133 Remediation_Shell_script_⇲4133 Remediation_Shell_script_⇲
4134 #·Remediation·is·applicable·only·in·certain·platforms4134 #·Remediation·is·applicable·only·in·certain·platforms
4135 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then4135 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
4136 #·First·perform·the·remediation·of·the·syscall·rule4136 #·First·perform·the·remediation·of·the·syscall·rule
4137 #·Retrieve·hardware·architecture·of·the·underlying·system4137 #·Retrieve·hardware·architecture·of·the·underlying·system
4138 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4138 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4139 for·ARCH·in·"${RULE_ARCHS[@]}"4139 for·ARCH·in·"${RULE_ARCHS[@]}"
4140 do4140 do
Offset 4497, 16 lines modifiedOffset 4497, 16 lines modified
4497 ··-·reboot_required4497 ··-·reboot_required
4498 ··-·restrict_strategy4498 ··-·restrict_strategy
  
4499 -·name:·Set·architecture·for·audit·chown·tasks4499 -·name:·Set·architecture·for·audit·chown·tasks
4500 ··set_fact:4500 ··set_fact:
4501 ····audit_arch:·b644501 ····audit_arch:·b64
4502 ··when:4502 ··when:
4503 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4504 ··-·'"audit"·in·ansible_facts.packages'4503 ··-·'"audit"·in·ansible_facts.packages'
 4504 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4505 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4505 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4506 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4506 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4507 ··tags:4507 ··tags:
4508 ··-·CJIS-5.4.1.14508 ··-·CJIS-5.4.1.1
4509 ··-·DISA-STIG-OL08-00-0304804509 ··-·DISA-STIG-OL08-00-030480
4510 ··-·NIST-800-171-3.1.74510 ··-·NIST-800-171-3.1.7
4511 ··-·NIST-800-53-AU-12(c)4511 ··-·NIST-800-53-AU-12(c)
Offset 4645, 16 lines modifiedOffset 4645, 16 lines modified
4645 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004645 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4646 ········-F·auid!=unset·-F·key=perm_mod4646 ········-F·auid!=unset·-F·key=perm_mod
4647 ······create:·true4647 ······create:·true
4648 ······mode:·o-rwx4648 ······mode:·o-rwx
4649 ······state:·present4649 ······state:·present
4650 ····when:·syscalls_found·|·length·==·04650 ····when:·syscalls_found·|·length·==·0
4651 ··when:4651 ··when:
4652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4653 ··-·'"audit"·in·ansible_facts.packages'4652 ··-·'"audit"·in·ansible_facts.packages'
 4653 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4654 ··tags:4654 ··tags:
4655 ··-·CJIS-5.4.1.14655 ··-·CJIS-5.4.1.1
4656 ··-·DISA-STIG-OL08-00-0304804656 ··-·DISA-STIG-OL08-00-030480
4657 ··-·NIST-800-171-3.1.74657 ··-·NIST-800-171-3.1.7
4658 ··-·NIST-800-53-AU-12(c)4658 ··-·NIST-800-53-AU-12(c)
4659 ··-·NIST-800-53-AU-2(d)4659 ··-·NIST-800-53-AU-2(d)
4660 ··-·NIST-800-53-CM-6(a)4660 ··-·NIST-800-53-CM-6(a)
Offset 4791, 16 lines modifiedOffset 4791, 16 lines modified
4791 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004791 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4792 ········-F·auid!=unset·-F·key=perm_mod4792 ········-F·auid!=unset·-F·key=perm_mod
4793 ······create:·true4793 ······create:·true
4794 ······mode:·o-rwx4794 ······mode:·o-rwx
4795 ······state:·present4795 ······state:·present
4796 ····when:·syscalls_found·|·length·==·04796 ····when:·syscalls_found·|·length·==·0
4797 ··when:4797 ··when:
4798 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4799 ··-·'"audit"·in·ansible_facts.packages'4798 ··-·'"audit"·in·ansible_facts.packages'
 4799 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4800 ··-·audit_arch·==·"b64"4800 ··-·audit_arch·==·"b64"
4801 ··tags:4801 ··tags:
4802 ··-·CJIS-5.4.1.14802 ··-·CJIS-5.4.1.1
4803 ··-·DISA-STIG-OL08-00-0304804803 ··-·DISA-STIG-OL08-00-030480
4804 ··-·NIST-800-171-3.1.74804 ··-·NIST-800-171-3.1.7
4805 ··-·NIST-800-53-AU-12(c)4805 ··-·NIST-800-53-AU-12(c)
4806 ··-·NIST-800-53-AU-2(d)4806 ··-·NIST-800-53-AU-2(d)
Offset 4810, 15 lines modifiedOffset 4810, 15 lines modified
4810 ··-·low_complexity4810 ··-·low_complexity
4811 ··-·low_disruption4811 ··-·low_disruption
4812 ··-·medium_severity4812 ··-·medium_severity
Max diff block lines reached; 131266/135900 bytes (96.59%) of diff not shown.
30.5 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-cui.html
    
Offset 57917, 23 lines modifiedOffset 57917, 23 lines modified
000e23c0:·2020·2020·7265·6765·7870·3a20·5e5c·732a······regexp:·^\s*000e23c0:·2020·2020·7265·6765·7870·3a20·5e5c·732a······regexp:·^\s*
000e23d0:·666c·7573·685c·732a·3d5c·732a·2e2a·240a··flush\s*=\s*.*$.000e23d0:·666c·7573·685c·732a·3d5c·732a·2e2a·240a··flush\s*=\s*.*$.
000e23e0:·2020·2020·6c69·6e65·3a20·666c·7573·6820······line:·flush·000e23e0:·2020·2020·6c69·6e65·3a20·666c·7573·6820······line:·flush·
000e23f0:·3d20·7b7b·2076·6172·5f61·7564·6974·645f··=·{{·var_auditd_000e23f0:·3d20·7b7b·2076·6172·5f61·7564·6974·645f··=·{{·var_auditd_
000e2400:·666c·7573·6820·7d7d·0a20·2020·2073·7461··flush·}}.····sta000e2400:·666c·7573·6820·7d7d·0a20·2020·2073·7461··flush·}}.····sta
000e2410:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····000e2410:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
000e2420:·6372·6561·7465·3a20·7472·7565·0a20·2077··create:·true.··w000e2420:·6372·6561·7465·3a20·7472·7565·0a20·2077··create:·true.··w
000e2430:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000e2430:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000e2440:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000e2450:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000e2460:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000e2470:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000e2480:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
000e2490:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000e24a0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000e2440:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000e2450:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000e2460:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000e2470:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000e2480:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000e2490:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000e24a0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000e24b0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·000e24b0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000e24c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000e24c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000e24d0:·332e·332e·310a·2020·2d20·4e49·5354·2d38··3.3.1.··-·NIST-8000e24d0:·332e·332e·310a·2020·2d20·4e49·5354·2d38··3.3.1.··-·NIST-8
000e24e0:·3030·2d35·332d·4155·2d31·310a·2020·2d20··00-53-AU-11.··-·000e24e0:·3030·2d35·332d·4155·2d31·310a·2020·2d20··00-53-AU-11.··-·
000e24f0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6000e24f0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
000e2500:·2861·290a·2020·2d20·6175·6469·7464·5f64··(a).··-·auditd_d000e2500:·2861·290a·2020·2d20·6175·6469·7464·5f64··(a).··-·auditd_d
000e2510:·6174·615f·7265·7465·6e74·696f·6e5f·666c··ata_retention_fl000e2510:·6174·615f·7265·7465·6e74·696f·6e5f·666c··ata_retention_fl
000e2520:·7573·680a·2020·2d20·6c6f·775f·636f·6d70··ush.··-·low_comp000e2520:·7573·680a·2020·2d20·6c6f·775f·636f·6d70··ush.··-·low_comp
Offset 57959, 21 lines modifiedOffset 57959, 21 lines modified
000e2660:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane000e2660:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
000e2670:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla000e2670:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
000e2680:·7073·6522·2069·643d·2269·646d·3335·3533··pse"·id="idm3553000e2680:·7073·6522·2069·643d·2269·646d·3335·3533··pse"·id="idm3553
000e2690:·3122·3e3c·7072·653e·3c63·6f64·653e·2320··1"><pre><code>#·000e2690:·3122·3e3c·7072·653e·3c63·6f64·653e·2320··1"><pre><code>#·
000e26a0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000e26a0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000e26b0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000e26b0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000e26c0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000e26c0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
000e26d0:·726d·730a·6966·205b·2021·202d·6620·2f2e··rms.if·[·!·-f·/. 
000e26e0:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp000e26d0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 000e26e0:·6574·202d·7120·6175·6469·7420·2661·6d70··et·-q·audit·&amp
000e26f0:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r000e26f0:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/.
 000e2700:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
 000e2710:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
000e2700:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv000e2720:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
000e2710:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp 
000e2720:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
000e2730:·6974·3b20·7468·656e·0a0a·7661·725f·6175··it;·then..var_au000e2730:·205d·3b20·7468·656e·0a0a·7661·725f·6175···];·then..var_au
000e2740:·6469·7464·5f66·6c75·7368·3d27·3c61·6262··ditd_flush='<abb000e2740:·6469·7464·5f66·6c75·7368·3d27·3c61·6262··ditd_flush='<abb
000e2750:·7220·7469·746c·653d·2266·726f·6d20·5072··r·title="from·Pr000e2750:·7220·7469·746c·653d·2266·726f·6d20·5072··r·title="from·Pr
000e2760:·6f66·696c·652f·7265·6669·6e65·2d76·616c··ofile/refine-val000e2760:·6f66·696c·652f·7265·6669·6e65·2d76·616c··ofile/refine-val
000e2770:·7565·3a20·7863·6364·665f·6f72·672e·7373··ue:·xccdf_org.ss000e2770:·7565·3a20·7863·6364·665f·6f72·672e·7373··ue:·xccdf_org.ss
000e2780:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content000e2780:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000e2790:·5f76·616c·7565·5f76·6172·5f61·7564·6974··_value_var_audit000e2790:·5f76·616c·7565·5f76·6172·5f61·7564·6974··_value_var_audit
000e27a0:·645f·666c·7573·6822·3e69·6e63·7265·6d65··d_flush">increme000e27a0:·645f·666c·7573·6822·3e69·6e63·7265·6d65··d_flush">increme
Offset 58287, 23 lines modifiedOffset 58287, 23 lines modified
000e3ae0:·6469·7464·2e63·6f6e·660a·2020·2020·2020··ditd.conf.······000e3ae0:·6469·7464·2e63·6f6e·660a·2020·2020·2020··ditd.conf.······
000e3af0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000e3af0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000e3b00:·2020·2072·6567·6578·703a·2028·3f69·295e·····regexp:·(?i)^000e3b00:·2020·2072·6567·6578·703a·2028·3f69·295e·····regexp:·(?i)^
000e3b10:·5c73·2a66·7265·715c·732a·3d5c·732a·0a20··\s*freq\s*=\s*.·000e3b10:·5c73·2a66·7265·715c·732a·3d5c·732a·0a20··\s*freq\s*=\s*.·
000e3b20:·2020·2020·206c·696e·653a·2066·7265·7120·······line:·freq·000e3b20:·2020·2020·206c·696e·653a·2066·7265·7120·······line:·freq·
000e3b30:·3d20·3530·0a20·2020·2020·2073·7461·7465··=·50.······state000e3b30:·3d20·3530·0a20·2020·2020·2073·7461·7465··=·50.······state
000e3b40:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when000e3b40:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when
000e3b50:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000e3b60:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000e3b70:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000e3b80:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000e3b90:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000e3ba0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000e3bb0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000e3bc0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000e3b50:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000e3b60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000e3b70:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 000e3b80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000e3b90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000e3ba0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000e3bb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000e3bc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000e3bd0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·000e3bd0:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
000e3be0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6000e3be0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
000e3bf0:·0a20·202d·2061·7564·6974·645f·6672·6571··.··-·auditd_freq000e3bf0:·0a20·202d·2061·7564·6974·645f·6672·6571··.··-·auditd_freq
000e3c00:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex000e3c00:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex
000e3c10:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr000e3c10:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr
000e3c20:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu000e3c20:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu
000e3c30:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n000e3c30:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n
000e3c40:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.000e3c40:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
Offset 58337, 21 lines modifiedOffset 58337, 21 lines modified
000e3e00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra000e3e00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
000e3e10:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re000e3e10:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
000e3e20:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>000e3e20:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
000e3e30:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co000e3e30:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
000e3e40:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation000e3e40:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
000e3e50:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o000e3e50:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
000e3e60:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p000e3e60:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
000e3e70:·6c61·7466·6f72·6d73·0a69·6620·5b20·2120··latforms.if·[·!·000e3e70:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
000e3e80:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000e3e80:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
000e3e90:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000e3e90:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 000e3ea0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
 000e3eb0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
000e3ea0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000e3ec0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
 000e3ed0:·6572·656e·7620·5d3b·2074·6865·6e0a·0a69··erenv·];·then..i
000e3eb0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am 
000e3ec0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·- 
000e3ed0:·7120·6175·6469·743b·2074·6865·6e0a·0a69··q·audit;·then..i 
000e3ee0:·6620·5b20·2d65·2022·2f65·7463·2f61·7564··f·[·-e·"/etc/aud000e3ee0:·6620·5b20·2d65·2022·2f65·7463·2f61·7564··f·[·-e·"/etc/aud
000e3ef0:·6974·2f61·7564·6974·642e·636f·6e66·2220··it/auditd.conf"·000e3ef0:·6974·2f61·7564·6974·642e·636f·6e66·2220··it/auditd.conf"·
000e3f00:·5d20·3b20·7468·656e·0a20·2020·200a·2020··]·;·then.····.··000e3f00:·5d20·3b20·7468·656e·0a20·2020·200a·2020··]·;·then.····.··
000e3f10:·2020·4c43·5f41·4c4c·3d43·2073·6564·202d····LC_ALL=C·sed·-000e3f10:·2020·4c43·5f41·4c4c·3d43·2073·6564·202d····LC_ALL=C·sed·-
000e3f20:·6920·222f·5e5c·732a·6672·6571·5c73·2a3d··i·"/^\s*freq\s*=000e3f20:·6920·222f·5e5c·732a·6672·6571·5c73·2a3d··i·"/^\s*freq\s*=
000e3f30:·5c73·2a2f·4964·2220·222f·6574·632f·6175··\s*/Id"·"/etc/au000e3f30:·5c73·2a2f·4964·2220·222f·6574·632f·6175··\s*/Id"·"/etc/au
000e3f40:·6469·742f·6175·6469·7464·2e63·6f6e·6622··dit/auditd.conf"000e3f40:·6469·742f·6175·6469·7464·2e63·6f6e·6622··dit/auditd.conf"
Offset 58626, 23 lines modifiedOffset 58626, 23 lines modified
000e5010:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000e5010:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000e5020:·2020·7265·6765·7870·3a20·283f·6929·5e5c····regexp:·(?i)^\000e5020:·2020·7265·6765·7870·3a20·283f·6929·5e5c····regexp:·(?i)^\
000e5030:·732a·6c6f·6361·6c5f·6576·656e·7473·5c73··s*local_events\s000e5030:·732a·6c6f·6361·6c5f·6576·656e·7473·5c73··s*local_events\s
000e5040:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line000e5040:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line
000e5050:·3a20·6c6f·6361·6c5f·6576·656e·7473·203d··:·local_events·=000e5050:·3a20·6c6f·6361·6c5f·6576·656e·7473·203d··:·local_events·=
000e5060:·2079·6573·0a20·2020·2020·2073·7461·7465···yes.······state000e5060:·2079·6573·0a20·2020·2020·2073·7461·7465···yes.······state
000e5070:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when000e5070:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when
000e5080:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000e5090:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000e50a0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000e50b0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000e50c0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000e50d0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000e50e0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000e50f0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000e5080:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000e5090:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
Max diff block lines reached; 14465/24600 bytes (58.80%) of diff not shown.
6.34 KB
html2text {}
    
Offset 7492, 29 lines modifiedOffset 7492, 29 lines modified
7492 ··lineinfile:7492 ··lineinfile:
7493 ····dest:·/etc/audit/auditd.conf7493 ····dest:·/etc/audit/auditd.conf
7494 ····regexp:·^\s*flush\s*=\s*.*$7494 ····regexp:·^\s*flush\s*=\s*.*$
7495 ····line:·flush·=·{{·var_auditd_flush·}}7495 ····line:·flush·=·{{·var_auditd_flush·}}
7496 ····state:·present7496 ····state:·present
7497 ····create:·true7497 ····create:·true
7498 ··when:7498 ··when:
7499 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7500 ··-·'"audit"·in·ansible_facts.packages'7499 ··-·'"audit"·in·ansible_facts.packages'
 7500 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7501 ··tags:7501 ··tags:
7502 ··-·NIST-800-171-3.3.17502 ··-·NIST-800-171-3.3.1
7503 ··-·NIST-800-53-AU-117503 ··-·NIST-800-53-AU-11
7504 ··-·NIST-800-53-CM-6(a)7504 ··-·NIST-800-53-CM-6(a)
7505 ··-·auditd_data_retention_flush7505 ··-·auditd_data_retention_flush
7506 ··-·low_complexity7506 ··-·low_complexity
7507 ··-·low_disruption7507 ··-·low_disruption
7508 ··-·medium_severity7508 ··-·medium_severity
7509 ··-·no_reboot_needed7509 ··-·no_reboot_needed
7510 ··-·restrict_strategy7510 ··-·restrict_strategy
7511 Remediation_Shell_script_⇲7511 Remediation_Shell_script_⇲
7512 #·Remediation·is·applicable·only·in·certain·platforms7512 #·Remediation·is·applicable·only·in·certain·platforms
7513 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7513 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7514 var_auditd_flush='incremental_async'7514 var_auditd_flush='incremental_async'
  
  
7515 AUDITCONFIG=/etc/audit/auditd.conf7515 AUDITCONFIG=/etc/audit/auditd.conf
  
7516 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush7516 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
Offset 7592, 30 lines modifiedOffset 7592, 30 lines modified
7592 ····lineinfile:7592 ····lineinfile:
7593 ······path:·/etc/audit/auditd.conf7593 ······path:·/etc/audit/auditd.conf
7594 ······create:·true7594 ······create:·true
7595 ······regexp:·(?i)^\s*freq\s*=\s*7595 ······regexp:·(?i)^\s*freq\s*=\s*
7596 ······line:·freq·=·507596 ······line:·freq·=·50
7597 ······state:·present7597 ······state:·present
7598 ··when:7598 ··when:
7599 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7600 ··-·'"audit"·in·ansible_facts.packages'7599 ··-·'"audit"·in·ansible_facts.packages'
 7600 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7601 ··tags:7601 ··tags:
7602 ··-·NIST-800-53-CM-67602 ··-·NIST-800-53-CM-6
7603 ··-·auditd_freq7603 ··-·auditd_freq
7604 ··-·low_complexity7604 ··-·low_complexity
7605 ··-·low_disruption7605 ··-·low_disruption
7606 ··-·medium_severity7606 ··-·medium_severity
7607 ··-·no_reboot_needed7607 ··-·no_reboot_needed
7608 ··-·restrict_strategy7608 ··-·restrict_strategy
7609 Remediation_Shell_script_⇲7609 Remediation_Shell_script_⇲
7610 Complexity:·low7610 Complexity:·low
7611 Disruption:·low7611 Disruption:·low
7612 Strategy:···restrict7612 Strategy:···restrict
7613 #·Remediation·is·applicable·only·in·certain·platforms7613 #·Remediation·is·applicable·only·in·certain·platforms
7614 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7614 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7615 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7615 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7616 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"7616 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"
7617 else7617 else
7618 ····touch·"/etc/audit/auditd.conf"7618 ····touch·"/etc/audit/auditd.conf"
7619 fi7619 fi
Offset 7679, 31 lines modifiedOffset 7679, 31 lines modified
7679 ····lineinfile:7679 ····lineinfile:
7680 ······path:·/etc/audit/auditd.conf7680 ······path:·/etc/audit/auditd.conf
7681 ······create:·true7681 ······create:·true
7682 ······regexp:·(?i)^\s*local_events\s*=\s*7682 ······regexp:·(?i)^\s*local_events\s*=\s*
7683 ······line:·local_events·=·yes7683 ······line:·local_events·=·yes
7684 ······state:·present7684 ······state:·present
7685 ··when:7685 ··when:
7686 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7687 ··-·'"audit"·in·ansible_facts.packages'7686 ··-·'"audit"·in·ansible_facts.packages'
 7687 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7688 ··tags:7688 ··tags:
7689 ··-·DISA-STIG-OL08-00-0300617689 ··-·DISA-STIG-OL08-00-030061
7690 ··-·NIST-800-53-CM-67690 ··-·NIST-800-53-CM-6
7691 ··-·auditd_local_events7691 ··-·auditd_local_events
7692 ··-·low_complexity7692 ··-·low_complexity
7693 ··-·low_disruption7693 ··-·low_disruption
7694 ··-·medium_severity7694 ··-·medium_severity
7695 ··-·no_reboot_needed7695 ··-·no_reboot_needed
7696 ··-·restrict_strategy7696 ··-·restrict_strategy
7697 Remediation_Shell_script_⇲7697 Remediation_Shell_script_⇲
7698 Complexity:·low7698 Complexity:·low
7699 Disruption:·low7699 Disruption:·low
7700 Strategy:···restrict7700 Strategy:···restrict
7701 #·Remediation·is·applicable·only·in·certain·platforms7701 #·Remediation·is·applicable·only·in·certain·platforms
7702 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7702 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7703 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7703 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7704 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"7704 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"
7705 else7705 else
7706 ····touch·"/etc/audit/auditd.conf"7706 ····touch·"/etc/audit/auditd.conf"
7707 fi7707 fi
Offset 7768, 16 lines modifiedOffset 7768, 16 lines modified
7768 ····lineinfile:7768 ····lineinfile:
7769 ······path:·/etc/audit/auditd.conf7769 ······path:·/etc/audit/auditd.conf
7770 ······create:·true7770 ······create:·true
7771 ······regexp:·(?i)^\s*log_format\s*=\s*7771 ······regexp:·(?i)^\s*log_format\s*=\s*
7772 ······line:·log_format·=·ENRICHED7772 ······line:·log_format·=·ENRICHED
7773 ······state:·present7773 ······state:·present
7774 ··when:7774 ··when:
7775 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7776 ··-·'"audit"·in·ansible_facts.packages'7775 ··-·'"audit"·in·ansible_facts.packages'
 7776 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7777 ··tags:7777 ··tags:
7778 ··-·DISA-STIG-OL08-00-0300637778 ··-·DISA-STIG-OL08-00-030063
7779 ··-·NIST-800-53-AU-37779 ··-·NIST-800-53-AU-3
7780 ··-·NIST-800-53-CM-67780 ··-·NIST-800-53-CM-6
7781 ··-·auditd_log_format7781 ··-·auditd_log_format
7782 ··-·low_complexity7782 ··-·low_complexity
7783 ··-·low_disruption7783 ··-·low_disruption
Offset 7785, 15 lines modifiedOffset 7785, 15 lines modified
7785 ··-·no_reboot_needed7785 ··-·no_reboot_needed
7786 ··-·restrict_strategy7786 ··-·restrict_strategy
7787 Remediation_Shell_script_⇲7787 Remediation_Shell_script_⇲
7788 Complexity:·low7788 Complexity:·low
7789 Disruption:·low7789 Disruption:·low
7790 Strategy:···restrict7790 Strategy:···restrict
7791 #·Remediation·is·applicable·only·in·certain·platforms7791 #·Remediation·is·applicable·only·in·certain·platforms
7792 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7792 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7793 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7793 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7794 ····LC_ALL=C·sed·-i·"/^\s*log_format\s*=\s*/Id"·"/etc/audit/auditd.conf"7794 ····LC_ALL=C·sed·-i·"/^\s*log_format\s*=\s*/Id"·"/etc/audit/auditd.conf"
7795 else7795 else
Max diff block lines reached; 2184/6471 bytes (33.75%) of diff not shown.
357 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-e8.html
    
Offset 28061, 22 lines modifiedOffset 28061, 22 lines modified
0006d9c0:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str0006d9c0:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
0006d9d0:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S0006d9d0:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
0006d9e0:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·0006d9e0:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
0006d9f0:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·0006d9f0:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·
0006da00:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact0006da00:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
0006da10:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch0006da10:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
0006da20:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··0006da20:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
0006da30:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
0006da40:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
0006da50:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
0006da60:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
0006da70:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
0006da80:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
0006da90:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
0006daa0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0006da30:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 0006da40:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 0006da50:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 0006da60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 0006da70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 0006da80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 0006da90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 0006daa0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0006dab0:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch0006dab0:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
0006dac0:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar0006dac0:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
0006dad0:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible0006dad0:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
0006dae0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==0006dae0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
0006daf0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi0006daf0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
0006db00:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture0006db00:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
0006db10:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le0006db10:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 28384, 23 lines modifiedOffset 28384, 23 lines modified
0006edf0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr0006edf0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
0006ee00:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····0006ee00:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
0006ee10:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···0006ee10:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
0006ee20:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen0006ee20:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
0006ee30:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc0006ee30:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
0006ee40:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len0006ee40:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
0006ee50:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:0006ee50:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
0006ee60:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
0006ee70:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
0006ee80:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
0006ee90:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
0006eea0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
0006eeb0:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
0006eec0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
0006eed0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0006ee60:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 0006ee70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0006ee80:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 0006ee90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 0006eea0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 0006eeb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 0006eec0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 0006eed0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0006eee0:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C0006eee0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
0006eef0:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·0006eef0:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·
0006ef00:·4449·5341·2d53·5449·472d·4f4c·3038·2d30··DISA-STIG-OL08-00006ef00:·4449·5341·2d53·5449·472d·4f4c·3038·2d30··DISA-STIG-OL08-0
0006ef10:·302d·3033·3034·3930·0a20·202d·204e·4953··0-030490.··-·NIS0006ef10:·302d·3033·3034·3930·0a20·202d·204e·4953··0-030490.··-·NIS
0006ef20:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.0006ef20:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.
0006ef30:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0006ef30:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
0006ef40:·4155·2d31·3228·6329·0a20·202d·204e·4953··AU-12(c).··-·NIS0006ef40:·4155·2d31·3228·6329·0a20·202d·204e·4953··AU-12(c).··-·NIS
0006ef50:·542d·3830·302d·3533·2d41·552d·3228·6429··T-800-53-AU-2(d)0006ef50:·542d·3830·302d·3533·2d41·552d·3228·6429··T-800-53-AU-2(d)
Offset 28695, 23 lines modifiedOffset 28695, 23 lines modified
00070160:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo00070160:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo
00070170:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·00070170:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·
00070180:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:00070180:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:
00070190:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta00070190:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta
000701a0:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····000701a0:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
000701b0:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f000701b0:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f
000701c0:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==000701c0:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==
000701d0:·2030·0a20·2077·6865·6e3a·0a20·202d·2061···0.··when:.··-·a000701d0:·2030·0a20·2077·6865·6e3a·0a20·202d·2027···0.··when:.··-·'
000701e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000701f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
00070200:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
00070210:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
00070220:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain 
00070230:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit 
00070240:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00070250:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-000701e0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 000701f0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 00070200:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
 00070210:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 00070220:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 00070230:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 00070240:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 00070250:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
00070260:·2061·7564·6974·5f61·7263·6820·3d3d·2022···audit_arch·==·"00070260:·2061·7564·6974·5f61·7263·6820·3d3d·2022···audit_arch·==·"
00070270:·6236·3422·0a20·2074·6167·733a·0a20·202d··b64".··tags:.··-00070270:·6236·3422·0a20·2074·6167·733a·0a20·202d··b64".··tags:.··-
00070280:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··00070280:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
00070290:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL0800070290:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08
000702a0:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N000702a0:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N
000702b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000702b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000702c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000702c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
Offset 28745, 21 lines modifiedOffset 28745, 21 lines modified
00070480:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="00070480:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
00070490:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c00070490:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
000704a0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm000704a0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
000704b0:·3232·3636·3922·3e3c·7072·653e·3c63·6f64··22669"><pre><cod000704b0:·3232·3636·3922·3e3c·7072·653e·3c63·6f64··22669"><pre><cod
000704c0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·000704c0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
000704d0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on000704d0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
000704e0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl000704e0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
000704f0:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-000704f0:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
00070500:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·00070500:·2d71·7569·6574·202d·7120·6175·6469·7420··-quiet·-q·audit·
00070510:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-00070510:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
 00070520:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
 00070530:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
00070520:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe00070540:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
00070530:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp 
00070540:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q 
00070550:·2061·7564·6974·3b20·7468·656e·0a0a·2320···audit;·then..#·00070550:·7265·6e76·205d·3b20·7468·656e·0a0a·2320··renv·];·then..#·
00070560:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th00070560:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th
00070570:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of00070570:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of
00070580:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul00070580:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul
00070590:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har00070590:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har
000705a0:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu000705a0:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu
000705b0:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl000705b0:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl
000705c0:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$000705c0:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$
Offset 30557, 23 lines modifiedOffset 30557, 23 lines modified
000775c0:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re000775c0:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re
000775d0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.000775d0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
000775e0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc000775e0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc
000775f0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au000775f0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au
00077600:·6469·7420·6368·6f77·6e20·7461·736b·730a··dit·chown·tasks.00077600:·6469·7420·6368·6f77·6e20·7461·736b·730a··dit·chown·tasks.
00077610:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····00077610:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····
00077620:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.00077620:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.
00077630:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi00077630:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
00077640:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
00077650:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
00077660:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
Max diff block lines reached; 267244/277517 bytes (96.30%) of diff not shown.
85.9 KB
html2text {}
    
Offset 1640, 16 lines modifiedOffset 1640, 16 lines modified
1640 ··-·reboot_required1640 ··-·reboot_required
1641 ··-·restrict_strategy1641 ··-·restrict_strategy
  
1642 -·name:·Set·architecture·for·audit·chmod·tasks1642 -·name:·Set·architecture·for·audit·chmod·tasks
1643 ··set_fact:1643 ··set_fact:
1644 ····audit_arch:·b641644 ····audit_arch:·b64
1645 ··when:1645 ··when:
1646 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1647 ··-·'"audit"·in·ansible_facts.packages'1646 ··-·'"audit"·in·ansible_facts.packages'
 1647 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1648 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1648 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1649 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1649 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1650 ··tags:1650 ··tags:
1651 ··-·CJIS-5.4.1.11651 ··-·CJIS-5.4.1.1
1652 ··-·DISA-STIG-OL08-00-0304901652 ··-·DISA-STIG-OL08-00-030490
1653 ··-·NIST-800-171-3.1.71653 ··-·NIST-800-171-3.1.7
1654 ··-·NIST-800-53-AU-12(c)1654 ··-·NIST-800-53-AU-12(c)
Offset 1786, 16 lines modifiedOffset 1786, 16 lines modified
1786 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001786 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1787 ········-F·auid!=unset·-F·key=perm_mod1787 ········-F·auid!=unset·-F·key=perm_mod
1788 ······create:·true1788 ······create:·true
1789 ······mode:·o-rwx1789 ······mode:·o-rwx
1790 ······state:·present1790 ······state:·present
1791 ····when:·syscalls_found·|·length·==·01791 ····when:·syscalls_found·|·length·==·0
1792 ··when:1792 ··when:
1793 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1794 ··-·'"audit"·in·ansible_facts.packages'1793 ··-·'"audit"·in·ansible_facts.packages'
 1794 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1795 ··tags:1795 ··tags:
1796 ··-·CJIS-5.4.1.11796 ··-·CJIS-5.4.1.1
1797 ··-·DISA-STIG-OL08-00-0304901797 ··-·DISA-STIG-OL08-00-030490
1798 ··-·NIST-800-171-3.1.71798 ··-·NIST-800-171-3.1.7
1799 ··-·NIST-800-53-AU-12(c)1799 ··-·NIST-800-53-AU-12(c)
1800 ··-·NIST-800-53-AU-2(d)1800 ··-·NIST-800-53-AU-2(d)
1801 ··-·NIST-800-53-CM-6(a)1801 ··-·NIST-800-53-CM-6(a)
Offset 1930, 16 lines modifiedOffset 1930, 16 lines modified
1930 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001930 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1931 ········-F·auid!=unset·-F·key=perm_mod1931 ········-F·auid!=unset·-F·key=perm_mod
1932 ······create:·true1932 ······create:·true
1933 ······mode:·o-rwx1933 ······mode:·o-rwx
1934 ······state:·present1934 ······state:·present
1935 ····when:·syscalls_found·|·length·==·01935 ····when:·syscalls_found·|·length·==·0
1936 ··when:1936 ··when:
1937 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1938 ··-·'"audit"·in·ansible_facts.packages'1937 ··-·'"audit"·in·ansible_facts.packages'
 1938 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1939 ··-·audit_arch·==·"b64"1939 ··-·audit_arch·==·"b64"
1940 ··tags:1940 ··tags:
1941 ··-·CJIS-5.4.1.11941 ··-·CJIS-5.4.1.1
1942 ··-·DISA-STIG-OL08-00-0304901942 ··-·DISA-STIG-OL08-00-030490
1943 ··-·NIST-800-171-3.1.71943 ··-·NIST-800-171-3.1.7
1944 ··-·NIST-800-53-AU-12(c)1944 ··-·NIST-800-53-AU-12(c)
1945 ··-·NIST-800-53-AU-2(d)1945 ··-·NIST-800-53-AU-2(d)
Offset 1949, 15 lines modifiedOffset 1949, 15 lines modified
1949 ··-·low_complexity1949 ··-·low_complexity
1950 ··-·low_disruption1950 ··-·low_disruption
1951 ··-·medium_severity1951 ··-·medium_severity
1952 ··-·reboot_required1952 ··-·reboot_required
1953 ··-·restrict_strategy1953 ··-·restrict_strategy
1954 Remediation_Shell_script_⇲1954 Remediation_Shell_script_⇲
1955 #·Remediation·is·applicable·only·in·certain·platforms1955 #·Remediation·is·applicable·only·in·certain·platforms
1956 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1956 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1957 #·First·perform·the·remediation·of·the·syscall·rule1957 #·First·perform·the·remediation·of·the·syscall·rule
1958 #·Retrieve·hardware·architecture·of·the·underlying·system1958 #·Retrieve·hardware·architecture·of·the·underlying·system
1959 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1959 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1960 for·ARCH·in·"${RULE_ARCHS[@]}"1960 for·ARCH·in·"${RULE_ARCHS[@]}"
1961 do1961 do
Offset 2318, 16 lines modifiedOffset 2318, 16 lines modified
2318 ··-·reboot_required2318 ··-·reboot_required
2319 ··-·restrict_strategy2319 ··-·restrict_strategy
  
2320 -·name:·Set·architecture·for·audit·chown·tasks2320 -·name:·Set·architecture·for·audit·chown·tasks
2321 ··set_fact:2321 ··set_fact:
2322 ····audit_arch:·b642322 ····audit_arch:·b64
2323 ··when:2323 ··when:
2324 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2325 ··-·'"audit"·in·ansible_facts.packages'2324 ··-·'"audit"·in·ansible_facts.packages'
 2325 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2326 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2326 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2327 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2327 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2328 ··tags:2328 ··tags:
2329 ··-·CJIS-5.4.1.12329 ··-·CJIS-5.4.1.1
2330 ··-·DISA-STIG-OL08-00-0304802330 ··-·DISA-STIG-OL08-00-030480
2331 ··-·NIST-800-171-3.1.72331 ··-·NIST-800-171-3.1.7
2332 ··-·NIST-800-53-AU-12(c)2332 ··-·NIST-800-53-AU-12(c)
Offset 2466, 16 lines modifiedOffset 2466, 16 lines modified
2466 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002466 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2467 ········-F·auid!=unset·-F·key=perm_mod2467 ········-F·auid!=unset·-F·key=perm_mod
2468 ······create:·true2468 ······create:·true
2469 ······mode:·o-rwx2469 ······mode:·o-rwx
2470 ······state:·present2470 ······state:·present
2471 ····when:·syscalls_found·|·length·==·02471 ····when:·syscalls_found·|·length·==·0
2472 ··when:2472 ··when:
2473 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2474 ··-·'"audit"·in·ansible_facts.packages'2473 ··-·'"audit"·in·ansible_facts.packages'
 2474 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2475 ··tags:2475 ··tags:
2476 ··-·CJIS-5.4.1.12476 ··-·CJIS-5.4.1.1
2477 ··-·DISA-STIG-OL08-00-0304802477 ··-·DISA-STIG-OL08-00-030480
2478 ··-·NIST-800-171-3.1.72478 ··-·NIST-800-171-3.1.7
2479 ··-·NIST-800-53-AU-12(c)2479 ··-·NIST-800-53-AU-12(c)
2480 ··-·NIST-800-53-AU-2(d)2480 ··-·NIST-800-53-AU-2(d)
2481 ··-·NIST-800-53-CM-6(a)2481 ··-·NIST-800-53-CM-6(a)
Offset 2612, 16 lines modifiedOffset 2612, 16 lines modified
2612 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002612 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2613 ········-F·auid!=unset·-F·key=perm_mod2613 ········-F·auid!=unset·-F·key=perm_mod
2614 ······create:·true2614 ······create:·true
2615 ······mode:·o-rwx2615 ······mode:·o-rwx
2616 ······state:·present2616 ······state:·present
2617 ····when:·syscalls_found·|·length·==·02617 ····when:·syscalls_found·|·length·==·0
2618 ··when:2618 ··when:
2619 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2620 ··-·'"audit"·in·ansible_facts.packages'2619 ··-·'"audit"·in·ansible_facts.packages'
 2620 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2621 ··-·audit_arch·==·"b64"2621 ··-·audit_arch·==·"b64"
2622 ··tags:2622 ··tags:
2623 ··-·CJIS-5.4.1.12623 ··-·CJIS-5.4.1.1
2624 ··-·DISA-STIG-OL08-00-0304802624 ··-·DISA-STIG-OL08-00-030480
2625 ··-·NIST-800-171-3.1.72625 ··-·NIST-800-171-3.1.7
2626 ··-·NIST-800-53-AU-12(c)2626 ··-·NIST-800-53-AU-12(c)
2627 ··-·NIST-800-53-AU-2(d)2627 ··-·NIST-800-53-AU-2(d)
Offset 2631, 15 lines modifiedOffset 2631, 15 lines modified
2631 ··-·low_complexity2631 ··-·low_complexity
2632 ··-·low_disruption2632 ··-·low_disruption
2633 ··-·medium_severity2633 ··-·medium_severity
Max diff block lines reached; 83262/87896 bytes (94.73%) of diff not shown.
938 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-hipaa.html
    
Offset 31620, 23 lines modifiedOffset 31620, 23 lines modified
0007b830:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri0007b830:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri
0007b840:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n0007b840:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
0007b850:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite0007b850:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
0007b860:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·0007b860:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
0007b870:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se0007b870:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se
0007b880:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi0007b880:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi
0007b890:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh0007b890:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh
0007b8a0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
0007b8b0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
0007b8c0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
0007b8d0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
0007b8e0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
0007b8f0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
0007b900:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
0007b910:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0007b8a0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 0007b8b0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 0007b8c0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 0007b8d0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 0007b8e0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 0007b8f0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 0007b900:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 0007b910:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0007b920:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl0007b920:·6e65·7222·5d0a·2020·2d20·616e·7369·626c··ner"].··-·ansibl
0007b930:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=0007b930:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
0007b940:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a0007b940:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a
0007b950:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect0007b950:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
0007b960:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o0007b960:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o
0007b970:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit0007b970:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
0007b980:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p0007b980:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p
0007b990:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib0007b990:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib
Offset 31943, 23 lines modifiedOffset 31943, 23 lines modified
0007cc60:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··0007cc60:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
0007cc70:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true0007cc70:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
0007cc80:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r0007cc80:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
0007cc90:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·0007cc90:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
0007cca0:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when0007cca0:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
0007ccb0:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found0007ccb0:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
0007ccc0:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·0007ccc0:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
0007ccd0:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib0007ccd0:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
0007cce0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
0007ccf0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
0007cd00:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
0007cd10:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
0007cd20:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
0007cd30:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
0007cd40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0007cd50:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:0007cce0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 0007ccf0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 0007cd00:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 0007cd10:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 0007cd20:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 0007cd30:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 0007cd40:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 0007cd50:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
0007cd60:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.0007cd60:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
0007cd70:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-0007cd70:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
0007cd80:·4f4c·3038·2d30·302d·3033·3034·3930·0a20··OL08-00-030490.·0007cd80:·4f4c·3038·2d30·302d·3033·3034·3930·0a20··OL08-00-030490.·
0007cd90:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0007cd90:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0007cda0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-80007cda0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
0007cdb0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·0007cdb0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·
0007cdc0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A0007cdc0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
Offset 32255, 23 lines modifiedOffset 32255, 23 lines modified
0007dfe0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr0007dfe0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
0007dff0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····0007dff0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
0007e000:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···0007e000:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
0007e010:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen0007e010:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
0007e020:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc0007e020:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
0007e030:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len0007e030:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
0007e040:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:0007e040:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
0007e050:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
0007e060:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
0007e070:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
0007e080:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
0007e090:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
0007e0a0:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
0007e0b0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
0007e0c0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0007e050:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 0007e060:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0007e070:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 0007e080:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 0007e090:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 0007e0a0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 0007e0b0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 0007e0c0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0007e0d0:·7327·0a20·202d·2061·7564·6974·5f61·7263··s'.··-·audit_arc0007e0d0:·225d·0a20·202d·2061·7564·6974·5f61·7263··"].··-·audit_arc
0007e0e0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag0007e0e0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag
0007e0f0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.0007e0f0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
0007e100:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI0007e100:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
0007e110:·472d·4f4c·3038·2d30·302d·3033·3034·3930··G-OL08-00-0304900007e110:·472d·4f4c·3038·2d30·302d·3033·3034·3930··G-OL08-00-030490
0007e120:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170007e120:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0007e130:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0007e130:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0007e140:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)0007e140:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 32305, 20 lines modifiedOffset 32305, 20 lines modified
0007e300:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0007e300:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0007e310:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0007e310:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0007e320:·643d·2269·646d·3232·3636·3922·3e3c·7072··d="idm22669"><pr0007e320:·643d·2269·646d·3232·3636·3922·3e3c·7072··d="idm22669"><pr
0007e330:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi0007e330:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0007e340:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica0007e340:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0007e350:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert0007e350:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0007e360:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if0007e360:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 0007e370:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 0007e380:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp;
0007e370:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker0007e390:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
0007e380:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;0007e3a0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
0007e390:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co0007e3b0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
0007e3a0:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am0007e3c0:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th
0007e3b0:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu 
0007e3c0:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th 
0007e3d0:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf0007e3d0:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf
0007e3e0:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat0007e3e0:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat
0007e3f0:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca0007e3f0:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca
0007e400:·6c6c·2072·756c·650a·2320·5265·7472·6965··ll·rule.#·Retrie0007e400:·6c6c·2072·756c·650a·2320·5265·7472·6965··ll·rule.#·Retrie
0007e410:·7665·2068·6172·6477·6172·6520·6172·6368··ve·hardware·arch0007e410:·7665·2068·6172·6477·6172·6520·6172·6368··ve·hardware·arch
0007e420:·6974·6563·7475·7265·206f·6620·7468·6520··itecture·of·the·0007e420:·6974·6563·7475·7265·206f·6620·7468·6520··itecture·of·the·
0007e430:·756e·6465·726c·7969·6e67·2073·7973·7465··underlying·syste0007e430:·756e·6465·726c·7969·6e67·2073·7973·7465··underlying·syste
Offset 34117, 22 lines modifiedOffset 34117, 22 lines modified
00085440:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str00085440:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
00085450:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S00085450:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
00085460:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·00085460:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
00085470:·666f·7220·6175·6469·7420·6368·6f77·6e20··for·audit·chown·00085470:·666f·7220·6175·6469·7420·6368·6f77·6e20··for·audit·chown·
00085480:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact00085480:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
00085490:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch00085490:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
000854a0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··000854a0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
000854b0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000854c0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000854d0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000854e0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
Max diff block lines reached; 722778/732982 bytes (98.61%) of diff not shown.
222 KB
html2text {}
    
Offset 1991, 16 lines modifiedOffset 1991, 16 lines modified
1991 ··-·reboot_required1991 ··-·reboot_required
1992 ··-·restrict_strategy1992 ··-·restrict_strategy
  
1993 -·name:·Set·architecture·for·audit·chmod·tasks1993 -·name:·Set·architecture·for·audit·chmod·tasks
1994 ··set_fact:1994 ··set_fact:
1995 ····audit_arch:·b641995 ····audit_arch:·b64
1996 ··when:1996 ··when:
1997 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1998 ··-·'"audit"·in·ansible_facts.packages'1997 ··-·'"audit"·in·ansible_facts.packages'
 1998 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1999 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1999 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2000 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2000 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2001 ··tags:2001 ··tags:
2002 ··-·CJIS-5.4.1.12002 ··-·CJIS-5.4.1.1
2003 ··-·DISA-STIG-OL08-00-0304902003 ··-·DISA-STIG-OL08-00-030490
2004 ··-·NIST-800-171-3.1.72004 ··-·NIST-800-171-3.1.7
2005 ··-·NIST-800-53-AU-12(c)2005 ··-·NIST-800-53-AU-12(c)
Offset 2137, 16 lines modifiedOffset 2137, 16 lines modified
2137 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002137 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2138 ········-F·auid!=unset·-F·key=perm_mod2138 ········-F·auid!=unset·-F·key=perm_mod
2139 ······create:·true2139 ······create:·true
2140 ······mode:·o-rwx2140 ······mode:·o-rwx
2141 ······state:·present2141 ······state:·present
2142 ····when:·syscalls_found·|·length·==·02142 ····when:·syscalls_found·|·length·==·0
2143 ··when:2143 ··when:
2144 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2145 ··-·'"audit"·in·ansible_facts.packages'2144 ··-·'"audit"·in·ansible_facts.packages'
 2145 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2146 ··tags:2146 ··tags:
2147 ··-·CJIS-5.4.1.12147 ··-·CJIS-5.4.1.1
2148 ··-·DISA-STIG-OL08-00-0304902148 ··-·DISA-STIG-OL08-00-030490
2149 ··-·NIST-800-171-3.1.72149 ··-·NIST-800-171-3.1.7
2150 ··-·NIST-800-53-AU-12(c)2150 ··-·NIST-800-53-AU-12(c)
2151 ··-·NIST-800-53-AU-2(d)2151 ··-·NIST-800-53-AU-2(d)
2152 ··-·NIST-800-53-CM-6(a)2152 ··-·NIST-800-53-CM-6(a)
Offset 2281, 16 lines modifiedOffset 2281, 16 lines modified
2281 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002281 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2282 ········-F·auid!=unset·-F·key=perm_mod2282 ········-F·auid!=unset·-F·key=perm_mod
2283 ······create:·true2283 ······create:·true
2284 ······mode:·o-rwx2284 ······mode:·o-rwx
2285 ······state:·present2285 ······state:·present
2286 ····when:·syscalls_found·|·length·==·02286 ····when:·syscalls_found·|·length·==·0
2287 ··when:2287 ··when:
2288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2289 ··-·'"audit"·in·ansible_facts.packages'2288 ··-·'"audit"·in·ansible_facts.packages'
 2289 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2290 ··-·audit_arch·==·"b64"2290 ··-·audit_arch·==·"b64"
2291 ··tags:2291 ··tags:
2292 ··-·CJIS-5.4.1.12292 ··-·CJIS-5.4.1.1
2293 ··-·DISA-STIG-OL08-00-0304902293 ··-·DISA-STIG-OL08-00-030490
2294 ··-·NIST-800-171-3.1.72294 ··-·NIST-800-171-3.1.7
2295 ··-·NIST-800-53-AU-12(c)2295 ··-·NIST-800-53-AU-12(c)
2296 ··-·NIST-800-53-AU-2(d)2296 ··-·NIST-800-53-AU-2(d)
Offset 2300, 15 lines modifiedOffset 2300, 15 lines modified
2300 ··-·low_complexity2300 ··-·low_complexity
2301 ··-·low_disruption2301 ··-·low_disruption
2302 ··-·medium_severity2302 ··-·medium_severity
2303 ··-·reboot_required2303 ··-·reboot_required
2304 ··-·restrict_strategy2304 ··-·restrict_strategy
2305 Remediation_Shell_script_⇲2305 Remediation_Shell_script_⇲
2306 #·Remediation·is·applicable·only·in·certain·platforms2306 #·Remediation·is·applicable·only·in·certain·platforms
2307 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then2307 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
2308 #·First·perform·the·remediation·of·the·syscall·rule2308 #·First·perform·the·remediation·of·the·syscall·rule
2309 #·Retrieve·hardware·architecture·of·the·underlying·system2309 #·Retrieve·hardware·architecture·of·the·underlying·system
2310 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2310 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2311 for·ARCH·in·"${RULE_ARCHS[@]}"2311 for·ARCH·in·"${RULE_ARCHS[@]}"
2312 do2312 do
Offset 2669, 16 lines modifiedOffset 2669, 16 lines modified
2669 ··-·reboot_required2669 ··-·reboot_required
2670 ··-·restrict_strategy2670 ··-·restrict_strategy
  
2671 -·name:·Set·architecture·for·audit·chown·tasks2671 -·name:·Set·architecture·for·audit·chown·tasks
2672 ··set_fact:2672 ··set_fact:
2673 ····audit_arch:·b642673 ····audit_arch:·b64
2674 ··when:2674 ··when:
2675 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2676 ··-·'"audit"·in·ansible_facts.packages'2675 ··-·'"audit"·in·ansible_facts.packages'
 2676 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2677 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2677 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2678 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2678 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2679 ··tags:2679 ··tags:
2680 ··-·CJIS-5.4.1.12680 ··-·CJIS-5.4.1.1
2681 ··-·DISA-STIG-OL08-00-0304802681 ··-·DISA-STIG-OL08-00-030480
2682 ··-·NIST-800-171-3.1.72682 ··-·NIST-800-171-3.1.7
2683 ··-·NIST-800-53-AU-12(c)2683 ··-·NIST-800-53-AU-12(c)
Offset 2817, 16 lines modifiedOffset 2817, 16 lines modified
2817 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002817 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2818 ········-F·auid!=unset·-F·key=perm_mod2818 ········-F·auid!=unset·-F·key=perm_mod
2819 ······create:·true2819 ······create:·true
2820 ······mode:·o-rwx2820 ······mode:·o-rwx
2821 ······state:·present2821 ······state:·present
2822 ····when:·syscalls_found·|·length·==·02822 ····when:·syscalls_found·|·length·==·0
2823 ··when:2823 ··when:
2824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2825 ··-·'"audit"·in·ansible_facts.packages'2824 ··-·'"audit"·in·ansible_facts.packages'
 2825 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2826 ··tags:2826 ··tags:
2827 ··-·CJIS-5.4.1.12827 ··-·CJIS-5.4.1.1
2828 ··-·DISA-STIG-OL08-00-0304802828 ··-·DISA-STIG-OL08-00-030480
2829 ··-·NIST-800-171-3.1.72829 ··-·NIST-800-171-3.1.7
2830 ··-·NIST-800-53-AU-12(c)2830 ··-·NIST-800-53-AU-12(c)
2831 ··-·NIST-800-53-AU-2(d)2831 ··-·NIST-800-53-AU-2(d)
2832 ··-·NIST-800-53-CM-6(a)2832 ··-·NIST-800-53-CM-6(a)
Offset 2963, 16 lines modifiedOffset 2963, 16 lines modified
2963 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002963 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2964 ········-F·auid!=unset·-F·key=perm_mod2964 ········-F·auid!=unset·-F·key=perm_mod
2965 ······create:·true2965 ······create:·true
2966 ······mode:·o-rwx2966 ······mode:·o-rwx
2967 ······state:·present2967 ······state:·present
2968 ····when:·syscalls_found·|·length·==·02968 ····when:·syscalls_found·|·length·==·0
2969 ··when:2969 ··when:
2970 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2971 ··-·'"audit"·in·ansible_facts.packages'2970 ··-·'"audit"·in·ansible_facts.packages'
 2971 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2972 ··-·audit_arch·==·"b64"2972 ··-·audit_arch·==·"b64"
2973 ··tags:2973 ··tags:
2974 ··-·CJIS-5.4.1.12974 ··-·CJIS-5.4.1.1
2975 ··-·DISA-STIG-OL08-00-0304802975 ··-·DISA-STIG-OL08-00-030480
2976 ··-·NIST-800-171-3.1.72976 ··-·NIST-800-171-3.1.7
2977 ··-·NIST-800-53-AU-12(c)2977 ··-·NIST-800-53-AU-12(c)
2978 ··-·NIST-800-53-AU-2(d)2978 ··-·NIST-800-53-AU-2(d)
Offset 2982, 15 lines modifiedOffset 2982, 15 lines modified
2982 ··-·low_complexity2982 ··-·low_complexity
2983 ··-·low_disruption2983 ··-·low_disruption
2984 ··-·medium_severity2984 ··-·medium_severity
Max diff block lines reached; 222439/227073 bytes (97.96%) of diff not shown.
30.5 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-ospp.html
    
Offset 57892, 23 lines modifiedOffset 57892, 23 lines modified
000e2230:·2020·2020·7265·6765·7870·3a20·5e5c·732a······regexp:·^\s*000e2230:·2020·2020·7265·6765·7870·3a20·5e5c·732a······regexp:·^\s*
000e2240:·666c·7573·685c·732a·3d5c·732a·2e2a·240a··flush\s*=\s*.*$.000e2240:·666c·7573·685c·732a·3d5c·732a·2e2a·240a··flush\s*=\s*.*$.
000e2250:·2020·2020·6c69·6e65·3a20·666c·7573·6820······line:·flush·000e2250:·2020·2020·6c69·6e65·3a20·666c·7573·6820······line:·flush·
000e2260:·3d20·7b7b·2076·6172·5f61·7564·6974·645f··=·{{·var_auditd_000e2260:·3d20·7b7b·2076·6172·5f61·7564·6974·645f··=·{{·var_auditd_
000e2270:·666c·7573·6820·7d7d·0a20·2020·2073·7461··flush·}}.····sta000e2270:·666c·7573·6820·7d7d·0a20·2020·2073·7461··flush·}}.····sta
000e2280:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····000e2280:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
000e2290:·6372·6561·7465·3a20·7472·7565·0a20·2077··create:·true.··w000e2290:·6372·6561·7465·3a20·7472·7565·0a20·2077··create:·true.··w
000e22a0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000e22a0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000e22b0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000e22c0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000e22d0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000e22e0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000e22f0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
000e2300:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000e2310:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000e22b0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000e22c0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000e22d0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000e22e0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000e22f0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000e2300:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000e2310:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000e2320:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·000e2320:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000e2330:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000e2330:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000e2340:·332e·332e·310a·2020·2d20·4e49·5354·2d38··3.3.1.··-·NIST-8000e2340:·332e·332e·310a·2020·2d20·4e49·5354·2d38··3.3.1.··-·NIST-8
000e2350:·3030·2d35·332d·4155·2d31·310a·2020·2d20··00-53-AU-11.··-·000e2350:·3030·2d35·332d·4155·2d31·310a·2020·2d20··00-53-AU-11.··-·
000e2360:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6000e2360:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
000e2370:·2861·290a·2020·2d20·6175·6469·7464·5f64··(a).··-·auditd_d000e2370:·2861·290a·2020·2d20·6175·6469·7464·5f64··(a).··-·auditd_d
000e2380:·6174·615f·7265·7465·6e74·696f·6e5f·666c··ata_retention_fl000e2380:·6174·615f·7265·7465·6e74·696f·6e5f·666c··ata_retention_fl
000e2390:·7573·680a·2020·2d20·6c6f·775f·636f·6d70··ush.··-·low_comp000e2390:·7573·680a·2020·2d20·6c6f·775f·636f·6d70··ush.··-·low_comp
Offset 57934, 21 lines modifiedOffset 57934, 21 lines modified
000e24d0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane000e24d0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
000e24e0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla000e24e0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
000e24f0:·7073·6522·2069·643d·2269·646d·3335·3533··pse"·id="idm3553000e24f0:·7073·6522·2069·643d·2269·646d·3335·3533··pse"·id="idm3553
000e2500:·3122·3e3c·7072·653e·3c63·6f64·653e·2320··1"><pre><code>#·000e2500:·3122·3e3c·7072·653e·3c63·6f64·653e·2320··1"><pre><code>#·
000e2510:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000e2510:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000e2520:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000e2520:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000e2530:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000e2530:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 000e2540:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 000e2550:·6574·202d·7120·6175·6469·7420·2661·6d70··et·-q·audit·&amp
000e2540:·726d·730a·6966·205b·2021·202d·6620·2f2e··rms.if·[·!·-f·/.000e2560:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/.
000e2550:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp000e2570:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
000e2560:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r000e2580:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
000e2570:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv000e2590:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
000e2580:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp 
000e2590:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
000e25a0:·6974·3b20·7468·656e·0a0a·7661·725f·6175··it;·then..var_au000e25a0:·205d·3b20·7468·656e·0a0a·7661·725f·6175···];·then..var_au
000e25b0:·6469·7464·5f66·6c75·7368·3d27·3c61·6262··ditd_flush='<abb000e25b0:·6469·7464·5f66·6c75·7368·3d27·3c61·6262··ditd_flush='<abb
000e25c0:·7220·7469·746c·653d·2266·726f·6d20·5072··r·title="from·Pr000e25c0:·7220·7469·746c·653d·2266·726f·6d20·5072··r·title="from·Pr
000e25d0:·6f66·696c·652f·7265·6669·6e65·2d76·616c··ofile/refine-val000e25d0:·6f66·696c·652f·7265·6669·6e65·2d76·616c··ofile/refine-val
000e25e0:·7565·3a20·7863·6364·665f·6f72·672e·7373··ue:·xccdf_org.ss000e25e0:·7565·3a20·7863·6364·665f·6f72·672e·7373··ue:·xccdf_org.ss
000e25f0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content000e25f0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000e2600:·5f76·616c·7565·5f76·6172·5f61·7564·6974··_value_var_audit000e2600:·5f76·616c·7565·5f76·6172·5f61·7564·6974··_value_var_audit
000e2610:·645f·666c·7573·6822·3e69·6e63·7265·6d65··d_flush">increme000e2610:·645f·666c·7573·6822·3e69·6e63·7265·6d65··d_flush">increme
Offset 58262, 23 lines modifiedOffset 58262, 23 lines modified
000e3950:·6469·7464·2e63·6f6e·660a·2020·2020·2020··ditd.conf.······000e3950:·6469·7464·2e63·6f6e·660a·2020·2020·2020··ditd.conf.······
000e3960:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000e3960:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000e3970:·2020·2072·6567·6578·703a·2028·3f69·295e·····regexp:·(?i)^000e3970:·2020·2072·6567·6578·703a·2028·3f69·295e·····regexp:·(?i)^
000e3980:·5c73·2a66·7265·715c·732a·3d5c·732a·0a20··\s*freq\s*=\s*.·000e3980:·5c73·2a66·7265·715c·732a·3d5c·732a·0a20··\s*freq\s*=\s*.·
000e3990:·2020·2020·206c·696e·653a·2066·7265·7120·······line:·freq·000e3990:·2020·2020·206c·696e·653a·2066·7265·7120·······line:·freq·
000e39a0:·3d20·3530·0a20·2020·2020·2073·7461·7465··=·50.······state000e39a0:·3d20·3530·0a20·2020·2020·2073·7461·7465··=·50.······state
000e39b0:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when000e39b0:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when
000e39c0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000e39d0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000e39e0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000e39f0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000e3a00:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000e3a10:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000e3a20:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000e3a30:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000e39c0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000e39d0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000e39e0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 000e39f0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000e3a00:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000e3a10:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000e3a20:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000e3a30:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000e3a40:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·000e3a40:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
000e3a50:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6000e3a50:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
000e3a60:·0a20·202d·2061·7564·6974·645f·6672·6571··.··-·auditd_freq000e3a60:·0a20·202d·2061·7564·6974·645f·6672·6571··.··-·auditd_freq
000e3a70:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex000e3a70:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex
000e3a80:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr000e3a80:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr
000e3a90:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu000e3a90:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu
000e3aa0:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n000e3aa0:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n
000e3ab0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.000e3ab0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
Offset 58312, 21 lines modifiedOffset 58312, 21 lines modified
000e3c70:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra000e3c70:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
000e3c80:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re000e3c80:·7465·6779·3a3c·2f74·683e·3c74·643e·7265··tegy:</th><td>re
000e3c90:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>000e3c90:·7374·7269·6374·3c2f·7464·3e3c·2f74·723e··strict</td></tr>
000e3ca0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co000e3ca0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
000e3cb0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation000e3cb0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
000e3cc0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o000e3cc0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
000e3cd0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p000e3cd0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
000e3ce0:·6c61·7466·6f72·6d73·0a69·6620·5b20·2120··latforms.if·[·!·000e3ce0:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
000e3cf0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000e3cf0:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
000e3d00:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000e3d00:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 000e3d10:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
 000e3d20:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
000e3d10:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000e3d30:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
 000e3d40:·6572·656e·7620·5d3b·2074·6865·6e0a·0a69··erenv·];·then..i
000e3d20:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am 
000e3d30:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·- 
000e3d40:·7120·6175·6469·743b·2074·6865·6e0a·0a69··q·audit;·then..i 
000e3d50:·6620·5b20·2d65·2022·2f65·7463·2f61·7564··f·[·-e·"/etc/aud000e3d50:·6620·5b20·2d65·2022·2f65·7463·2f61·7564··f·[·-e·"/etc/aud
000e3d60:·6974·2f61·7564·6974·642e·636f·6e66·2220··it/auditd.conf"·000e3d60:·6974·2f61·7564·6974·642e·636f·6e66·2220··it/auditd.conf"·
000e3d70:·5d20·3b20·7468·656e·0a20·2020·200a·2020··]·;·then.····.··000e3d70:·5d20·3b20·7468·656e·0a20·2020·200a·2020··]·;·then.····.··
000e3d80:·2020·4c43·5f41·4c4c·3d43·2073·6564·202d····LC_ALL=C·sed·-000e3d80:·2020·4c43·5f41·4c4c·3d43·2073·6564·202d····LC_ALL=C·sed·-
000e3d90:·6920·222f·5e5c·732a·6672·6571·5c73·2a3d··i·"/^\s*freq\s*=000e3d90:·6920·222f·5e5c·732a·6672·6571·5c73·2a3d··i·"/^\s*freq\s*=
000e3da0:·5c73·2a2f·4964·2220·222f·6574·632f·6175··\s*/Id"·"/etc/au000e3da0:·5c73·2a2f·4964·2220·222f·6574·632f·6175··\s*/Id"·"/etc/au
000e3db0:·6469·742f·6175·6469·7464·2e63·6f6e·6622··dit/auditd.conf"000e3db0:·6469·742f·6175·6469·7464·2e63·6f6e·6622··dit/auditd.conf"
Offset 58601, 23 lines modifiedOffset 58601, 23 lines modified
000e4e80:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000e4e80:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000e4e90:·2020·7265·6765·7870·3a20·283f·6929·5e5c····regexp:·(?i)^\000e4e90:·2020·7265·6765·7870·3a20·283f·6929·5e5c····regexp:·(?i)^\
000e4ea0:·732a·6c6f·6361·6c5f·6576·656e·7473·5c73··s*local_events\s000e4ea0:·732a·6c6f·6361·6c5f·6576·656e·7473·5c73··s*local_events\s
000e4eb0:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line000e4eb0:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line
000e4ec0:·3a20·6c6f·6361·6c5f·6576·656e·7473·203d··:·local_events·=000e4ec0:·3a20·6c6f·6361·6c5f·6576·656e·7473·203d··:·local_events·=
000e4ed0:·2079·6573·0a20·2020·2020·2073·7461·7465···yes.······state000e4ed0:·2079·6573·0a20·2020·2020·2073·7461·7465···yes.······state
000e4ee0:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when000e4ee0:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when
000e4ef0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000e4f00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000e4f10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000e4f20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000e4f30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000e4f40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000e4f50:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000e4f60:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000e4ef0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000e4f00:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000e4f10:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
Max diff block lines reached; 14465/24600 bytes (58.80%) of diff not shown.
6.34 KB
html2text {}
    
Offset 7485, 29 lines modifiedOffset 7485, 29 lines modified
7485 ··lineinfile:7485 ··lineinfile:
7486 ····dest:·/etc/audit/auditd.conf7486 ····dest:·/etc/audit/auditd.conf
7487 ····regexp:·^\s*flush\s*=\s*.*$7487 ····regexp:·^\s*flush\s*=\s*.*$
7488 ····line:·flush·=·{{·var_auditd_flush·}}7488 ····line:·flush·=·{{·var_auditd_flush·}}
7489 ····state:·present7489 ····state:·present
7490 ····create:·true7490 ····create:·true
7491 ··when:7491 ··when:
7492 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7493 ··-·'"audit"·in·ansible_facts.packages'7492 ··-·'"audit"·in·ansible_facts.packages'
 7493 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7494 ··tags:7494 ··tags:
7495 ··-·NIST-800-171-3.3.17495 ··-·NIST-800-171-3.3.1
7496 ··-·NIST-800-53-AU-117496 ··-·NIST-800-53-AU-11
7497 ··-·NIST-800-53-CM-6(a)7497 ··-·NIST-800-53-CM-6(a)
7498 ··-·auditd_data_retention_flush7498 ··-·auditd_data_retention_flush
7499 ··-·low_complexity7499 ··-·low_complexity
7500 ··-·low_disruption7500 ··-·low_disruption
7501 ··-·medium_severity7501 ··-·medium_severity
7502 ··-·no_reboot_needed7502 ··-·no_reboot_needed
7503 ··-·restrict_strategy7503 ··-·restrict_strategy
7504 Remediation_Shell_script_⇲7504 Remediation_Shell_script_⇲
7505 #·Remediation·is·applicable·only·in·certain·platforms7505 #·Remediation·is·applicable·only·in·certain·platforms
7506 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7506 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7507 var_auditd_flush='incremental_async'7507 var_auditd_flush='incremental_async'
  
  
7508 AUDITCONFIG=/etc/audit/auditd.conf7508 AUDITCONFIG=/etc/audit/auditd.conf
  
7509 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush7509 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
Offset 7585, 30 lines modifiedOffset 7585, 30 lines modified
7585 ····lineinfile:7585 ····lineinfile:
7586 ······path:·/etc/audit/auditd.conf7586 ······path:·/etc/audit/auditd.conf
7587 ······create:·true7587 ······create:·true
7588 ······regexp:·(?i)^\s*freq\s*=\s*7588 ······regexp:·(?i)^\s*freq\s*=\s*
7589 ······line:·freq·=·507589 ······line:·freq·=·50
7590 ······state:·present7590 ······state:·present
7591 ··when:7591 ··when:
7592 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7593 ··-·'"audit"·in·ansible_facts.packages'7592 ··-·'"audit"·in·ansible_facts.packages'
 7593 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7594 ··tags:7594 ··tags:
7595 ··-·NIST-800-53-CM-67595 ··-·NIST-800-53-CM-6
7596 ··-·auditd_freq7596 ··-·auditd_freq
7597 ··-·low_complexity7597 ··-·low_complexity
7598 ··-·low_disruption7598 ··-·low_disruption
7599 ··-·medium_severity7599 ··-·medium_severity
7600 ··-·no_reboot_needed7600 ··-·no_reboot_needed
7601 ··-·restrict_strategy7601 ··-·restrict_strategy
7602 Remediation_Shell_script_⇲7602 Remediation_Shell_script_⇲
7603 Complexity:·low7603 Complexity:·low
7604 Disruption:·low7604 Disruption:·low
7605 Strategy:···restrict7605 Strategy:···restrict
7606 #·Remediation·is·applicable·only·in·certain·platforms7606 #·Remediation·is·applicable·only·in·certain·platforms
7607 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7607 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7608 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7608 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7609 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"7609 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"
7610 else7610 else
7611 ····touch·"/etc/audit/auditd.conf"7611 ····touch·"/etc/audit/auditd.conf"
7612 fi7612 fi
Offset 7672, 31 lines modifiedOffset 7672, 31 lines modified
7672 ····lineinfile:7672 ····lineinfile:
7673 ······path:·/etc/audit/auditd.conf7673 ······path:·/etc/audit/auditd.conf
7674 ······create:·true7674 ······create:·true
7675 ······regexp:·(?i)^\s*local_events\s*=\s*7675 ······regexp:·(?i)^\s*local_events\s*=\s*
7676 ······line:·local_events·=·yes7676 ······line:·local_events·=·yes
7677 ······state:·present7677 ······state:·present
7678 ··when:7678 ··when:
7679 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7680 ··-·'"audit"·in·ansible_facts.packages'7679 ··-·'"audit"·in·ansible_facts.packages'
 7680 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7681 ··tags:7681 ··tags:
7682 ··-·DISA-STIG-OL08-00-0300617682 ··-·DISA-STIG-OL08-00-030061
7683 ··-·NIST-800-53-CM-67683 ··-·NIST-800-53-CM-6
7684 ··-·auditd_local_events7684 ··-·auditd_local_events
7685 ··-·low_complexity7685 ··-·low_complexity
7686 ··-·low_disruption7686 ··-·low_disruption
7687 ··-·medium_severity7687 ··-·medium_severity
7688 ··-·no_reboot_needed7688 ··-·no_reboot_needed
7689 ··-·restrict_strategy7689 ··-·restrict_strategy
7690 Remediation_Shell_script_⇲7690 Remediation_Shell_script_⇲
7691 Complexity:·low7691 Complexity:·low
7692 Disruption:·low7692 Disruption:·low
7693 Strategy:···restrict7693 Strategy:···restrict
7694 #·Remediation·is·applicable·only·in·certain·platforms7694 #·Remediation·is·applicable·only·in·certain·platforms
7695 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7695 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7696 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7696 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7697 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"7697 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"
7698 else7698 else
7699 ····touch·"/etc/audit/auditd.conf"7699 ····touch·"/etc/audit/auditd.conf"
7700 fi7700 fi
Offset 7761, 16 lines modifiedOffset 7761, 16 lines modified
7761 ····lineinfile:7761 ····lineinfile:
7762 ······path:·/etc/audit/auditd.conf7762 ······path:·/etc/audit/auditd.conf
7763 ······create:·true7763 ······create:·true
7764 ······regexp:·(?i)^\s*log_format\s*=\s*7764 ······regexp:·(?i)^\s*log_format\s*=\s*
7765 ······line:·log_format·=·ENRICHED7765 ······line:·log_format·=·ENRICHED
7766 ······state:·present7766 ······state:·present
7767 ··when:7767 ··when:
7768 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7769 ··-·'"audit"·in·ansible_facts.packages'7768 ··-·'"audit"·in·ansible_facts.packages'
 7769 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7770 ··tags:7770 ··tags:
7771 ··-·DISA-STIG-OL08-00-0300637771 ··-·DISA-STIG-OL08-00-030063
7772 ··-·NIST-800-53-AU-37772 ··-·NIST-800-53-AU-3
7773 ··-·NIST-800-53-CM-67773 ··-·NIST-800-53-CM-6
7774 ··-·auditd_log_format7774 ··-·auditd_log_format
7775 ··-·low_complexity7775 ··-·low_complexity
7776 ··-·low_disruption7776 ··-·low_disruption
Offset 7778, 15 lines modifiedOffset 7778, 15 lines modified
7778 ··-·no_reboot_needed7778 ··-·no_reboot_needed
7779 ··-·restrict_strategy7779 ··-·restrict_strategy
7780 Remediation_Shell_script_⇲7780 Remediation_Shell_script_⇲
7781 Complexity:·low7781 Complexity:·low
7782 Disruption:·low7782 Disruption:·low
7783 Strategy:···restrict7783 Strategy:···restrict
7784 #·Remediation·is·applicable·only·in·certain·platforms7784 #·Remediation·is·applicable·only·in·certain·platforms
7785 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7785 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7786 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7786 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7787 ····LC_ALL=C·sed·-i·"/^\s*log_format\s*=\s*/Id"·"/etc/audit/auditd.conf"7787 ····LC_ALL=C·sed·-i·"/^\s*log_format\s*=\s*/Id"·"/etc/audit/auditd.conf"
7788 else7788 else
Max diff block lines reached; 2184/6471 bytes (33.75%) of diff not shown.
813 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-pci-dss.html
    
Offset 52112, 23 lines modifiedOffset 52112, 23 lines modified
000cb8f0:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri000cb8f0:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri
000cb900:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n000cb900:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
000cb910:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite000cb910:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
000cb920:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·000cb920:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
000cb930:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se000cb930:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se
000cb940:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi000cb940:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi
000cb950:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh000cb950:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh
000cb960:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000cb970:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000cb980:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000cb990:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000cb9a0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000cb9b0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
000cb9c0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000cb9d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000cb960:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000cb970:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000cb980:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000cb990:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000cb9a0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000cb9b0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000cb9c0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000cb9d0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000cb9e0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl000cb9e0:·6e65·7222·5d0a·2020·2d20·616e·7369·626c··ner"].··-·ansibl
000cb9f0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=000cb9f0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
000cba00:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a000cba00:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a
000cba10:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000cba10:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000cba20:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o000cba20:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o
000cba30:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit000cba30:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
000cba40:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p000cba40:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p
000cba50:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib000cba50:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib
Offset 52435, 23 lines modifiedOffset 52435, 23 lines modified
000ccd20:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··000ccd20:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
000ccd30:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true000ccd30:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
000ccd40:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r000ccd40:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
000ccd50:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·000ccd50:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
000ccd60:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when000ccd60:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
000ccd70:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found000ccd70:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
000ccd80:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·000ccd80:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
000ccd90:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib000ccd90:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
000ccda0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000ccdb0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000ccdc0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000ccdd0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000ccde0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
000ccdf0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
000cce00:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000cce10:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:000ccda0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000ccdb0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000ccdc0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000ccdd0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000ccde0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000ccdf0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000cce00:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000cce10:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
000cce20:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.000cce20:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
000cce30:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-000cce30:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
000cce40:·4f4c·3038·2d30·302d·3033·3034·3930·0a20··OL08-00-030490.·000cce40:·4f4c·3038·2d30·302d·3033·3034·3930·0a20··OL08-00-030490.·
000cce50:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000cce50:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000cce60:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8000cce60:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
000cce70:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·000cce70:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·
000cce80:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000cce80:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
Offset 52747, 23 lines modifiedOffset 52747, 23 lines modified
000ce0a0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr000ce0a0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
000ce0b0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000ce0b0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000ce0c0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···000ce0c0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
000ce0d0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000ce0d0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000ce0e0:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc000ce0e0:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
000ce0f0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len000ce0f0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
000ce100:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:000ce100:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
000ce110:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000ce120:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000ce130:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000ce140:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000ce150:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000ce160:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
000ce170:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000ce180:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000ce110:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000ce120:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000ce130:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 000ce140:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000ce150:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000ce160:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000ce170:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000ce180:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000ce190:·7327·0a20·202d·2061·7564·6974·5f61·7263··s'.··-·audit_arc000ce190:·225d·0a20·202d·2061·7564·6974·5f61·7263··"].··-·audit_arc
000ce1a0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag000ce1a0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag
000ce1b0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.000ce1b0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
000ce1c0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000ce1c0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000ce1d0:·472d·4f4c·3038·2d30·302d·3033·3034·3930··G-OL08-00-030490000ce1d0:·472d·4f4c·3038·2d30·302d·3033·3034·3930··G-OL08-00-030490
000ce1e0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000ce1e0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000ce1f0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000ce1f0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000ce200:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000ce200:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 52797, 20 lines modifiedOffset 52797, 20 lines modified
000ce3c0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll000ce3c0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
000ce3d0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i000ce3d0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
000ce3e0:·643d·2269·646d·3232·3636·3922·3e3c·7072··d="idm22669"><pr000ce3e0:·643d·2269·646d·3232·3636·3922·3e3c·7072··d="idm22669"><pr
000ce3f0:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi000ce3f0:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
000ce400:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica000ce400:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
000ce410:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert000ce410:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
000ce420:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if000ce420:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 000ce430:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 000ce440:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp;
000ce430:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker000ce450:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
000ce440:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;000ce460:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
000ce450:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co000ce470:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
000ce460:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am000ce480:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th
000ce470:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu 
000ce480:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th 
000ce490:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf000ce490:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf
000ce4a0:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat000ce4a0:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat
000ce4b0:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca000ce4b0:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca
000ce4c0:·6c6c·2072·756c·650a·2320·5265·7472·6965··ll·rule.#·Retrie000ce4c0:·6c6c·2072·756c·650a·2320·5265·7472·6965··ll·rule.#·Retrie
000ce4d0:·7665·2068·6172·6477·6172·6520·6172·6368··ve·hardware·arch000ce4d0:·7665·2068·6172·6477·6172·6520·6172·6368··ve·hardware·arch
000ce4e0:·6974·6563·7475·7265·206f·6620·7468·6520··itecture·of·the·000ce4e0:·6974·6563·7475·7265·206f·6620·7468·6520··itecture·of·the·
000ce4f0:·756e·6465·726c·7969·6e67·2073·7973·7465··underlying·syste000ce4f0:·756e·6465·726c·7969·6e67·2073·7973·7465··underlying·syste
Offset 54609, 22 lines modifiedOffset 54609, 22 lines modified
000d5500:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str000d5500:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
000d5510:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S000d5510:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
000d5520:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·000d5520:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
000d5530:·666f·7220·6175·6469·7420·6368·6f77·6e20··for·audit·chown·000d5530:·666f·7220·6175·6469·7420·6368·6f77·6e20··for·audit·chown·
000d5540:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact000d5540:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
000d5550:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch000d5550:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
000d5560:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··000d5560:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
000d5570:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000d5580:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000d5590:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000d55a0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
Max diff block lines reached; 623234/633438 bytes (98.39%) of diff not shown.
195 KB
html2text {}
    
Offset 6778, 16 lines modifiedOffset 6778, 16 lines modified
6778 ··-·reboot_required6778 ··-·reboot_required
6779 ··-·restrict_strategy6779 ··-·restrict_strategy
  
6780 -·name:·Set·architecture·for·audit·chmod·tasks6780 -·name:·Set·architecture·for·audit·chmod·tasks
6781 ··set_fact:6781 ··set_fact:
6782 ····audit_arch:·b646782 ····audit_arch:·b64
6783 ··when:6783 ··when:
6784 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6785 ··-·'"audit"·in·ansible_facts.packages'6784 ··-·'"audit"·in·ansible_facts.packages'
 6785 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6786 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6786 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6787 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6787 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6788 ··tags:6788 ··tags:
6789 ··-·CJIS-5.4.1.16789 ··-·CJIS-5.4.1.1
6790 ··-·DISA-STIG-OL08-00-0304906790 ··-·DISA-STIG-OL08-00-030490
6791 ··-·NIST-800-171-3.1.76791 ··-·NIST-800-171-3.1.7
6792 ··-·NIST-800-53-AU-12(c)6792 ··-·NIST-800-53-AU-12(c)
Offset 6924, 16 lines modifiedOffset 6924, 16 lines modified
6924 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006924 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6925 ········-F·auid!=unset·-F·key=perm_mod6925 ········-F·auid!=unset·-F·key=perm_mod
6926 ······create:·true6926 ······create:·true
6927 ······mode:·o-rwx6927 ······mode:·o-rwx
6928 ······state:·present6928 ······state:·present
6929 ····when:·syscalls_found·|·length·==·06929 ····when:·syscalls_found·|·length·==·0
6930 ··when:6930 ··when:
6931 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6932 ··-·'"audit"·in·ansible_facts.packages'6931 ··-·'"audit"·in·ansible_facts.packages'
 6932 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6933 ··tags:6933 ··tags:
6934 ··-·CJIS-5.4.1.16934 ··-·CJIS-5.4.1.1
6935 ··-·DISA-STIG-OL08-00-0304906935 ··-·DISA-STIG-OL08-00-030490
6936 ··-·NIST-800-171-3.1.76936 ··-·NIST-800-171-3.1.7
6937 ··-·NIST-800-53-AU-12(c)6937 ··-·NIST-800-53-AU-12(c)
6938 ··-·NIST-800-53-AU-2(d)6938 ··-·NIST-800-53-AU-2(d)
6939 ··-·NIST-800-53-CM-6(a)6939 ··-·NIST-800-53-CM-6(a)
Offset 7068, 16 lines modifiedOffset 7068, 16 lines modified
7068 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007068 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7069 ········-F·auid!=unset·-F·key=perm_mod7069 ········-F·auid!=unset·-F·key=perm_mod
7070 ······create:·true7070 ······create:·true
7071 ······mode:·o-rwx7071 ······mode:·o-rwx
7072 ······state:·present7072 ······state:·present
7073 ····when:·syscalls_found·|·length·==·07073 ····when:·syscalls_found·|·length·==·0
7074 ··when:7074 ··when:
7075 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7076 ··-·'"audit"·in·ansible_facts.packages'7075 ··-·'"audit"·in·ansible_facts.packages'
 7076 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7077 ··-·audit_arch·==·"b64"7077 ··-·audit_arch·==·"b64"
7078 ··tags:7078 ··tags:
7079 ··-·CJIS-5.4.1.17079 ··-·CJIS-5.4.1.1
7080 ··-·DISA-STIG-OL08-00-0304907080 ··-·DISA-STIG-OL08-00-030490
7081 ··-·NIST-800-171-3.1.77081 ··-·NIST-800-171-3.1.7
7082 ··-·NIST-800-53-AU-12(c)7082 ··-·NIST-800-53-AU-12(c)
7083 ··-·NIST-800-53-AU-2(d)7083 ··-·NIST-800-53-AU-2(d)
Offset 7087, 15 lines modifiedOffset 7087, 15 lines modified
7087 ··-·low_complexity7087 ··-·low_complexity
7088 ··-·low_disruption7088 ··-·low_disruption
7089 ··-·medium_severity7089 ··-·medium_severity
7090 ··-·reboot_required7090 ··-·reboot_required
7091 ··-·restrict_strategy7091 ··-·restrict_strategy
7092 Remediation_Shell_script_⇲7092 Remediation_Shell_script_⇲
7093 #·Remediation·is·applicable·only·in·certain·platforms7093 #·Remediation·is·applicable·only·in·certain·platforms
7094 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7094 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7095 #·First·perform·the·remediation·of·the·syscall·rule7095 #·First·perform·the·remediation·of·the·syscall·rule
7096 #·Retrieve·hardware·architecture·of·the·underlying·system7096 #·Retrieve·hardware·architecture·of·the·underlying·system
7097 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")7097 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
7098 for·ARCH·in·"${RULE_ARCHS[@]}"7098 for·ARCH·in·"${RULE_ARCHS[@]}"
7099 do7099 do
Offset 7456, 16 lines modifiedOffset 7456, 16 lines modified
7456 ··-·reboot_required7456 ··-·reboot_required
7457 ··-·restrict_strategy7457 ··-·restrict_strategy
  
7458 -·name:·Set·architecture·for·audit·chown·tasks7458 -·name:·Set·architecture·for·audit·chown·tasks
7459 ··set_fact:7459 ··set_fact:
7460 ····audit_arch:·b647460 ····audit_arch:·b64
7461 ··when:7461 ··when:
7462 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7463 ··-·'"audit"·in·ansible_facts.packages'7462 ··-·'"audit"·in·ansible_facts.packages'
 7463 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7464 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7464 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7465 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7465 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7466 ··tags:7466 ··tags:
7467 ··-·CJIS-5.4.1.17467 ··-·CJIS-5.4.1.1
7468 ··-·DISA-STIG-OL08-00-0304807468 ··-·DISA-STIG-OL08-00-030480
7469 ··-·NIST-800-171-3.1.77469 ··-·NIST-800-171-3.1.7
7470 ··-·NIST-800-53-AU-12(c)7470 ··-·NIST-800-53-AU-12(c)
Offset 7604, 16 lines modifiedOffset 7604, 16 lines modified
7604 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007604 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7605 ········-F·auid!=unset·-F·key=perm_mod7605 ········-F·auid!=unset·-F·key=perm_mod
7606 ······create:·true7606 ······create:·true
7607 ······mode:·o-rwx7607 ······mode:·o-rwx
7608 ······state:·present7608 ······state:·present
7609 ····when:·syscalls_found·|·length·==·07609 ····when:·syscalls_found·|·length·==·0
7610 ··when:7610 ··when:
7611 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7612 ··-·'"audit"·in·ansible_facts.packages'7611 ··-·'"audit"·in·ansible_facts.packages'
 7612 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7613 ··tags:7613 ··tags:
7614 ··-·CJIS-5.4.1.17614 ··-·CJIS-5.4.1.1
7615 ··-·DISA-STIG-OL08-00-0304807615 ··-·DISA-STIG-OL08-00-030480
7616 ··-·NIST-800-171-3.1.77616 ··-·NIST-800-171-3.1.7
7617 ··-·NIST-800-53-AU-12(c)7617 ··-·NIST-800-53-AU-12(c)
7618 ··-·NIST-800-53-AU-2(d)7618 ··-·NIST-800-53-AU-2(d)
7619 ··-·NIST-800-53-CM-6(a)7619 ··-·NIST-800-53-CM-6(a)
Offset 7750, 16 lines modifiedOffset 7750, 16 lines modified
7750 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007750 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7751 ········-F·auid!=unset·-F·key=perm_mod7751 ········-F·auid!=unset·-F·key=perm_mod
7752 ······create:·true7752 ······create:·true
7753 ······mode:·o-rwx7753 ······mode:·o-rwx
7754 ······state:·present7754 ······state:·present
7755 ····when:·syscalls_found·|·length·==·07755 ····when:·syscalls_found·|·length·==·0
7756 ··when:7756 ··when:
7757 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7758 ··-·'"audit"·in·ansible_facts.packages'7757 ··-·'"audit"·in·ansible_facts.packages'
 7758 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7759 ··-·audit_arch·==·"b64"7759 ··-·audit_arch·==·"b64"
7760 ··tags:7760 ··tags:
7761 ··-·CJIS-5.4.1.17761 ··-·CJIS-5.4.1.1
7762 ··-·DISA-STIG-OL08-00-0304807762 ··-·DISA-STIG-OL08-00-030480
7763 ··-·NIST-800-171-3.1.77763 ··-·NIST-800-171-3.1.7
7764 ··-·NIST-800-53-AU-12(c)7764 ··-·NIST-800-53-AU-12(c)
7765 ··-·NIST-800-53-AU-2(d)7765 ··-·NIST-800-53-AU-2(d)
Offset 7769, 15 lines modifiedOffset 7769, 15 lines modified
7769 ··-·low_complexity7769 ··-·low_complexity
7770 ··-·low_disruption7770 ··-·low_disruption
7771 ··-·medium_severity7771 ··-·medium_severity
Max diff block lines reached; 194788/199422 bytes (97.68%) of diff not shown.
504 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-standard.html
    
Offset 26376, 22 lines modifiedOffset 26376, 22 lines modified
00067070:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str00067070:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
00067080:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S00067080:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
00067090:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·00067090:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
000670a0:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·000670a0:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·
000670b0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact000670b0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
000670c0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch000670c0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
000670d0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··000670d0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
000670e0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000670f0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
00067100:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
00067110:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
00067120:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
00067130:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
00067140:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00067150:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000670e0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000670f0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 00067100:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 00067110:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 00067120:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 00067130:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 00067140:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 00067150:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
00067160:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch00067160:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
00067170:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar00067170:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
00067180:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible00067180:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
00067190:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==00067190:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
000671a0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi000671a0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
000671b0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000671b0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000671c0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le000671c0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 26699, 23 lines modifiedOffset 26699, 23 lines modified
000684a0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr000684a0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
000684b0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000684b0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000684c0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···000684c0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
000684d0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000684d0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000684e0:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc000684e0:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
000684f0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len000684f0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
00068500:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:00068500:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
00068510:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
00068520:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
00068530:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
00068540:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
00068550:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
00068560:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
00068570:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
00068580:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package00068510:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 00068520:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 00068530:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 00068540:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 00068550:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 00068560:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 00068570:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 00068580:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00068590:·7327·0a20·2074·6167·733a·0a20·202d·2043··s'.··tags:.··-·C00068590:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
000685a0:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·000685a0:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·
000685b0:·4449·5341·2d53·5449·472d·4f4c·3038·2d30··DISA-STIG-OL08-0000685b0:·4449·5341·2d53·5449·472d·4f4c·3038·2d30··DISA-STIG-OL08-0
000685c0:·302d·3033·3034·3930·0a20·202d·204e·4953··0-030490.··-·NIS000685c0:·302d·3033·3034·3930·0a20·202d·204e·4953··0-030490.··-·NIS
000685d0:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.000685d0:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.
000685e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000685e0:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
000685f0:·4155·2d31·3228·6329·0a20·202d·204e·4953··AU-12(c).··-·NIS000685f0:·4155·2d31·3228·6329·0a20·202d·204e·4953··AU-12(c).··-·NIS
00068600:·542d·3830·302d·3533·2d41·552d·3228·6429··T-800-53-AU-2(d)00068600:·542d·3830·302d·3533·2d41·552d·3228·6429··T-800-53-AU-2(d)
Offset 27010, 23 lines modifiedOffset 27010, 23 lines modified
00069810:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo00069810:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo
00069820:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·00069820:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·
00069830:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:00069830:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:
00069840:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta00069840:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta
00069850:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····00069850:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
00069860:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f00069860:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f
00069870:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==00069870:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==
00069880:·2030·0a20·2077·6865·6e3a·0a20·202d·2061···0.··when:.··-·a00069880:·2030·0a20·2077·6865·6e3a·0a20·202d·2027···0.··when:.··-·'
00069890:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000698a0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000698b0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000698c0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000698d0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain 
000698e0:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit 
000698f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00069900:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00069890:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 000698a0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000698b0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
 000698c0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000698d0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000698e0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000698f0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 00069900:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
00069910:·2061·7564·6974·5f61·7263·6820·3d3d·2022···audit_arch·==·"00069910:·2061·7564·6974·5f61·7263·6820·3d3d·2022···audit_arch·==·"
00069920:·6236·3422·0a20·2074·6167·733a·0a20·202d··b64".··tags:.··-00069920:·6236·3422·0a20·2074·6167·733a·0a20·202d··b64".··tags:.··-
00069930:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··00069930:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
00069940:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL0800069940:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08
00069950:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N00069950:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N
00069960:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.00069960:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
00069970:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-500069970:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
Offset 27060, 21 lines modifiedOffset 27060, 21 lines modified
00069b30:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="00069b30:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
00069b40:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c00069b40:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
00069b50:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm00069b50:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
00069b60:·3232·3636·3922·3e3c·7072·653e·3c63·6f64··22669"><pre><cod00069b60:·3232·3636·3922·3e3c·7072·653e·3c63·6f64··22669"><pre><cod
00069b70:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·00069b70:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
00069b80:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on00069b80:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
00069b90:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl00069b90:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
00069ba0:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-00069ba0:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
00069bb0:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·00069bb0:·2d71·7569·6574·202d·7120·6175·6469·7420··-quiet·-q·audit·
00069bc0:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-00069bc0:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
 00069bd0:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
 00069be0:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
00069bd0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe00069bf0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
00069be0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp 
00069bf0:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q 
00069c00:·2061·7564·6974·3b20·7468·656e·0a0a·2320···audit;·then..#·00069c00:·7265·6e76·205d·3b20·7468·656e·0a0a·2320··renv·];·then..#·
00069c10:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th00069c10:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th
00069c20:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of00069c20:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of
00069c30:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul00069c30:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul
00069c40:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har00069c40:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har
00069c50:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu00069c50:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu
00069c60:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl00069c60:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl
00069c70:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$00069c70:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$
Offset 28872, 23 lines modifiedOffset 28872, 23 lines modified
00070c70:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re00070c70:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re
00070c80:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.00070c80:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
00070c90:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc00070c90:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc
00070ca0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au00070ca0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au
00070cb0:·6469·7420·6368·6f77·6e20·7461·736b·730a··dit·chown·tasks.00070cb0:·6469·7420·6368·6f77·6e20·7461·736b·730a··dit·chown·tasks.
00070cc0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····00070cc0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····
00070cd0:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.00070cd0:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.
00070ce0:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi00070ce0:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
00070cf0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
00070d00:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
00070d10:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
Max diff block lines reached; 380129/390402 bytes (97.37%) of diff not shown.
122 KB
html2text {}
    
Offset 1302, 16 lines modifiedOffset 1302, 16 lines modified
1302 ··-·reboot_required1302 ··-·reboot_required
1303 ··-·restrict_strategy1303 ··-·restrict_strategy
  
1304 -·name:·Set·architecture·for·audit·chmod·tasks1304 -·name:·Set·architecture·for·audit·chmod·tasks
1305 ··set_fact:1305 ··set_fact:
1306 ····audit_arch:·b641306 ····audit_arch:·b64
1307 ··when:1307 ··when:
1308 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1309 ··-·'"audit"·in·ansible_facts.packages'1308 ··-·'"audit"·in·ansible_facts.packages'
 1309 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1310 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1310 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1311 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1311 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1312 ··tags:1312 ··tags:
1313 ··-·CJIS-5.4.1.11313 ··-·CJIS-5.4.1.1
1314 ··-·DISA-STIG-OL08-00-0304901314 ··-·DISA-STIG-OL08-00-030490
1315 ··-·NIST-800-171-3.1.71315 ··-·NIST-800-171-3.1.7
1316 ··-·NIST-800-53-AU-12(c)1316 ··-·NIST-800-53-AU-12(c)
Offset 1448, 16 lines modifiedOffset 1448, 16 lines modified
1448 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001448 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1449 ········-F·auid!=unset·-F·key=perm_mod1449 ········-F·auid!=unset·-F·key=perm_mod
1450 ······create:·true1450 ······create:·true
1451 ······mode:·o-rwx1451 ······mode:·o-rwx
1452 ······state:·present1452 ······state:·present
1453 ····when:·syscalls_found·|·length·==·01453 ····when:·syscalls_found·|·length·==·0
1454 ··when:1454 ··when:
1455 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1456 ··-·'"audit"·in·ansible_facts.packages'1455 ··-·'"audit"·in·ansible_facts.packages'
 1456 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1457 ··tags:1457 ··tags:
1458 ··-·CJIS-5.4.1.11458 ··-·CJIS-5.4.1.1
1459 ··-·DISA-STIG-OL08-00-0304901459 ··-·DISA-STIG-OL08-00-030490
1460 ··-·NIST-800-171-3.1.71460 ··-·NIST-800-171-3.1.7
1461 ··-·NIST-800-53-AU-12(c)1461 ··-·NIST-800-53-AU-12(c)
1462 ··-·NIST-800-53-AU-2(d)1462 ··-·NIST-800-53-AU-2(d)
1463 ··-·NIST-800-53-CM-6(a)1463 ··-·NIST-800-53-CM-6(a)
Offset 1592, 16 lines modifiedOffset 1592, 16 lines modified
1592 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001592 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1593 ········-F·auid!=unset·-F·key=perm_mod1593 ········-F·auid!=unset·-F·key=perm_mod
1594 ······create:·true1594 ······create:·true
1595 ······mode:·o-rwx1595 ······mode:·o-rwx
1596 ······state:·present1596 ······state:·present
1597 ····when:·syscalls_found·|·length·==·01597 ····when:·syscalls_found·|·length·==·0
1598 ··when:1598 ··when:
1599 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1600 ··-·'"audit"·in·ansible_facts.packages'1599 ··-·'"audit"·in·ansible_facts.packages'
 1600 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1601 ··-·audit_arch·==·"b64"1601 ··-·audit_arch·==·"b64"
1602 ··tags:1602 ··tags:
1603 ··-·CJIS-5.4.1.11603 ··-·CJIS-5.4.1.1
1604 ··-·DISA-STIG-OL08-00-0304901604 ··-·DISA-STIG-OL08-00-030490
1605 ··-·NIST-800-171-3.1.71605 ··-·NIST-800-171-3.1.7
1606 ··-·NIST-800-53-AU-12(c)1606 ··-·NIST-800-53-AU-12(c)
1607 ··-·NIST-800-53-AU-2(d)1607 ··-·NIST-800-53-AU-2(d)
Offset 1611, 15 lines modifiedOffset 1611, 15 lines modified
1611 ··-·low_complexity1611 ··-·low_complexity
1612 ··-·low_disruption1612 ··-·low_disruption
1613 ··-·medium_severity1613 ··-·medium_severity
1614 ··-·reboot_required1614 ··-·reboot_required
1615 ··-·restrict_strategy1615 ··-·restrict_strategy
1616 Remediation_Shell_script_⇲1616 Remediation_Shell_script_⇲
1617 #·Remediation·is·applicable·only·in·certain·platforms1617 #·Remediation·is·applicable·only·in·certain·platforms
1618 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1618 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1619 #·First·perform·the·remediation·of·the·syscall·rule1619 #·First·perform·the·remediation·of·the·syscall·rule
1620 #·Retrieve·hardware·architecture·of·the·underlying·system1620 #·Retrieve·hardware·architecture·of·the·underlying·system
1621 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1621 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1622 for·ARCH·in·"${RULE_ARCHS[@]}"1622 for·ARCH·in·"${RULE_ARCHS[@]}"
1623 do1623 do
Offset 1980, 16 lines modifiedOffset 1980, 16 lines modified
1980 ··-·reboot_required1980 ··-·reboot_required
1981 ··-·restrict_strategy1981 ··-·restrict_strategy
  
1982 -·name:·Set·architecture·for·audit·chown·tasks1982 -·name:·Set·architecture·for·audit·chown·tasks
1983 ··set_fact:1983 ··set_fact:
1984 ····audit_arch:·b641984 ····audit_arch:·b64
1985 ··when:1985 ··when:
1986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1987 ··-·'"audit"·in·ansible_facts.packages'1986 ··-·'"audit"·in·ansible_facts.packages'
 1987 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1988 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1988 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1989 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1989 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1990 ··tags:1990 ··tags:
1991 ··-·CJIS-5.4.1.11991 ··-·CJIS-5.4.1.1
1992 ··-·DISA-STIG-OL08-00-0304801992 ··-·DISA-STIG-OL08-00-030480
1993 ··-·NIST-800-171-3.1.71993 ··-·NIST-800-171-3.1.7
1994 ··-·NIST-800-53-AU-12(c)1994 ··-·NIST-800-53-AU-12(c)
Offset 2128, 16 lines modifiedOffset 2128, 16 lines modified
2128 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002128 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2129 ········-F·auid!=unset·-F·key=perm_mod2129 ········-F·auid!=unset·-F·key=perm_mod
2130 ······create:·true2130 ······create:·true
2131 ······mode:·o-rwx2131 ······mode:·o-rwx
2132 ······state:·present2132 ······state:·present
2133 ····when:·syscalls_found·|·length·==·02133 ····when:·syscalls_found·|·length·==·0
2134 ··when:2134 ··when:
2135 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2136 ··-·'"audit"·in·ansible_facts.packages'2135 ··-·'"audit"·in·ansible_facts.packages'
 2136 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2137 ··tags:2137 ··tags:
2138 ··-·CJIS-5.4.1.12138 ··-·CJIS-5.4.1.1
2139 ··-·DISA-STIG-OL08-00-0304802139 ··-·DISA-STIG-OL08-00-030480
2140 ··-·NIST-800-171-3.1.72140 ··-·NIST-800-171-3.1.7
2141 ··-·NIST-800-53-AU-12(c)2141 ··-·NIST-800-53-AU-12(c)
2142 ··-·NIST-800-53-AU-2(d)2142 ··-·NIST-800-53-AU-2(d)
2143 ··-·NIST-800-53-CM-6(a)2143 ··-·NIST-800-53-CM-6(a)
Offset 2274, 16 lines modifiedOffset 2274, 16 lines modified
2274 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002274 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2275 ········-F·auid!=unset·-F·key=perm_mod2275 ········-F·auid!=unset·-F·key=perm_mod
2276 ······create:·true2276 ······create:·true
2277 ······mode:·o-rwx2277 ······mode:·o-rwx
2278 ······state:·present2278 ······state:·present
2279 ····when:·syscalls_found·|·length·==·02279 ····when:·syscalls_found·|·length·==·0
2280 ··when:2280 ··when:
2281 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2282 ··-·'"audit"·in·ansible_facts.packages'2281 ··-·'"audit"·in·ansible_facts.packages'
 2282 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2283 ··-·audit_arch·==·"b64"2283 ··-·audit_arch·==·"b64"
2284 ··tags:2284 ··tags:
2285 ··-·CJIS-5.4.1.12285 ··-·CJIS-5.4.1.1
2286 ··-·DISA-STIG-OL08-00-0304802286 ··-·DISA-STIG-OL08-00-030480
2287 ··-·NIST-800-171-3.1.72287 ··-·NIST-800-171-3.1.7
2288 ··-·NIST-800-53-AU-12(c)2288 ··-·NIST-800-53-AU-12(c)
2289 ··-·NIST-800-53-AU-2(d)2289 ··-·NIST-800-53-AU-2(d)
Offset 2293, 15 lines modifiedOffset 2293, 15 lines modified
2293 ··-·low_complexity2293 ··-·low_complexity
2294 ··-·low_disruption2294 ··-·low_disruption
2295 ··-·medium_severity2295 ··-·medium_severity
Max diff block lines reached; 120428/125062 bytes (96.29%) of diff not shown.
772 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-stig.html
    
Offset 108219, 23 lines modifiedOffset 108219, 23 lines modified
001a6ba0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s001a6ba0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
001a6bb0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:001a6bb0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
001a6bc0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur001a6bc0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
001a6bd0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo001a6bd0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
001a6be0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa001a6be0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
001a6bf0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar001a6bf0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
001a6c00:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.001a6c00:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
001a6c10:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
001a6c20:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
001a6c30:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
001a6c40:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
001a6c50:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
001a6c60:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
001a6c70:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
001a6c80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages001a6c10:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 001a6c20:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 001a6c30:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 001a6c40:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 001a6c50:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 001a6c60:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 001a6c70:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 001a6c80:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
001a6c90:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar001a6c90:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar
001a6ca0:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a001a6ca0:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
001a6cb0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib001a6cb0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
001a6cc0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·001a6cc0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
001a6cd0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an001a6cd0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
001a6ce0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu001a6ce0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
001a6cf0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64001a6cf0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
001a6d00:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a001a6d00:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 108542, 23 lines modifiedOffset 108542, 23 lines modified
001a7fd0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······001a7fd0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
001a7fe0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···001a7fe0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
001a7ff0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·001a7ff0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
001a8000:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres001a8000:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
001a8010:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy001a8010:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
001a8020:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l001a8020:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
001a8030:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe001a8030:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
001a8040:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
001a8050:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
001a8060:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
001a8070:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
001a8080:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
001a8090:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
001a80a0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
001a80b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa001a8040:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 001a8050:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 001a8060:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 001a8070:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 001a8080:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 001a8090:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 001a80a0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 001a80b0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
001a80c0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-001a80c0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
001a80d0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··001a80d0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
001a80e0:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08001a80e0:·2d20·4449·5341·2d53·5449·472d·4f4c·3038··-·DISA-STIG-OL08
001a80f0:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N001a80f0:·2d30·302d·3033·3034·3930·0a20·202d·204e··-00-030490.··-·N
001a8100:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.001a8100:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
001a8110:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5001a8110:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
001a8120:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N001a8120:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
001a8130:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(001a8130:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
Offset 108854, 22 lines modifiedOffset 108854, 22 lines modified
001a9350:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create001a9350:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
001a9360:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod001a9360:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
001a9370:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s001a9370:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
001a9380:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··001a9380:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
001a9390:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls001a9390:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
001a93a0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·001a93a0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
001a93b0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-001a93b0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
001a93c0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
001a93d0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
001a93e0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
001a93f0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
001a9400:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
001a9410:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
001a9420:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
001a9430:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·001a93c0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 001a93d0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 001a93e0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 001a93f0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 001a9400:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 001a9410:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 001a9420:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 001a9430:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
001a9440:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==001a9440:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
001a9450:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·001a9450:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
001a9460:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.001a9460:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
001a9470:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL001a9470:·2020·2d20·4449·5341·2d53·5449·472d·4f4c····-·DISA-STIG-OL
001a9480:·3038·2d30·302d·3033·3034·3930·0a20·202d··08-00-030490.··-001a9480:·3038·2d30·302d·3033·3034·3930·0a20·202d··08-00-030490.··-
001a9490:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.001a9490:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
001a94a0:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800001a94a0:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
Offset 108903, 21 lines modifiedOffset 108903, 21 lines modified
001a9660:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class001a9660:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
001a9670:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse001a9670:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
001a9680:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i001a9680:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
001a9690:·646d·3232·3636·3922·3e3c·7072·653e·3c63··dm22669"><pre><c001a9690:·646d·3232·3636·3922·3e3c·7072·653e·3c63··dm22669"><pre><c
001a96a0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio001a96a0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
001a96b0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·001a96b0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
001a96c0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·001a96c0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
001a96d0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!001a96d0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 001a96e0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
 001a96f0:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·!
001a96e0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·001a9700:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
001a96f0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!001a9710:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
001a9700:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai001a9720:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 001a9730:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..
001a9710:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a 
001a9720:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
001a9730:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then.. 
001a9740:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·001a9740:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
001a9750:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·001a9750:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
001a9760:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r001a9760:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r
001a9770:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h001a9770:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h
001a9780:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec001a9780:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec
001a9790:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde001a9790:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde
001a97a0:·726c·7969·6e67·2073·7973·7465·6d0a·5b20··rlying·system.[·001a97a0:·726c·7969·6e67·2073·7973·7465·6d0a·5b20··rlying·system.[·
Offset 110715, 23 lines modifiedOffset 110715, 23 lines modified
001b07a0:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·001b07a0:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
001b07b0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg001b07b0:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
001b07c0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a001b07c0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
001b07d0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·001b07d0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
001b07e0:·6175·6469·7420·6368·6f77·6e20·7461·736b··audit·chown·task001b07e0:·6175·6469·7420·6368·6f77·6e20·7461·736b··audit·chown·task
001b07f0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··001b07f0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
001b0800:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6001b0800:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
001b0810:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an001b0810:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
001b0820:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
001b0830:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
Max diff block lines reached; 588764/599116 bytes (98.27%) of diff not shown.
187 KB
html2text {}
    
Offset 18655, 16 lines modifiedOffset 18655, 16 lines modified
18655 ··-·reboot_required18655 ··-·reboot_required
18656 ··-·restrict_strategy18656 ··-·restrict_strategy
  
18657 -·name:·Set·architecture·for·audit·chmod·tasks18657 -·name:·Set·architecture·for·audit·chmod·tasks
18658 ··set_fact:18658 ··set_fact:
18659 ····audit_arch:·b6418659 ····audit_arch:·b64
18660 ··when:18660 ··when:
18661 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
18662 ··-·'"audit"·in·ansible_facts.packages'18661 ··-·'"audit"·in·ansible_facts.packages'
 18662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18663 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture18663 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
18664 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"18664 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
18665 ··tags:18665 ··tags:
18666 ··-·CJIS-5.4.1.118666 ··-·CJIS-5.4.1.1
18667 ··-·DISA-STIG-OL08-00-03049018667 ··-·DISA-STIG-OL08-00-030490
18668 ··-·NIST-800-171-3.1.718668 ··-·NIST-800-171-3.1.7
18669 ··-·NIST-800-53-AU-12(c)18669 ··-·NIST-800-53-AU-12(c)
Offset 18801, 16 lines modifiedOffset 18801, 16 lines modified
18801 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018801 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18802 ········-F·auid!=unset·-F·key=perm_mod18802 ········-F·auid!=unset·-F·key=perm_mod
18803 ······create:·true18803 ······create:·true
18804 ······mode:·o-rwx18804 ······mode:·o-rwx
18805 ······state:·present18805 ······state:·present
18806 ····when:·syscalls_found·|·length·==·018806 ····when:·syscalls_found·|·length·==·0
18807 ··when:18807 ··when:
18808 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
18809 ··-·'"audit"·in·ansible_facts.packages'18808 ··-·'"audit"·in·ansible_facts.packages'
 18809 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18810 ··tags:18810 ··tags:
18811 ··-·CJIS-5.4.1.118811 ··-·CJIS-5.4.1.1
18812 ··-·DISA-STIG-OL08-00-03049018812 ··-·DISA-STIG-OL08-00-030490
18813 ··-·NIST-800-171-3.1.718813 ··-·NIST-800-171-3.1.7
18814 ··-·NIST-800-53-AU-12(c)18814 ··-·NIST-800-53-AU-12(c)
18815 ··-·NIST-800-53-AU-2(d)18815 ··-·NIST-800-53-AU-2(d)
18816 ··-·NIST-800-53-CM-6(a)18816 ··-·NIST-800-53-CM-6(a)
Offset 18945, 16 lines modifiedOffset 18945, 16 lines modified
18945 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018945 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18946 ········-F·auid!=unset·-F·key=perm_mod18946 ········-F·auid!=unset·-F·key=perm_mod
18947 ······create:·true18947 ······create:·true
18948 ······mode:·o-rwx18948 ······mode:·o-rwx
18949 ······state:·present18949 ······state:·present
18950 ····when:·syscalls_found·|·length·==·018950 ····when:·syscalls_found·|·length·==·0
18951 ··when:18951 ··when:
18952 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
18953 ··-·'"audit"·in·ansible_facts.packages'18952 ··-·'"audit"·in·ansible_facts.packages'
 18953 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18954 ··-·audit_arch·==·"b64"18954 ··-·audit_arch·==·"b64"
18955 ··tags:18955 ··tags:
18956 ··-·CJIS-5.4.1.118956 ··-·CJIS-5.4.1.1
18957 ··-·DISA-STIG-OL08-00-03049018957 ··-·DISA-STIG-OL08-00-030490
18958 ··-·NIST-800-171-3.1.718958 ··-·NIST-800-171-3.1.7
18959 ··-·NIST-800-53-AU-12(c)18959 ··-·NIST-800-53-AU-12(c)
18960 ··-·NIST-800-53-AU-2(d)18960 ··-·NIST-800-53-AU-2(d)
Offset 18964, 15 lines modifiedOffset 18964, 15 lines modified
18964 ··-·low_complexity18964 ··-·low_complexity
18965 ··-·low_disruption18965 ··-·low_disruption
18966 ··-·medium_severity18966 ··-·medium_severity
18967 ··-·reboot_required18967 ··-·reboot_required
18968 ··-·restrict_strategy18968 ··-·restrict_strategy
18969 Remediation_Shell_script_⇲18969 Remediation_Shell_script_⇲
18970 #·Remediation·is·applicable·only·in·certain·platforms18970 #·Remediation·is·applicable·only·in·certain·platforms
18971 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then18971 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
18972 #·First·perform·the·remediation·of·the·syscall·rule18972 #·First·perform·the·remediation·of·the·syscall·rule
18973 #·Retrieve·hardware·architecture·of·the·underlying·system18973 #·Retrieve·hardware·architecture·of·the·underlying·system
18974 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")18974 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
18975 for·ARCH·in·"${RULE_ARCHS[@]}"18975 for·ARCH·in·"${RULE_ARCHS[@]}"
18976 do18976 do
Offset 19333, 16 lines modifiedOffset 19333, 16 lines modified
19333 ··-·reboot_required19333 ··-·reboot_required
19334 ··-·restrict_strategy19334 ··-·restrict_strategy
  
19335 -·name:·Set·architecture·for·audit·chown·tasks19335 -·name:·Set·architecture·for·audit·chown·tasks
19336 ··set_fact:19336 ··set_fact:
19337 ····audit_arch:·b6419337 ····audit_arch:·b64
19338 ··when:19338 ··when:
19339 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
19340 ··-·'"audit"·in·ansible_facts.packages'19339 ··-·'"audit"·in·ansible_facts.packages'
 19340 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19341 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture19341 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
19342 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"19342 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
19343 ··tags:19343 ··tags:
19344 ··-·CJIS-5.4.1.119344 ··-·CJIS-5.4.1.1
19345 ··-·DISA-STIG-OL08-00-03048019345 ··-·DISA-STIG-OL08-00-030480
19346 ··-·NIST-800-171-3.1.719346 ··-·NIST-800-171-3.1.7
19347 ··-·NIST-800-53-AU-12(c)19347 ··-·NIST-800-53-AU-12(c)
Offset 19481, 16 lines modifiedOffset 19481, 16 lines modified
19481 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100019481 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
19482 ········-F·auid!=unset·-F·key=perm_mod19482 ········-F·auid!=unset·-F·key=perm_mod
19483 ······create:·true19483 ······create:·true
19484 ······mode:·o-rwx19484 ······mode:·o-rwx
19485 ······state:·present19485 ······state:·present
19486 ····when:·syscalls_found·|·length·==·019486 ····when:·syscalls_found·|·length·==·0
19487 ··when:19487 ··when:
19488 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
19489 ··-·'"audit"·in·ansible_facts.packages'19488 ··-·'"audit"·in·ansible_facts.packages'
 19489 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19490 ··tags:19490 ··tags:
19491 ··-·CJIS-5.4.1.119491 ··-·CJIS-5.4.1.1
19492 ··-·DISA-STIG-OL08-00-03048019492 ··-·DISA-STIG-OL08-00-030480
19493 ··-·NIST-800-171-3.1.719493 ··-·NIST-800-171-3.1.7
19494 ··-·NIST-800-53-AU-12(c)19494 ··-·NIST-800-53-AU-12(c)
19495 ··-·NIST-800-53-AU-2(d)19495 ··-·NIST-800-53-AU-2(d)
19496 ··-·NIST-800-53-CM-6(a)19496 ··-·NIST-800-53-CM-6(a)
Offset 19627, 16 lines modifiedOffset 19627, 16 lines modified
19627 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100019627 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
19628 ········-F·auid!=unset·-F·key=perm_mod19628 ········-F·auid!=unset·-F·key=perm_mod
19629 ······create:·true19629 ······create:·true
19630 ······mode:·o-rwx19630 ······mode:·o-rwx
19631 ······state:·present19631 ······state:·present
19632 ····when:·syscalls_found·|·length·==·019632 ····when:·syscalls_found·|·length·==·0
19633 ··when:19633 ··when:
19634 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
19635 ··-·'"audit"·in·ansible_facts.packages'19634 ··-·'"audit"·in·ansible_facts.packages'
 19635 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19636 ··-·audit_arch·==·"b64"19636 ··-·audit_arch·==·"b64"
19637 ··tags:19637 ··tags:
19638 ··-·CJIS-5.4.1.119638 ··-·CJIS-5.4.1.1
19639 ··-·DISA-STIG-OL08-00-03048019639 ··-·DISA-STIG-OL08-00-030480
19640 ··-·NIST-800-171-3.1.719640 ··-·NIST-800-171-3.1.7
19641 ··-·NIST-800-53-AU-12(c)19641 ··-·NIST-800-53-AU-12(c)
19642 ··-·NIST-800-53-AU-2(d)19642 ··-·NIST-800-53-AU-2(d)
Offset 19646, 15 lines modifiedOffset 19646, 15 lines modified
19646 ··-·low_complexity19646 ··-·low_complexity
19647 ··-·low_disruption19647 ··-·low_disruption
19648 ··-·medium_severity19648 ··-·medium_severity
Max diff block lines reached; 186878/191528 bytes (97.57%) of diff not shown.
771 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-stig_gui.html
    
Offset 108237, 23 lines modifiedOffset 108237, 23 lines modified
001a6cc0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric001a6cc0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric
001a6cd0:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na001a6cd0:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na
001a6ce0:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec001a6ce0:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec
001a6cf0:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c001a6cf0:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c
001a6d00:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set001a6d00:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set
001a6d10:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit001a6d10:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit
001a6d20:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe001a6d20:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe
001a6d30:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
001a6d40:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
001a6d50:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
001a6d60:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
001a6d70:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
001a6d80:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
001a6d90:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
001a6da0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa001a6d30:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 001a6d40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 001a6d50:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 001a6d60:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 001a6d70:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 001a6d80:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 001a6d90:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 001a6da0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
001a6db0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible001a6db0:·6572·225d·0a20·202d·2061·6e73·6962·6c65··er"].··-·ansible
001a6dc0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==001a6dc0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
001a6dd0:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an001a6dd0:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an
001a6de0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu001a6de0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
001a6df0:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or001a6df0:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or
001a6e00:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite001a6e00:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
001a6e10:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp001a6e10:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp
001a6e20:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl001a6e20:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl
Offset 108560, 23 lines modifiedOffset 108560, 23 lines modified
001a80f0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···001a80f0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
001a8100:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.001a8100:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
001a8110:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw001a8110:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
001a8120:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p001a8120:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
001a8130:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:001a8130:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
001a8140:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·001a8140:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
001a8150:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··001a8150:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
001a8160:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl001a8160:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
001a8170:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
001a8180:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
001a8190:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
001a81a0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
001a81b0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
001a81c0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
001a81d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa001a8170:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 001a8180:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 001a8190:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 001a81a0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 001a81b0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 001a81c0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 001a81d0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
001a81e0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.001a81e0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
001a81f0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1001a81f0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
001a8200:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O001a8200:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O
001a8210:·4c30·382d·3030·2d30·3330·3439·300a·2020··L08-00-030490.··001a8210:·4c30·382d·3030·2d30·3330·3439·300a·2020··L08-00-030490.··
001a8220:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3001a8220:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
001a8230:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80001a8230:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
001a8240:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··001a8240:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··
001a8250:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU001a8250:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU
Offset 108872, 23 lines modifiedOffset 108872, 23 lines modified
001a9470:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre001a9470:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre
001a9480:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······001a9480:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
001a9490:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····001a9490:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····
001a94a0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present001a94a0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
001a94b0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca001a94b0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca
001a94c0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng001a94c0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng
001a94d0:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.001a94d0:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.
001a94e0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
001a94f0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
001a9500:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
001a9510:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
001a9520:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
001a9530:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
001a9540:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
001a9550:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages001a94e0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 001a94f0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 001a9500:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 001a9510:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 001a9520:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 001a9530:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 001a9540:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 001a9550:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
001a9560:·270a·2020·2d20·6175·6469·745f·6172·6368··'.··-·audit_arch001a9560:·5d0a·2020·2d20·6175·6469·745f·6172·6368··].··-·audit_arch
001a9570:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags001a9570:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags
001a9580:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1001a9580:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
001a9590:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG001a9590:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
001a95a0:·2d4f·4c30·382d·3030·2d30·3330·3439·300a··-OL08-00-030490.001a95a0:·2d4f·4c30·382d·3030·2d30·3330·3439·300a··-OL08-00-030490.
001a95b0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171001a95b0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
001a95c0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-001a95c0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
001a95d0:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).001a95d0:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
Offset 108922, 20 lines modifiedOffset 108922, 20 lines modified
001a9790:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla001a9790:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
001a97a0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id001a97a0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
001a97b0:·3d22·6964·6d32·3236·3639·223e·3c70·7265··="idm22669"><pre001a97b0:·3d22·6964·6d32·3236·3639·223e·3c70·7265··="idm22669"><pre
001a97c0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia001a97c0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
001a97d0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab001a97d0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
001a97e0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa001a97e0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
001a97f0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·001a97f0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 001a9800:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
 001a9810:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;·
001a9800:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere001a9820:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
001a9810:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·001a9830:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
001a9820:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con001a9840:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
001a9830:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp001a9850:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the
001a9840:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
001a9850:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the 
001a9860:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo001a9860:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
001a9870:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati001a9870:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
001a9880:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal001a9880:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
001a9890:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev001a9890:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
001a98a0:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi001a98a0:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi
001a98b0:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u001a98b0:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u
001a98c0:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system001a98c0:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system
Offset 110734, 22 lines modifiedOffset 110734, 22 lines modified
001b08d0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra001b08d0:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
001b08e0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se001b08e0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se
001b08f0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f001b08f0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f
001b0900:·6f72·2061·7564·6974·2063·686f·776e·2074··or·audit·chown·t001b0900:·6f72·2061·7564·6974·2063·686f·776e·2074··or·audit·chown·t
001b0910:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:001b0910:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:
001b0920:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:001b0920:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:
001b0930:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-001b0930:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-
001b0940:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
001b0950:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
001b0960:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
001b0970:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
001b0980:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
Max diff block lines reached; 587453/597667 bytes (98.29%) of diff not shown.
187 KB
html2text {}
    
Offset 18659, 16 lines modifiedOffset 18659, 16 lines modified
18659 ··-·reboot_required18659 ··-·reboot_required
18660 ··-·restrict_strategy18660 ··-·restrict_strategy
  
18661 -·name:·Set·architecture·for·audit·chmod·tasks18661 -·name:·Set·architecture·for·audit·chmod·tasks
18662 ··set_fact:18662 ··set_fact:
18663 ····audit_arch:·b6418663 ····audit_arch:·b64
18664 ··when:18664 ··when:
18665 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
18666 ··-·'"audit"·in·ansible_facts.packages'18665 ··-·'"audit"·in·ansible_facts.packages'
 18666 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18667 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture18667 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
18668 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"18668 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
18669 ··tags:18669 ··tags:
18670 ··-·CJIS-5.4.1.118670 ··-·CJIS-5.4.1.1
18671 ··-·DISA-STIG-OL08-00-03049018671 ··-·DISA-STIG-OL08-00-030490
18672 ··-·NIST-800-171-3.1.718672 ··-·NIST-800-171-3.1.7
18673 ··-·NIST-800-53-AU-12(c)18673 ··-·NIST-800-53-AU-12(c)
Offset 18805, 16 lines modifiedOffset 18805, 16 lines modified
18805 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018805 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18806 ········-F·auid!=unset·-F·key=perm_mod18806 ········-F·auid!=unset·-F·key=perm_mod
18807 ······create:·true18807 ······create:·true
18808 ······mode:·o-rwx18808 ······mode:·o-rwx
18809 ······state:·present18809 ······state:·present
18810 ····when:·syscalls_found·|·length·==·018810 ····when:·syscalls_found·|·length·==·0
18811 ··when:18811 ··when:
18812 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
18813 ··-·'"audit"·in·ansible_facts.packages'18812 ··-·'"audit"·in·ansible_facts.packages'
 18813 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18814 ··tags:18814 ··tags:
18815 ··-·CJIS-5.4.1.118815 ··-·CJIS-5.4.1.1
18816 ··-·DISA-STIG-OL08-00-03049018816 ··-·DISA-STIG-OL08-00-030490
18817 ··-·NIST-800-171-3.1.718817 ··-·NIST-800-171-3.1.7
18818 ··-·NIST-800-53-AU-12(c)18818 ··-·NIST-800-53-AU-12(c)
18819 ··-·NIST-800-53-AU-2(d)18819 ··-·NIST-800-53-AU-2(d)
18820 ··-·NIST-800-53-CM-6(a)18820 ··-·NIST-800-53-CM-6(a)
Offset 18949, 16 lines modifiedOffset 18949, 16 lines modified
18949 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018949 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18950 ········-F·auid!=unset·-F·key=perm_mod18950 ········-F·auid!=unset·-F·key=perm_mod
18951 ······create:·true18951 ······create:·true
18952 ······mode:·o-rwx18952 ······mode:·o-rwx
18953 ······state:·present18953 ······state:·present
18954 ····when:·syscalls_found·|·length·==·018954 ····when:·syscalls_found·|·length·==·0
18955 ··when:18955 ··when:
18956 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
18957 ··-·'"audit"·in·ansible_facts.packages'18956 ··-·'"audit"·in·ansible_facts.packages'
 18957 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18958 ··-·audit_arch·==·"b64"18958 ··-·audit_arch·==·"b64"
18959 ··tags:18959 ··tags:
18960 ··-·CJIS-5.4.1.118960 ··-·CJIS-5.4.1.1
18961 ··-·DISA-STIG-OL08-00-03049018961 ··-·DISA-STIG-OL08-00-030490
18962 ··-·NIST-800-171-3.1.718962 ··-·NIST-800-171-3.1.7
18963 ··-·NIST-800-53-AU-12(c)18963 ··-·NIST-800-53-AU-12(c)
18964 ··-·NIST-800-53-AU-2(d)18964 ··-·NIST-800-53-AU-2(d)
Offset 18968, 15 lines modifiedOffset 18968, 15 lines modified
18968 ··-·low_complexity18968 ··-·low_complexity
18969 ··-·low_disruption18969 ··-·low_disruption
18970 ··-·medium_severity18970 ··-·medium_severity
18971 ··-·reboot_required18971 ··-·reboot_required
18972 ··-·restrict_strategy18972 ··-·restrict_strategy
18973 Remediation_Shell_script_⇲18973 Remediation_Shell_script_⇲
18974 #·Remediation·is·applicable·only·in·certain·platforms18974 #·Remediation·is·applicable·only·in·certain·platforms
18975 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then18975 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
18976 #·First·perform·the·remediation·of·the·syscall·rule18976 #·First·perform·the·remediation·of·the·syscall·rule
18977 #·Retrieve·hardware·architecture·of·the·underlying·system18977 #·Retrieve·hardware·architecture·of·the·underlying·system
18978 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")18978 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
18979 for·ARCH·in·"${RULE_ARCHS[@]}"18979 for·ARCH·in·"${RULE_ARCHS[@]}"
18980 do18980 do
Offset 19337, 16 lines modifiedOffset 19337, 16 lines modified
19337 ··-·reboot_required19337 ··-·reboot_required
19338 ··-·restrict_strategy19338 ··-·restrict_strategy
  
19339 -·name:·Set·architecture·for·audit·chown·tasks19339 -·name:·Set·architecture·for·audit·chown·tasks
19340 ··set_fact:19340 ··set_fact:
19341 ····audit_arch:·b6419341 ····audit_arch:·b64
19342 ··when:19342 ··when:
19343 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
19344 ··-·'"audit"·in·ansible_facts.packages'19343 ··-·'"audit"·in·ansible_facts.packages'
 19344 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19345 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture19345 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
19346 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"19346 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
19347 ··tags:19347 ··tags:
19348 ··-·CJIS-5.4.1.119348 ··-·CJIS-5.4.1.1
19349 ··-·DISA-STIG-OL08-00-03048019349 ··-·DISA-STIG-OL08-00-030480
19350 ··-·NIST-800-171-3.1.719350 ··-·NIST-800-171-3.1.7
19351 ··-·NIST-800-53-AU-12(c)19351 ··-·NIST-800-53-AU-12(c)
Offset 19485, 16 lines modifiedOffset 19485, 16 lines modified
19485 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100019485 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
19486 ········-F·auid!=unset·-F·key=perm_mod19486 ········-F·auid!=unset·-F·key=perm_mod
19487 ······create:·true19487 ······create:·true
19488 ······mode:·o-rwx19488 ······mode:·o-rwx
19489 ······state:·present19489 ······state:·present
19490 ····when:·syscalls_found·|·length·==·019490 ····when:·syscalls_found·|·length·==·0
19491 ··when:19491 ··when:
19492 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
19493 ··-·'"audit"·in·ansible_facts.packages'19492 ··-·'"audit"·in·ansible_facts.packages'
 19493 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19494 ··tags:19494 ··tags:
19495 ··-·CJIS-5.4.1.119495 ··-·CJIS-5.4.1.1
19496 ··-·DISA-STIG-OL08-00-03048019496 ··-·DISA-STIG-OL08-00-030480
19497 ··-·NIST-800-171-3.1.719497 ··-·NIST-800-171-3.1.7
19498 ··-·NIST-800-53-AU-12(c)19498 ··-·NIST-800-53-AU-12(c)
19499 ··-·NIST-800-53-AU-2(d)19499 ··-·NIST-800-53-AU-2(d)
19500 ··-·NIST-800-53-CM-6(a)19500 ··-·NIST-800-53-CM-6(a)
Offset 19631, 16 lines modifiedOffset 19631, 16 lines modified
19631 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100019631 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
19632 ········-F·auid!=unset·-F·key=perm_mod19632 ········-F·auid!=unset·-F·key=perm_mod
19633 ······create:·true19633 ······create:·true
19634 ······mode:·o-rwx19634 ······mode:·o-rwx
19635 ······state:·present19635 ······state:·present
19636 ····when:·syscalls_found·|·length·==·019636 ····when:·syscalls_found·|·length·==·0
19637 ··when:19637 ··when:
19638 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
19639 ··-·'"audit"·in·ansible_facts.packages'19638 ··-·'"audit"·in·ansible_facts.packages'
 19639 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19640 ··-·audit_arch·==·"b64"19640 ··-·audit_arch·==·"b64"
19641 ··tags:19641 ··tags:
19642 ··-·CJIS-5.4.1.119642 ··-·CJIS-5.4.1.1
19643 ··-·DISA-STIG-OL08-00-03048019643 ··-·DISA-STIG-OL08-00-030480
19644 ··-·NIST-800-171-3.1.719644 ··-·NIST-800-171-3.1.7
19645 ··-·NIST-800-53-AU-12(c)19645 ··-·NIST-800-53-AU-12(c)
19646 ··-·NIST-800-53-AU-2(d)19646 ··-·NIST-800-53-AU-2(d)
Offset 19650, 15 lines modifiedOffset 19650, 15 lines modified
19650 ··-·low_complexity19650 ··-·low_complexity
19651 ··-·low_disruption19651 ··-·low_disruption
19652 ··-·medium_severity19652 ··-·medium_severity
Max diff block lines reached; 186878/191528 bytes (97.57%) of diff not shown.
5.37 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-stig.html
    
Offset 320556, 23 lines modifiedOffset 320556, 23 lines modified
004e42b0:·745f·7265·7374·7269·6374·696f·6e73·5c73··t_restrictions\s004e42b0:·745f·7265·7374·7269·6374·696f·6e73·5c73··t_restrictions\s
004e42c0:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line004e42c0:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line
004e42d0:·3a20·736d·7470·645f·636c·6965·6e74·5f72··:·smtpd_client_r004e42d0:·3a20·736d·7470·645f·636c·6965·6e74·5f72··:·smtpd_client_r
004e42e0:·6573·7472·6963·7469·6f6e·7320·3d20·7065··estrictions·=·pe004e42e0:·6573·7472·6963·7469·6f6e·7320·3d20·7065··estrictions·=·pe
004e42f0:·726d·6974·5f6d·796e·6574·776f·726b·732c··rmit_mynetworks,004e42f0:·726d·6974·5f6d·796e·6574·776f·726b·732c··rmit_mynetworks,
004e4300:·7265·6a65·6374·0a20·2020·2020·2073·7461··reject.······sta004e4300:·7265·6a65·6374·0a20·2020·2020·2073·7461··reject.······sta
004e4310:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh004e4310:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh
004e4320:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
004e4330:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
004e4340:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
004e4350:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
004e4360:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
004e4370:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
004e4380:·2d20·2722·706f·7374·6669·7822·2069·6e20··-·'"postfix"·in· 
004e4390:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa004e4320:·656e·3a0a·2020·2d20·2722·706f·7374·6669··en:.··-·'"postfi
 004e4330:·7822·2069·6e20·616e·7369·626c·655f·6661··x"·in·ansible_fa
 004e4340:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 004e4350:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 004e4360:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 004e4370:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 004e4380:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 004e4390:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
004e43a0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.004e43a0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
004e43b0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi004e43b0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi
004e43c0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru004e43c0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru
004e43d0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium004e43d0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium
004e43e0:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no004e43e0:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no
004e43f0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·004e43f0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·
004e4400:·202d·2070·6f73·7466·6978·5f70·7265·7665···-·postfix_preve004e4400:·202d·2070·6f73·7466·6978·5f70·7265·7665···-·postfix_preve
004e4410:·6e74·5f75·6e72·6573·7472·6963·7465·645f··nt_unrestricted_004e4410:·6e74·5f75·6e72·6573·7472·6963·7465·645f··nt_unrestricted_
Offset 320594, 21 lines modifiedOffset 320594, 21 lines modified
004e4510:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p004e4510:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
004e4520:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co004e4520:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
004e4530:·6c6c·6170·7365·2220·6964·3d22·6964·6d34··llapse"·id="idm4004e4530:·6c6c·6170·7365·2220·6964·3d22·6964·6d34··llapse"·id="idm4
004e4540:·3930·3734·223e·3c70·7265·3e3c·636f·6465··9074"><pre><code004e4540:·3930·3734·223e·3c70·7265·3e3c·636f·6465··9074"><pre><code
004e4550:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i004e4550:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
004e4560:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl004e4560:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
004e4570:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla004e4570:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
004e4580:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f004e4580:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
004e4590:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&004e4590:·7175·6965·7420·2d71·2070·6f73·7466·6978··quiet·-q·postfix
004e45a0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f004e45a0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 004e45b0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
 004e45c0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
004e45b0:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container004e45d0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
 004e45e0:·6572·656e·7620·5d3b·2074·6865·6e0a·0a69··erenv·];·then..i
004e45c0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp; 
004e45d0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
004e45e0:·706f·7374·6669·783b·2074·6865·6e0a·0a69··postfix;·then..i 
004e45f0:·6620·2120·6772·6570·202d·7120·5e73·6d74··f·!·grep·-q·^smt004e45f0:·6620·2120·6772·6570·202d·7120·5e73·6d74··f·!·grep·-q·^smt
004e4600:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri004e4600:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri
004e4610:·6374·696f·6e73·202f·6574·632f·706f·7374··ctions·/etc/post004e4610:·6374·696f·6e73·202f·6574·632f·706f·7374··ctions·/etc/post
004e4620:·6669·782f·6d61·696e·2e63·663b·2074·6865··fix/main.cf;·the004e4620:·6669·782f·6d61·696e·2e63·663b·2074·6865··fix/main.cf;·the
004e4630:·6e0a·0965·6368·6f20·2273·6d74·7064·5f63··n..echo·"smtpd_c004e4630:·6e0a·0965·6368·6f20·2273·6d74·7064·5f63··n..echo·"smtpd_c
004e4640:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio004e4640:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
004e4650:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne004e4650:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne
1.17 KB
html2text {}
    
Offset 65440, 26 lines modifiedOffset 65440, 26 lines modified
65440 ····lineinfile:65440 ····lineinfile:
65441 ······path:·/etc/postfix/main.cf65441 ······path:·/etc/postfix/main.cf
65442 ······create:·true65442 ······create:·true
65443 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*65443 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
65444 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject65444 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
65445 ······state:·present65445 ······state:·present
65446 ··when:65446 ··when:
65447 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
65448 ··-·'"postfix"·in·ansible_facts.packages'65447 ··-·'"postfix"·in·ansible_facts.packages'
 65448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
65449 ··tags:65449 ··tags:
65450 ··-·low_complexity65450 ··-·low_complexity
65451 ··-·low_disruption65451 ··-·low_disruption
65452 ··-·medium_severity65452 ··-·medium_severity
65453 ··-·no_reboot_needed65453 ··-·no_reboot_needed
65454 ··-·postfix_prevent_unrestricted_relay65454 ··-·postfix_prevent_unrestricted_relay
65455 ··-·restrict_strategy65455 ··-·restrict_strategy
65456 Remediation_Shell_script_⇲65456 Remediation_Shell_script_⇲
65457 #·Remediation·is·applicable·only·in·certain·platforms65457 #·Remediation·is·applicable·only·in·certain·platforms
65458 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then65458 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
65459 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then65459 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
65460 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf65460 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
65461 else65461 else
65462 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf65462 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
65463 fi65463 fi
  
5.38 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-stig_gui.html
    
Offset 320574, 23 lines modifiedOffset 320574, 23 lines modified
004e43d0:·7374·7269·6374·696f·6e73·5c73·2a3d·5c73··strictions\s*=\s004e43d0:·7374·7269·6374·696f·6e73·5c73·2a3d·5c73··strictions\s*=\s
004e43e0:·2a0a·2020·2020·2020·6c69·6e65·3a20·736d··*.······line:·sm004e43e0:·2a0a·2020·2020·2020·6c69·6e65·3a20·736d··*.······line:·sm
004e43f0:·7470·645f·636c·6965·6e74·5f72·6573·7472··tpd_client_restr004e43f0:·7470·645f·636c·6965·6e74·5f72·6573·7472··tpd_client_restr
004e4400:·6963·7469·6f6e·7320·3d20·7065·726d·6974··ictions·=·permit004e4400:·6963·7469·6f6e·7320·3d20·7065·726d·6974··ictions·=·permit
004e4410:·5f6d·796e·6574·776f·726b·732c·7265·6a65··_mynetworks,reje004e4410:·5f6d·796e·6574·776f·726b·732c·7265·6a65··_mynetworks,reje
004e4420:·6374·0a20·2020·2020·2073·7461·7465·3a20··ct.······state:·004e4420:·6374·0a20·2020·2020·2073·7461·7465·3a20··ct.······state:·
004e4430:·7072·6573·656e·740a·2020·7768·656e·3a0a··present.··when:.004e4430:·7072·6573·656e·740a·2020·7768·656e·3a0a··present.··when:.
004e4440:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
004e4450:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
004e4460:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
004e4470:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
004e4480:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
004e4490:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
004e44a0:·706f·7374·6669·7822·2069·6e20·616e·7369··postfix"·in·ansi 
004e44b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag004e4440:·2020·2d20·2722·706f·7374·6669·7822·2069····-·'"postfix"·i
 004e4450:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 004e4460:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 004e4470:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 004e4480:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 004e4490:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 004e44a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 004e44b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
004e44c0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·004e44c0:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
004e44d0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·004e44d0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·
004e44e0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio004e44e0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio
004e44f0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev004e44f0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev
004e4500:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb004e4500:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb
004e4510:·6f6f·745f·6e65·6564·6564·0a20·202d·2070··oot_needed.··-·p004e4510:·6f6f·745f·6e65·6564·6564·0a20·202d·2070··oot_needed.··-·p
004e4520:·6f73·7466·6978·5f70·7265·7665·6e74·5f75··ostfix_prevent_u004e4520:·6f73·7466·6978·5f70·7265·7665·6e74·5f75··ostfix_prevent_u
004e4530:·6e72·6573·7472·6963·7465·645f·7265·6c61··nrestricted_rela004e4530:·6e72·6573·7472·6963·7465·645f·7265·6c61··nrestricted_rela
Offset 320612, 21 lines modifiedOffset 320612, 21 lines modified
004e4630:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel004e4630:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
004e4640:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap004e4640:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
004e4650:·7365·2220·6964·3d22·6964·6d34·3930·3734··se"·id="idm49074004e4650:·7365·2220·6964·3d22·6964·6d34·3930·3734··se"·id="idm49074
004e4660:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R004e4660:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
004e4670:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap004e4670:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
004e4680:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in004e4680:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
004e4690:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor004e4690:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
004e46a0:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d 
004e46b0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;004e46a0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 004e46b0:·7420·2d71·2070·6f73·7466·6978·2026·616d··t·-q·postfix·&am
004e46c0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru004e46c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
 004e46d0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
 004e46e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
004e46d0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·004e46f0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
004e46e0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
004e46f0:·202d·2d71·7569·6574·202d·7120·706f·7374···--quiet·-q·post 
004e4700:·6669·783b·2074·6865·6e0a·0a69·6620·2120··fix;·then..if·!·004e4700:·7620·5d3b·2074·6865·6e0a·0a69·6620·2120··v·];·then..if·!·
004e4710:·6772·6570·202d·7120·5e73·6d74·7064·5f63··grep·-q·^smtpd_c004e4710:·6772·6570·202d·7120·5e73·6d74·7064·5f63··grep·-q·^smtpd_c
004e4720:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio004e4720:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
004e4730:·6e73·202f·6574·632f·706f·7374·6669·782f··ns·/etc/postfix/004e4730:·6e73·202f·6574·632f·706f·7374·6669·782f··ns·/etc/postfix/
004e4740:·6d61·696e·2e63·663b·2074·6865·6e0a·0965··main.cf;·then..e004e4740:·6d61·696e·2e63·663b·2074·6865·6e0a·0965··main.cf;·then..e
004e4750:·6368·6f20·2273·6d74·7064·5f63·6c69·656e··cho·"smtpd_clien004e4750:·6368·6f20·2273·6d74·7064·5f63·6c69·656e··cho·"smtpd_clien
004e4760:·745f·7265·7374·7269·6374·696f·6e73·203d··t_restrictions·=004e4760:·745f·7265·7374·7269·6374·696f·6e73·203d··t_restrictions·=
004e4770:·2070·6572·6d69·745f·6d79·6e65·7477·6f72···permit_mynetwor004e4770:·2070·6572·6d69·745f·6d79·6e65·7477·6f72···permit_mynetwor
1.17 KB
html2text {}
    
Offset 65444, 26 lines modifiedOffset 65444, 26 lines modified
65444 ····lineinfile:65444 ····lineinfile:
65445 ······path:·/etc/postfix/main.cf65445 ······path:·/etc/postfix/main.cf
65446 ······create:·true65446 ······create:·true
65447 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*65447 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
65448 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject65448 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
65449 ······state:·present65449 ······state:·present
65450 ··when:65450 ··when:
65451 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
65452 ··-·'"postfix"·in·ansible_facts.packages'65451 ··-·'"postfix"·in·ansible_facts.packages'
 65452 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
65453 ··tags:65453 ··tags:
65454 ··-·low_complexity65454 ··-·low_complexity
65455 ··-·low_disruption65455 ··-·low_disruption
65456 ··-·medium_severity65456 ··-·medium_severity
65457 ··-·no_reboot_needed65457 ··-·no_reboot_needed
65458 ··-·postfix_prevent_unrestricted_relay65458 ··-·postfix_prevent_unrestricted_relay
65459 ··-·restrict_strategy65459 ··-·restrict_strategy
65460 Remediation_Shell_script_⇲65460 Remediation_Shell_script_⇲
65461 #·Remediation·is·applicable·only·in·certain·platforms65461 #·Remediation·is·applicable·only·in·certain·platforms
65462 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then65462 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
65463 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then65463 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
65464 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf65464 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
65465 else65465 else
65466 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf65466 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
65467 fi65467 fi
  
44.5 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis.html
    
Offset 176706, 21 lines modifiedOffset 176706, 21 lines modified
002b2410:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha002b2410:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha
002b2420:·742f·6772·7562·2e63·6667·0a20·2073·7461··t/grub.cfg.··sta002b2420:·742f·6772·7562·2e63·6667·0a20·2073·7461··t/grub.cfg.··sta
002b2430:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002b2430:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002b2440:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha002b2440:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha
002b2450:·742f·6772·7562·2e63·6667·0a20·2072·6567··t/grub.cfg.··reg002b2450:·742f·6772·7562·2e63·6667·0a20·2072·6567··t/grub.cfg.··reg
002b2460:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis002b2460:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
002b2470:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'002b2470:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
002b2480:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
002b2490:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
002b24a0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
002b24b0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
002b24c0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo002b2480:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
002b24d0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa002b2490:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
002b24e0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··002b24a0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 002b24b0:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 002b24c0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 002b24d0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 002b24e0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
002b24f0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua002b24f0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
002b2500:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no002b2500:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
002b2510:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·002b2510:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
002b2520:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",002b2520:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
002b2530:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont002b2530:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
002b2540:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.002b2540:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
002b2550:·2020·2d20·4343·452d·3833·3433·302d·390a····-·CCE-83430-9.002b2550:·2020·2d20·4343·452d·3833·3433·302d·390a····-·CCE-83430-9.
Offset 176744, 21 lines modifiedOffset 176744, 21 lines modified
002b2670:·3020·6f6e·202f·626f·6f74·2f65·6669·2f45··0·on·/boot/efi/E002b2670:·3020·6f6e·202f·626f·6f74·2f65·6669·2f45··0·on·/boot/efi/E
002b2680:·4649·2f72·6564·6861·742f·6772·7562·2e63··FI/redhat/grub.c002b2680:·4649·2f72·6564·6861·742f·6772·7562·2e63··FI/redhat/grub.c
002b2690:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p002b2690:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
002b26a0:·6174·683a·202f·626f·6f74·2f65·6669·2f45··ath:·/boot/efi/E002b26a0:·6174·683a·202f·626f·6f74·2f65·6669·2f45··ath:·/boot/efi/E
002b26b0:·4649·2f72·6564·6861·742f·6772·7562·2e63··FI/redhat/grub.c002b26b0:·4649·2f72·6564·6861·742f·6772·7562·2e63··FI/redhat/grub.c
002b26c0:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0002b26c0:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
002b26d0:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"002b26d0:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
002b26e0:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an 
002b26f0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002b2700:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002b2710:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002b2720:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common002b26e0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
002b2730:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac002b26f0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
002b2740:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002b2700:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 002b2710:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans
 002b2720:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002b2730:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002b2740:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002b2750:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002b2750:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002b2760:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002b2760:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002b2770:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002b2770:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002b2780:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002b2780:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002b2790:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002b2790:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002b27a0:·696e·6572·225d·0a20·202d·2066·696c·655f··iner"].··-·file_002b27a0:·696e·6572·225d·0a20·202d·2066·696c·655f··iner"].··-·file_
002b27b0:·6578·6973·7473·2e73·7461·7420·6973·2064··exists.stat·is·d002b27b0:·6578·6973·7473·2e73·7461·7420·6973·2064··exists.stat·is·d
Offset 176810, 19 lines modifiedOffset 176810, 19 lines modified
002b2a90:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</002b2a90:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
002b2aa0:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure002b2aa0:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
002b2ab0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl002b2ab0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
002b2ac0:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R002b2ac0:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
002b2ad0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap002b2ad0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
002b2ae0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in002b2ae0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
002b2af0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor002b2af0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 002b2b00:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
002b2b00:·6d73·0a69·6620·5b20·2d66·202f·7379·732f··ms.if·[·-f·/sys/ 
002b2b10:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·& 
002b2b20:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
002b2b30:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c002b2b10:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
 002b2b20:·6e20·2661·6d70·3b26·616d·703b·205b·202d··n·&amp;&amp;·[·-
 002b2b30:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/
002b2b40:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;002b2b40:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp;
002b2b50:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock002b2b50:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock
002b2b60:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am002b2b60:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
002b2b70:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.002b2b70:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
002b2b80:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·002b2b80:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
002b2b90:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0002b2b90:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0
002b2ba0:·202f·626f·6f74·2f65·6669·2f45·4649·2f72···/boot/efi/EFI/r002b2ba0:·202f·626f·6f74·2f65·6669·2f45·4649·2f72···/boot/efi/EFI/r
002b2bb0:·6564·6861·742f·6772·7562·2e63·6667·0a0a··edhat/grub.cfg..002b2bb0:·6564·6861·742f·6772·7562·2e63·6667·0a0a··edhat/grub.cfg..
Offset 177252, 22 lines modifiedOffset 177252, 22 lines modified
002b4630:·6520·2f62·6f6f·742f·6566·692f·4546·492f··e·/boot/efi/EFI/002b4630:·6520·2f62·6f6f·742f·6566·692f·4546·492f··e·/boot/efi/EFI/
002b4640:·7265·6468·6174·2f75·7365·722e·6366·670a··redhat/user.cfg.002b4640:·7265·6468·6174·2f75·7365·722e·6366·670a··redhat/user.cfg.
002b4650:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path002b4650:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
002b4660:·3a20·2f62·6f6f·742f·6566·692f·4546·492f··:·/boot/efi/EFI/002b4660:·3a20·2f62·6f6f·742f·6566·692f·4546·492f··:·/boot/efi/EFI/
002b4670:·7265·6468·6174·2f75·7365·722e·6366·670a··redhat/user.cfg.002b4670:·7265·6468·6174·2f75·7365·722e·6366·670a··redhat/user.cfg.
002b4680:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002b4680:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002b4690:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002b4690:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002b46a0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002b46b0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b46c0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b46d0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
002b46e0:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-002b46a0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
002b46f0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib002b46b0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
002b4700:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package002b46c0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002b46d0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002b46e0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 002b46f0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 002b4700:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
002b4710:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v002b4710:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
002b4720:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002b4720:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002b4730:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002b4730:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002b4740:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002b4740:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002b4750:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002b4750:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002b4760:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t002b4760:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
002b4770:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860002b4770:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860
002b4780:·3131·2d34·0a20·202d·2043·4a49·532d·352e··11-4.··-·CJIS-5.002b4780:·3131·2d34·0a20·202d·2043·4a49·532d·352e··11-4.··-·CJIS-5.
Offset 177290, 21 lines modifiedOffset 177290, 21 lines modified
002b4890:·6e65·7220·3020·6f6e·202f·626f·6f74·2f65··ner·0·on·/boot/e002b4890:·6e65·7220·3020·6f6e·202f·626f·6f74·2f65··ner·0·on·/boot/e
002b48a0:·6669·2f45·4649·2f72·6564·6861·742f·7573··fi/EFI/redhat/us002b48a0:·6669·2f45·4649·2f72·6564·6861·742f·7573··fi/EFI/redhat/us
002b48b0:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·002b48b0:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·
002b48c0:·2020·2070·6174·683a·202f·626f·6f74·2f65·····path:·/boot/e002b48c0:·2020·2070·6174·683a·202f·626f·6f74·2f65·····path:·/boot/e
002b48d0:·6669·2f45·4649·2f72·6564·6861·742f·7573··fi/EFI/redhat/us002b48d0:·6669·2f45·4649·2f72·6564·6861·742f·7573··fi/EFI/redhat/us
002b48e0:·6572·2e63·6667·0a20·2020·2067·726f·7570··er.cfg.····group002b48e0:·6572·2e63·6667·0a20·2020·2067·726f·7570··er.cfg.····group
002b48f0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··002b48f0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
002b4900:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
002b4910:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002b4920:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002b4930:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002b4940:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co002b4900:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
002b4950:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible002b4910:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
002b4960:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002b4920:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002b4930:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 002b4940:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002b4950:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002b4960:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002b4970:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002b4970:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002b4980:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002b4980:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002b4990:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002b4990:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002b49a0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002b49a0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002b49b0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002b49b0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002b49c0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f002b49c0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
002b49d0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·002b49d0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Max diff block lines reached; 24486/34176 bytes (71.65%) of diff not shown.
11.0 KB
html2text {}
    
Offset 37082, 16 lines modifiedOffset 37082, 16 lines modified
37082 ··-·no_reboot_needed37082 ··-·no_reboot_needed
  
37083 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg37083 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
37084 ··stat:37084 ··stat:
37085 ····path:·/boot/efi/EFI/redhat/grub.cfg37085 ····path:·/boot/efi/EFI/redhat/grub.cfg
37086 ··register:·file_exists37086 ··register:·file_exists
37087 ··when:37087 ··when:
37088 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37089 ··-·'"grub2-common"·in·ansible_facts.packages'37088 ··-·'"grub2-common"·in·ansible_facts.packages'
 37089 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37091 ··tags:37091 ··tags:
37092 ··-·CCE-83430-937092 ··-·CCE-83430-9
37093 ··-·CJIS-5.5.2.237093 ··-·CJIS-5.5.2.2
37094 ··-·NIST-800-171-3.4.537094 ··-·NIST-800-171-3.4.5
37095 ··-·NIST-800-53-AC-6(1)37095 ··-·NIST-800-53-AC-6(1)
37096 ··-·NIST-800-53-CM-6(a)37096 ··-·NIST-800-53-CM-6(a)
Offset 37104, 16 lines modifiedOffset 37104, 16 lines modified
37104 ··-·no_reboot_needed37104 ··-·no_reboot_needed
  
37105 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg37105 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
37106 ··file:37106 ··file:
37107 ····path:·/boot/efi/EFI/redhat/grub.cfg37107 ····path:·/boot/efi/EFI/redhat/grub.cfg
37108 ····group:·'0'37108 ····group:·'0'
37109 ··when:37109 ··when:
37110 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37111 ··-·'"grub2-common"·in·ansible_facts.packages'37110 ··-·'"grub2-common"·in·ansible_facts.packages'
 37111 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37113 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists37113 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
37114 ··tags:37114 ··tags:
37115 ··-·CCE-83430-937115 ··-·CCE-83430-9
37116 ··-·CJIS-5.5.2.237116 ··-·CJIS-5.5.2.2
37117 ··-·NIST-800-171-3.4.537117 ··-·NIST-800-171-3.4.5
37118 ··-·NIST-800-53-AC-6(1)37118 ··-·NIST-800-53-AC-6(1)
Offset 37126, 15 lines modifiedOffset 37126, 15 lines modified
37126 ··-·medium_severity37126 ··-·medium_severity
37127 ··-·no_reboot_needed37127 ··-·no_reboot_needed
37128 Remediation_Shell_script_⇲37128 Remediation_Shell_script_⇲
37129 Complexity:·low37129 Complexity:·low
37130 Disruption:·low37130 Disruption:·low
37131 Strategy:···configure37131 Strategy:···configure
37132 #·Remediation·is·applicable·only·in·certain·platforms37132 #·Remediation·is·applicable·only·in·certain·platforms
37133 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then37133 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
37134 chgrp·0·/boot/efi/EFI/redhat/grub.cfg37134 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
37135 else37135 else
37136 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'37136 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
37137 fi37137 fi
37138 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***37138 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***
Offset 37167, 16 lines modifiedOffset 37167, 16 lines modified
37167 ··-·no_reboot_needed37167 ··-·no_reboot_needed
  
37168 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg37168 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
37169 ··stat:37169 ··stat:
37170 ····path:·/boot/efi/EFI/redhat/user.cfg37170 ····path:·/boot/efi/EFI/redhat/user.cfg
37171 ··register:·file_exists37171 ··register:·file_exists
37172 ··when:37172 ··when:
37173 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37174 ··-·'"grub2-common"·in·ansible_facts.packages'37173 ··-·'"grub2-common"·in·ansible_facts.packages'
 37174 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37175 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37175 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37176 ··tags:37176 ··tags:
37177 ··-·CCE-86011-437177 ··-·CCE-86011-4
37178 ··-·CJIS-5.5.2.237178 ··-·CJIS-5.5.2.2
37179 ··-·NIST-800-171-3.4.537179 ··-·NIST-800-171-3.4.5
37180 ··-·NIST-800-53-AC-6(1)37180 ··-·NIST-800-53-AC-6(1)
37181 ··-·NIST-800-53-CM-6(a)37181 ··-·NIST-800-53-CM-6(a)
Offset 37189, 16 lines modifiedOffset 37189, 16 lines modified
37189 ··-·no_reboot_needed37189 ··-·no_reboot_needed
  
37190 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg37190 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
37191 ··file:37191 ··file:
37192 ····path:·/boot/efi/EFI/redhat/user.cfg37192 ····path:·/boot/efi/EFI/redhat/user.cfg
37193 ····group:·'0'37193 ····group:·'0'
37194 ··when:37194 ··when:
37195 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37196 ··-·'"grub2-common"·in·ansible_facts.packages'37195 ··-·'"grub2-common"·in·ansible_facts.packages'
 37196 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37197 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37197 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37198 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists37198 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
37199 ··tags:37199 ··tags:
37200 ··-·CCE-86011-437200 ··-·CCE-86011-4
37201 ··-·CJIS-5.5.2.237201 ··-·CJIS-5.5.2.2
37202 ··-·NIST-800-171-3.4.537202 ··-·NIST-800-171-3.4.5
37203 ··-·NIST-800-53-AC-6(1)37203 ··-·NIST-800-53-AC-6(1)
Offset 37211, 15 lines modifiedOffset 37211, 15 lines modified
37211 ··-·medium_severity37211 ··-·medium_severity
37212 ··-·no_reboot_needed37212 ··-·no_reboot_needed
37213 Remediation_Shell_script_⇲37213 Remediation_Shell_script_⇲
37214 Complexity:·low37214 Complexity:·low
37215 Disruption:·low37215 Disruption:·low
37216 Strategy:···configure37216 Strategy:···configure
37217 #·Remediation·is·applicable·only·in·certain·platforms37217 #·Remediation·is·applicable·only·in·certain·platforms
37218 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then37218 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
37219 chgrp·0·/boot/efi/EFI/redhat/user.cfg37219 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
37220 else37220 else
37221 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'37221 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
37222 fi37222 fi
37223 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***37223 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***
Offset 37252, 16 lines modifiedOffset 37252, 16 lines modified
37252 ··-·no_reboot_needed37252 ··-·no_reboot_needed
  
37253 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg37253 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
37254 ··stat:37254 ··stat:
37255 ····path:·/boot/efi/EFI/redhat/grub.cfg37255 ····path:·/boot/efi/EFI/redhat/grub.cfg
37256 ··register:·file_exists37256 ··register:·file_exists
37257 ··when:37257 ··when:
37258 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37259 ··-·'"grub2-common"·in·ansible_facts.packages'37258 ··-·'"grub2-common"·in·ansible_facts.packages'
 37259 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37260 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37260 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37261 ··tags:37261 ··tags:
37262 ··-·CCE-83429-137262 ··-·CCE-83429-1
37263 ··-·CJIS-5.5.2.237263 ··-·CJIS-5.5.2.2
37264 ··-·NIST-800-171-3.4.537264 ··-·NIST-800-171-3.4.5
37265 ··-·NIST-800-53-AC-6(1)37265 ··-·NIST-800-53-AC-6(1)
37266 ··-·NIST-800-53-CM-6(a)37266 ··-·NIST-800-53-CM-6(a)
Offset 37274, 16 lines modifiedOffset 37274, 16 lines modified
37274 ··-·no_reboot_needed37274 ··-·no_reboot_needed
  
37275 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg37275 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
37276 ··file:37276 ··file:
37277 ····path:·/boot/efi/EFI/redhat/grub.cfg37277 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 6761/11242 bytes (60.14%) of diff not shown.
44.7 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis_server_l1.html
    
Offset 52926, 21 lines modifiedOffset 52926, 21 lines modified
000cebd0:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red000cebd0:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red
000cebe0:·6861·742f·6772·7562·2e63·6667·0a20·2073··hat/grub.cfg.··s000cebe0:·6861·742f·6772·7562·2e63·6667·0a20·2073··hat/grub.cfg.··s
000cebf0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000cebf0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000cec00:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red000cec00:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red
000cec10:·6861·742f·6772·7562·2e63·6667·0a20·2072··hat/grub.cfg.··r000cec10:·6861·742f·6772·7562·2e63·6667·0a20·2072··hat/grub.cfg.··r
000cec20:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex000cec20:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
000cec30:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-000cec30:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
000cec40:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in 
000cec50:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
000cec60:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
000cec70:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
000cec80:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com000cec40:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
000cec90:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_000cec50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
000ceca0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000cec60:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000cec70:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in·
 000cec80:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 000cec90:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 000ceca0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
000cecb0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt000cecb0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
000cecc0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·000cecc0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
000cecd0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"000cecd0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
000cece0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz000cece0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
000cecf0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co000cecf0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
000ced00:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags000ced00:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
000ced10:·3a0a·2020·2d20·4343·452d·3833·3433·302d··:.··-·CCE-83430-000ced10:·3a0a·2020·2d20·4343·452d·3833·3433·302d··:.··-·CCE-83430-
Offset 52964, 21 lines modifiedOffset 52964, 21 lines modified
000cee30:·7220·3020·6f6e·202f·626f·6f74·2f65·6669··r·0·on·/boot/efi000cee30:·7220·3020·6f6e·202f·626f·6f74·2f65·6669··r·0·on·/boot/efi
000cee40:·2f45·4649·2f72·6564·6861·742f·6772·7562··/EFI/redhat/grub000cee40:·2f45·4649·2f72·6564·6861·742f·6772·7562··/EFI/redhat/grub
000cee50:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000cee50:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000cee60:·2070·6174·683a·202f·626f·6f74·2f65·6669···path:·/boot/efi000cee60:·2070·6174·683a·202f·626f·6f74·2f65·6669···path:·/boot/efi
000cee70:·2f45·4649·2f72·6564·6861·742f·6772·7562··/EFI/redhat/grub000cee70:·2f45·4649·2f72·6564·6861·742f·6772·7562··/EFI/redhat/grub
000cee80:·2e63·6667·0a20·2020·2067·726f·7570·3a20··.cfg.····group:·000cee80:·2e63·6667·0a20·2020·2067·726f·7570·3a20··.cfg.····group:·
000cee90:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·000cee90:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
000ceea0:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in· 
000ceeb0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
000ceec0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
000ceed0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
000ceee0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm000ceea0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
000ceef0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f000ceeb0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
000cef00:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000ceec0:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 000ceed0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a
 000ceee0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 000ceef0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 000cef00:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
000cef10:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu000cef10:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
000cef20:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n000cef20:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
000cef30:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",000cef30:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
000cef40:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"000cef40:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
000cef50:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con000cef50:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
000cef60:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil000cef60:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
000cef70:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is000cef70:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 53030, 19 lines modifiedOffset 53030, 19 lines modified
000cf250:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:000cf250:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
000cf260:·3c2f·7468·3e3c·7464·3e63·6f6e·6669·6775··</th><td>configu000cf260:·3c2f·7468·3e3c·7464·3e63·6f6e·6669·6775··</th><td>configu
000cf270:·7265·3c2f·7464·3e3c·2f74·723e·3c2f·7461··re</td></tr></ta000cf270:·7265·3c2f·7464·3e3c·2f74·723e·3c2f·7461··re</td></tr></ta
000cf280:·626c·653e·3c70·7265·3e3c·636f·6465·3e23··ble><pre><code>#000cf280:·626c·653e·3c70·7265·3e3c·636f·6465·3e23··ble><pre><code>#
000cf290:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000cf290:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000cf2a0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000cf2a0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000cf2b0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000cf2b0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000cf2c0:·6f72·6d73·0a69·6620·5b20·2d66·202f·7379··orms.if·[·-f·/sy000cf2c0:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu
000cf2d0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·] 
000cf2e0:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm· 
000cf2f0:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2000cf2d0:·6965·7420·2d71·2067·7275·6232·2d63·6f6d··iet·-q·grub2-com
000cf300:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am000cf2e0:·6d6f·6e20·2661·6d70·3b26·616d·703b·205b··mon·&amp;&amp;·[
 000cf2f0:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 000cf300:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
000cf310:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do000cf310:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
000cf320:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&000cf320:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
000cf330:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run000cf330:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
000cf340:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]000cf340:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
000cf350:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp000cf350:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp
000cf360:·2030·202f·626f·6f74·2f65·6669·2f45·4649···0·/boot/efi/EFI000cf360:·2030·202f·626f·6f74·2f65·6669·2f45·4649···0·/boot/efi/EFI
000cf370:·2f72·6564·6861·742f·6772·7562·2e63·6667··/redhat/grub.cfg000cf370:·2f72·6564·6861·742f·6772·7562·2e63·6667··/redhat/grub.cfg
Offset 53472, 22 lines modifiedOffset 53472, 22 lines modified
000d0df0:·6e63·6520·2f62·6f6f·742f·6566·692f·4546··nce·/boot/efi/EF000d0df0:·6e63·6520·2f62·6f6f·742f·6566·692f·4546··nce·/boot/efi/EF
000d0e00:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf000d0e00:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf
000d0e10:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa000d0e10:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
000d0e20:·7468·3a20·2f62·6f6f·742f·6566·692f·4546··th:·/boot/efi/EF000d0e20:·7468·3a20·2f62·6f6f·742f·6566·692f·4546··th:·/boot/efi/EF
000d0e30:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf000d0e30:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf
000d0e40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi000d0e40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
000d0e50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when000d0e50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
 000d0e60:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
000d0e60:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000d0e70:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo 
000d0e80:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000d0e90:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000d0ea0:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000d0eb0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans000d0e70:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
000d0ec0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000d0e80:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000d0e90:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000d0ea0:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou
 000d0eb0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000d0ec0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000d0ed0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000d0ed0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000d0ee0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000d0ee0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000d0ef0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000d0ef0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000d0f00:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000d0f00:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000d0f10:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000d0f10:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000d0f20:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000d0f20:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000d0f30:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8000d0f30:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
000d0f40:·3630·3131·2d34·0a20·202d·2043·4a49·532d··6011-4.··-·CJIS-000d0f40:·3630·3131·2d34·0a20·202d·2043·4a49·532d··6011-4.··-·CJIS-
Offset 53510, 22 lines modifiedOffset 53510, 22 lines modified
000d1050:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot000d1050:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
000d1060:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/000d1060:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/
000d1070:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:000d1070:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:
000d1080:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000d1080:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000d1090:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/000d1090:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/
000d10a0:·7573·6572·2e63·6667·0a20·2020·2067·726f··user.cfg.····gro000d10a0:·7573·6572·2e63·6667·0a20·2020·2067·726f··user.cfg.····gro
000d10b0:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.000d10b0:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
000d10c0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000d10d0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000d10e0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000d10f0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000d1100:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000d10c0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000d1110:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000d10d0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000d1120:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000d10e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000d10f0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000d1100:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000d1110:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000d1120:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000d1130:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000d1130:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000d1140:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000d1140:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000d1150:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000d1150:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000d1160:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000d1160:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000d1170:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000d1170:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000d1180:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-000d1180:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
000d1190:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta000d1190:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
Max diff block lines reached; 24626/34416 bytes (71.55%) of diff not shown.
11.0 KB
html2text {}
    
Offset 5376, 16 lines modifiedOffset 5376, 16 lines modified
5376 ··-·no_reboot_needed5376 ··-·no_reboot_needed
  
5377 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg5377 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
5378 ··stat:5378 ··stat:
5379 ····path:·/boot/efi/EFI/redhat/grub.cfg5379 ····path:·/boot/efi/EFI/redhat/grub.cfg
5380 ··register:·file_exists5380 ··register:·file_exists
5381 ··when:5381 ··when:
5382 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5383 ··-·'"grub2-common"·in·ansible_facts.packages'5382 ··-·'"grub2-common"·in·ansible_facts.packages'
 5383 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5384 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5384 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5385 ··tags:5385 ··tags:
5386 ··-·CCE-83430-95386 ··-·CCE-83430-9
5387 ··-·CJIS-5.5.2.25387 ··-·CJIS-5.5.2.2
5388 ··-·NIST-800-171-3.4.55388 ··-·NIST-800-171-3.4.5
5389 ··-·NIST-800-53-AC-6(1)5389 ··-·NIST-800-53-AC-6(1)
5390 ··-·NIST-800-53-CM-6(a)5390 ··-·NIST-800-53-CM-6(a)
Offset 5398, 16 lines modifiedOffset 5398, 16 lines modified
5398 ··-·no_reboot_needed5398 ··-·no_reboot_needed
  
5399 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg5399 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
5400 ··file:5400 ··file:
5401 ····path:·/boot/efi/EFI/redhat/grub.cfg5401 ····path:·/boot/efi/EFI/redhat/grub.cfg
5402 ····group:·'0'5402 ····group:·'0'
5403 ··when:5403 ··when:
5404 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5405 ··-·'"grub2-common"·in·ansible_facts.packages'5404 ··-·'"grub2-common"·in·ansible_facts.packages'
 5405 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5406 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5406 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5407 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5407 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5408 ··tags:5408 ··tags:
5409 ··-·CCE-83430-95409 ··-·CCE-83430-9
5410 ··-·CJIS-5.5.2.25410 ··-·CJIS-5.5.2.2
5411 ··-·NIST-800-171-3.4.55411 ··-·NIST-800-171-3.4.5
5412 ··-·NIST-800-53-AC-6(1)5412 ··-·NIST-800-53-AC-6(1)
Offset 5420, 15 lines modifiedOffset 5420, 15 lines modified
5420 ··-·medium_severity5420 ··-·medium_severity
5421 ··-·no_reboot_needed5421 ··-·no_reboot_needed
5422 Remediation_Shell_script_⇲5422 Remediation_Shell_script_⇲
5423 Complexity:·low5423 Complexity:·low
5424 Disruption:·low5424 Disruption:·low
5425 Strategy:···configure5425 Strategy:···configure
5426 #·Remediation·is·applicable·only·in·certain·platforms5426 #·Remediation·is·applicable·only·in·certain·platforms
5427 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then5427 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
5428 chgrp·0·/boot/efi/EFI/redhat/grub.cfg5428 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
5429 else5429 else
5430 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5430 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5431 fi5431 fi
5432 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***5432 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***
Offset 5461, 16 lines modifiedOffset 5461, 16 lines modified
5461 ··-·no_reboot_needed5461 ··-·no_reboot_needed
  
5462 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg5462 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
5463 ··stat:5463 ··stat:
5464 ····path:·/boot/efi/EFI/redhat/user.cfg5464 ····path:·/boot/efi/EFI/redhat/user.cfg
5465 ··register:·file_exists5465 ··register:·file_exists
5466 ··when:5466 ··when:
5467 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5468 ··-·'"grub2-common"·in·ansible_facts.packages'5467 ··-·'"grub2-common"·in·ansible_facts.packages'
 5468 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5469 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5469 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5470 ··tags:5470 ··tags:
5471 ··-·CCE-86011-45471 ··-·CCE-86011-4
5472 ··-·CJIS-5.5.2.25472 ··-·CJIS-5.5.2.2
5473 ··-·NIST-800-171-3.4.55473 ··-·NIST-800-171-3.4.5
5474 ··-·NIST-800-53-AC-6(1)5474 ··-·NIST-800-53-AC-6(1)
5475 ··-·NIST-800-53-CM-6(a)5475 ··-·NIST-800-53-CM-6(a)
Offset 5483, 16 lines modifiedOffset 5483, 16 lines modified
5483 ··-·no_reboot_needed5483 ··-·no_reboot_needed
  
5484 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg5484 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
5485 ··file:5485 ··file:
5486 ····path:·/boot/efi/EFI/redhat/user.cfg5486 ····path:·/boot/efi/EFI/redhat/user.cfg
5487 ····group:·'0'5487 ····group:·'0'
5488 ··when:5488 ··when:
5489 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5490 ··-·'"grub2-common"·in·ansible_facts.packages'5489 ··-·'"grub2-common"·in·ansible_facts.packages'
 5490 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5491 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5491 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5492 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5492 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5493 ··tags:5493 ··tags:
5494 ··-·CCE-86011-45494 ··-·CCE-86011-4
5495 ··-·CJIS-5.5.2.25495 ··-·CJIS-5.5.2.2
5496 ··-·NIST-800-171-3.4.55496 ··-·NIST-800-171-3.4.5
5497 ··-·NIST-800-53-AC-6(1)5497 ··-·NIST-800-53-AC-6(1)
Offset 5505, 15 lines modifiedOffset 5505, 15 lines modified
5505 ··-·medium_severity5505 ··-·medium_severity
5506 ··-·no_reboot_needed5506 ··-·no_reboot_needed
5507 Remediation_Shell_script_⇲5507 Remediation_Shell_script_⇲
5508 Complexity:·low5508 Complexity:·low
5509 Disruption:·low5509 Disruption:·low
5510 Strategy:···configure5510 Strategy:···configure
5511 #·Remediation·is·applicable·only·in·certain·platforms5511 #·Remediation·is·applicable·only·in·certain·platforms
5512 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then5512 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
5513 chgrp·0·/boot/efi/EFI/redhat/user.cfg5513 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
5514 else5514 else
5515 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5515 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5516 fi5516 fi
5517 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***5517 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***
Offset 5546, 16 lines modifiedOffset 5546, 16 lines modified
5546 ··-·no_reboot_needed5546 ··-·no_reboot_needed
  
5547 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg5547 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
5548 ··stat:5548 ··stat:
5549 ····path:·/boot/efi/EFI/redhat/grub.cfg5549 ····path:·/boot/efi/EFI/redhat/grub.cfg
5550 ··register:·file_exists5550 ··register:·file_exists
5551 ··when:5551 ··when:
5552 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5553 ··-·'"grub2-common"·in·ansible_facts.packages'5552 ··-·'"grub2-common"·in·ansible_facts.packages'
 5553 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5555 ··tags:5555 ··tags:
5556 ··-·CCE-83429-15556 ··-·CCE-83429-1
5557 ··-·CJIS-5.5.2.25557 ··-·CJIS-5.5.2.2
5558 ··-·NIST-800-171-3.4.55558 ··-·NIST-800-171-3.4.5
5559 ··-·NIST-800-53-AC-6(1)5559 ··-·NIST-800-53-AC-6(1)
5560 ··-·NIST-800-53-CM-6(a)5560 ··-·NIST-800-53-CM-6(a)
Offset 5568, 16 lines modifiedOffset 5568, 16 lines modified
5568 ··-·no_reboot_needed5568 ··-·no_reboot_needed
  
5569 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg5569 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
5570 ··file:5570 ··file:
5571 ····path:·/boot/efi/EFI/redhat/grub.cfg5571 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 6741/11206 bytes (60.16%) of diff not shown.
45.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis_workstation_l1.html
    
Offset 52917, 22 lines modifiedOffset 52917, 22 lines modified
000ceb40:·6365·202f·626f·6f74·2f65·6669·2f45·4649··ce·/boot/efi/EFI000ceb40:·6365·202f·626f·6f74·2f65·6669·2f45·4649··ce·/boot/efi/EFI
000ceb50:·2f72·6564·6861·742f·6772·7562·2e63·6667··/redhat/grub.cfg000ceb50:·2f72·6564·6861·742f·6772·7562·2e63·6667··/redhat/grub.cfg
000ceb60:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat000ceb60:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat
000ceb70:·683a·202f·626f·6f74·2f65·6669·2f45·4649··h:·/boot/efi/EFI000ceb70:·683a·202f·626f·6f74·2f65·6669·2f45·4649··h:·/boot/efi/EFI
000ceb80:·2f72·6564·6861·742f·6772·7562·2e63·6667··/redhat/grub.cfg000ceb80:·2f72·6564·6861·742f·6772·7562·2e63·6667··/redhat/grub.cfg
000ceb90:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil000ceb90:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
000ceba0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:000ceba0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
000cebb0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000cebc0:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou 
000cebd0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000cebe0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
000cebf0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2000cebb0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
000cec00:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi000cebc0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
000cec10:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000cebd0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000cebe0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000cebf0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000cec00:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000cec10:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
000cec20:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000cec20:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
000cec30:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t000cec30:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
000cec40:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc000cec40:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
000cec50:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op000cec50:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
000cec60:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",000cec60:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
000cec70:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000cec70:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
000cec80:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83000cec80:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83
000cec90:·3433·302d·390a·2020·2d20·434a·4953·2d35··430-9.··-·CJIS-5000cec90:·3433·302d·390a·2020·2d20·434a·4953·2d35··430-9.··-·CJIS-5
Offset 52955, 22 lines modifiedOffset 52955, 22 lines modified
000ceda0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot000ceda0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
000cedb0:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/000cedb0:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/
000cedc0:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:000cedc0:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:
000cedd0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000cedd0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000cede0:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/000cede0:·2f65·6669·2f45·4649·2f72·6564·6861·742f··/efi/EFI/redhat/
000cedf0:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro000cedf0:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro
000cee00:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.000cee00:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
000cee10:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000cee20:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000cee30:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000cee40:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000cee50:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000cee10:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000cee60:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000cee20:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000cee70:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000cee30:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000cee40:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000cee50:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000cee60:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000cee70:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000cee80:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000cee80:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000cee90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000cee90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000ceea0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000ceea0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000ceeb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000ceeb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000ceec0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000ceec0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000ceed0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-000ceed0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
000ceee0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta000ceee0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
000ceef0:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and000ceef0:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 53021, 19 lines modifiedOffset 53021, 19 lines modified
000cf1c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat000cf1c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
000cf1d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con000cf1d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con
000cf1e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>000cf1e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>
000cf1f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co000cf1f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
000cf200:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation000cf200:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
000cf210:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o000cf210:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
000cf220:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p000cf220:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
000cf230:·6c61·7466·6f72·6d73·0a69·6620·5b20·2d66··latforms.if·[·-f000cf230:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
000cf240:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e 
000cf250:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;· 
000cf260:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g000cf240:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2
000cf270:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp000cf250:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am
 000cf260:·703b·205b·202d·6620·2f73·7973·2f66·6972··p;·[·-f·/sys/fir
 000cf270:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
000cf280:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·000cf280:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
000cf290:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a000cf290:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000cf2a0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000cf2a0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000cf2b0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000cf2b0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
000cf2c0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c000cf2c0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
000cf2d0:·6867·7270·2030·202f·626f·6f74·2f65·6669··hgrp·0·/boot/efi000cf2d0:·6867·7270·2030·202f·626f·6f74·2f65·6669··hgrp·0·/boot/efi
000cf2e0:·2f45·4649·2f72·6564·6861·742f·6772·7562··/EFI/redhat/grub000cf2e0:·2f45·4649·2f72·6564·6861·742f·6772·7562··/EFI/redhat/grub
Offset 53463, 22 lines modifiedOffset 53463, 22 lines modified
000d0d60:·6973·7465·6e63·6520·2f62·6f6f·742f·6566··istence·/boot/ef000d0d60:·6973·7465·6e63·6520·2f62·6f6f·742f·6566··istence·/boot/ef
000d0d70:·692f·4546·492f·7265·6468·6174·2f75·7365··i/EFI/redhat/use000d0d70:·692f·4546·492f·7265·6468·6174·2f75·7365··i/EFI/redhat/use
000d0d80:·722e·6366·670a·2020·7374·6174·3a0a·2020··r.cfg.··stat:.··000d0d80:·722e·6366·670a·2020·7374·6174·3a0a·2020··r.cfg.··stat:.··
000d0d90:·2020·7061·7468·3a20·2f62·6f6f·742f·6566····path:·/boot/ef000d0d90:·2020·7061·7468·3a20·2f62·6f6f·742f·6566····path:·/boot/ef
000d0da0:·692f·4546·492f·7265·6468·6174·2f75·7365··i/EFI/redhat/use000d0da0:·692f·4546·492f·7265·6468·6174·2f75·7365··i/EFI/redhat/use
000d0db0:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register000d0db0:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register
000d0dc0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000d0dc0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000d0dd0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo000d0dd0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
000d0de0:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl 
000d0df0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000d0e00:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000d0e10:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000d0e20:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in000d0de0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
000d0e30:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p000d0df0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000d0e40:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000d0e00:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 000d0e10:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible
 000d0e20:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000d0e30:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000d0e40:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000d0e50:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000d0e50:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000d0e60:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000d0e60:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000d0e70:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000d0e70:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000d0e80:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000d0e80:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000d0e90:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000d0e90:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000d0ea0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C000d0ea0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
000d0eb0:·4345·2d38·3630·3131·2d34·0a20·202d·2043··CE-86011-4.··-·C000d0eb0:·4345·2d38·3630·3131·2d34·0a20·202d·2043··CE-86011-4.··-·C
Offset 53501, 22 lines modifiedOffset 53501, 22 lines modified
000d0fc0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000d0fc0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000d0fd0:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red000d0fd0:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red
000d0fe0:·6861·742f·7573·6572·2e63·6667·0a20·2066··hat/user.cfg.··f000d0fe0:·6861·742f·7573·6572·2e63·6667·0a20·2066··hat/user.cfg.··f
000d0ff0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000d0ff0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000d1000:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red000d1000:·626f·6f74·2f65·6669·2f45·4649·2f72·6564··boot/efi/EFI/red
000d1010:·6861·742f·7573·6572·2e63·6667·0a20·2020··hat/user.cfg.···000d1010:·6861·742f·7573·6572·2e63·6667·0a20·2020··hat/user.cfg.···
000d1020:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh000d1020:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
000d1030:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000d1030:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000d1040:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
000d1050:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000d1060:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000d1070:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000d1080:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a000d1040:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
000d1090:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000d1050:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000d1060:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000d1070:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 000d1080:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 000d1090:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
000d10a0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000d10a0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
000d10b0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio000d10b0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
000d10c0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["000d10c0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
000d10d0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·000d10d0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
000d10e0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma000d10e0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
000d10f0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000d10f0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
Max diff block lines reached; 24833/34830 bytes (71.30%) of diff not shown.
11.0 KB
html2text {}
    
Offset 5375, 16 lines modifiedOffset 5375, 16 lines modified
5375 ··-·no_reboot_needed5375 ··-·no_reboot_needed
  
5376 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg5376 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
5377 ··stat:5377 ··stat:
5378 ····path:·/boot/efi/EFI/redhat/grub.cfg5378 ····path:·/boot/efi/EFI/redhat/grub.cfg
5379 ··register:·file_exists5379 ··register:·file_exists
5380 ··when:5380 ··when:
5381 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5382 ··-·'"grub2-common"·in·ansible_facts.packages'5381 ··-·'"grub2-common"·in·ansible_facts.packages'
 5382 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5383 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5383 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5384 ··tags:5384 ··tags:
5385 ··-·CCE-83430-95385 ··-·CCE-83430-9
5386 ··-·CJIS-5.5.2.25386 ··-·CJIS-5.5.2.2
5387 ··-·NIST-800-171-3.4.55387 ··-·NIST-800-171-3.4.5
5388 ··-·NIST-800-53-AC-6(1)5388 ··-·NIST-800-53-AC-6(1)
5389 ··-·NIST-800-53-CM-6(a)5389 ··-·NIST-800-53-CM-6(a)
Offset 5397, 16 lines modifiedOffset 5397, 16 lines modified
5397 ··-·no_reboot_needed5397 ··-·no_reboot_needed
  
5398 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg5398 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
5399 ··file:5399 ··file:
5400 ····path:·/boot/efi/EFI/redhat/grub.cfg5400 ····path:·/boot/efi/EFI/redhat/grub.cfg
5401 ····group:·'0'5401 ····group:·'0'
5402 ··when:5402 ··when:
5403 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5404 ··-·'"grub2-common"·in·ansible_facts.packages'5403 ··-·'"grub2-common"·in·ansible_facts.packages'
 5404 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5405 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5405 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5406 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5406 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5407 ··tags:5407 ··tags:
5408 ··-·CCE-83430-95408 ··-·CCE-83430-9
5409 ··-·CJIS-5.5.2.25409 ··-·CJIS-5.5.2.2
5410 ··-·NIST-800-171-3.4.55410 ··-·NIST-800-171-3.4.5
5411 ··-·NIST-800-53-AC-6(1)5411 ··-·NIST-800-53-AC-6(1)
Offset 5419, 15 lines modifiedOffset 5419, 15 lines modified
5419 ··-·medium_severity5419 ··-·medium_severity
5420 ··-·no_reboot_needed5420 ··-·no_reboot_needed
5421 Remediation_Shell_script_⇲5421 Remediation_Shell_script_⇲
5422 Complexity:·low5422 Complexity:·low
5423 Disruption:·low5423 Disruption:·low
5424 Strategy:···configure5424 Strategy:···configure
5425 #·Remediation·is·applicable·only·in·certain·platforms5425 #·Remediation·is·applicable·only·in·certain·platforms
5426 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then5426 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
5427 chgrp·0·/boot/efi/EFI/redhat/grub.cfg5427 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
5428 else5428 else
5429 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5429 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5430 fi5430 fi
5431 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***5431 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***
Offset 5460, 16 lines modifiedOffset 5460, 16 lines modified
5460 ··-·no_reboot_needed5460 ··-·no_reboot_needed
  
5461 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg5461 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
5462 ··stat:5462 ··stat:
5463 ····path:·/boot/efi/EFI/redhat/user.cfg5463 ····path:·/boot/efi/EFI/redhat/user.cfg
5464 ··register:·file_exists5464 ··register:·file_exists
5465 ··when:5465 ··when:
5466 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5467 ··-·'"grub2-common"·in·ansible_facts.packages'5466 ··-·'"grub2-common"·in·ansible_facts.packages'
 5467 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5468 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5468 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5469 ··tags:5469 ··tags:
5470 ··-·CCE-86011-45470 ··-·CCE-86011-4
5471 ··-·CJIS-5.5.2.25471 ··-·CJIS-5.5.2.2
5472 ··-·NIST-800-171-3.4.55472 ··-·NIST-800-171-3.4.5
5473 ··-·NIST-800-53-AC-6(1)5473 ··-·NIST-800-53-AC-6(1)
5474 ··-·NIST-800-53-CM-6(a)5474 ··-·NIST-800-53-CM-6(a)
Offset 5482, 16 lines modifiedOffset 5482, 16 lines modified
5482 ··-·no_reboot_needed5482 ··-·no_reboot_needed
  
5483 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg5483 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
5484 ··file:5484 ··file:
5485 ····path:·/boot/efi/EFI/redhat/user.cfg5485 ····path:·/boot/efi/EFI/redhat/user.cfg
5486 ····group:·'0'5486 ····group:·'0'
5487 ··when:5487 ··when:
5488 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5489 ··-·'"grub2-common"·in·ansible_facts.packages'5488 ··-·'"grub2-common"·in·ansible_facts.packages'
 5489 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5490 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5490 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5491 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5491 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5492 ··tags:5492 ··tags:
5493 ··-·CCE-86011-45493 ··-·CCE-86011-4
5494 ··-·CJIS-5.5.2.25494 ··-·CJIS-5.5.2.2
5495 ··-·NIST-800-171-3.4.55495 ··-·NIST-800-171-3.4.5
5496 ··-·NIST-800-53-AC-6(1)5496 ··-·NIST-800-53-AC-6(1)
Offset 5504, 15 lines modifiedOffset 5504, 15 lines modified
5504 ··-·medium_severity5504 ··-·medium_severity
5505 ··-·no_reboot_needed5505 ··-·no_reboot_needed
5506 Remediation_Shell_script_⇲5506 Remediation_Shell_script_⇲
5507 Complexity:·low5507 Complexity:·low
5508 Disruption:·low5508 Disruption:·low
5509 Strategy:···configure5509 Strategy:···configure
5510 #·Remediation·is·applicable·only·in·certain·platforms5510 #·Remediation·is·applicable·only·in·certain·platforms
5511 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then5511 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
5512 chgrp·0·/boot/efi/EFI/redhat/user.cfg5512 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
5513 else5513 else
5514 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5514 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5515 fi5515 fi
5516 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***5516 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***
Offset 5545, 16 lines modifiedOffset 5545, 16 lines modified
5545 ··-·no_reboot_needed5545 ··-·no_reboot_needed
  
5546 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg5546 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
5547 ··stat:5547 ··stat:
5548 ····path:·/boot/efi/EFI/redhat/grub.cfg5548 ····path:·/boot/efi/EFI/redhat/grub.cfg
5549 ··register:·file_exists5549 ··register:·file_exists
5550 ··when:5550 ··when:
5551 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5552 ··-·'"grub2-common"·in·ansible_facts.packages'5551 ··-·'"grub2-common"·in·ansible_facts.packages'
 5552 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5553 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5553 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5554 ··tags:5554 ··tags:
5555 ··-·CCE-83429-15555 ··-·CCE-83429-1
5556 ··-·CJIS-5.5.2.25556 ··-·CJIS-5.5.2.2
5557 ··-·NIST-800-171-3.4.55557 ··-·NIST-800-171-3.4.5
5558 ··-·NIST-800-53-AC-6(1)5558 ··-·NIST-800-53-AC-6(1)
5559 ··-·NIST-800-53-CM-6(a)5559 ··-·NIST-800-53-CM-6(a)
Offset 5567, 16 lines modifiedOffset 5567, 16 lines modified
5567 ··-·no_reboot_needed5567 ··-·no_reboot_needed
  
5568 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg5568 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
5569 ··file:5569 ··file:
5570 ····path:·/boot/efi/EFI/redhat/grub.cfg5570 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 6741/11206 bytes (60.16%) of diff not shown.
45.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis_workstation_l2.html
    
Offset 176702, 22 lines modifiedOffset 176702, 22 lines modified
002b23d0:·6973·7465·6e63·6520·2f62·6f6f·742f·6566··istence·/boot/ef002b23d0:·6973·7465·6e63·6520·2f62·6f6f·742f·6566··istence·/boot/ef
002b23e0:·692f·4546·492f·7265·6468·6174·2f67·7275··i/EFI/redhat/gru002b23e0:·692f·4546·492f·7265·6468·6174·2f67·7275··i/EFI/redhat/gru
002b23f0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002b23f0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002b2400:·2020·7061·7468·3a20·2f62·6f6f·742f·6566····path:·/boot/ef002b2400:·2020·7061·7468·3a20·2f62·6f6f·742f·6566····path:·/boot/ef
002b2410:·692f·4546·492f·7265·6468·6174·2f67·7275··i/EFI/redhat/gru002b2410:·692f·4546·492f·7265·6468·6174·2f67·7275··i/EFI/redhat/gru
002b2420:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register002b2420:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
002b2430:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002b2430:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002b2440:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002b2440:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002b2450:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl 
002b2460:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002b2470:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002b2480:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002b2490:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in002b2450:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
002b24a0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p002b2460:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
002b24b0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans002b2470:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002b2480:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible
 002b2490:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 002b24a0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 002b24b0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
002b24c0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat002b24c0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
002b24d0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·002b24d0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
002b24e0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"002b24e0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
002b24f0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod002b24f0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
002b2500:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container002b2500:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
002b2510:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C002b2510:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
002b2520:·4345·2d38·3334·3330·2d39·0a20·202d·2043··CE-83430-9.··-·C002b2520:·4345·2d38·3334·3330·2d39·0a20·202d·2043··CE-83430-9.··-·C
Offset 176740, 22 lines modifiedOffset 176740, 22 lines modified
002b2630:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·002b2630:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
002b2640:·2f62·6f6f·742f·6566·692f·4546·492f·7265··/boot/efi/EFI/re002b2640:·2f62·6f6f·742f·6566·692f·4546·492f·7265··/boot/efi/EFI/re
002b2650:·6468·6174·2f67·7275·622e·6366·670a·2020··dhat/grub.cfg.··002b2650:·6468·6174·2f67·7275·622e·6366·670a·2020··dhat/grub.cfg.··
002b2660:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·002b2660:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
002b2670:·2f62·6f6f·742f·6566·692f·4546·492f·7265··/boot/efi/EFI/re002b2670:·2f62·6f6f·742f·6566·692f·4546·492f·7265··/boot/efi/EFI/re
002b2680:·6468·6174·2f67·7275·622e·6366·670a·2020··dhat/grub.cfg.··002b2680:·6468·6174·2f67·7275·622e·6366·670a·2020··dhat/grub.cfg.··
002b2690:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w002b2690:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w
002b26a0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002b26a0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002b26b0:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible 
002b26c0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
002b26d0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
002b26e0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
002b26f0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·002b26b0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
002b2700:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa002b26c0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002b26d0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002b26e0:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_
 002b26f0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002b2700:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
002b2710:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi002b2710:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
002b2720:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002b2720:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002b2730:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002b2730:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002b2740:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002b2740:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002b2750:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002b2750:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002b2760:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002b2760:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002b2770:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist002b2770:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
002b2780:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define002b2780:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 176807, 18 lines modifiedOffset 176807, 18 lines modified
002b2a60:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t002b2a60:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
002b2a70:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>002b2a70:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>
002b2a80:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr002b2a80:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
002b2a90:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi002b2a90:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
002b2aa0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica002b2aa0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
002b2ab0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert002b2ab0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
002b2ac0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if002b2ac0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
002b2ad0:·205b·202d·6620·2f73·7973·2f66·6972·6d77···[·-f·/sys/firmw 
002b2ae0:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
002b2af0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet002b2ad0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
002b2b00:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common002b2ae0:·6772·7562·322d·636f·6d6d·6f6e·2026·616d··grub2-common·&am
 002b2af0:·703b·2661·6d70·3b20·5b20·2d66·202f·7379··p;&amp;·[·-f·/sy
 002b2b00:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
002b2b10:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·002b2b10:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
002b2b20:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv002b2b20:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
002b2b30:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·002b2b30:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
002b2b40:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta002b2b40:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
002b2b50:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th002b2b50:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
002b2b60:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo002b2b60:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
002b2b70:·742f·6566·692f·4546·492f·7265·6468·6174··t/efi/EFI/redhat002b2b70:·742f·6566·692f·4546·492f·7265·6468·6174··t/efi/EFI/redhat
Offset 177249, 21 lines modifiedOffset 177249, 21 lines modified
002b4600:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha002b4600:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha
002b4610:·742f·7573·6572·2e63·6667·0a20·2073·7461··t/user.cfg.··sta002b4610:·742f·7573·6572·2e63·6667·0a20·2073·7461··t/user.cfg.··sta
002b4620:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002b4620:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002b4630:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha002b4630:·6f74·2f65·6669·2f45·4649·2f72·6564·6861··ot/efi/EFI/redha
002b4640:·742f·7573·6572·2e63·6667·0a20·2072·6567··t/user.cfg.··reg002b4640:·742f·7573·6572·2e63·6667·0a20·2072·6567··t/user.cfg.··reg
002b4650:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis002b4650:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
002b4660:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'002b4660:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
002b4670:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
002b4680:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
002b4690:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
002b46a0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
002b46b0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo002b4670:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
002b46c0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa002b4680:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
002b46d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··002b4690:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 002b46a0:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 002b46b0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 002b46c0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 002b46d0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
002b46e0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua002b46e0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
002b46f0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no002b46f0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
002b4700:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·002b4700:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
002b4710:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",002b4710:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
002b4720:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont002b4720:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
002b4730:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.002b4730:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
002b4740:·2020·2d20·4343·452d·3836·3031·312d·340a····-·CCE-86011-4.002b4740:·2020·2d20·4343·452d·3836·3031·312d·340a····-·CCE-86011-4.
Offset 177286, 22 lines modifiedOffset 177286, 22 lines modified
002b4850:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0002b4850:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
002b4860:·206f·6e20·2f62·6f6f·742f·6566·692f·4546···on·/boot/efi/EF002b4860:·206f·6e20·2f62·6f6f·742f·6566·692f·4546···on·/boot/efi/EF
002b4870:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf002b4870:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf
002b4880:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa002b4880:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
002b4890:·7468·3a20·2f62·6f6f·742f·6566·692f·4546··th:·/boot/efi/EF002b4890:·7468·3a20·2f62·6f6f·742f·6566·692f·4546··th:·/boot/efi/EF
002b48a0:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf002b48a0:·492f·7265·6468·6174·2f75·7365·722e·6366··I/redhat/user.cf
002b48b0:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'002b48b0:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'
002b48c0:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/002b48c0:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
002b48d0:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans 
002b48e0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002b48f0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002b4900:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002b4910:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"002b48d0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
002b4920:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact002b48e0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
002b4930:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002b48f0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 002b4900:·6f6f·742f·6566·6922·2069·6e20·616e·7369··oot/efi"·in·ansi
 002b4910:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002b4920:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002b4930:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002b4940:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002b4940:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002b4950:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002b4950:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002b4960:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002b4960:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002b4970:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002b4970:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002b4980:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002b4980:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002b4990:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e002b4990:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e
002b49a0:·7869·7374·732e·7374·6174·2069·7320·6465··xists.stat·is·de002b49a0:·7869·7374·732e·7374·6174·2069·7320·6465··xists.stat·is·de
Max diff block lines reached; 24900/34728 bytes (71.70%) of diff not shown.
11.0 KB
html2text {}
    
Offset 37082, 16 lines modifiedOffset 37082, 16 lines modified
37082 ··-·no_reboot_needed37082 ··-·no_reboot_needed
  
37083 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg37083 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
37084 ··stat:37084 ··stat:
37085 ····path:·/boot/efi/EFI/redhat/grub.cfg37085 ····path:·/boot/efi/EFI/redhat/grub.cfg
37086 ··register:·file_exists37086 ··register:·file_exists
37087 ··when:37087 ··when:
37088 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37089 ··-·'"grub2-common"·in·ansible_facts.packages'37088 ··-·'"grub2-common"·in·ansible_facts.packages'
 37089 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37091 ··tags:37091 ··tags:
37092 ··-·CCE-83430-937092 ··-·CCE-83430-9
37093 ··-·CJIS-5.5.2.237093 ··-·CJIS-5.5.2.2
37094 ··-·NIST-800-171-3.4.537094 ··-·NIST-800-171-3.4.5
37095 ··-·NIST-800-53-AC-6(1)37095 ··-·NIST-800-53-AC-6(1)
37096 ··-·NIST-800-53-CM-6(a)37096 ··-·NIST-800-53-CM-6(a)
Offset 37104, 16 lines modifiedOffset 37104, 16 lines modified
37104 ··-·no_reboot_needed37104 ··-·no_reboot_needed
  
37105 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg37105 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
37106 ··file:37106 ··file:
37107 ····path:·/boot/efi/EFI/redhat/grub.cfg37107 ····path:·/boot/efi/EFI/redhat/grub.cfg
37108 ····group:·'0'37108 ····group:·'0'
37109 ··when:37109 ··when:
37110 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37111 ··-·'"grub2-common"·in·ansible_facts.packages'37110 ··-·'"grub2-common"·in·ansible_facts.packages'
 37111 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37113 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists37113 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
37114 ··tags:37114 ··tags:
37115 ··-·CCE-83430-937115 ··-·CCE-83430-9
37116 ··-·CJIS-5.5.2.237116 ··-·CJIS-5.5.2.2
37117 ··-·NIST-800-171-3.4.537117 ··-·NIST-800-171-3.4.5
37118 ··-·NIST-800-53-AC-6(1)37118 ··-·NIST-800-53-AC-6(1)
Offset 37126, 15 lines modifiedOffset 37126, 15 lines modified
37126 ··-·medium_severity37126 ··-·medium_severity
37127 ··-·no_reboot_needed37127 ··-·no_reboot_needed
37128 Remediation_Shell_script_⇲37128 Remediation_Shell_script_⇲
37129 Complexity:·low37129 Complexity:·low
37130 Disruption:·low37130 Disruption:·low
37131 Strategy:···configure37131 Strategy:···configure
37132 #·Remediation·is·applicable·only·in·certain·platforms37132 #·Remediation·is·applicable·only·in·certain·platforms
37133 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then37133 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
37134 chgrp·0·/boot/efi/EFI/redhat/grub.cfg37134 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
37135 else37135 else
37136 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'37136 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
37137 fi37137 fi
37138 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***37138 ***·Rule  ·Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership·  [ref]·***
Offset 37167, 16 lines modifiedOffset 37167, 16 lines modified
37167 ··-·no_reboot_needed37167 ··-·no_reboot_needed
  
37168 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg37168 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
37169 ··stat:37169 ··stat:
37170 ····path:·/boot/efi/EFI/redhat/user.cfg37170 ····path:·/boot/efi/EFI/redhat/user.cfg
37171 ··register:·file_exists37171 ··register:·file_exists
37172 ··when:37172 ··when:
37173 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37174 ··-·'"grub2-common"·in·ansible_facts.packages'37173 ··-·'"grub2-common"·in·ansible_facts.packages'
 37174 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37175 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37175 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37176 ··tags:37176 ··tags:
37177 ··-·CCE-86011-437177 ··-·CCE-86011-4
37178 ··-·CJIS-5.5.2.237178 ··-·CJIS-5.5.2.2
37179 ··-·NIST-800-171-3.4.537179 ··-·NIST-800-171-3.4.5
37180 ··-·NIST-800-53-AC-6(1)37180 ··-·NIST-800-53-AC-6(1)
37181 ··-·NIST-800-53-CM-6(a)37181 ··-·NIST-800-53-CM-6(a)
Offset 37189, 16 lines modifiedOffset 37189, 16 lines modified
37189 ··-·no_reboot_needed37189 ··-·no_reboot_needed
  
37190 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg37190 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
37191 ··file:37191 ··file:
37192 ····path:·/boot/efi/EFI/redhat/user.cfg37192 ····path:·/boot/efi/EFI/redhat/user.cfg
37193 ····group:·'0'37193 ····group:·'0'
37194 ··when:37194 ··when:
37195 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37196 ··-·'"grub2-common"·in·ansible_facts.packages'37195 ··-·'"grub2-common"·in·ansible_facts.packages'
 37196 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37197 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37197 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37198 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists37198 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
37199 ··tags:37199 ··tags:
37200 ··-·CCE-86011-437200 ··-·CCE-86011-4
37201 ··-·CJIS-5.5.2.237201 ··-·CJIS-5.5.2.2
37202 ··-·NIST-800-171-3.4.537202 ··-·NIST-800-171-3.4.5
37203 ··-·NIST-800-53-AC-6(1)37203 ··-·NIST-800-53-AC-6(1)
Offset 37211, 15 lines modifiedOffset 37211, 15 lines modified
37211 ··-·medium_severity37211 ··-·medium_severity
37212 ··-·no_reboot_needed37212 ··-·no_reboot_needed
37213 Remediation_Shell_script_⇲37213 Remediation_Shell_script_⇲
37214 Complexity:·low37214 Complexity:·low
37215 Disruption:·low37215 Disruption:·low
37216 Strategy:···configure37216 Strategy:···configure
37217 #·Remediation·is·applicable·only·in·certain·platforms37217 #·Remediation·is·applicable·only·in·certain·platforms
37218 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then37218 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
37219 chgrp·0·/boot/efi/EFI/redhat/user.cfg37219 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
37220 else37220 else
37221 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'37221 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
37222 fi37222 fi
37223 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***37223 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·User·Ownership·  [ref]·***
Offset 37252, 16 lines modifiedOffset 37252, 16 lines modified
37252 ··-·no_reboot_needed37252 ··-·no_reboot_needed
  
37253 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg37253 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
37254 ··stat:37254 ··stat:
37255 ····path:·/boot/efi/EFI/redhat/grub.cfg37255 ····path:·/boot/efi/EFI/redhat/grub.cfg
37256 ··register:·file_exists37256 ··register:·file_exists
37257 ··when:37257 ··when:
37258 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
37259 ··-·'"grub2-common"·in·ansible_facts.packages'37258 ··-·'"grub2-common"·in·ansible_facts.packages'
 37259 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
37260 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37260 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
37261 ··tags:37261 ··tags:
37262 ··-·CCE-83429-137262 ··-·CCE-83429-1
37263 ··-·CJIS-5.5.2.237263 ··-·CJIS-5.5.2.2
37264 ··-·NIST-800-171-3.4.537264 ··-·NIST-800-171-3.4.5
37265 ··-·NIST-800-53-AC-6(1)37265 ··-·NIST-800-53-AC-6(1)
37266 ··-·NIST-800-53-CM-6(a)37266 ··-·NIST-800-53-CM-6(a)
Offset 37274, 16 lines modifiedOffset 37274, 16 lines modified
37274 ··-·no_reboot_needed37274 ··-·no_reboot_needed
  
37275 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg37275 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
37276 ··file:37276 ··file:
37277 ····path:·/boot/efi/EFI/redhat/grub.cfg37277 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 6761/11242 bytes (60.14%) of diff not shown.
5.37 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-stig.html
    
Offset 287661, 23 lines modifiedOffset 287661, 23 lines modified
00463ac0:·6573·7472·6963·7469·6f6e·735c·732a·3d5c··estrictions\s*=\00463ac0:·6573·7472·6963·7469·6f6e·735c·732a·3d5c··estrictions\s*=\
00463ad0:·732a·0a20·2020·2020·206c·696e·653a·2073··s*.······line:·s00463ad0:·732a·0a20·2020·2020·206c·696e·653a·2073··s*.······line:·s
00463ae0:·6d74·7064·5f63·6c69·656e·745f·7265·7374··mtpd_client_rest00463ae0:·6d74·7064·5f63·6c69·656e·745f·7265·7374··mtpd_client_rest
00463af0:·7269·6374·696f·6e73·203d·2070·6572·6d69··rictions·=·permi00463af0:·7269·6374·696f·6e73·203d·2070·6572·6d69··rictions·=·permi
00463b00:·745f·6d79·6e65·7477·6f72·6b73·2c72·656a··t_mynetworks,rej00463b00:·745f·6d79·6e65·7477·6f72·6b73·2c72·656a··t_mynetworks,rej
00463b10:·6563·740a·2020·2020·2020·7374·6174·653a··ect.······state:00463b10:·6563·740a·2020·2020·2020·7374·6174·653a··ect.······state:
00463b20:·2070·7265·7365·6e74·0a20·2077·6865·6e3a···present.··when:00463b20:·2070·7265·7365·6e74·0a20·2077·6865·6e3a···present.··when:
00463b30:·0a20·202d·2027·2270·6f73·7466·6978·2220··.··-·'"postfix"· 
00463b40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00463b50:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
00463b60:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
00463b70:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
00463b80:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
00463b90:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
00463ba0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain00463b30:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 00463b40:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 00463b50:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 00463b60:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 00463b70:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 00463b80:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·'
 00463b90:·2270·6f73·7466·6978·2220·696e·2061·6e73··"postfix"·in·ans
 00463ba0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
00463bb0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-00463bb0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-
00463bc0:·2043·4345·2d38·3035·3132·2d37·0a20·202d···CCE-80512-7.··-00463bc0:·2043·4345·2d38·3035·3132·2d37·0a20·202d···CCE-80512-7.··-
00463bd0:·2044·4953·412d·5354·4947·2d52·4845·4c2d···DISA-STIG-RHEL-00463bd0:·2044·4953·412d·5354·4947·2d52·4845·4c2d···DISA-STIG-RHEL-
00463be0:·3037·2d30·3430·3638·300a·2020·2d20·6c6f··07-040680.··-·lo00463be0:·3037·2d30·3430·3638·300a·2020·2d20·6c6f··07-040680.··-·lo
00463bf0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-00463bf0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
00463c00:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.00463c00:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
00463c10:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever00463c10:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
00463c20:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo00463c20:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
Offset 287702, 21 lines modifiedOffset 287702, 21 lines modified
00463d50:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c00463d50:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
00463d60:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse00463d60:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
00463d70:·2220·6964·3d22·6964·6d37·3237·3733·223e··"·id="idm72773">00463d70:·2220·6964·3d22·6964·6d37·3237·3733·223e··"·id="idm72773">
00463d80:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem00463d80:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
00463d90:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl00463d90:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
00463da0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c00463da0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
00463db0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms00463db0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
00463dc0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet· 
00463dd0:·2d71·2070·6f73·7466·6978·2026·616d·703b··-q·postfix·&amp; 
00463de0:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d00463dc0:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc
00463df0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;00463dd0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
00463e00:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru00463de0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
00463e10:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·00463df0:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·
 00463e00:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·-
 00463e10:·2d71·7569·6574·202d·7120·706f·7374·6669··-quiet·-q·postfi
00463e20:·5d3b·2074·6865·6e0a·0a69·6620·2120·6772··];·then..if·!·gr00463e20:·783b·2074·6865·6e0a·0a69·6620·2120·6772··x;·then..if·!·gr
00463e30:·6570·202d·7120·5e73·6d74·7064·5f63·6c69··ep·-q·^smtpd_cli00463e30:·6570·202d·7120·5e73·6d74·7064·5f63·6c69··ep·-q·^smtpd_cli
00463e40:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions00463e40:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions
00463e50:·202f·6574·632f·706f·7374·6669·782f·6d61···/etc/postfix/ma00463e50:·202f·6574·632f·706f·7374·6669·782f·6d61···/etc/postfix/ma
00463e60:·696e·2e63·663b·2074·6865·6e0a·0965·6368··in.cf;·then..ech00463e60:·696e·2e63·663b·2074·6865·6e0a·0965·6368··in.cf;·then..ech
00463e70:·6f20·2273·6d74·7064·5f63·6c69·656e·745f··o·"smtpd_client_00463e70:·6f20·2273·6d74·7064·5f63·6c69·656e·745f··o·"smtpd_client_
00463e80:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p00463e80:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p
00463e90:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks00463e90:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks
1.17 KB
html2text {}
    
Offset 58184, 28 lines modifiedOffset 58184, 28 lines modified
58184 ····lineinfile:58184 ····lineinfile:
58185 ······path:·/etc/postfix/main.cf58185 ······path:·/etc/postfix/main.cf
58186 ······create:·true58186 ······create:·true
58187 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*58187 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
58188 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject58188 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
58189 ······state:·present58189 ······state:·present
58190 ··when:58190 ··when:
58191 ··-·'"postfix"·in·ansible_facts.packages' 
58192 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]58191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 58192 ··-·'"postfix"·in·ansible_facts.packages'
58193 ··tags:58193 ··tags:
58194 ··-·CCE-80512-758194 ··-·CCE-80512-7
58195 ··-·DISA-STIG-RHEL-07-04068058195 ··-·DISA-STIG-RHEL-07-040680
58196 ··-·low_complexity58196 ··-·low_complexity
58197 ··-·low_disruption58197 ··-·low_disruption
58198 ··-·medium_severity58198 ··-·medium_severity
58199 ··-·no_reboot_needed58199 ··-·no_reboot_needed
58200 ··-·postfix_prevent_unrestricted_relay58200 ··-·postfix_prevent_unrestricted_relay
58201 ··-·restrict_strategy58201 ··-·restrict_strategy
58202 Remediation_Shell_script_⇲58202 Remediation_Shell_script_⇲
58203 #·Remediation·is·applicable·only·in·certain·platforms58203 #·Remediation·is·applicable·only·in·certain·platforms
58204 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then58204 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
58205 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then58205 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
58206 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf58206 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
58207 else58207 else
58208 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf58208 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
58209 fi58209 fi
  
5.38 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-stig_gui.html
    
Offset 287680, 23 lines modifiedOffset 287680, 23 lines modified
00463bf0:·7265·7374·7269·6374·696f·6e73·5c73·2a3d··restrictions\s*=00463bf0:·7265·7374·7269·6374·696f·6e73·5c73·2a3d··restrictions\s*=
00463c00:·5c73·2a0a·2020·2020·2020·6c69·6e65·3a20··\s*.······line:·00463c00:·5c73·2a0a·2020·2020·2020·6c69·6e65·3a20··\s*.······line:·
00463c10:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res00463c10:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res
00463c20:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm00463c20:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm
00463c30:·6974·5f6d·796e·6574·776f·726b·732c·7265··it_mynetworks,re00463c30:·6974·5f6d·796e·6574·776f·726b·732c·7265··it_mynetworks,re
00463c40:·6a65·6374·0a20·2020·2020·2073·7461·7465··ject.······state00463c40:·6a65·6374·0a20·2020·2020·2073·7461·7465··ject.······state
00463c50:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when00463c50:·3a20·7072·6573·656e·740a·2020·7768·656e··:·present.··when
00463c60:·3a0a·2020·2d20·2722·706f·7374·6669·7822··:.··-·'"postfix" 
00463c70:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00463c80:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
00463c90:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
00463ca0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
00463cb0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
00463cc0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
00463cd0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai00463c60:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 00463c70:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00463c80:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00463c90:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00463ca0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00463cb0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 00463cc0:·2722·706f·7374·6669·7822·2069·6e20·616e··'"postfix"·in·an
 00463cd0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
00463ce0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··00463ce0:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··
00463cf0:·2d20·4343·452d·3830·3531·322d·370a·2020··-·CCE-80512-7.··00463cf0:·2d20·4343·452d·3830·3531·322d·370a·2020··-·CCE-80512-7.··
00463d00:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL00463d00:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
00463d10:·2d30·372d·3034·3036·3830·0a20·202d·206c··-07-040680.··-·l00463d10:·2d30·372d·3034·3036·3830·0a20·202d·206c··-07-040680.··-·l
00463d20:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··00463d20:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··
00463d30:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption00463d30:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption
00463d40:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve00463d40:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve
00463d50:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo00463d50:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo
Offset 287721, 21 lines modifiedOffset 287721, 21 lines modified
00463e80:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-00463e80:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
00463e90:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps00463e90:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
00463ea0:·6522·2069·643d·2269·646d·3732·3737·3322··e"·id="idm72773"00463ea0:·6522·2069·643d·2269·646d·3732·3737·3322··e"·id="idm72773"
00463eb0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re00463eb0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
00463ec0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app00463ec0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
00463ed0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·00463ed0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
00463ee0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform00463ee0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
 00463ef0:·730a·6966·205b·2021·202d·6620·2f2e·646f··s.if·[·!·-f·/.do
00463ef0:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet 
00463f00:·202d·7120·706f·7374·6669·7820·2661·6d70···-q·postfix·&amp 
00463f10:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/. 
00463f20:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp00463f00:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
00463f30:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r00463f10:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
00463f40:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv00463f20:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
 00463f30:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
 00463f40:·2d2d·7175·6965·7420·2d71·2070·6f73·7466··--quiet·-q·postf
00463f50:·205d·3b20·7468·656e·0a0a·6966·2021·2067···];·then..if·!·g00463f50:·6978·3b20·7468·656e·0a0a·6966·2021·2067··ix;·then..if·!·g
00463f60:·7265·7020·2d71·205e·736d·7470·645f·636c··rep·-q·^smtpd_cl00463f60:·7265·7020·2d71·205e·736d·7470·645f·636c··rep·-q·^smtpd_cl
00463f70:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction00463f70:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction
00463f80:·7320·2f65·7463·2f70·6f73·7466·6978·2f6d··s·/etc/postfix/m00463f80:·7320·2f65·7463·2f70·6f73·7466·6978·2f6d··s·/etc/postfix/m
00463f90:·6169·6e2e·6366·3b20·7468·656e·0a09·6563··ain.cf;·then..ec00463f90:·6169·6e2e·6366·3b20·7468·656e·0a09·6563··ain.cf;·then..ec
00463fa0:·686f·2022·736d·7470·645f·636c·6965·6e74··ho·"smtpd_client00463fa0:·686f·2022·736d·7470·645f·636c·6965·6e74··ho·"smtpd_client
00463fb0:·5f72·6573·7472·6963·7469·6f6e·7320·3d20··_restrictions·=·00463fb0:·5f72·6573·7472·6963·7469·6f6e·7320·3d20··_restrictions·=·
00463fc0:·7065·726d·6974·5f6d·796e·6574·776f·726b··permit_mynetwork00463fc0:·7065·726d·6974·5f6d·796e·6574·776f·726b··permit_mynetwork
1.17 KB
html2text {}
    
Offset 58189, 28 lines modifiedOffset 58189, 28 lines modified
58189 ····lineinfile:58189 ····lineinfile:
58190 ······path:·/etc/postfix/main.cf58190 ······path:·/etc/postfix/main.cf
58191 ······create:·true58191 ······create:·true
58192 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*58192 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
58193 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject58193 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
58194 ······state:·present58194 ······state:·present
58195 ··when:58195 ··when:
58196 ··-·'"postfix"·in·ansible_facts.packages' 
58197 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]58196 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 58197 ··-·'"postfix"·in·ansible_facts.packages'
58198 ··tags:58198 ··tags:
58199 ··-·CCE-80512-758199 ··-·CCE-80512-7
58200 ··-·DISA-STIG-RHEL-07-04068058200 ··-·DISA-STIG-RHEL-07-040680
58201 ··-·low_complexity58201 ··-·low_complexity
58202 ··-·low_disruption58202 ··-·low_disruption
58203 ··-·medium_severity58203 ··-·medium_severity
58204 ··-·no_reboot_needed58204 ··-·no_reboot_needed
58205 ··-·postfix_prevent_unrestricted_relay58205 ··-·postfix_prevent_unrestricted_relay
58206 ··-·restrict_strategy58206 ··-·restrict_strategy
58207 Remediation_Shell_script_⇲58207 Remediation_Shell_script_⇲
58208 #·Remediation·is·applicable·only·in·certain·platforms58208 #·Remediation·is·applicable·only·in·certain·platforms
58209 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then58209 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
58210 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then58210 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
58211 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf58211 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
58212 else58212 else
58213 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf58213 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
58214 fi58214 fi
  
89.5 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis.html
    
Offset 190428, 22 lines modifiedOffset 190428, 22 lines modified
002e7db0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence002e7db0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
002e7dc0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002e7dc0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002e7dd0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002e7dd0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002e7de0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002e7de0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002e7df0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r002e7df0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
002e7e00:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex002e7e00:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
002e7e10:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-002e7e10:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
002e7e20:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002e7e30:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002e7e40:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002e7e50:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002e7e60:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002e7e70:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002e7e80:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002e7e20:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002e7e30:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002e7e40:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002e7e50:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002e7e60:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002e7e70:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002e7e80:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002e7e90:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002e7e90:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002e7ea0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002e7ea0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002e7eb0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002e7eb0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002e7ec0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002e7ec0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002e7ed0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002e7ed0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002e7ee0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002e7ee0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002e7ef0:·7461·6773·3a0a·2020·2d20·4343·452d·3830··tags:.··-·CCE-80002e7ef0:·7461·6773·3a0a·2020·2d20·4343·452d·3830··tags:.··-·CCE-80
002e7f00:·3830·302d·360a·2020·2d20·434a·4953·2d35··800-6.··-·CJIS-5002e7f00:·3830·302d·360a·2020·2d20·434a·4953·2d35··800-6.··-·CJIS-5
Offset 190465, 21 lines modifiedOffset 190465, 21 lines modified
002e8000:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne002e8000:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
002e8010:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru002e8010:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
002e8020:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi002e8020:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi
002e8030:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b002e8030:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
002e8040:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c002e8040:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
002e8050:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0002e8050:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
002e8060:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"002e8060:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
002e8070:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
002e8080:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002e8090:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002e80a0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002e80b0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co 
002e80c0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible 
002e80d0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002e8070:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
 002e8080:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 002e8090:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 002e80a0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
 002e80b0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002e80c0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002e80d0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002e80e0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002e80e0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002e80f0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002e80f0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002e8100:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002e8100:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002e8110:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002e8110:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002e8120:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002e8120:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002e8130:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f002e8130:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
002e8140:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·002e8140:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 190531, 19 lines modifiedOffset 190531, 19 lines modified
002e8420:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</002e8420:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
002e8430:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure002e8430:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
002e8440:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl002e8440:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
002e8450:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R002e8450:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
002e8460:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap002e8460:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
002e8470:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in002e8470:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
002e8480:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor002e8480:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
002e8490:·6d73·0a69·6620·5b20·2120·2d66·202f·7379··ms.if·[·!·-f·/sy 
002e84a0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·] 
002e84b0:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm· 
002e84c0:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2 
002e84d0:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am002e8490:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 002e84a0:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
 002e84b0:·6e20·2661·6d70·3b26·616d·703b·205b·2021··n·&amp;&amp;·[·!
 002e84c0:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 002e84d0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
002e84e0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do002e84e0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
002e84f0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&002e84f0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
002e8500:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run002e8500:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
002e8510:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]002e8510:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
002e8520:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp002e8520:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp
002e8530:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g002e8530:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g
002e8540:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··002e8540:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··
Offset 191065, 22 lines modifiedOffset 191065, 22 lines modified
002ea580:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002ea580:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002ea590:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us002ea590:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
002ea5a0:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·002ea5a0:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
002ea5b0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002ea5b0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002ea5c0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002ea5c0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002ea5d0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e002ea5d0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
002ea5e0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··002ea5e0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
002ea5f0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
002ea600:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
002ea610:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
002ea620:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
002ea630:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
002ea640:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
002ea650:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa002ea5f0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 002ea600:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 002ea610:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002ea620:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002ea630:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002ea640:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 002ea650:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
002ea660:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible002ea660:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
002ea670:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002ea670:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002ea680:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002ea680:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002ea690:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002ea690:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
002ea6a0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"002ea6a0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
002ea6b0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·002ea6b0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
002ea6c0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8002ea6c0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
002ea6d0:·3630·3039·2d38·0a20·202d·2043·4a49·532d··6009-8.··-·CJIS-002ea6d0:·3630·3039·2d38·0a20·202d·2043·4a49·532d··6009-8.··-·CJIS-
Offset 191102, 21 lines modifiedOffset 191102, 21 lines modified
002ea7d0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne002ea7d0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
002ea7e0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru002ea7e0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
002ea7f0:·6232·2f75·7365·722e·6366·670a·2020·6669··b2/user.cfg.··fi002ea7f0:·6232·2f75·7365·722e·6366·670a·2020·6669··b2/user.cfg.··fi
002ea800:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b002ea800:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
002ea810:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c002ea810:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
002ea820:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0002ea820:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
002ea830:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"002ea830:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
002ea840:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
002ea850:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002ea860:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002ea870:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002ea880:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co 
002ea890:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible 
002ea8a0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002ea840:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
 002ea850:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 002ea860:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 002ea870:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
Max diff block lines reached; 59794/69180 bytes (86.43%) of diff not shown.
21.8 KB
html2text {}
    
Offset 42340, 16 lines modifiedOffset 42340, 16 lines modified
42340 ··-·no_reboot_needed42340 ··-·no_reboot_needed
  
42341 -·name:·Test·for·existence·/boot/grub2/grub.cfg42341 -·name:·Test·for·existence·/boot/grub2/grub.cfg
42342 ··stat:42342 ··stat:
42343 ····path:·/boot/grub2/grub.cfg42343 ····path:·/boot/grub2/grub.cfg
42344 ··register:·file_exists42344 ··register:·file_exists
42345 ··when:42345 ··when:
42346 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42347 ··-·'"grub2-common"·in·ansible_facts.packages'42346 ··-·'"grub2-common"·in·ansible_facts.packages'
 42347 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42348 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42348 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42349 ··tags:42349 ··tags:
42350 ··-·CCE-80800-642350 ··-·CCE-80800-6
42351 ··-·CJIS-5.5.2.242351 ··-·CJIS-5.5.2.2
42352 ··-·NIST-800-171-3.4.542352 ··-·NIST-800-171-3.4.5
42353 ··-·NIST-800-53-AC-6(1)42353 ··-·NIST-800-53-AC-6(1)
42354 ··-·NIST-800-53-CM-6(a)42354 ··-·NIST-800-53-CM-6(a)
Offset 42362, 16 lines modifiedOffset 42362, 16 lines modified
42362 ··-·no_reboot_needed42362 ··-·no_reboot_needed
  
42363 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg42363 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
42364 ··file:42364 ··file:
42365 ····path:·/boot/grub2/grub.cfg42365 ····path:·/boot/grub2/grub.cfg
42366 ····group:·'0'42366 ····group:·'0'
42367 ··when:42367 ··when:
42368 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42369 ··-·'"grub2-common"·in·ansible_facts.packages'42368 ··-·'"grub2-common"·in·ansible_facts.packages'
 42369 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42371 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42371 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42372 ··tags:42372 ··tags:
42373 ··-·CCE-80800-642373 ··-·CCE-80800-6
42374 ··-·CJIS-5.5.2.242374 ··-·CJIS-5.5.2.2
42375 ··-·NIST-800-171-3.4.542375 ··-·NIST-800-171-3.4.5
42376 ··-·NIST-800-53-AC-6(1)42376 ··-·NIST-800-53-AC-6(1)
Offset 42384, 15 lines modifiedOffset 42384, 15 lines modified
42384 ··-·medium_severity42384 ··-·medium_severity
42385 ··-·no_reboot_needed42385 ··-·no_reboot_needed
42386 Remediation_Shell_script_⇲42386 Remediation_Shell_script_⇲
42387 Complexity:·low42387 Complexity:·low
42388 Disruption:·low42388 Disruption:·low
42389 Strategy:···configure42389 Strategy:···configure
42390 #·Remediation·is·applicable·only·in·certain·platforms42390 #·Remediation·is·applicable·only·in·certain·platforms
42391 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42391 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42392 chgrp·0·/boot/grub2/grub.cfg42392 chgrp·0·/boot/grub2/grub.cfg
  
42393 else42393 else
42394 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42394 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42395 fi42395 fi
42396 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***42396 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 42425, 16 lines modifiedOffset 42425, 16 lines modified
42425 ··-·no_reboot_needed42425 ··-·no_reboot_needed
  
42426 -·name:·Test·for·existence·/boot/grub2/user.cfg42426 -·name:·Test·for·existence·/boot/grub2/user.cfg
42427 ··stat:42427 ··stat:
42428 ····path:·/boot/grub2/user.cfg42428 ····path:·/boot/grub2/user.cfg
42429 ··register:·file_exists42429 ··register:·file_exists
42430 ··when:42430 ··when:
42431 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42432 ··-·'"grub2-common"·in·ansible_facts.packages'42431 ··-·'"grub2-common"·in·ansible_facts.packages'
 42432 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42433 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42433 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42434 ··tags:42434 ··tags:
42435 ··-·CCE-86009-842435 ··-·CCE-86009-8
42436 ··-·CJIS-5.5.2.242436 ··-·CJIS-5.5.2.2
42437 ··-·NIST-800-171-3.4.542437 ··-·NIST-800-171-3.4.5
42438 ··-·NIST-800-53-AC-6(1)42438 ··-·NIST-800-53-AC-6(1)
42439 ··-·NIST-800-53-CM-6(a)42439 ··-·NIST-800-53-CM-6(a)
Offset 42447, 16 lines modifiedOffset 42447, 16 lines modified
42447 ··-·no_reboot_needed42447 ··-·no_reboot_needed
  
42448 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg42448 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
42449 ··file:42449 ··file:
42450 ····path:·/boot/grub2/user.cfg42450 ····path:·/boot/grub2/user.cfg
42451 ····group:·'0'42451 ····group:·'0'
42452 ··when:42452 ··when:
42453 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42454 ··-·'"grub2-common"·in·ansible_facts.packages'42453 ··-·'"grub2-common"·in·ansible_facts.packages'
 42454 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42455 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42455 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42456 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42456 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42457 ··tags:42457 ··tags:
42458 ··-·CCE-86009-842458 ··-·CCE-86009-8
42459 ··-·CJIS-5.5.2.242459 ··-·CJIS-5.5.2.2
42460 ··-·NIST-800-171-3.4.542460 ··-·NIST-800-171-3.4.5
42461 ··-·NIST-800-53-AC-6(1)42461 ··-·NIST-800-53-AC-6(1)
Offset 42469, 15 lines modifiedOffset 42469, 15 lines modified
42469 ··-·medium_severity42469 ··-·medium_severity
42470 ··-·no_reboot_needed42470 ··-·no_reboot_needed
42471 Remediation_Shell_script_⇲42471 Remediation_Shell_script_⇲
42472 Complexity:·low42472 Complexity:·low
42473 Disruption:·low42473 Disruption:·low
42474 Strategy:···configure42474 Strategy:···configure
42475 #·Remediation·is·applicable·only·in·certain·platforms42475 #·Remediation·is·applicable·only·in·certain·platforms
42476 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42476 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42477 chgrp·0·/boot/grub2/user.cfg42477 chgrp·0·/boot/grub2/user.cfg
  
42478 else42478 else
42479 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42479 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42480 fi42480 fi
42481 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***42481 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 42510, 16 lines modifiedOffset 42510, 16 lines modified
42510 ··-·no_reboot_needed42510 ··-·no_reboot_needed
  
42511 -·name:·Test·for·existence·/boot/grub2/grub.cfg42511 -·name:·Test·for·existence·/boot/grub2/grub.cfg
42512 ··stat:42512 ··stat:
42513 ····path:·/boot/grub2/grub.cfg42513 ····path:·/boot/grub2/grub.cfg
42514 ··register:·file_exists42514 ··register:·file_exists
42515 ··when:42515 ··when:
42516 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42517 ··-·'"grub2-common"·in·ansible_facts.packages'42516 ··-·'"grub2-common"·in·ansible_facts.packages'
 42517 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42518 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42518 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42519 ··tags:42519 ··tags:
42520 ··-·CCE-80805-542520 ··-·CCE-80805-5
42521 ··-·CJIS-5.5.2.242521 ··-·CJIS-5.5.2.2
42522 ··-·NIST-800-171-3.4.542522 ··-·NIST-800-171-3.4.5
42523 ··-·NIST-800-53-AC-6(1)42523 ··-·NIST-800-53-AC-6(1)
42524 ··-·NIST-800-53-CM-6(a)42524 ··-·NIST-800-53-CM-6(a)
Offset 42532, 16 lines modifiedOffset 42532, 16 lines modified
42532 ··-·no_reboot_needed42532 ··-·no_reboot_needed
  
42533 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg42533 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
42534 ··file:42534 ··file:
42535 ····path:·/boot/grub2/grub.cfg42535 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 17907/22292 bytes (80.33%) of diff not shown.
90.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_server_l1.html
    
Offset 62058, 22 lines modifiedOffset 62058, 22 lines modified
000f2690:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000f2690:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000f26a0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000f26a0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000f26b0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s000f26b0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
000f26c0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000f26c0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000f26d0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000f26d0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000f26e0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·000f26e0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
000f26f0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh000f26f0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
000f2700:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000f2700:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000f2710:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000f2720:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000f2730:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000f2740:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
000f2750:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
000f2760:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000f2770:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a000f2710:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 000f2720:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000f2730:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000f2740:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 000f2750:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 000f2760:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 000f2770:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
000f2780:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000f2780:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000f2790:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000f2790:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000f27a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000f27a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000f27b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000f27b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000f27c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000f27c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000f27d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-000f27d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
000f27e0:·2043·4345·2d38·3038·3030·2d36·0a20·202d···CCE-80800-6.··-000f27e0:·2043·4345·2d38·3038·3030·2d36·0a20·202d···CCE-80800-6.··-
Offset 62095, 22 lines modifiedOffset 62095, 22 lines modified
000f28e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro000f28e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
000f28f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b000f28f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b
000f2900:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c000f2900:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
000f2910:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000f2910:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000f2920:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000f2920:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000f2930:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr000f2930:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr
000f2940:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:000f2940:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:
000f2950:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000f2960:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000f2970:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000f2980:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000f2990:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000f29a0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in· 
000f29b0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000f2950:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
 000f2960:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
 000f2970:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000f2980:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000f2990:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 000f29a0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 000f29b0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
000f29c0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000f29c0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
000f29d0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000f29d0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000f29e0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000f29e0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000f29f0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000f29f0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000f2a00:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000f2a00:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000f2a10:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000f2a10:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000f2a20:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist000f2a20:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
000f2a30:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define000f2a30:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 62161, 19 lines modifiedOffset 62161, 19 lines modified
000f2d00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra000f2d00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
000f2d10:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co000f2d10:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co
000f2d20:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr000f2d20:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr
000f2d30:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c000f2d30:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
000f2d40:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000f2d40:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000f2d50:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000f2d50:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000f2d60:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000f2d60:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000f2d70:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!000f2d70:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
000f2d80:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar 
000f2d90:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am 
000f2da0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·- 
000f2db0:·7120·6772·7562·322d·636f·6d6d·6f6e·2026··q·grub2-common·&000f2d80:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub
 000f2d90:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a
 000f2da0:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/
 000f2db0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
000f2dc0:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·000f2dc0:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
000f2dd0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000f2dd0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
000f2de0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000f2de0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
000f2df0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000f2df0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
000f2e00:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then000f2e00:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
000f2e10:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/000f2e10:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/
000f2e20:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..000f2e20:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..
Offset 62695, 22 lines modifiedOffset 62695, 22 lines modified
000f4e60:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000f4e60:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000f4e70:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000f4e70:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000f4e80:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000f4e80:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000f4e90:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000f4e90:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000f4ea0:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000f4ea0:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000f4eb0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000f4eb0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000f4ec0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000f4ec0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000f4ed0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000f4ed0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000f4ee0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000f4ef0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000f4f00:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000f4f10:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
000f4f20:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
000f4f30:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000f4f40:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000f4ee0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 000f4ef0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000f4f00:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000f4f10:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000f4f20:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000f4f30:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000f4f40:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
000f4f50:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000f4f50:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000f4f60:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000f4f60:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000f4f70:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000f4f70:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000f4f80:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000f4f80:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000f4f90:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000f4f90:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000f4fa0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000f4fa0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000f4fb0:·2d20·4343·452d·3836·3030·392d·380a·2020··-·CCE-86009-8.··000f4fb0:·2d20·4343·452d·3836·3030·392d·380a·2020··-·CCE-86009-8.··
Offset 62732, 22 lines modifiedOffset 62732, 22 lines modified
000f50b0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro000f50b0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
000f50c0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b000f50c0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b
000f50d0:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c000f50d0:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
000f50e0:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000f50e0:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000f50f0:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000f50f0:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000f5100:·2f75·7365·722e·6366·670a·2020·2020·6772··/user.cfg.····gr000f5100:·2f75·7365·722e·6366·670a·2020·2020·6772··/user.cfg.····gr
000f5110:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:000f5110:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:
000f5120:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000f5130:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000f5140:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000f5150:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000f5160:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000f5170:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in· 
000f5180:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000f5120:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
 000f5130:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
 000f5140:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000f5150:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
Max diff block lines reached; 60284/69936 bytes (86.20%) of diff not shown.
21.7 KB
html2text {}
    
Offset 8333, 16 lines modifiedOffset 8333, 16 lines modified
8333 ··-·no_reboot_needed8333 ··-·no_reboot_needed
  
8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8335 ··stat:8335 ··stat:
8336 ····path:·/boot/grub2/grub.cfg8336 ····path:·/boot/grub2/grub.cfg
8337 ··register:·file_exists8337 ··register:·file_exists
8338 ··when:8338 ··when:
8339 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8340 ··-·'"grub2-common"·in·ansible_facts.packages'8339 ··-·'"grub2-common"·in·ansible_facts.packages'
 8340 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8342 ··tags:8342 ··tags:
8343 ··-·CCE-80800-68343 ··-·CCE-80800-6
8344 ··-·CJIS-5.5.2.28344 ··-·CJIS-5.5.2.2
8345 ··-·NIST-800-171-3.4.58345 ··-·NIST-800-171-3.4.5
8346 ··-·NIST-800-53-AC-6(1)8346 ··-·NIST-800-53-AC-6(1)
8347 ··-·NIST-800-53-CM-6(a)8347 ··-·NIST-800-53-CM-6(a)
Offset 8355, 16 lines modifiedOffset 8355, 16 lines modified
8355 ··-·no_reboot_needed8355 ··-·no_reboot_needed
  
8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8357 ··file:8357 ··file:
8358 ····path:·/boot/grub2/grub.cfg8358 ····path:·/boot/grub2/grub.cfg
8359 ····group:·'0'8359 ····group:·'0'
8360 ··when:8360 ··when:
8361 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8362 ··-·'"grub2-common"·in·ansible_facts.packages'8361 ··-·'"grub2-common"·in·ansible_facts.packages'
 8362 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8365 ··tags:8365 ··tags:
8366 ··-·CCE-80800-68366 ··-·CCE-80800-6
8367 ··-·CJIS-5.5.2.28367 ··-·CJIS-5.5.2.2
8368 ··-·NIST-800-171-3.4.58368 ··-·NIST-800-171-3.4.5
8369 ··-·NIST-800-53-AC-6(1)8369 ··-·NIST-800-53-AC-6(1)
Offset 8377, 15 lines modifiedOffset 8377, 15 lines modified
8377 ··-·medium_severity8377 ··-·medium_severity
8378 ··-·no_reboot_needed8378 ··-·no_reboot_needed
8379 Remediation_Shell_script_⇲8379 Remediation_Shell_script_⇲
8380 Complexity:·low8380 Complexity:·low
8381 Disruption:·low8381 Disruption:·low
8382 Strategy:···configure8382 Strategy:···configure
8383 #·Remediation·is·applicable·only·in·certain·platforms8383 #·Remediation·is·applicable·only·in·certain·platforms
8384 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8384 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8385 chgrp·0·/boot/grub2/grub.cfg8385 chgrp·0·/boot/grub2/grub.cfg
  
8386 else8386 else
8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8388 fi8388 fi
8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8418, 16 lines modifiedOffset 8418, 16 lines modified
8418 ··-·no_reboot_needed8418 ··-·no_reboot_needed
  
8419 -·name:·Test·for·existence·/boot/grub2/user.cfg8419 -·name:·Test·for·existence·/boot/grub2/user.cfg
8420 ··stat:8420 ··stat:
8421 ····path:·/boot/grub2/user.cfg8421 ····path:·/boot/grub2/user.cfg
8422 ··register:·file_exists8422 ··register:·file_exists
8423 ··when:8423 ··when:
8424 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8425 ··-·'"grub2-common"·in·ansible_facts.packages'8424 ··-·'"grub2-common"·in·ansible_facts.packages'
 8425 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8427 ··tags:8427 ··tags:
8428 ··-·CCE-86009-88428 ··-·CCE-86009-8
8429 ··-·CJIS-5.5.2.28429 ··-·CJIS-5.5.2.2
8430 ··-·NIST-800-171-3.4.58430 ··-·NIST-800-171-3.4.5
8431 ··-·NIST-800-53-AC-6(1)8431 ··-·NIST-800-53-AC-6(1)
8432 ··-·NIST-800-53-CM-6(a)8432 ··-·NIST-800-53-CM-6(a)
Offset 8440, 16 lines modifiedOffset 8440, 16 lines modified
8440 ··-·no_reboot_needed8440 ··-·no_reboot_needed
  
8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8442 ··file:8442 ··file:
8443 ····path:·/boot/grub2/user.cfg8443 ····path:·/boot/grub2/user.cfg
8444 ····group:·'0'8444 ····group:·'0'
8445 ··when:8445 ··when:
8446 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8447 ··-·'"grub2-common"·in·ansible_facts.packages'8446 ··-·'"grub2-common"·in·ansible_facts.packages'
 8447 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8450 ··tags:8450 ··tags:
8451 ··-·CCE-86009-88451 ··-·CCE-86009-8
8452 ··-·CJIS-5.5.2.28452 ··-·CJIS-5.5.2.2
8453 ··-·NIST-800-171-3.4.58453 ··-·NIST-800-171-3.4.5
8454 ··-·NIST-800-53-AC-6(1)8454 ··-·NIST-800-53-AC-6(1)
Offset 8462, 15 lines modifiedOffset 8462, 15 lines modified
8462 ··-·medium_severity8462 ··-·medium_severity
8463 ··-·no_reboot_needed8463 ··-·no_reboot_needed
8464 Remediation_Shell_script_⇲8464 Remediation_Shell_script_⇲
8465 Complexity:·low8465 Complexity:·low
8466 Disruption:·low8466 Disruption:·low
8467 Strategy:···configure8467 Strategy:···configure
8468 #·Remediation·is·applicable·only·in·certain·platforms8468 #·Remediation·is·applicable·only·in·certain·platforms
8469 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8469 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8470 chgrp·0·/boot/grub2/user.cfg8470 chgrp·0·/boot/grub2/user.cfg
  
8471 else8471 else
8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8473 fi8473 fi
8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8503, 16 lines modifiedOffset 8503, 16 lines modified
8503 ··-·no_reboot_needed8503 ··-·no_reboot_needed
  
8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8505 ··stat:8505 ··stat:
8506 ····path:·/boot/grub2/grub.cfg8506 ····path:·/boot/grub2/grub.cfg
8507 ··register:·file_exists8507 ··register:·file_exists
8508 ··when:8508 ··when:
8509 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8510 ··-·'"grub2-common"·in·ansible_facts.packages'8509 ··-·'"grub2-common"·in·ansible_facts.packages'
 8510 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8512 ··tags:8512 ··tags:
8513 ··-·CCE-80805-58513 ··-·CCE-80805-5
8514 ··-·CJIS-5.5.2.28514 ··-·CJIS-5.5.2.2
8515 ··-·NIST-800-171-3.4.58515 ··-·NIST-800-171-3.4.5
8516 ··-·NIST-800-53-AC-6(1)8516 ··-·NIST-800-53-AC-6(1)
8517 ··-·NIST-800-53-CM-6(a)8517 ··-·NIST-800-53-CM-6(a)
Offset 8525, 16 lines modifiedOffset 8525, 16 lines modified
8525 ··-·no_reboot_needed8525 ··-·no_reboot_needed
  
8526 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg8526 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
8527 ··file:8527 ··file:
8528 ····path:·/boot/grub2/grub.cfg8528 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 17851/22220 bytes (80.34%) of diff not shown.
90.0 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_workstation_l1.html
    
Offset 62054, 22 lines modifiedOffset 62054, 22 lines modified
000f2650:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000f2650:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000f2660:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000f2660:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000f2670:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000f2670:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000f2680:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000f2680:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000f2690:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000f2690:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000f26a0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000f26a0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000f26b0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000f26b0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000f26c0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000f26c0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000f26d0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000f26e0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000f26f0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000f2700:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
000f2710:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
000f2720:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000f2730:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000f26d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 000f26e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000f26f0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000f2700:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000f2710:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000f2720:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000f2730:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
000f2740:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000f2740:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000f2750:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000f2750:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000f2760:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000f2760:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000f2770:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000f2770:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000f2780:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000f2780:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000f2790:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000f2790:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000f27a0:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··000f27a0:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··
Offset 62091, 22 lines modifiedOffset 62091, 22 lines modified
000f28a0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000f28a0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000f28b0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000f28b0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000f28c0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000f28c0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000f28d0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000f28d0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000f28e0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000f28e0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000f28f0:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000f28f0:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000f2900:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000f2900:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000f2910:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000f2920:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000f2930:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000f2940:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000f2950:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000f2960:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
000f2970:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000f2980:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000f2910:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000f2920:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000f2930:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000f2940:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000f2950:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000f2960:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000f2970:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000f2980:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000f2990:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000f2990:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000f29a0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000f29a0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000f29b0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000f29b0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000f29c0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000f29c0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000f29d0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000f29d0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000f29e0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis000f29e0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
000f29f0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin000f29f0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 62157, 19 lines modifiedOffset 62157, 19 lines modified
000f2cc0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str000f2cc0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
000f2cd0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c000f2cd0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
000f2ce0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t000f2ce0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
000f2cf0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><000f2cf0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
000f2d00:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000f2d00:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000f2d10:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000f2d10:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000f2d20:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000f2d20:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000f2d30:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000f2d30:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
000f2d40:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
000f2d50:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
000f2d60:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
000f2d70:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·000f2d40:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 000f2d50:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 000f2d60:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 000f2d70:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
000f2d80:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!000f2d80:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
000f2d90:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000f2d90:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000f2da0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000f2da0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000f2db0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000f2db0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000f2dc0:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the000f2dc0:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
000f2dd0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot000f2dd0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
000f2de0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000f2de0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 62691, 22 lines modifiedOffset 62691, 22 lines modified
000f4e20:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·000f4e20:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
000f4e30:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/000f4e30:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
000f4e40:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·000f4e40:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
000f4e50:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:000f4e50:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
000f4e60:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use000f4e60:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
000f4e70:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register000f4e70:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register
000f4e80:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000f4e80:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000f4e90:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo000f4e90:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
000f4ea0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
000f4eb0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
000f4ec0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
000f4ed0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
000f4ee0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000f4ef0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000f4f00:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-000f4ea0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 000f4eb0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000f4ec0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 000f4ed0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000f4ee0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000f4ef0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000f4f00:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
000f4f10:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual000f4f10:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
000f4f20:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not000f4f20:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
000f4f30:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"000f4f30:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
000f4f40:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·000f4f40:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
000f4f50:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000f4f50:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000f4f60:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000f4f60:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000f4f70:·202d·2043·4345·2d38·3630·3039·2d38·0a20···-·CCE-86009-8.·000f4f70:·202d·2043·4345·2d38·3630·3039·2d38·0a20···-·CCE-86009-8.·
Offset 62728, 22 lines modifiedOffset 62728, 22 lines modified
000f5070:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000f5070:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000f5080:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000f5080:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000f5090:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000f5090:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000f50a0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000f50a0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000f50b0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000f50b0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000f50c0:·322f·7573·6572·2e63·6667·0a20·2020·2067··2/user.cfg.····g000f50c0:·322f·7573·6572·2e63·6667·0a20·2020·2067··2/user.cfg.····g
000f50d0:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000f50d0:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000f50e0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000f50f0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000f5100:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000f5110:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000f5120:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000f5130:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
000f5140:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000f5150:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000f50e0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000f50f0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
Max diff block lines reached; 60146/69798 bytes (86.17%) of diff not shown.
21.7 KB
html2text {}
    
Offset 8333, 16 lines modifiedOffset 8333, 16 lines modified
8333 ··-·no_reboot_needed8333 ··-·no_reboot_needed
  
8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8335 ··stat:8335 ··stat:
8336 ····path:·/boot/grub2/grub.cfg8336 ····path:·/boot/grub2/grub.cfg
8337 ··register:·file_exists8337 ··register:·file_exists
8338 ··when:8338 ··when:
8339 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8340 ··-·'"grub2-common"·in·ansible_facts.packages'8339 ··-·'"grub2-common"·in·ansible_facts.packages'
 8340 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8342 ··tags:8342 ··tags:
8343 ··-·CCE-80800-68343 ··-·CCE-80800-6
8344 ··-·CJIS-5.5.2.28344 ··-·CJIS-5.5.2.2
8345 ··-·NIST-800-171-3.4.58345 ··-·NIST-800-171-3.4.5
8346 ··-·NIST-800-53-AC-6(1)8346 ··-·NIST-800-53-AC-6(1)
8347 ··-·NIST-800-53-CM-6(a)8347 ··-·NIST-800-53-CM-6(a)
Offset 8355, 16 lines modifiedOffset 8355, 16 lines modified
8355 ··-·no_reboot_needed8355 ··-·no_reboot_needed
  
8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8357 ··file:8357 ··file:
8358 ····path:·/boot/grub2/grub.cfg8358 ····path:·/boot/grub2/grub.cfg
8359 ····group:·'0'8359 ····group:·'0'
8360 ··when:8360 ··when:
8361 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8362 ··-·'"grub2-common"·in·ansible_facts.packages'8361 ··-·'"grub2-common"·in·ansible_facts.packages'
 8362 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8365 ··tags:8365 ··tags:
8366 ··-·CCE-80800-68366 ··-·CCE-80800-6
8367 ··-·CJIS-5.5.2.28367 ··-·CJIS-5.5.2.2
8368 ··-·NIST-800-171-3.4.58368 ··-·NIST-800-171-3.4.5
8369 ··-·NIST-800-53-AC-6(1)8369 ··-·NIST-800-53-AC-6(1)
Offset 8377, 15 lines modifiedOffset 8377, 15 lines modified
8377 ··-·medium_severity8377 ··-·medium_severity
8378 ··-·no_reboot_needed8378 ··-·no_reboot_needed
8379 Remediation_Shell_script_⇲8379 Remediation_Shell_script_⇲
8380 Complexity:·low8380 Complexity:·low
8381 Disruption:·low8381 Disruption:·low
8382 Strategy:···configure8382 Strategy:···configure
8383 #·Remediation·is·applicable·only·in·certain·platforms8383 #·Remediation·is·applicable·only·in·certain·platforms
8384 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8384 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8385 chgrp·0·/boot/grub2/grub.cfg8385 chgrp·0·/boot/grub2/grub.cfg
  
8386 else8386 else
8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8388 fi8388 fi
8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8418, 16 lines modifiedOffset 8418, 16 lines modified
8418 ··-·no_reboot_needed8418 ··-·no_reboot_needed
  
8419 -·name:·Test·for·existence·/boot/grub2/user.cfg8419 -·name:·Test·for·existence·/boot/grub2/user.cfg
8420 ··stat:8420 ··stat:
8421 ····path:·/boot/grub2/user.cfg8421 ····path:·/boot/grub2/user.cfg
8422 ··register:·file_exists8422 ··register:·file_exists
8423 ··when:8423 ··when:
8424 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8425 ··-·'"grub2-common"·in·ansible_facts.packages'8424 ··-·'"grub2-common"·in·ansible_facts.packages'
 8425 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8427 ··tags:8427 ··tags:
8428 ··-·CCE-86009-88428 ··-·CCE-86009-8
8429 ··-·CJIS-5.5.2.28429 ··-·CJIS-5.5.2.2
8430 ··-·NIST-800-171-3.4.58430 ··-·NIST-800-171-3.4.5
8431 ··-·NIST-800-53-AC-6(1)8431 ··-·NIST-800-53-AC-6(1)
8432 ··-·NIST-800-53-CM-6(a)8432 ··-·NIST-800-53-CM-6(a)
Offset 8440, 16 lines modifiedOffset 8440, 16 lines modified
8440 ··-·no_reboot_needed8440 ··-·no_reboot_needed
  
8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8442 ··file:8442 ··file:
8443 ····path:·/boot/grub2/user.cfg8443 ····path:·/boot/grub2/user.cfg
8444 ····group:·'0'8444 ····group:·'0'
8445 ··when:8445 ··when:
8446 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8447 ··-·'"grub2-common"·in·ansible_facts.packages'8446 ··-·'"grub2-common"·in·ansible_facts.packages'
 8447 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8450 ··tags:8450 ··tags:
8451 ··-·CCE-86009-88451 ··-·CCE-86009-8
8452 ··-·CJIS-5.5.2.28452 ··-·CJIS-5.5.2.2
8453 ··-·NIST-800-171-3.4.58453 ··-·NIST-800-171-3.4.5
8454 ··-·NIST-800-53-AC-6(1)8454 ··-·NIST-800-53-AC-6(1)
Offset 8462, 15 lines modifiedOffset 8462, 15 lines modified
8462 ··-·medium_severity8462 ··-·medium_severity
8463 ··-·no_reboot_needed8463 ··-·no_reboot_needed
8464 Remediation_Shell_script_⇲8464 Remediation_Shell_script_⇲
8465 Complexity:·low8465 Complexity:·low
8466 Disruption:·low8466 Disruption:·low
8467 Strategy:···configure8467 Strategy:···configure
8468 #·Remediation·is·applicable·only·in·certain·platforms8468 #·Remediation·is·applicable·only·in·certain·platforms
8469 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8469 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8470 chgrp·0·/boot/grub2/user.cfg8470 chgrp·0·/boot/grub2/user.cfg
  
8471 else8471 else
8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8473 fi8473 fi
8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8503, 16 lines modifiedOffset 8503, 16 lines modified
8503 ··-·no_reboot_needed8503 ··-·no_reboot_needed
  
8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8505 ··stat:8505 ··stat:
8506 ····path:·/boot/grub2/grub.cfg8506 ····path:·/boot/grub2/grub.cfg
8507 ··register:·file_exists8507 ··register:·file_exists
8508 ··when:8508 ··when:
8509 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8510 ··-·'"grub2-common"·in·ansible_facts.packages'8509 ··-·'"grub2-common"·in·ansible_facts.packages'
 8510 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8512 ··tags:8512 ··tags:
8513 ··-·CCE-80805-58513 ··-·CCE-80805-5
8514 ··-·CJIS-5.5.2.28514 ··-·CJIS-5.5.2.2
8515 ··-·NIST-800-171-3.4.58515 ··-·NIST-800-171-3.4.5
8516 ··-·NIST-800-53-AC-6(1)8516 ··-·NIST-800-53-AC-6(1)
8517 ··-·NIST-800-53-CM-6(a)8517 ··-·NIST-800-53-CM-6(a)
Offset 8525, 16 lines modifiedOffset 8525, 16 lines modified
8525 ··-·no_reboot_needed8525 ··-·no_reboot_needed
  
8526 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg8526 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
8527 ··file:8527 ··file:
8528 ····path:·/boot/grub2/grub.cfg8528 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 17851/22220 bytes (80.34%) of diff not shown.
89.9 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_workstation_l2.html
    
Offset 190424, 22 lines modifiedOffset 190424, 22 lines modified
002e7d70:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for002e7d70:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
002e7d80:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot002e7d80:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
002e7d90:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002e7d90:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002e7da0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path002e7da0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
002e7db0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr002e7db0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
002e7dc0:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe002e7dc0:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
002e7dd0:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·002e7dd0:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
002e7de0:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo002e7de0:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
002e7df0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
002e7e00:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
002e7e10:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
002e7e20:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
002e7e30:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
002e7e40:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
002e7e50:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··002e7df0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 002e7e00:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 002e7e10:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 002e7e20:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 002e7e30:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 002e7e40:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 002e7e50:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
002e7e60:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua002e7e60:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
002e7e70:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no002e7e70:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
002e7e80:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·002e7e80:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
002e7e90:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",002e7e90:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
002e7ea0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont002e7ea0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
002e7eb0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.002e7eb0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
002e7ec0:·2020·2d20·4343·452d·3830·3830·302d·360a····-·CCE-80800-6.002e7ec0:·2020·2d20·4343·452d·3830·3830·302d·360a····-·CCE-80800-6.
Offset 190461, 22 lines modifiedOffset 190461, 22 lines modified
002e7fc0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·002e7fc0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
002e7fd0:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on002e7fd0:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
002e7fe0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002e7fe0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002e7ff0:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··002e7ff0:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
002e8000:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002e8000:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002e8010:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···002e8010:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
002e8020:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh002e8020:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
002e8030:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/002e8030:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
002e8040:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
002e8050:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
002e8060:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
002e8070:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
002e8080:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002e8090:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002e80a0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a002e8040:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002e8050:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 002e8060:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 002e8070:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 002e8080:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 002e8090:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 002e80a0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
002e80b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz002e80b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
002e80c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i002e80c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
002e80d0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx002e80d0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
002e80e0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p002e80e0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
002e80f0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain002e80f0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
002e8100:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex002e8100:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
002e8110:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def002e8110:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 190528, 19 lines modifiedOffset 190528, 19 lines modified
002e83f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td002e83f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
002e8400:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><002e8400:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
002e8410:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre002e8410:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
002e8420:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia002e8420:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
002e8430:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab002e8430:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
002e8440:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa002e8440:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
002e8450:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·002e8450:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
002e8460:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm 
002e8470:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
002e8480:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
002e8490:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo002e8460:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
 002e8470:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
 002e8480:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s
 002e8490:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
002e84a0:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[002e84a0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
002e84b0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren002e84b0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
002e84c0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[002e84c0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
002e84d0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont002e84d0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
002e84e0:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t002e84e0:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
002e84f0:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo002e84f0:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
002e8500:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf002e8500:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
002e8510:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;002e8510:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 191061, 22 lines modifiedOffset 191061, 22 lines modified
002ea540:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo002ea540:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo
002ea550:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo002ea550:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo
002ea560:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg002ea560:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
002ea570:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat002ea570:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat
002ea580:·683a·202f·626f·6f74·2f67·7275·6232·2f75··h:·/boot/grub2/u002ea580:·683a·202f·626f·6f74·2f67·7275·6232·2f75··h:·/boot/grub2/u
002ea590:·7365·722e·6366·670a·2020·7265·6769·7374··ser.cfg.··regist002ea590:·7365·722e·6366·670a·2020·7265·6769·7374··ser.cfg.··regist
002ea5a0:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.002ea5a0:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.
002ea5b0:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002ea5b0:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002ea5c0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002ea5d0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002ea5e0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002ea5f0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002ea600:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002ea610:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002ea620:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002ea5c0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002ea5d0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002ea5e0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 002ea5f0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 002ea600:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 002ea610:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 002ea620:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
002ea630:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu002ea630:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
002ea640:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n002ea640:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
002ea650:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",002ea650:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
002ea660:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"002ea660:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
002ea670:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con002ea670:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
002ea680:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:002ea680:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
002ea690:·0a20·202d·2043·4345·2d38·3630·3039·2d38··.··-·CCE-86009-8002ea690:·0a20·202d·2043·4345·2d38·3630·3039·2d38··.··-·CCE-86009-8
Offset 191098, 22 lines modifiedOffset 191098, 22 lines modified
002ea790:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·002ea790:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
002ea7a0:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on002ea7a0:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
002ea7b0:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use002ea7b0:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
002ea7c0:·722e·6366·670a·2020·6669·6c65·3a0a·2020··r.cfg.··file:.··002ea7c0:·722e·6366·670a·2020·6669·6c65·3a0a·2020··r.cfg.··file:.··
002ea7d0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002ea7d0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002ea7e0:·7562·322f·7573·6572·2e63·6667·0a20·2020··ub2/user.cfg.···002ea7e0:·7562·322f·7573·6572·2e63·6667·0a20·2020··ub2/user.cfg.···
002ea7f0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh002ea7f0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
002ea800:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/002ea800:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
002ea810:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
002ea820:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
002ea830:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
002ea840:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
002ea850:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002ea860:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002ea870:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a002ea810:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002ea820:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 002ea830:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
Max diff block lines reached; 59932/69594 bytes (86.12%) of diff not shown.
21.8 KB
html2text {}
    
Offset 42340, 16 lines modifiedOffset 42340, 16 lines modified
42340 ··-·no_reboot_needed42340 ··-·no_reboot_needed
  
42341 -·name:·Test·for·existence·/boot/grub2/grub.cfg42341 -·name:·Test·for·existence·/boot/grub2/grub.cfg
42342 ··stat:42342 ··stat:
42343 ····path:·/boot/grub2/grub.cfg42343 ····path:·/boot/grub2/grub.cfg
42344 ··register:·file_exists42344 ··register:·file_exists
42345 ··when:42345 ··when:
42346 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42347 ··-·'"grub2-common"·in·ansible_facts.packages'42346 ··-·'"grub2-common"·in·ansible_facts.packages'
 42347 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42348 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42348 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42349 ··tags:42349 ··tags:
42350 ··-·CCE-80800-642350 ··-·CCE-80800-6
42351 ··-·CJIS-5.5.2.242351 ··-·CJIS-5.5.2.2
42352 ··-·NIST-800-171-3.4.542352 ··-·NIST-800-171-3.4.5
42353 ··-·NIST-800-53-AC-6(1)42353 ··-·NIST-800-53-AC-6(1)
42354 ··-·NIST-800-53-CM-6(a)42354 ··-·NIST-800-53-CM-6(a)
Offset 42362, 16 lines modifiedOffset 42362, 16 lines modified
42362 ··-·no_reboot_needed42362 ··-·no_reboot_needed
  
42363 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg42363 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
42364 ··file:42364 ··file:
42365 ····path:·/boot/grub2/grub.cfg42365 ····path:·/boot/grub2/grub.cfg
42366 ····group:·'0'42366 ····group:·'0'
42367 ··when:42367 ··when:
42368 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42369 ··-·'"grub2-common"·in·ansible_facts.packages'42368 ··-·'"grub2-common"·in·ansible_facts.packages'
 42369 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42371 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42371 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42372 ··tags:42372 ··tags:
42373 ··-·CCE-80800-642373 ··-·CCE-80800-6
42374 ··-·CJIS-5.5.2.242374 ··-·CJIS-5.5.2.2
42375 ··-·NIST-800-171-3.4.542375 ··-·NIST-800-171-3.4.5
42376 ··-·NIST-800-53-AC-6(1)42376 ··-·NIST-800-53-AC-6(1)
Offset 42384, 15 lines modifiedOffset 42384, 15 lines modified
42384 ··-·medium_severity42384 ··-·medium_severity
42385 ··-·no_reboot_needed42385 ··-·no_reboot_needed
42386 Remediation_Shell_script_⇲42386 Remediation_Shell_script_⇲
42387 Complexity:·low42387 Complexity:·low
42388 Disruption:·low42388 Disruption:·low
42389 Strategy:···configure42389 Strategy:···configure
42390 #·Remediation·is·applicable·only·in·certain·platforms42390 #·Remediation·is·applicable·only·in·certain·platforms
42391 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42391 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42392 chgrp·0·/boot/grub2/grub.cfg42392 chgrp·0·/boot/grub2/grub.cfg
  
42393 else42393 else
42394 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42394 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42395 fi42395 fi
42396 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***42396 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 42425, 16 lines modifiedOffset 42425, 16 lines modified
42425 ··-·no_reboot_needed42425 ··-·no_reboot_needed
  
42426 -·name:·Test·for·existence·/boot/grub2/user.cfg42426 -·name:·Test·for·existence·/boot/grub2/user.cfg
42427 ··stat:42427 ··stat:
42428 ····path:·/boot/grub2/user.cfg42428 ····path:·/boot/grub2/user.cfg
42429 ··register:·file_exists42429 ··register:·file_exists
42430 ··when:42430 ··when:
42431 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42432 ··-·'"grub2-common"·in·ansible_facts.packages'42431 ··-·'"grub2-common"·in·ansible_facts.packages'
 42432 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42433 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42433 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42434 ··tags:42434 ··tags:
42435 ··-·CCE-86009-842435 ··-·CCE-86009-8
42436 ··-·CJIS-5.5.2.242436 ··-·CJIS-5.5.2.2
42437 ··-·NIST-800-171-3.4.542437 ··-·NIST-800-171-3.4.5
42438 ··-·NIST-800-53-AC-6(1)42438 ··-·NIST-800-53-AC-6(1)
42439 ··-·NIST-800-53-CM-6(a)42439 ··-·NIST-800-53-CM-6(a)
Offset 42447, 16 lines modifiedOffset 42447, 16 lines modified
42447 ··-·no_reboot_needed42447 ··-·no_reboot_needed
  
42448 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg42448 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
42449 ··file:42449 ··file:
42450 ····path:·/boot/grub2/user.cfg42450 ····path:·/boot/grub2/user.cfg
42451 ····group:·'0'42451 ····group:·'0'
42452 ··when:42452 ··when:
42453 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42454 ··-·'"grub2-common"·in·ansible_facts.packages'42453 ··-·'"grub2-common"·in·ansible_facts.packages'
 42454 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42455 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42455 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42456 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42456 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42457 ··tags:42457 ··tags:
42458 ··-·CCE-86009-842458 ··-·CCE-86009-8
42459 ··-·CJIS-5.5.2.242459 ··-·CJIS-5.5.2.2
42460 ··-·NIST-800-171-3.4.542460 ··-·NIST-800-171-3.4.5
42461 ··-·NIST-800-53-AC-6(1)42461 ··-·NIST-800-53-AC-6(1)
Offset 42469, 15 lines modifiedOffset 42469, 15 lines modified
42469 ··-·medium_severity42469 ··-·medium_severity
42470 ··-·no_reboot_needed42470 ··-·no_reboot_needed
42471 Remediation_Shell_script_⇲42471 Remediation_Shell_script_⇲
42472 Complexity:·low42472 Complexity:·low
42473 Disruption:·low42473 Disruption:·low
42474 Strategy:···configure42474 Strategy:···configure
42475 #·Remediation·is·applicable·only·in·certain·platforms42475 #·Remediation·is·applicable·only·in·certain·platforms
42476 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42476 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42477 chgrp·0·/boot/grub2/user.cfg42477 chgrp·0·/boot/grub2/user.cfg
  
42478 else42478 else
42479 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42479 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42480 fi42480 fi
42481 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***42481 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 42510, 16 lines modifiedOffset 42510, 16 lines modified
42510 ··-·no_reboot_needed42510 ··-·no_reboot_needed
  
42511 -·name:·Test·for·existence·/boot/grub2/grub.cfg42511 -·name:·Test·for·existence·/boot/grub2/grub.cfg
42512 ··stat:42512 ··stat:
42513 ····path:·/boot/grub2/grub.cfg42513 ····path:·/boot/grub2/grub.cfg
42514 ··register:·file_exists42514 ··register:·file_exists
42515 ··when:42515 ··when:
42516 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42517 ··-·'"grub2-common"·in·ansible_facts.packages'42516 ··-·'"grub2-common"·in·ansible_facts.packages'
 42517 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
42518 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42518 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42519 ··tags:42519 ··tags:
42520 ··-·CCE-80805-542520 ··-·CCE-80805-5
42521 ··-·CJIS-5.5.2.242521 ··-·CJIS-5.5.2.2
42522 ··-·NIST-800-171-3.4.542522 ··-·NIST-800-171-3.4.5
42523 ··-·NIST-800-53-AC-6(1)42523 ··-·NIST-800-53-AC-6(1)
42524 ··-·NIST-800-53-CM-6(a)42524 ··-·NIST-800-53-CM-6(a)
Offset 42532, 16 lines modifiedOffset 42532, 16 lines modified
42532 ··-·no_reboot_needed42532 ··-·no_reboot_needed
  
42533 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg42533 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
42534 ··file:42534 ··file:
42535 ····path:·/boot/grub2/grub.cfg42535 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 17907/22292 bytes (80.33%) of diff not shown.
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cjis.html
    
Offset 137275, 22 lines modifiedOffset 137275, 22 lines modified
002183a0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002183a0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002183b0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002183b0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002183c0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002183c0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002183d0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002183d0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002183e0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002183e0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002183f0:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register002183f0:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
00218400:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··00218400:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
00218410:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo00218410:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
00218420:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
00218430:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
00218440:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
00218450:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00218460:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00218470:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00218480:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00218420:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00218430:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00218440:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00218450:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00218460:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00218470:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00218480:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
00218490:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00218490:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002184a0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002184a0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002184b0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002184b0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002184c0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002184c0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002184d0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002184d0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002184e0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002184e0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002184f0:·202d·2043·4345·2d38·3038·3030·2d36·0a20···-·CCE-80800-6.·002184f0:·202d·2043·4345·2d38·3038·3030·2d36·0a20···-·CCE-80800-6.·
Offset 137312, 22 lines modifiedOffset 137312, 22 lines modified
002185f0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g002185f0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
00218600:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·00218600:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
00218610:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00218610:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00218620:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···00218620:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
00218630:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru00218630:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
00218640:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····00218640:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
00218650:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe00218650:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
00218660:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e00218660:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
00218670:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
00218680:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
00218690:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
002186a0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
002186b0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
002186c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
002186d0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an00218670:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 00218680:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 00218690:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002186a0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 002186b0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002186c0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002186d0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
002186e0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza002186e0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
002186f0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in002186f0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
00218700:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc00218700:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
00218710:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po00218710:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
00218720:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00218720:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00218730:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi00218730:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
00218740:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi00218740:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 137378, 19 lines modifiedOffset 137378, 19 lines modified
00218a10:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St00218a10:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
00218a20:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>00218a20:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
00218a30:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></00218a30:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
00218a40:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>00218a40:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
00218a50:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat00218a50:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
00218a60:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl00218a60:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
00218a70:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai00218a70:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
00218a80:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[00218a80:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
00218a90:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw 
00218aa0:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
00218ab0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
00218ac0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common00218a90:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 00218aa0:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
 00218ab0:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
 00218ac0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
00218ad0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·00218ad0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
00218ae0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv00218ae0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
00218af0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·00218af0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
00218b00:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta00218b00:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
00218b10:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th00218b10:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
00218b20:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo00218b20:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
00218b30:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00218b30:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 137888, 22 lines modifiedOffset 137888, 22 lines modified
0021a9f0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for0021a9f0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
0021aa00:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot0021aa00:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
0021aa10:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.0021aa10:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
0021aa20:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path0021aa20:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
0021aa30:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr0021aa30:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
0021aa40:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe0021aa40:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
0021aa50:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·0021aa50:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
0021aa60:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo0021aa60:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
0021aa70:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
0021aa80:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
0021aa90:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
0021aaa0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
0021aab0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
0021aac0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
0021aad0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0021aa70:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 0021aa80:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 0021aa90:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 0021aaa0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 0021aab0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 0021aac0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 0021aad0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
0021aae0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua0021aae0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
0021aaf0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no0021aaf0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
0021ab00:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·0021ab00:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
0021ab10:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",0021ab10:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
0021ab20:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont0021ab20:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0021ab30:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.0021ab30:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
0021ab40:·2020·2d20·4343·452d·3830·3830·352d·350a····-·CCE-80805-5.0021ab40:·2020·2d20·4343·452d·3830·3830·352d·350a····-·CCE-80805-5.
Offset 137924, 22 lines modifiedOffset 137924, 22 lines modified
0021ac30:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na0021ac30:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na
0021ac40:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner0021ac40:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner
0021ac50:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub0021ac50:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
0021ac60:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil0021ac60:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
0021ac70:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo0021ac70:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
0021ac80:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0021ac80:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0021ac90:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'0021ac90:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'
0021aca0:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0021aca0:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0021acb0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0021acc0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0021acd0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0021ace0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0021acf0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0021ad00:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0021ad10:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0021acb0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0021acc0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0021acd0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.6 KB
html2text {}
    
Offset 29197, 16 lines modifiedOffset 29197, 16 lines modified
29197 ··-·no_reboot_needed29197 ··-·no_reboot_needed
  
29198 -·name:·Test·for·existence·/boot/grub2/grub.cfg29198 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29199 ··stat:29199 ··stat:
29200 ····path:·/boot/grub2/grub.cfg29200 ····path:·/boot/grub2/grub.cfg
29201 ··register:·file_exists29201 ··register:·file_exists
29202 ··when:29202 ··when:
29203 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
29204 ··-·'"grub2-common"·in·ansible_facts.packages'29203 ··-·'"grub2-common"·in·ansible_facts.packages'
 29204 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
29205 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]29205 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
29206 ··tags:29206 ··tags:
29207 ··-·CCE-80800-629207 ··-·CCE-80800-6
29208 ··-·CJIS-5.5.2.229208 ··-·CJIS-5.5.2.2
29209 ··-·NIST-800-171-3.4.529209 ··-·NIST-800-171-3.4.5
29210 ··-·NIST-800-53-AC-6(1)29210 ··-·NIST-800-53-AC-6(1)
29211 ··-·NIST-800-53-CM-6(a)29211 ··-·NIST-800-53-CM-6(a)
Offset 29219, 16 lines modifiedOffset 29219, 16 lines modified
29219 ··-·no_reboot_needed29219 ··-·no_reboot_needed
  
29220 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29220 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29221 ··file:29221 ··file:
29222 ····path:·/boot/grub2/grub.cfg29222 ····path:·/boot/grub2/grub.cfg
29223 ····group:·'0'29223 ····group:·'0'
29224 ··when:29224 ··when:
29225 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
29226 ··-·'"grub2-common"·in·ansible_facts.packages'29225 ··-·'"grub2-common"·in·ansible_facts.packages'
 29226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
29227 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]29227 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
29228 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29228 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29229 ··tags:29229 ··tags:
29230 ··-·CCE-80800-629230 ··-·CCE-80800-6
29231 ··-·CJIS-5.5.2.229231 ··-·CJIS-5.5.2.2
29232 ··-·NIST-800-171-3.4.529232 ··-·NIST-800-171-3.4.5
29233 ··-·NIST-800-53-AC-6(1)29233 ··-·NIST-800-53-AC-6(1)
Offset 29241, 15 lines modifiedOffset 29241, 15 lines modified
29241 ··-·medium_severity29241 ··-·medium_severity
29242 ··-·no_reboot_needed29242 ··-·no_reboot_needed
29243 Remediation_Shell_script_⇲29243 Remediation_Shell_script_⇲
29244 Complexity:·low29244 Complexity:·low
29245 Disruption:·low29245 Disruption:·low
29246 Strategy:···configure29246 Strategy:···configure
29247 #·Remediation·is·applicable·only·in·certain·platforms29247 #·Remediation·is·applicable·only·in·certain·platforms
29248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then29248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
29249 chgrp·0·/boot/grub2/grub.cfg29249 chgrp·0·/boot/grub2/grub.cfg
  
29250 else29250 else
29251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'29251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29252 fi29252 fi
29253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***29253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 29282, 16 lines modifiedOffset 29282, 16 lines modified
29282 ··-·no_reboot_needed29282 ··-·no_reboot_needed
  
29283 -·name:·Test·for·existence·/boot/grub2/grub.cfg29283 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29284 ··stat:29284 ··stat:
29285 ····path:·/boot/grub2/grub.cfg29285 ····path:·/boot/grub2/grub.cfg
29286 ··register:·file_exists29286 ··register:·file_exists
29287 ··when:29287 ··when:
29288 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
29289 ··-·'"grub2-common"·in·ansible_facts.packages'29288 ··-·'"grub2-common"·in·ansible_facts.packages'
 29289 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
29290 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]29290 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
29291 ··tags:29291 ··tags:
29292 ··-·CCE-80805-529292 ··-·CCE-80805-5
29293 ··-·CJIS-5.5.2.229293 ··-·CJIS-5.5.2.2
29294 ··-·NIST-800-171-3.4.529294 ··-·NIST-800-171-3.4.5
29295 ··-·NIST-800-53-AC-6(1)29295 ··-·NIST-800-53-AC-6(1)
29296 ··-·NIST-800-53-CM-6(a)29296 ··-·NIST-800-53-CM-6(a)
Offset 29304, 16 lines modifiedOffset 29304, 16 lines modified
29304 ··-·no_reboot_needed29304 ··-·no_reboot_needed
  
29305 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg29305 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
29306 ··file:29306 ··file:
29307 ····path:·/boot/grub2/grub.cfg29307 ····path:·/boot/grub2/grub.cfg
29308 ····owner:·'0'29308 ····owner:·'0'
29309 ··when:29309 ··when:
29310 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
29311 ··-·'"grub2-common"·in·ansible_facts.packages'29310 ··-·'"grub2-common"·in·ansible_facts.packages'
 29311 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
29312 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]29312 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
29313 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29313 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29314 ··tags:29314 ··tags:
29315 ··-·CCE-80805-529315 ··-·CCE-80805-5
29316 ··-·CJIS-5.5.2.229316 ··-·CJIS-5.5.2.2
29317 ··-·NIST-800-171-3.4.529317 ··-·NIST-800-171-3.4.5
29318 ··-·NIST-800-53-AC-6(1)29318 ··-·NIST-800-53-AC-6(1)
Offset 29326, 15 lines modifiedOffset 29326, 15 lines modified
29326 ··-·medium_severity29326 ··-·medium_severity
29327 ··-·no_reboot_needed29327 ··-·no_reboot_needed
29328 Remediation_Shell_script_⇲29328 Remediation_Shell_script_⇲
29329 Complexity:·low29329 Complexity:·low
29330 Disruption:·low29330 Disruption:·low
29331 Strategy:···configure29331 Strategy:···configure
29332 #·Remediation·is·applicable·only·in·certain·platforms29332 #·Remediation·is·applicable·only·in·certain·platforms
29333 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then29333 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
29334 chown·0·/boot/grub2/grub.cfg29334 chown·0·/boot/grub2/grub.cfg
  
29335 else29335 else
29336 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'29336 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29337 fi29337 fi
29338 Group  ·Network·Configuration·and·Firewalls·  Group·contains·9·groups·and·12·rules29338 Group  ·Network·Configuration·and·Firewalls·  Group·contains·9·groups·and·12·rules
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-hipaa.html
    
Offset 204248, 22 lines modifiedOffset 204248, 22 lines modified
0031dd70:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e0031dd70:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
0031dd80:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g0031dd80:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
0031dd90:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··0031dd90:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
0031dda0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·0031dda0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
0031ddb0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub0031ddb0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
0031ddc0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:0031ddc0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
0031ddd0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w0031ddd0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
0031dde0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot0031dde0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
0031ddf0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
0031de00:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
0031de10:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
0031de20:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
0031de30:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
0031de40:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
0031de50:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0031ddf0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 0031de00:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 0031de10:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 0031de20:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 0031de30:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 0031de40:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 0031de50:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
0031de60:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali0031de60:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
0031de70:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·0031de70:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
0031de80:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l0031de80:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
0031de90:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"0031de90:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
0031dea0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai0031dea0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0031deb0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··0031deb0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
0031dec0:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··0031dec0:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··
Offset 204285, 22 lines modifiedOffset 204285, 22 lines modified
0031dfc0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr0031dfc0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
0031dfd0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/0031dfd0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
0031dfe0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0031dfe0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0031dff0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····0031dff0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
0031e000:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub0031e000:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
0031e010:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g0031e010:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
0031e020:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when0031e020:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
0031e030:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
0031e040:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
0031e050:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
0031e060:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
0031e070:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
0031e080:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
0031e090:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0031e0a0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans0031e030:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 0031e040:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 0031e050:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0031e060:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 0031e070:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 0031e080:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 0031e090:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 0031e0a0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
0031e0b0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat0031e0b0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
0031e0c0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·0031e0c0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
0031e0d0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"0031e0d0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
0031e0e0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod0031e0e0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
0031e0f0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container0031e0f0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0031e100:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis0031e100:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
0031e110:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin0031e110:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 204351, 19 lines modifiedOffset 204351, 19 lines modified
0031e3e0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str0031e3e0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
0031e3f0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c0031e3f0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
0031e400:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t0031e400:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
0031e410:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><0031e410:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
0031e420:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati0031e420:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
0031e430:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable0031e430:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
0031e440:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain0031e440:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
0031e450:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·0031e450:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
0031e460:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
0031e470:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
0031e480:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
0031e490:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·0031e460:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 0031e470:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 0031e480:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 0031e490:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
0031e4a0:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!0031e4a0:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
0031e4b0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·0031e4b0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
0031e4c0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!0031e4c0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
0031e4d0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai0031e4d0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
0031e4e0:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the0031e4e0:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
0031e4f0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot0031e4f0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
0031e500:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.0031e500:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 204861, 22 lines modifiedOffset 204861, 22 lines modified
003203c0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·003203c0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
003203d0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/003203d0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
003203e0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·003203e0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
003203f0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:003203f0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
00320400:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00320400:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00320410:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register00320410:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
00320420:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··00320420:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
00320430:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo00320430:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
00320440:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
00320450:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
00320460:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
00320470:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00320480:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00320490:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
003204a0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00320440:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00320450:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00320460:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00320470:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00320480:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00320490:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 003204a0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
003204b0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual003204b0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
003204c0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not003204c0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
003204d0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"003204d0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
003204e0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·003204e0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
003204f0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta003204f0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00320500:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·00320500:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00320510:·202d·2043·4345·2d38·3038·3035·2d35·0a20···-·CCE-80805-5.·00320510:·202d·2043·4345·2d38·3038·3035·2d35·0a20···-·CCE-80805-5.·
Offset 204897, 22 lines modifiedOffset 204897, 22 lines modified
00320600:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam00320600:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
00320610:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·00320610:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
00320620:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub200320620:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
00320630:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file00320630:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
00320640:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo00320640:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
00320650:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00320650:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00320660:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.00320660:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.
00320670:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b00320670:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
00320680:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
00320690:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
003206a0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
003206b0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
003206c0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
003206d0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
003206e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·00320680:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 00320690:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.58 KB
html2text {}
    
Offset 48707, 16 lines modifiedOffset 48707, 16 lines modified
48707 ··-·no_reboot_needed48707 ··-·no_reboot_needed
  
48708 -·name:·Test·for·existence·/boot/grub2/grub.cfg48708 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48709 ··stat:48709 ··stat:
48710 ····path:·/boot/grub2/grub.cfg48710 ····path:·/boot/grub2/grub.cfg
48711 ··register:·file_exists48711 ··register:·file_exists
48712 ··when:48712 ··when:
48713 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48714 ··-·'"grub2-common"·in·ansible_facts.packages'48713 ··-·'"grub2-common"·in·ansible_facts.packages'
 48714 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48715 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48715 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48716 ··tags:48716 ··tags:
48717 ··-·CCE-80800-648717 ··-·CCE-80800-6
48718 ··-·CJIS-5.5.2.248718 ··-·CJIS-5.5.2.2
48719 ··-·NIST-800-171-3.4.548719 ··-·NIST-800-171-3.4.5
48720 ··-·NIST-800-53-AC-6(1)48720 ··-·NIST-800-53-AC-6(1)
48721 ··-·NIST-800-53-CM-6(a)48721 ··-·NIST-800-53-CM-6(a)
Offset 48729, 16 lines modifiedOffset 48729, 16 lines modified
48729 ··-·no_reboot_needed48729 ··-·no_reboot_needed
  
48730 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg48730 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
48731 ··file:48731 ··file:
48732 ····path:·/boot/grub2/grub.cfg48732 ····path:·/boot/grub2/grub.cfg
48733 ····group:·'0'48733 ····group:·'0'
48734 ··when:48734 ··when:
48735 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48736 ··-·'"grub2-common"·in·ansible_facts.packages'48735 ··-·'"grub2-common"·in·ansible_facts.packages'
 48736 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48737 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48737 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48738 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48738 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48739 ··tags:48739 ··tags:
48740 ··-·CCE-80800-648740 ··-·CCE-80800-6
48741 ··-·CJIS-5.5.2.248741 ··-·CJIS-5.5.2.2
48742 ··-·NIST-800-171-3.4.548742 ··-·NIST-800-171-3.4.5
48743 ··-·NIST-800-53-AC-6(1)48743 ··-·NIST-800-53-AC-6(1)
Offset 48751, 15 lines modifiedOffset 48751, 15 lines modified
48751 ··-·medium_severity48751 ··-·medium_severity
48752 ··-·no_reboot_needed48752 ··-·no_reboot_needed
48753 Remediation_Shell_script_⇲48753 Remediation_Shell_script_⇲
48754 Complexity:·low48754 Complexity:·low
48755 Disruption:·low48755 Disruption:·low
48756 Strategy:···configure48756 Strategy:···configure
48757 #·Remediation·is·applicable·only·in·certain·platforms48757 #·Remediation·is·applicable·only·in·certain·platforms
48758 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48758 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48759 chgrp·0·/boot/grub2/grub.cfg48759 chgrp·0·/boot/grub2/grub.cfg
  
48760 else48760 else
48761 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48761 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48762 fi48762 fi
48763 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***48763 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 48792, 16 lines modifiedOffset 48792, 16 lines modified
48792 ··-·no_reboot_needed48792 ··-·no_reboot_needed
  
48793 -·name:·Test·for·existence·/boot/grub2/grub.cfg48793 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48794 ··stat:48794 ··stat:
48795 ····path:·/boot/grub2/grub.cfg48795 ····path:·/boot/grub2/grub.cfg
48796 ··register:·file_exists48796 ··register:·file_exists
48797 ··when:48797 ··when:
48798 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48799 ··-·'"grub2-common"·in·ansible_facts.packages'48798 ··-·'"grub2-common"·in·ansible_facts.packages'
 48799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48800 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48800 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48801 ··tags:48801 ··tags:
48802 ··-·CCE-80805-548802 ··-·CCE-80805-5
48803 ··-·CJIS-5.5.2.248803 ··-·CJIS-5.5.2.2
48804 ··-·NIST-800-171-3.4.548804 ··-·NIST-800-171-3.4.5
48805 ··-·NIST-800-53-AC-6(1)48805 ··-·NIST-800-53-AC-6(1)
48806 ··-·NIST-800-53-CM-6(a)48806 ··-·NIST-800-53-CM-6(a)
Offset 48814, 16 lines modifiedOffset 48814, 16 lines modified
48814 ··-·no_reboot_needed48814 ··-·no_reboot_needed
  
48815 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg48815 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
48816 ··file:48816 ··file:
48817 ····path:·/boot/grub2/grub.cfg48817 ····path:·/boot/grub2/grub.cfg
48818 ····owner:·'0'48818 ····owner:·'0'
48819 ··when:48819 ··when:
48820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48821 ··-·'"grub2-common"·in·ansible_facts.packages'48820 ··-·'"grub2-common"·in·ansible_facts.packages'
 48821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48824 ··tags:48824 ··tags:
48825 ··-·CCE-80805-548825 ··-·CCE-80805-5
48826 ··-·CJIS-5.5.2.248826 ··-·CJIS-5.5.2.2
48827 ··-·NIST-800-171-3.4.548827 ··-·NIST-800-171-3.4.5
48828 ··-·NIST-800-53-AC-6(1)48828 ··-·NIST-800-53-AC-6(1)
Offset 48836, 15 lines modifiedOffset 48836, 15 lines modified
48836 ··-·medium_severity48836 ··-·medium_severity
48837 ··-·no_reboot_needed48837 ··-·no_reboot_needed
48838 Remediation_Shell_script_⇲48838 Remediation_Shell_script_⇲
48839 Complexity:·low48839 Complexity:·low
48840 Disruption:·low48840 Disruption:·low
48841 Strategy:···configure48841 Strategy:···configure
48842 #·Remediation·is·applicable·only·in·certain·platforms48842 #·Remediation·is·applicable·only·in·certain·platforms
48843 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48843 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48844 chown·0·/boot/grub2/grub.cfg48844 chown·0·/boot/grub2/grub.cfg
  
48845 else48845 else
48846 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48846 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48847 fi48847 fi
48848 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***48848 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-pci-dss.html
    
Offset 196419, 22 lines modifiedOffset 196419, 22 lines modified
002ff420:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e002ff420:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
002ff430:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g002ff430:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
002ff440:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··002ff440:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
002ff450:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·002ff450:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
002ff460:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub002ff460:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
002ff470:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:002ff470:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
002ff480:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w002ff480:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
002ff490:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002ff490:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002ff4a0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
002ff4b0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002ff4c0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002ff4d0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002ff4e0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002ff4f0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002ff500:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002ff4a0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002ff4b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002ff4c0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002ff4d0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 002ff4e0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002ff4f0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002ff500:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002ff510:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002ff510:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002ff520:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002ff520:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002ff530:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002ff530:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002ff540:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002ff540:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002ff550:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002ff550:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002ff560:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··002ff560:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
002ff570:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··002ff570:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··
Offset 196456, 22 lines modifiedOffset 196456, 22 lines modified
002ff670:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr002ff670:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
002ff680:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/002ff680:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
002ff690:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.002ff690:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
002ff6a0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····002ff6a0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
002ff6b0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub002ff6b0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
002ff6c0:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g002ff6c0:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
002ff6d0:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when002ff6d0:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
002ff6e0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002ff6f0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002ff700:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002ff710:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002ff720:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002ff730:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
002ff740:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
002ff750:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans002ff6e0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 002ff6f0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 002ff700:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 002ff710:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002ff720:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 002ff730:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 002ff740:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 002ff750:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
002ff760:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat002ff760:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
002ff770:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·002ff770:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
002ff780:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"002ff780:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
002ff790:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod002ff790:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
002ff7a0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container002ff7a0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
002ff7b0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis002ff7b0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
002ff7c0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin002ff7c0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 196522, 19 lines modifiedOffset 196522, 19 lines modified
002ffa90:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str002ffa90:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
002ffaa0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c002ffaa0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
002ffab0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t002ffab0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
002ffac0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><002ffac0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
002ffad0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati002ffad0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
002ffae0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable002ffae0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
002ffaf0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain002ffaf0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
002ffb00:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·002ffb00:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
002ffb10:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
002ffb20:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
002ffb30:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
002ffb40:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·002ffb10:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 002ffb20:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 002ffb30:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 002ffb40:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
002ffb50:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!002ffb50:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
002ffb60:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·002ffb60:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
002ffb70:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!002ffb70:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
002ffb80:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai002ffb80:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
002ffb90:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the002ffb90:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
002ffba0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot002ffba0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
002ffbb0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002ffbb0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 197032, 22 lines modifiedOffset 197032, 22 lines modified
00301a70:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·00301a70:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
00301a80:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/00301a80:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
00301a90:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·00301a90:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
00301aa0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:00301aa0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
00301ab0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00301ab0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00301ac0:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register00301ac0:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
00301ad0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··00301ad0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
00301ae0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo00301ae0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
00301af0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
00301b00:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
00301b10:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
00301b20:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00301b30:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00301b40:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00301b50:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00301af0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00301b00:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00301b10:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00301b20:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00301b30:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00301b40:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00301b50:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
00301b60:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00301b60:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
00301b70:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not00301b70:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
00301b80:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"00301b80:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
00301b90:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·00301b90:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
00301ba0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00301ba0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00301bb0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·00301bb0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00301bc0:·202d·2043·4345·2d38·3038·3035·2d35·0a20···-·CCE-80805-5.·00301bc0:·202d·2043·4345·2d38·3038·3035·2d35·0a20···-·CCE-80805-5.·
Offset 197068, 22 lines modifiedOffset 197068, 22 lines modified
00301cb0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam00301cb0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
00301cc0:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·00301cc0:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
00301cd0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub200301cd0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
00301ce0:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file00301ce0:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
00301cf0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo00301cf0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
00301d00:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00301d00:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00301d10:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.00301d10:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.
00301d20:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b00301d20:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
00301d30:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
00301d40:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
00301d50:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
00301d60:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
00301d70:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
00301d80:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
00301d90:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·00301d30:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 00301d40:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.58 KB
html2text {}
    
Offset 45124, 16 lines modifiedOffset 45124, 16 lines modified
45124 ··-·no_reboot_needed45124 ··-·no_reboot_needed
  
45125 -·name:·Test·for·existence·/boot/grub2/grub.cfg45125 -·name:·Test·for·existence·/boot/grub2/grub.cfg
45126 ··stat:45126 ··stat:
45127 ····path:·/boot/grub2/grub.cfg45127 ····path:·/boot/grub2/grub.cfg
45128 ··register:·file_exists45128 ··register:·file_exists
45129 ··when:45129 ··when:
45130 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
45131 ··-·'"grub2-common"·in·ansible_facts.packages'45130 ··-·'"grub2-common"·in·ansible_facts.packages'
 45131 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
45132 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]45132 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
45133 ··tags:45133 ··tags:
45134 ··-·CCE-80800-645134 ··-·CCE-80800-6
45135 ··-·CJIS-5.5.2.245135 ··-·CJIS-5.5.2.2
45136 ··-·NIST-800-171-3.4.545136 ··-·NIST-800-171-3.4.5
45137 ··-·NIST-800-53-AC-6(1)45137 ··-·NIST-800-53-AC-6(1)
45138 ··-·NIST-800-53-CM-6(a)45138 ··-·NIST-800-53-CM-6(a)
Offset 45146, 16 lines modifiedOffset 45146, 16 lines modified
45146 ··-·no_reboot_needed45146 ··-·no_reboot_needed
  
45147 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg45147 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
45148 ··file:45148 ··file:
45149 ····path:·/boot/grub2/grub.cfg45149 ····path:·/boot/grub2/grub.cfg
45150 ····group:·'0'45150 ····group:·'0'
45151 ··when:45151 ··when:
45152 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
45153 ··-·'"grub2-common"·in·ansible_facts.packages'45152 ··-·'"grub2-common"·in·ansible_facts.packages'
 45153 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
45154 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]45154 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
45155 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists45155 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
45156 ··tags:45156 ··tags:
45157 ··-·CCE-80800-645157 ··-·CCE-80800-6
45158 ··-·CJIS-5.5.2.245158 ··-·CJIS-5.5.2.2
45159 ··-·NIST-800-171-3.4.545159 ··-·NIST-800-171-3.4.5
45160 ··-·NIST-800-53-AC-6(1)45160 ··-·NIST-800-53-AC-6(1)
Offset 45168, 15 lines modifiedOffset 45168, 15 lines modified
45168 ··-·medium_severity45168 ··-·medium_severity
45169 ··-·no_reboot_needed45169 ··-·no_reboot_needed
45170 Remediation_Shell_script_⇲45170 Remediation_Shell_script_⇲
45171 Complexity:·low45171 Complexity:·low
45172 Disruption:·low45172 Disruption:·low
45173 Strategy:···configure45173 Strategy:···configure
45174 #·Remediation·is·applicable·only·in·certain·platforms45174 #·Remediation·is·applicable·only·in·certain·platforms
45175 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then45175 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
45176 chgrp·0·/boot/grub2/grub.cfg45176 chgrp·0·/boot/grub2/grub.cfg
  
45177 else45177 else
45178 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'45178 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
45179 fi45179 fi
45180 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***45180 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 45209, 16 lines modifiedOffset 45209, 16 lines modified
45209 ··-·no_reboot_needed45209 ··-·no_reboot_needed
  
45210 -·name:·Test·for·existence·/boot/grub2/grub.cfg45210 -·name:·Test·for·existence·/boot/grub2/grub.cfg
45211 ··stat:45211 ··stat:
45212 ····path:·/boot/grub2/grub.cfg45212 ····path:·/boot/grub2/grub.cfg
45213 ··register:·file_exists45213 ··register:·file_exists
45214 ··when:45214 ··when:
45215 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
45216 ··-·'"grub2-common"·in·ansible_facts.packages'45215 ··-·'"grub2-common"·in·ansible_facts.packages'
 45216 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
45217 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]45217 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
45218 ··tags:45218 ··tags:
45219 ··-·CCE-80805-545219 ··-·CCE-80805-5
45220 ··-·CJIS-5.5.2.245220 ··-·CJIS-5.5.2.2
45221 ··-·NIST-800-171-3.4.545221 ··-·NIST-800-171-3.4.5
45222 ··-·NIST-800-53-AC-6(1)45222 ··-·NIST-800-53-AC-6(1)
45223 ··-·NIST-800-53-CM-6(a)45223 ··-·NIST-800-53-CM-6(a)
Offset 45231, 16 lines modifiedOffset 45231, 16 lines modified
45231 ··-·no_reboot_needed45231 ··-·no_reboot_needed
  
45232 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg45232 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
45233 ··file:45233 ··file:
45234 ····path:·/boot/grub2/grub.cfg45234 ····path:·/boot/grub2/grub.cfg
45235 ····owner:·'0'45235 ····owner:·'0'
45236 ··when:45236 ··when:
45237 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
45238 ··-·'"grub2-common"·in·ansible_facts.packages'45237 ··-·'"grub2-common"·in·ansible_facts.packages'
 45238 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
45239 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]45239 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
45240 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists45240 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
45241 ··tags:45241 ··tags:
45242 ··-·CCE-80805-545242 ··-·CCE-80805-5
45243 ··-·CJIS-5.5.2.245243 ··-·CJIS-5.5.2.2
45244 ··-·NIST-800-171-3.4.545244 ··-·NIST-800-171-3.4.5
45245 ··-·NIST-800-53-AC-6(1)45245 ··-·NIST-800-53-AC-6(1)
Offset 45253, 15 lines modifiedOffset 45253, 15 lines modified
45253 ··-·medium_severity45253 ··-·medium_severity
45254 ··-·no_reboot_needed45254 ··-·no_reboot_needed
45255 Remediation_Shell_script_⇲45255 Remediation_Shell_script_⇲
45256 Complexity:·low45256 Complexity:·low
45257 Disruption:·low45257 Disruption:·low
45258 Strategy:···configure45258 Strategy:···configure
45259 #·Remediation·is·applicable·only·in·certain·platforms45259 #·Remediation·is·applicable·only·in·certain·platforms
45260 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then45260 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
45261 chown·0·/boot/grub2/grub.cfg45261 chown·0·/boot/grub2/grub.cfg
  
45262 else45262 else
45263 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'45263 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
45264 fi45264 fi
45265 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules45265 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules
22.4 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-rht-ccp.html
    
Offset 45735, 22 lines modifiedOffset 45735, 22 lines modified
000b2a60:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc000b2a60:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
000b2a70:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr000b2a70:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
000b2a80:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·000b2a80:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
000b2a90:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000b2a90:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000b2aa0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000b2aa0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000b2ab0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000b2ab0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000b2ac0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000b2ac0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000b2ad0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
000b2ae0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
000b2af0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000b2b00:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000b2b10:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000b2b20:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
000b2b30:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000b2ad0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 000b2ae0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000b2af0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000b2b00:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 000b2b10:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 000b2b20:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000b2b30:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000b2b40:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000b2b40:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000b2b50:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000b2b50:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000b2b60:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000b2b60:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000b2b70:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000b2b70:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000b2b80:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000b2b80:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000b2b90:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000b2b90:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000b2ba0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8000b2ba0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
000b2bb0:·3038·3030·2d36·0a20·202d·2043·4a49·532d··0800-6.··-·CJIS-000b2bb0:·3038·3030·2d36·0a20·202d·2043·4a49·532d··0800-6.··-·CJIS-
Offset 45772, 21 lines modifiedOffset 45772, 21 lines modified
000b2cb0:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own000b2cb0:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
000b2cc0:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr000b2cc0:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
000b2cd0:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f000b2cd0:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
000b2ce0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000b2ce0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000b2cf0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000b2cf0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000b2d00:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'000b2d00:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
000b2d10:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'000b2d10:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
000b2d20:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000b2d30:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000b2d40:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000b2d50:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000b2d60:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
000b2d70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000b2d80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000b2d20:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000b2d30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000b2d40:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000b2d50:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000b2d60:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000b2d70:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000b2d80:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000b2d90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000b2d90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000b2da0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000b2da0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000b2db0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000b2db0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000b2dc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000b2dc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000b2dd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000b2dd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000b2de0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·000b2de0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000b2df0:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat000b2df0:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 45838, 19 lines modifiedOffset 45838, 19 lines modified
000b30d0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000b30d0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000b30e0:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur000b30e0:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
000b30f0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab000b30f0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
000b3100:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·000b3100:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
000b3110:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000b3110:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000b3120:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000b3120:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000b3130:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000b3130:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
000b3140:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s 
000b3150:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi· 
000b3160:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
000b3170:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
000b3180:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a000b3140:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 000b3150:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
 000b3160:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 000b3170:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 000b3180:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
000b3190:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d000b3190:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
000b31a0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;000b31a0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
000b31b0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru000b31b0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
000b31c0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·000b31c0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
000b31d0:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr000b31d0:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
000b31e0:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/000b31e0:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
000b31f0:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·000b31f0:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·
Offset 46348, 22 lines modifiedOffset 46348, 22 lines modified
000b50b0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen000b50b0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
000b50c0:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g000b50c0:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g
000b50d0:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.000b50d0:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
000b50e0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000b50e0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000b50f0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000b50f0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000b5100:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_000b5100:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
000b5110:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·000b5110:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
000b5120:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000b5130:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000b5140:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000b5150:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000b5160:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000b5170:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000b5180:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000b5120:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000b5130:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000b5140:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000b5150:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000b5160:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 000b5170:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 000b5180:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
000b5190:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl000b5190:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
000b51a0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization000b51a0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
000b51b0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d000b51b0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
000b51c0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"000b51c0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
000b51d0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman000b51d0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
000b51e0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000b51e0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000b51f0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-000b51f0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
000b5200:·3830·3830·352d·350a·2020·2d20·434a·4953··80805-5.··-·CJIS000b5200:·3830·3830·352d·350a·2020·2d20·434a·4953··80805-5.··-·CJIS
Offset 46384, 22 lines modifiedOffset 46384, 22 lines modified
000b52f0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000b52f0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000b5300:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b000b5300:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b
000b5310:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c000b5310:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
000b5320:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000b5320:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000b5330:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000b5330:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000b5340:·2f67·7275·622e·6366·670a·2020·2020·6f77··/grub.cfg.····ow000b5340:·2f67·7275·622e·6366·670a·2020·2020·6f77··/grub.cfg.····ow
000b5350:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:000b5350:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:
000b5360:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000b5370:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000b5380:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000b5390:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000b53a0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000b53b0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in· 
000b53c0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000b5360:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
 000b5370:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
 000b5380:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000b5390:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
Max diff block lines reached; 7832/17346 bytes (45.15%) of diff not shown.
5.4 KB
html2text {}
    
Offset 4897, 16 lines modifiedOffset 4897, 16 lines modified
4897 ··-·no_reboot_needed4897 ··-·no_reboot_needed
  
4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4899 ··stat:4899 ··stat:
4900 ····path:·/boot/grub2/grub.cfg4900 ····path:·/boot/grub2/grub.cfg
4901 ··register:·file_exists4901 ··register:·file_exists
4902 ··when:4902 ··when:
4903 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4904 ··-·'"grub2-common"·in·ansible_facts.packages'4903 ··-·'"grub2-common"·in·ansible_facts.packages'
 4904 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4906 ··tags:4906 ··tags:
4907 ··-·CCE-80800-64907 ··-·CCE-80800-6
4908 ··-·CJIS-5.5.2.24908 ··-·CJIS-5.5.2.2
4909 ··-·NIST-800-171-3.4.54909 ··-·NIST-800-171-3.4.5
4910 ··-·NIST-800-53-AC-6(1)4910 ··-·NIST-800-53-AC-6(1)
4911 ··-·NIST-800-53-CM-6(a)4911 ··-·NIST-800-53-CM-6(a)
Offset 4919, 16 lines modifiedOffset 4919, 16 lines modified
4919 ··-·no_reboot_needed4919 ··-·no_reboot_needed
  
4920 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4920 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4921 ··file:4921 ··file:
4922 ····path:·/boot/grub2/grub.cfg4922 ····path:·/boot/grub2/grub.cfg
4923 ····group:·'0'4923 ····group:·'0'
4924 ··when:4924 ··when:
4925 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4926 ··-·'"grub2-common"·in·ansible_facts.packages'4925 ··-·'"grub2-common"·in·ansible_facts.packages'
 4926 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4927 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4927 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4928 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4928 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4929 ··tags:4929 ··tags:
4930 ··-·CCE-80800-64930 ··-·CCE-80800-6
4931 ··-·CJIS-5.5.2.24931 ··-·CJIS-5.5.2.2
4932 ··-·NIST-800-171-3.4.54932 ··-·NIST-800-171-3.4.5
4933 ··-·NIST-800-53-AC-6(1)4933 ··-·NIST-800-53-AC-6(1)
Offset 4941, 15 lines modifiedOffset 4941, 15 lines modified
4941 ··-·medium_severity4941 ··-·medium_severity
4942 ··-·no_reboot_needed4942 ··-·no_reboot_needed
4943 Remediation_Shell_script_⇲4943 Remediation_Shell_script_⇲
4944 Complexity:·low4944 Complexity:·low
4945 Disruption:·low4945 Disruption:·low
4946 Strategy:···configure4946 Strategy:···configure
4947 #·Remediation·is·applicable·only·in·certain·platforms4947 #·Remediation·is·applicable·only·in·certain·platforms
4948 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4948 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4949 chgrp·0·/boot/grub2/grub.cfg4949 chgrp·0·/boot/grub2/grub.cfg
  
4950 else4950 else
4951 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4951 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4952 fi4952 fi
4953 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***4953 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 4982, 16 lines modifiedOffset 4982, 16 lines modified
4982 ··-·no_reboot_needed4982 ··-·no_reboot_needed
  
4983 -·name:·Test·for·existence·/boot/grub2/grub.cfg4983 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4984 ··stat:4984 ··stat:
4985 ····path:·/boot/grub2/grub.cfg4985 ····path:·/boot/grub2/grub.cfg
4986 ··register:·file_exists4986 ··register:·file_exists
4987 ··when:4987 ··when:
4988 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4989 ··-·'"grub2-common"·in·ansible_facts.packages'4988 ··-·'"grub2-common"·in·ansible_facts.packages'
 4989 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4990 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4990 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4991 ··tags:4991 ··tags:
4992 ··-·CCE-80805-54992 ··-·CCE-80805-5
4993 ··-·CJIS-5.5.2.24993 ··-·CJIS-5.5.2.2
4994 ··-·NIST-800-171-3.4.54994 ··-·NIST-800-171-3.4.5
4995 ··-·NIST-800-53-AC-6(1)4995 ··-·NIST-800-53-AC-6(1)
4996 ··-·NIST-800-53-CM-6(a)4996 ··-·NIST-800-53-CM-6(a)
Offset 5004, 16 lines modifiedOffset 5004, 16 lines modified
5004 ··-·no_reboot_needed5004 ··-·no_reboot_needed
  
5005 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5005 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5006 ··file:5006 ··file:
5007 ····path:·/boot/grub2/grub.cfg5007 ····path:·/boot/grub2/grub.cfg
5008 ····owner:·'0'5008 ····owner:·'0'
5009 ··when:5009 ··when:
5010 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5011 ··-·'"grub2-common"·in·ansible_facts.packages'5010 ··-·'"grub2-common"·in·ansible_facts.packages'
 5011 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5012 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5012 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5013 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5013 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5014 ··tags:5014 ··tags:
5015 ··-·CCE-80805-55015 ··-·CCE-80805-5
5016 ··-·CJIS-5.5.2.25016 ··-·CJIS-5.5.2.2
5017 ··-·NIST-800-171-3.4.55017 ··-·NIST-800-171-3.4.5
5018 ··-·NIST-800-53-AC-6(1)5018 ··-·NIST-800-53-AC-6(1)
Offset 5026, 15 lines modifiedOffset 5026, 15 lines modified
5026 ··-·medium_severity5026 ··-·medium_severity
5027 ··-·no_reboot_needed5027 ··-·no_reboot_needed
5028 Remediation_Shell_script_⇲5028 Remediation_Shell_script_⇲
5029 Complexity:·low5029 Complexity:·low
5030 Disruption:·low5030 Disruption:·low
5031 Strategy:···configure5031 Strategy:···configure
5032 #·Remediation·is·applicable·only·in·certain·platforms5032 #·Remediation·is·applicable·only·in·certain·platforms
5033 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then5033 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
5034 chown·0·/boot/grub2/grub.cfg5034 chown·0·/boot/grub2/grub.cfg
  
5035 else5035 else
5036 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5036 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5037 fi5037 fi
5038 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***5038 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***
Offset 5065, 16 lines modifiedOffset 5065, 16 lines modified
5065 ··-·no_reboot_needed5065 ··-·no_reboot_needed
  
5066 -·name:·Test·for·existence·/boot/grub2/grub.cfg5066 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5067 ··stat:5067 ··stat:
5068 ····path:·/boot/grub2/grub.cfg5068 ····path:·/boot/grub2/grub.cfg
5069 ··register:·file_exists5069 ··register:·file_exists
5070 ··when:5070 ··when:
5071 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5072 ··-·'"grub2-common"·in·ansible_facts.packages'5071 ··-·'"grub2-common"·in·ansible_facts.packages'
 5072 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5073 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5073 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5074 ··tags:5074 ··tags:
5075 ··-·CCE-80814-75075 ··-·CCE-80814-7
5076 ··-·NIST-800-171-3.4.55076 ··-·NIST-800-171-3.4.5
5077 ··-·NIST-800-53-AC-6(1)5077 ··-·NIST-800-53-AC-6(1)
5078 ··-·NIST-800-53-CM-6(a)5078 ··-·NIST-800-53-CM-6(a)
5079 ··-·configure_strategy5079 ··-·configure_strategy
Offset 5085, 16 lines modifiedOffset 5085, 16 lines modified
5085 ··-·no_reboot_needed5085 ··-·no_reboot_needed
  
5086 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5086 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5087 ··file:5087 ··file:
5088 ····path:·/boot/grub2/grub.cfg5088 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1101/5502 bytes (20.01%) of diff not shown.
5.37 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-stig.html
    
Offset 364514, 23 lines modifiedOffset 364514, 23 lines modified
0058fe10:·6e74·5f72·6573·7472·6963·7469·6f6e·735c··nt_restrictions\0058fe10:·6e74·5f72·6573·7472·6963·7469·6f6e·735c··nt_restrictions\
0058fe20:·732a·3d5c·732a·0a20·2020·2020·206c·696e··s*=\s*.······lin0058fe20:·732a·3d5c·732a·0a20·2020·2020·206c·696e··s*=\s*.······lin
0058fe30:·653a·2073·6d74·7064·5f63·6c69·656e·745f··e:·smtpd_client_0058fe30:·653a·2073·6d74·7064·5f63·6c69·656e·745f··e:·smtpd_client_
0058fe40:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p0058fe40:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p
0058fe50:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks0058fe50:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks
0058fe60:·2c72·656a·6563·740a·2020·2020·2020·7374··,reject.······st0058fe60:·2c72·656a·6563·740a·2020·2020·2020·7374··,reject.······st
0058fe70:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w0058fe70:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w
0058fe80:·6865·6e3a·0a20·202d·2027·2270·6f73·7466··hen:.··-·'"postf0058fe80:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
0058fe90:·6978·2220·696e·2061·6e73·6962·6c65·5f66··ix"·in·ansible_f 
0058fea0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
0058feb0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
0058fec0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
0058fed0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
0058fee0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
0058fef0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
0058ff00:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:0058fe90:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 0058fea0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 0058feb0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 0058fec0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 0058fed0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 0058fee0:·202d·2027·2270·6f73·7466·6978·2220·696e···-·'"postfix"·in
 0058fef0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0058ff00:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:
0058ff10:·0a20·202d·2043·4345·2d38·3430·3534·2d36··.··-·CCE-84054-60058ff10:·0a20·202d·2043·4345·2d38·3430·3534·2d36··.··-·CCE-84054-6
0058ff20:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R0058ff20:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
0058ff30:·4845·4c2d·3038·2d30·3430·3239·300a·2020··HEL-08-040290.··0058ff30:·4845·4c2d·3038·2d30·3430·3239·300a·2020··HEL-08-040290.··
0058ff40:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity0058ff40:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity
0058ff50:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt0058ff50:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt
0058ff60:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s0058ff60:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s
0058ff70:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r0058ff70:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r
Offset 364555, 21 lines modifiedOffset 364555, 21 lines modified
005900a0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan005900a0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
005900b0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll005900b0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
005900c0:·6170·7365·2220·6964·3d22·6964·6d37·3430··apse"·id="idm740005900c0:·6170·7365·2220·6964·3d22·6964·6d37·3430··apse"·id="idm740
005900d0:·3834·223e·3c70·7265·3e3c·636f·6465·3e23··84"><pre><code>#005900d0:·3834·223e·3c70·7265·3e3c·636f·6465·3e23··84"><pre><code>#
005900e0:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·005900e0:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
005900f0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·005900f0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
00590100:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf00590100:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
00590110:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu00590110:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/
00590120:·6965·7420·2d71·2070·6f73·7466·6978·2026··iet·-q·postfix·& 
00590130:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f 
00590140:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&00590120:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
00590150:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f00590130:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
00590160:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container00590140:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
 00590150:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r
 00590160:·706d·202d·2d71·7569·6574·202d·7120·706f··pm·--quiet·-q·po
00590170:·656e·7620·5d3b·2074·6865·6e0a·0a69·6620··env·];·then..if·00590170:·7374·6669·783b·2074·6865·6e0a·0a69·6620··stfix;·then..if·
00590180:·2120·6772·6570·202d·7120·5e73·6d74·7064··!·grep·-q·^smtpd00590180:·2120·6772·6570·202d·7120·5e73·6d74·7064··!·grep·-q·^smtpd
00590190:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict00590190:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict
005901a0:·696f·6e73·202f·6574·632f·706f·7374·6669··ions·/etc/postfi005901a0:·696f·6e73·202f·6574·632f·706f·7374·6669··ions·/etc/postfi
005901b0:·782f·6d61·696e·2e63·663b·2074·6865·6e0a··x/main.cf;·then.005901b0:·782f·6d61·696e·2e63·663b·2074·6865·6e0a··x/main.cf;·then.
005901c0:·0965·6368·6f20·2273·6d74·7064·5f63·6c69··.echo·"smtpd_cli005901c0:·0965·6368·6f20·2273·6d74·7064·5f63·6c69··.echo·"smtpd_cli
005901d0:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions005901d0:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions
005901e0:·203d·2070·6572·6d69·745f·6d79·6e65·7477···=·permit_mynetw005901e0:·203d·2070·6572·6d69·745f·6d79·6e65·7477···=·permit_mynetw
1.17 KB
html2text {}
    
Offset 75963, 28 lines modifiedOffset 75963, 28 lines modified
75963 ····lineinfile:75963 ····lineinfile:
75964 ······path:·/etc/postfix/main.cf75964 ······path:·/etc/postfix/main.cf
75965 ······create:·true75965 ······create:·true
75966 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*75966 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
75967 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject75967 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
75968 ······state:·present75968 ······state:·present
75969 ··when:75969 ··when:
75970 ··-·'"postfix"·in·ansible_facts.packages' 
75971 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]75970 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 75971 ··-·'"postfix"·in·ansible_facts.packages'
75972 ··tags:75972 ··tags:
75973 ··-·CCE-84054-675973 ··-·CCE-84054-6
75974 ··-·DISA-STIG-RHEL-08-04029075974 ··-·DISA-STIG-RHEL-08-040290
75975 ··-·low_complexity75975 ··-·low_complexity
75976 ··-·low_disruption75976 ··-·low_disruption
75977 ··-·medium_severity75977 ··-·medium_severity
75978 ··-·no_reboot_needed75978 ··-·no_reboot_needed
75979 ··-·postfix_prevent_unrestricted_relay75979 ··-·postfix_prevent_unrestricted_relay
75980 ··-·restrict_strategy75980 ··-·restrict_strategy
75981 Remediation_Shell_script_⇲75981 Remediation_Shell_script_⇲
75982 #·Remediation·is·applicable·only·in·certain·platforms75982 #·Remediation·is·applicable·only·in·certain·platforms
75983 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then75983 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
75984 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then75984 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
75985 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf75985 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
75986 else75986 else
75987 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf75987 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
75988 fi75988 fi
  
5.25 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-stig_gui.html
    
Offset 364186, 23 lines modifiedOffset 364186, 23 lines modified
0058e990:·7269·6374·696f·6e73·5c73·2a3d·5c73·2a0a··rictions\s*=\s*.0058e990:·7269·6374·696f·6e73·5c73·2a3d·5c73·2a0a··rictions\s*=\s*.
0058e9a0:·2020·2020·2020·6c69·6e65·3a20·736d·7470········line:·smtp0058e9a0:·2020·2020·2020·6c69·6e65·3a20·736d·7470········line:·smtp
0058e9b0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric0058e9b0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
0058e9c0:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m0058e9c0:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m
0058e9d0:·796e·6574·776f·726b·732c·7265·6a65·6374··ynetworks,reject0058e9d0:·796e·6574·776f·726b·732c·7265·6a65·6374··ynetworks,reject
0058e9e0:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr0058e9e0:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
0058e9f0:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··0058e9f0:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··
0058ea00:·2d20·2722·706f·7374·6669·7822·2069·6e20··-·'"postfix"·in· 
0058ea10:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
0058ea20:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
0058ea30:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
0058ea40:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
0058ea50:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
0058ea60:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
0058ea70:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"0058ea00:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0058ea10:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0058ea20:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0058ea30:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0058ea40:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 0058ea50:·6169·6e65·7222·5d0a·2020·2d20·2722·706f··ainer"].··-·'"po
 0058ea60:·7374·6669·7822·2069·6e20·616e·7369·626c··stfix"·in·ansibl
 0058ea70:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
0058ea80:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC0058ea80:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC
0058ea90:·452d·3834·3035·342d·360a·2020·2d20·4449··E-84054-6.··-·DI0058ea90:·452d·3834·3035·342d·360a·2020·2d20·4449··E-84054-6.··-·DI
0058eaa0:·5341·2d53·5449·472d·5248·454c·2d30·382d··SA-STIG-RHEL-08-0058eaa0:·5341·2d53·5449·472d·5248·454c·2d30·382d··SA-STIG-RHEL-08-
0058eab0:·3034·3032·3930·0a20·202d·206c·6f77·5f63··040290.··-·low_c0058eab0:·3034·3032·3930·0a20·202d·206c·6f77·5f63··040290.··-·low_c
0058eac0:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo0058eac0:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo
0058ead0:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-0058ead0:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-
0058eae0:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity0058eae0:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity
0058eaf0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0058eaf0:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n
Offset 364227, 20 lines modifiedOffset 364227, 20 lines modified
0058ec20:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0058ec20:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0058ec30:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0058ec30:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0058ec40:·643d·2269·646d·3734·3038·3422·3e3c·7072··d="idm74084"><pr0058ec40:·643d·2269·646d·3734·3038·3422·3e3c·7072··d="idm74084"><pr
0058ec50:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi0058ec50:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0058ec60:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica0058ec60:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0058ec70:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert0058ec70:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0058ec80:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if0058ec80:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0058ec90:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
0058eca0:·706f·7374·6669·7820·2661·6d70·3b26·616d··postfix·&amp;&am 
0058ecb0:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock0058ec90:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
0058ecc0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am0058eca0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
0058ecd0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.0058ecb0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
0058ece0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·0058ecc0:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am
 0058ecd0:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu
 0058ece0:·6965·7420·2d71·2070·6f73·7466·6978·3b20··iet·-q·postfix;·
0058ecf0:·7468·656e·0a0a·6966·2021·2067·7265·7020··then..if·!·grep·0058ecf0:·7468·656e·0a0a·6966·2021·2067·7265·7020··then..if·!·grep·
0058ed00:·2d71·205e·736d·7470·645f·636c·6965·6e74··-q·^smtpd_client0058ed00:·2d71·205e·736d·7470·645f·636c·6965·6e74··-q·^smtpd_client
0058ed10:·5f72·6573·7472·6963·7469·6f6e·7320·2f65··_restrictions·/e0058ed10:·5f72·6573·7472·6963·7469·6f6e·7320·2f65··_restrictions·/e
0058ed20:·7463·2f70·6f73·7466·6978·2f6d·6169·6e2e··tc/postfix/main.0058ed20:·7463·2f70·6f73·7466·6978·2f6d·6169·6e2e··tc/postfix/main.
0058ed30:·6366·3b20·7468·656e·0a09·6563·686f·2022··cf;·then..echo·"0058ed30:·6366·3b20·7468·656e·0a09·6563·686f·2022··cf;·then..echo·"
0058ed40:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res0058ed40:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res
0058ed50:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm0058ed50:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm
1.17 KB
html2text {}
    
Offset 75910, 28 lines modifiedOffset 75910, 28 lines modified
75910 ····lineinfile:75910 ····lineinfile:
75911 ······path:·/etc/postfix/main.cf75911 ······path:·/etc/postfix/main.cf
75912 ······create:·true75912 ······create:·true
75913 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*75913 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
75914 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject75914 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
75915 ······state:·present75915 ······state:·present
75916 ··when:75916 ··when:
75917 ··-·'"postfix"·in·ansible_facts.packages' 
75918 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]75917 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 75918 ··-·'"postfix"·in·ansible_facts.packages'
75919 ··tags:75919 ··tags:
75920 ··-·CCE-84054-675920 ··-·CCE-84054-6
75921 ··-·DISA-STIG-RHEL-08-04029075921 ··-·DISA-STIG-RHEL-08-040290
75922 ··-·low_complexity75922 ··-·low_complexity
75923 ··-·low_disruption75923 ··-·low_disruption
75924 ··-·medium_severity75924 ··-·medium_severity
75925 ··-·no_reboot_needed75925 ··-·no_reboot_needed
75926 ··-·postfix_prevent_unrestricted_relay75926 ··-·postfix_prevent_unrestricted_relay
75927 ··-·restrict_strategy75927 ··-·restrict_strategy
75928 Remediation_Shell_script_⇲75928 Remediation_Shell_script_⇲
75929 #·Remediation·is·applicable·only·in·certain·platforms75929 #·Remediation·is·applicable·only·in·certain·platforms
75930 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then75930 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
75931 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then75931 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
75932 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf75932 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
75933 else75933 else
75934 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf75934 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
75935 fi75935 fi
  
29.9 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis.html
    
Offset 190946, 22 lines modifiedOffset 190946, 22 lines modified
002e9e10:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002e9e10:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002e9e20:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002e9e20:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002e9e30:·322f·7573·6572·2e63·6667·0a20·2073·7461··2/user.cfg.··sta002e9e30:·322f·7573·6572·2e63·6667·0a20·2073·7461··2/user.cfg.··sta
002e9e40:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002e9e40:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002e9e50:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf002e9e50:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
002e9e60:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi002e9e60:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
002e9e70:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when002e9e70:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
 002e9e80:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
002e9e80:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002e9e90:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo 
002e9ea0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
002e9eb0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
002e9ec0:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
002e9ed0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans002e9e90:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
002e9ee0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa002e9ea0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 002e9eb0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002e9ec0:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou
 002e9ed0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 002e9ee0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
002e9ef0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible002e9ef0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
002e9f00:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002e9f00:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002e9f10:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002e9f10:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002e9f20:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002e9f20:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
002e9f30:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"002e9f30:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
002e9f40:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·002e9f40:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
002e9f50:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8002e9f50:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
002e9f60:·3630·3133·2d30·0a20·202d·2043·4a49·532d··6013-0.··-·CJIS-002e9f60:·3630·3133·2d30·0a20·202d·2043·4a49·532d··6013-0.··-·CJIS-
Offset 190983, 21 lines modifiedOffset 190983, 21 lines modified
002ea060:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·002ea060:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·
002ea070:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot002ea070:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
002ea080:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.002ea080:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
002ea090:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path002ea090:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
002ea0a0:·3a20·2f62·6f6f·742f·6772·7562·322f·7573··:·/boot/grub2/us002ea0a0:·3a20·2f62·6f6f·742f·6772·7562·322f·7573··:·/boot/grub2/us
002ea0b0:·6572·2e63·6667·0a20·2020·2067·726f·7570··er.cfg.····group002ea0b0:·6572·2e63·6667·0a20·2020·2067·726f·7570··er.cfg.····group
002ea0c0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··002ea0c0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
002ea0d0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
002ea0e0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002ea0f0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002ea100:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002ea110:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co002ea0d0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
002ea120:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible002ea0e0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
002ea130:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002ea0f0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002ea100:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 002ea110:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002ea120:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002ea130:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002ea140:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002ea140:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002ea150:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002ea150:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002ea160:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002ea160:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002ea170:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002ea170:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002ea180:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002ea180:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002ea190:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f002ea190:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
002ea1a0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·002ea1a0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 191049, 19 lines modifiedOffset 191049, 19 lines modified
002ea480:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002ea480:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002ea490:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002ea490:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002ea4a0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002ea4a0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002ea4b0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002ea4b0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002ea4c0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002ea4c0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002ea4d0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002ea4d0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002ea4e0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002ea4e0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002ea4f0:·666f·726d·730a·6966·205b·202d·6620·2f73··forms.if·[·-f·/s002ea4f0:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
002ea500:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi· 
002ea510:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
002ea520:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub002ea500:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co
002ea530:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a002ea510:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·
 002ea520:·5b20·2d66·202f·7379·732f·6669·726d·7761··[·-f·/sys/firmwa
 002ea530:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
002ea540:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d002ea540:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
002ea550:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;002ea550:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
002ea560:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru002ea560:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
002ea570:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·002ea570:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
002ea580:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr002ea580:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
002ea590:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/002ea590:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
002ea5a0:·7573·6572·2e63·6667·0a0a·656c·7365·0a20··user.cfg..else.·002ea5a0:·7573·6572·2e63·6667·0a0a·656c·7365·0a20··user.cfg..else.·
Offset 191475, 22 lines modifiedOffset 191475, 22 lines modified
002ebf20:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002ebf20:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002ebf30:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002ebf30:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002ebf40:·322f·7573·6572·2e63·6667·0a20·2073·7461··2/user.cfg.··sta002ebf40:·322f·7573·6572·2e63·6667·0a20·2073·7461··2/user.cfg.··sta
002ebf50:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002ebf50:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002ebf60:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf002ebf60:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
002ebf70:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi002ebf70:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
002ebf80:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when002ebf80:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
 002ebf90:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
002ebf90:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002ebfa0:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo 
002ebfb0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
002ebfc0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
002ebfd0:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
002ebfe0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans002ebfa0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
002ebff0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa002ebfb0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 002ebfc0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002ebfd0:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou
 002ebfe0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 002ebff0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
002ec000:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible002ec000:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
002ec010:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002ec010:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002ec020:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002ec020:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002ec030:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002ec030:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
002ec040:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"002ec040:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
002ec050:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·002ec050:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
002ec060:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8002ec060:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
002ec070:·3630·3232·2d31·0a20·202d·2043·4a49·532d··6022-1.··-·CJIS-002ec070:·3630·3232·2d31·0a20·202d·2043·4a49·532d··6022-1.··-·CJIS-
Offset 191511, 22 lines modifiedOffset 191511, 22 lines modified
002ec160:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En002ec160:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En
002ec170:·7375·7265·206f·776e·6572·2030·206f·6e20··sure·owner·0·on·002ec170:·7375·7265·206f·776e·6572·2030·206f·6e20··sure·owner·0·on·
002ec180:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002ec180:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002ec190:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···002ec190:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
002ec1a0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002ec1a0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002ec1b0:·6232·2f75·7365·722e·6366·670a·2020·2020··b2/user.cfg.····002ec1b0:·6232·2f75·7365·722e·6366·670a·2020·2020··b2/user.cfg.····
002ec1c0:·6f77·6e65·723a·2027·3027·0a20·2077·6865··owner:·'0'.··whe002ec1c0:·6f77·6e65·723a·2027·3027·0a20·2077·6865··owner:·'0'.··whe
002ec1d0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e002ec1d0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
002ec1e0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m 
002ec1f0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002ec200:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
002ec210:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
002ec220:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an002ec1e0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
002ec230:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack002ec1f0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 002ec200:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002ec210:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo
 002ec220:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 002ec230:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
002ec240:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl002ec240:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
002ec250:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization002ec250:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
002ec260:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d002ec260:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
002ec270:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"002ec270:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
002ec280:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman002ec280:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
Max diff block lines reached; 13306/23106 bytes (57.59%) of diff not shown.
7.18 KB
html2text {}
    
Offset 42285, 16 lines modifiedOffset 42285, 16 lines modified
42285 ··-·no_reboot_needed42285 ··-·no_reboot_needed
  
42286 -·name:·Test·for·existence·/boot/grub2/user.cfg42286 -·name:·Test·for·existence·/boot/grub2/user.cfg
42287 ··stat:42287 ··stat:
42288 ····path:·/boot/grub2/user.cfg42288 ····path:·/boot/grub2/user.cfg
42289 ··register:·file_exists42289 ··register:·file_exists
42290 ··when:42290 ··when:
42291 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42292 ··-·'"grub2-common"·in·ansible_facts.packages'42291 ··-·'"grub2-common"·in·ansible_facts.packages'
 42292 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42293 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42293 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42294 ··tags:42294 ··tags:
42295 ··-·CCE-86013-042295 ··-·CCE-86013-0
42296 ··-·CJIS-5.5.2.242296 ··-·CJIS-5.5.2.2
42297 ··-·NIST-800-171-3.4.542297 ··-·NIST-800-171-3.4.5
42298 ··-·NIST-800-53-AC-6(1)42298 ··-·NIST-800-53-AC-6(1)
42299 ··-·NIST-800-53-CM-6(a)42299 ··-·NIST-800-53-CM-6(a)
Offset 42307, 16 lines modifiedOffset 42307, 16 lines modified
42307 ··-·no_reboot_needed42307 ··-·no_reboot_needed
  
42308 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg42308 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
42309 ··file:42309 ··file:
42310 ····path:·/boot/grub2/user.cfg42310 ····path:·/boot/grub2/user.cfg
42311 ····group:·'0'42311 ····group:·'0'
42312 ··when:42312 ··when:
42313 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42314 ··-·'"grub2-common"·in·ansible_facts.packages'42313 ··-·'"grub2-common"·in·ansible_facts.packages'
 42314 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42315 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42315 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42316 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42316 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42317 ··tags:42317 ··tags:
42318 ··-·CCE-86013-042318 ··-·CCE-86013-0
42319 ··-·CJIS-5.5.2.242319 ··-·CJIS-5.5.2.2
42320 ··-·NIST-800-171-3.4.542320 ··-·NIST-800-171-3.4.5
42321 ··-·NIST-800-53-AC-6(1)42321 ··-·NIST-800-53-AC-6(1)
Offset 42329, 15 lines modifiedOffset 42329, 15 lines modified
42329 ··-·medium_severity42329 ··-·medium_severity
42330 ··-·no_reboot_needed42330 ··-·no_reboot_needed
42331 Remediation_Shell_script_⇲42331 Remediation_Shell_script_⇲
42332 Complexity:·low42332 Complexity:·low
42333 Disruption:·low42333 Disruption:·low
42334 Strategy:···configure42334 Strategy:···configure
42335 #·Remediation·is·applicable·only·in·certain·platforms42335 #·Remediation·is·applicable·only·in·certain·platforms
42336 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42336 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42337 chgrp·0·/boot/grub2/user.cfg42337 chgrp·0·/boot/grub2/user.cfg
  
42338 else42338 else
42339 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42339 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42340 fi42340 fi
42341 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***42341 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 42370, 16 lines modifiedOffset 42370, 16 lines modified
42370 ··-·no_reboot_needed42370 ··-·no_reboot_needed
  
42371 -·name:·Test·for·existence·/boot/grub2/user.cfg42371 -·name:·Test·for·existence·/boot/grub2/user.cfg
42372 ··stat:42372 ··stat:
42373 ····path:·/boot/grub2/user.cfg42373 ····path:·/boot/grub2/user.cfg
42374 ··register:·file_exists42374 ··register:·file_exists
42375 ··when:42375 ··when:
42376 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42377 ··-·'"grub2-common"·in·ansible_facts.packages'42376 ··-·'"grub2-common"·in·ansible_facts.packages'
 42377 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42378 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42378 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42379 ··tags:42379 ··tags:
42380 ··-·CCE-86022-142380 ··-·CCE-86022-1
42381 ··-·CJIS-5.5.2.242381 ··-·CJIS-5.5.2.2
42382 ··-·NIST-800-171-3.4.542382 ··-·NIST-800-171-3.4.5
42383 ··-·NIST-800-53-AC-6(1)42383 ··-·NIST-800-53-AC-6(1)
42384 ··-·NIST-800-53-CM-6(a)42384 ··-·NIST-800-53-CM-6(a)
Offset 42392, 16 lines modifiedOffset 42392, 16 lines modified
42392 ··-·no_reboot_needed42392 ··-·no_reboot_needed
  
42393 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg42393 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
42394 ··file:42394 ··file:
42395 ····path:·/boot/grub2/user.cfg42395 ····path:·/boot/grub2/user.cfg
42396 ····owner:·'0'42396 ····owner:·'0'
42397 ··when:42397 ··when:
42398 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42399 ··-·'"grub2-common"·in·ansible_facts.packages'42398 ··-·'"grub2-common"·in·ansible_facts.packages'
 42399 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42400 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42400 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42401 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42401 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42402 ··tags:42402 ··tags:
42403 ··-·CCE-86022-142403 ··-·CCE-86022-1
42404 ··-·CJIS-5.5.2.242404 ··-·CJIS-5.5.2.2
42405 ··-·NIST-800-171-3.4.542405 ··-·NIST-800-171-3.4.5
42406 ··-·NIST-800-53-AC-6(1)42406 ··-·NIST-800-53-AC-6(1)
Offset 42414, 15 lines modifiedOffset 42414, 15 lines modified
42414 ··-·medium_severity42414 ··-·medium_severity
42415 ··-·no_reboot_needed42415 ··-·no_reboot_needed
42416 Remediation_Shell_script_⇲42416 Remediation_Shell_script_⇲
42417 Complexity:·low42417 Complexity:·low
42418 Disruption:·low42418 Disruption:·low
42419 Strategy:···configure42419 Strategy:···configure
42420 #·Remediation·is·applicable·only·in·certain·platforms42420 #·Remediation·is·applicable·only·in·certain·platforms
42421 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42421 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42422 chown·0·/boot/grub2/user.cfg42422 chown·0·/boot/grub2/user.cfg
  
42423 else42423 else
42424 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42424 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42425 fi42425 fi
42426 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***42426 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 42453, 16 lines modifiedOffset 42453, 16 lines modified
42453 ··-·no_reboot_needed42453 ··-·no_reboot_needed
  
42454 -·name:·Test·for·existence·/boot/grub2/grub.cfg42454 -·name:·Test·for·existence·/boot/grub2/grub.cfg
42455 ··stat:42455 ··stat:
42456 ····path:·/boot/grub2/grub.cfg42456 ····path:·/boot/grub2/grub.cfg
42457 ··register:·file_exists42457 ··register:·file_exists
42458 ··when:42458 ··when:
42459 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42460 ··-·'"grub2-common"·in·ansible_facts.packages'42459 ··-·'"grub2-common"·in·ansible_facts.packages'
 42460 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42461 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42461 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42462 ··tags:42462 ··tags:
42463 ··-·CCE-85925-642463 ··-·CCE-85925-6
42464 ··-·NIST-800-171-3.4.542464 ··-·NIST-800-171-3.4.5
42465 ··-·NIST-800-53-AC-6(1)42465 ··-·NIST-800-53-AC-6(1)
42466 ··-·NIST-800-53-CM-6(a)42466 ··-·NIST-800-53-CM-6(a)
42467 ··-·configure_strategy42467 ··-·configure_strategy
Offset 42473, 16 lines modifiedOffset 42473, 16 lines modified
42473 ··-·no_reboot_needed42473 ··-·no_reboot_needed
  
42474 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg42474 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
42475 ··file:42475 ··file:
42476 ····path:·/boot/grub2/grub.cfg42476 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2953/7329 bytes (40.29%) of diff not shown.
29.8 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_server_l1.html
    
Offset 63726, 22 lines modifiedOffset 63726, 22 lines modified
000f8ed0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000f8ed0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000f8ee0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000f8ee0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000f8ef0:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s000f8ef0:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s
000f8f00:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000f8f00:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000f8f10:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000f8f10:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000f8f20:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·000f8f20:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
000f8f30:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh000f8f30:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
000f8f40:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000f8f40:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000f8f50:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
000f8f60:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000f8f70:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000f8f80:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000f8f90:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a000f8f50:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
000f8fa0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000f8f60:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000f8f70:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000f8f80:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 000f8f90:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 000f8fa0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
000f8fb0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000f8fb0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
000f8fc0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio000f8fc0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
000f8fd0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["000f8fd0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
000f8fe0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·000f8fe0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
000f8ff0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma000f8ff0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
000f9000:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000f9000:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000f9010:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE000f9010:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
000f9020:·2d38·3630·3133·2d30·0a20·202d·2043·4a49··-86013-0.··-·CJI000f9020:·2d38·3630·3133·2d30·0a20·202d·2043·4a49··-86013-0.··-·CJI
Offset 63763, 22 lines modifiedOffset 63763, 22 lines modified
000f9120:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou000f9120:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou
000f9130:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo000f9130:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo
000f9140:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf000f9140:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
000f9150:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa000f9150:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
000f9160:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/000f9160:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
000f9170:·7573·6572·2e63·6667·0a20·2020·2067·726f··user.cfg.····gro000f9170:·7573·6572·2e63·6667·0a20·2020·2067·726f··user.cfg.····gro
000f9180:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.000f9180:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
000f9190:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000f91a0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000f91b0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000f91c0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000f91d0:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000f9190:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000f91e0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000f91a0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000f91f0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000f91b0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000f91c0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000f91d0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000f91e0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000f91f0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000f9200:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000f9200:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000f9210:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000f9210:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000f9220:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000f9220:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000f9230:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000f9230:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000f9240:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000f9240:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000f9250:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-000f9250:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
000f9260:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta000f9260:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
000f9270:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and000f9270:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 63829, 19 lines modifiedOffset 63829, 19 lines modified
000f9540:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate000f9540:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
000f9550:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf000f9550:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf
000f9560:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><000f9560:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><
000f9570:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod000f9570:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
000f9580:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·000f9580:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
000f9590:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on000f9590:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
000f95a0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl000f95a0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
000f95b0:·6174·666f·726d·730a·6966·205b·202d·6620··atforms.if·[·-f·000f95b0:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
000f95c0:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef 
000f95d0:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r 
000f95e0:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr000f95c0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-
000f95f0:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;000f95d0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp
 000f95e0:·3b20·5b20·2d66·202f·7379·732f·6669·726d··;·[·-f·/sys/firm
 000f95f0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
000f9600:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/000f9600:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
000f9610:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am000f9610:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
000f9620:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000f9620:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000f9630:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000f9630:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
000f9640:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch000f9640:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
000f9650:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub000f9650:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
000f9660:·322f·7573·6572·2e63·6667·0a0a·656c·7365··2/user.cfg..else000f9660:·322f·7573·6572·2e63·6667·0a0a·656c·7365··2/user.cfg..else
Offset 64255, 22 lines modifiedOffset 64255, 22 lines modified
000fafe0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000fafe0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000faff0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000faff0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000fb000:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s000fb000:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s
000fb010:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000fb010:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000fb020:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000fb020:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000fb030:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·000fb030:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
000fb040:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh000fb040:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
000fb050:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000fb050:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000fb060:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
000fb070:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000fb080:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000fb090:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000fb0a0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a000fb060:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
000fb0b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000fb070:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000fb080:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000fb090:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 000fb0a0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 000fb0b0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
000fb0c0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000fb0c0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
000fb0d0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio000fb0d0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
000fb0e0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["000fb0e0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
000fb0f0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·000fb0f0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
000fb100:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma000fb100:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
000fb110:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000fb110:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000fb120:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE000fb120:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
000fb130:·2d38·3630·3232·2d31·0a20·202d·2043·4a49··-86022-1.··-·CJI000fb130:·2d38·3630·3232·2d31·0a20·202d·2043·4a49··-86022-1.··-·CJI
Offset 64291, 22 lines modifiedOffset 64291, 22 lines modified
000fb220:·6e65·6564·6564·0a0a·2d20·6e61·6d65·3a20··needed..-·name:·000fb220:·6e65·6564·6564·0a0a·2d20·6e61·6d65·3a20··needed..-·name:·
000fb230:·456e·7375·7265·206f·776e·6572·2030·206f··Ensure·owner·0·o000fb230:·456e·7375·7265·206f·776e·6572·2030·206f··Ensure·owner·0·o
000fb240:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us000fb240:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us
000fb250:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·000fb250:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·
000fb260:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000fb260:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000fb270:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000fb270:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000fb280:·2020·6f77·6e65·723a·2027·3027·0a20·2077····owner:·'0'.··w000fb280:·2020·6f77·6e65·723a·2027·3027·0a20·2077····owner:·'0'.··w
000fb290:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000fb290:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000fb2a0:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible 
000fb2b0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000fb2c0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000fb2d0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000fb2e0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·000fb2a0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
000fb2f0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000fb2b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000fb2c0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000fb2d0:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_
 000fb2e0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 000fb2f0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
000fb300:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000fb300:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
000fb310:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000fb310:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000fb320:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000fb320:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000fb330:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000fb330:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000fb340:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000fb340:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000fb350:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000fb350:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
Max diff block lines reached; 13085/23082 bytes (56.69%) of diff not shown.
7.16 KB
html2text {}
    
Offset 8460, 16 lines modifiedOffset 8460, 16 lines modified
8460 ··-·no_reboot_needed8460 ··-·no_reboot_needed
  
8461 -·name:·Test·for·existence·/boot/grub2/user.cfg8461 -·name:·Test·for·existence·/boot/grub2/user.cfg
8462 ··stat:8462 ··stat:
8463 ····path:·/boot/grub2/user.cfg8463 ····path:·/boot/grub2/user.cfg
8464 ··register:·file_exists8464 ··register:·file_exists
8465 ··when:8465 ··when:
8466 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8467 ··-·'"grub2-common"·in·ansible_facts.packages'8466 ··-·'"grub2-common"·in·ansible_facts.packages'
 8467 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8468 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8468 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8469 ··tags:8469 ··tags:
8470 ··-·CCE-86013-08470 ··-·CCE-86013-0
8471 ··-·CJIS-5.5.2.28471 ··-·CJIS-5.5.2.2
8472 ··-·NIST-800-171-3.4.58472 ··-·NIST-800-171-3.4.5
8473 ··-·NIST-800-53-AC-6(1)8473 ··-·NIST-800-53-AC-6(1)
8474 ··-·NIST-800-53-CM-6(a)8474 ··-·NIST-800-53-CM-6(a)
Offset 8482, 16 lines modifiedOffset 8482, 16 lines modified
8482 ··-·no_reboot_needed8482 ··-·no_reboot_needed
  
8483 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8483 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8484 ··file:8484 ··file:
8485 ····path:·/boot/grub2/user.cfg8485 ····path:·/boot/grub2/user.cfg
8486 ····group:·'0'8486 ····group:·'0'
8487 ··when:8487 ··when:
8488 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8489 ··-·'"grub2-common"·in·ansible_facts.packages'8488 ··-·'"grub2-common"·in·ansible_facts.packages'
 8489 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8490 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8490 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8491 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8491 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8492 ··tags:8492 ··tags:
8493 ··-·CCE-86013-08493 ··-·CCE-86013-0
8494 ··-·CJIS-5.5.2.28494 ··-·CJIS-5.5.2.2
8495 ··-·NIST-800-171-3.4.58495 ··-·NIST-800-171-3.4.5
8496 ··-·NIST-800-53-AC-6(1)8496 ··-·NIST-800-53-AC-6(1)
Offset 8504, 15 lines modifiedOffset 8504, 15 lines modified
8504 ··-·medium_severity8504 ··-·medium_severity
8505 ··-·no_reboot_needed8505 ··-·no_reboot_needed
8506 Remediation_Shell_script_⇲8506 Remediation_Shell_script_⇲
8507 Complexity:·low8507 Complexity:·low
8508 Disruption:·low8508 Disruption:·low
8509 Strategy:···configure8509 Strategy:···configure
8510 #·Remediation·is·applicable·only·in·certain·platforms8510 #·Remediation·is·applicable·only·in·certain·platforms
8511 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8511 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8512 chgrp·0·/boot/grub2/user.cfg8512 chgrp·0·/boot/grub2/user.cfg
  
8513 else8513 else
8514 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8514 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8515 fi8515 fi
8516 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***8516 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 8545, 16 lines modifiedOffset 8545, 16 lines modified
8545 ··-·no_reboot_needed8545 ··-·no_reboot_needed
  
8546 -·name:·Test·for·existence·/boot/grub2/user.cfg8546 -·name:·Test·for·existence·/boot/grub2/user.cfg
8547 ··stat:8547 ··stat:
8548 ····path:·/boot/grub2/user.cfg8548 ····path:·/boot/grub2/user.cfg
8549 ··register:·file_exists8549 ··register:·file_exists
8550 ··when:8550 ··when:
8551 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8552 ··-·'"grub2-common"·in·ansible_facts.packages'8551 ··-·'"grub2-common"·in·ansible_facts.packages'
 8552 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8553 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8553 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8554 ··tags:8554 ··tags:
8555 ··-·CCE-86022-18555 ··-·CCE-86022-1
8556 ··-·CJIS-5.5.2.28556 ··-·CJIS-5.5.2.2
8557 ··-·NIST-800-171-3.4.58557 ··-·NIST-800-171-3.4.5
8558 ··-·NIST-800-53-AC-6(1)8558 ··-·NIST-800-53-AC-6(1)
8559 ··-·NIST-800-53-CM-6(a)8559 ··-·NIST-800-53-CM-6(a)
Offset 8567, 16 lines modifiedOffset 8567, 16 lines modified
8567 ··-·no_reboot_needed8567 ··-·no_reboot_needed
  
8568 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg8568 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
8569 ··file:8569 ··file:
8570 ····path:·/boot/grub2/user.cfg8570 ····path:·/boot/grub2/user.cfg
8571 ····owner:·'0'8571 ····owner:·'0'
8572 ··when:8572 ··when:
8573 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8574 ··-·'"grub2-common"·in·ansible_facts.packages'8573 ··-·'"grub2-common"·in·ansible_facts.packages'
 8574 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8575 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8575 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8576 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8576 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8577 ··tags:8577 ··tags:
8578 ··-·CCE-86022-18578 ··-·CCE-86022-1
8579 ··-·CJIS-5.5.2.28579 ··-·CJIS-5.5.2.2
8580 ··-·NIST-800-171-3.4.58580 ··-·NIST-800-171-3.4.5
8581 ··-·NIST-800-53-AC-6(1)8581 ··-·NIST-800-53-AC-6(1)
Offset 8589, 15 lines modifiedOffset 8589, 15 lines modified
8589 ··-·medium_severity8589 ··-·medium_severity
8590 ··-·no_reboot_needed8590 ··-·no_reboot_needed
8591 Remediation_Shell_script_⇲8591 Remediation_Shell_script_⇲
8592 Complexity:·low8592 Complexity:·low
8593 Disruption:·low8593 Disruption:·low
8594 Strategy:···configure8594 Strategy:···configure
8595 #·Remediation·is·applicable·only·in·certain·platforms8595 #·Remediation·is·applicable·only·in·certain·platforms
8596 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8596 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8597 chown·0·/boot/grub2/user.cfg8597 chown·0·/boot/grub2/user.cfg
  
8598 else8598 else
8599 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8599 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8600 fi8600 fi
8601 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***8601 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 8628, 16 lines modifiedOffset 8628, 16 lines modified
8628 ··-·no_reboot_needed8628 ··-·no_reboot_needed
  
8629 -·name:·Test·for·existence·/boot/grub2/grub.cfg8629 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8630 ··stat:8630 ··stat:
8631 ····path:·/boot/grub2/grub.cfg8631 ····path:·/boot/grub2/grub.cfg
8632 ··register:·file_exists8632 ··register:·file_exists
8633 ··when:8633 ··when:
8634 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8635 ··-·'"grub2-common"·in·ansible_facts.packages'8634 ··-·'"grub2-common"·in·ansible_facts.packages'
 8635 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8636 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8636 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8637 ··tags:8637 ··tags:
8638 ··-·CCE-85925-68638 ··-·CCE-85925-6
8639 ··-·NIST-800-171-3.4.58639 ··-·NIST-800-171-3.4.5
8640 ··-·NIST-800-53-AC-6(1)8640 ··-·NIST-800-53-AC-6(1)
8641 ··-·NIST-800-53-CM-6(a)8641 ··-·NIST-800-53-CM-6(a)
8642 ··-·configure_strategy8642 ··-·configure_strategy
Offset 8648, 16 lines modifiedOffset 8648, 16 lines modified
8648 ··-·no_reboot_needed8648 ··-·no_reboot_needed
  
8649 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg8649 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
8650 ··file:8650 ··file:
8651 ····path:·/boot/grub2/grub.cfg8651 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2945/7305 bytes (40.31%) of diff not shown.
29.8 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_workstation_l1.html
    
Offset 63722, 22 lines modifiedOffset 63722, 22 lines modified
000f8e90:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe000f8e90:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
000f8ea0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/000f8ea0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
000f8eb0:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:000f8eb0:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:
000f8ec0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000f8ec0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000f8ed0:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000f8ed0:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000f8ee0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file000f8ee0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
000f8ef0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.000f8ef0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
000f8f00:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000f8f10:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000f8f20:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000f8f30:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000f8f40:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000f8f00:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000f8f50:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000f8f10:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000f8f60:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000f8f20:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000f8f30:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000f8f40:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000f8f50:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000f8f60:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000f8f70:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000f8f70:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000f8f80:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000f8f80:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000f8f90:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000f8f90:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000f8fa0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000f8fa0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000f8fb0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000f8fb0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000f8fc0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000f8fc0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000f8fd0:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860000f8fd0:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860
000f8fe0:·3133·2d30·0a20·202d·2043·4a49·532d·352e··13-0.··-·CJIS-5.000f8fe0:·3133·2d30·0a20·202d·2043·4a49·532d·352e··13-0.··-·CJIS-5.
Offset 63759, 21 lines modifiedOffset 63759, 21 lines modified
000f90e0:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow000f90e0:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow
000f90f0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g000f90f0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
000f9100:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000f9100:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000f9110:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·000f9110:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
000f9120:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000f9120:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000f9130:·2e63·6667·0a20·2020·2067·726f·7570·3a20··.cfg.····group:·000f9130:·2e63·6667·0a20·2020·2067·726f·7570·3a20··.cfg.····group:·
000f9140:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·000f9140:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
000f9150:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in· 
000f9160:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
000f9170:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
000f9180:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
000f9190:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm000f9150:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
000f91a0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f000f9160:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
000f91b0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000f9170:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 000f9180:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a
 000f9190:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 000f91a0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 000f91b0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
000f91c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu000f91c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
000f91d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n000f91d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
000f91e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",000f91e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
000f91f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"000f91f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
000f9200:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con000f9200:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
000f9210:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil000f9210:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
000f9220:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is000f9220:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 63825, 19 lines modifiedOffset 63825, 19 lines modified
000f9500:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000f9500:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000f9510:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur000f9510:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
000f9520:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab000f9520:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
000f9530:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·000f9530:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
000f9540:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000f9540:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000f9550:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000f9550:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000f9560:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000f9560:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 000f9570:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
000f9570:·726d·730a·6966·205b·202d·6620·2f73·7973··rms.if·[·-f·/sys 
000f9580:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
000f9590:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
000f95a0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-000f9580:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
000f95b0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp000f9590:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 000f95a0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
 000f95b0:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
000f95c0:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc000f95c0:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
000f95d0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a000f95d0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
000f95e0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/000f95e0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
000f95f0:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];000f95f0:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
000f9600:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·000f9600:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
000f9610:·3020·2f62·6f6f·742f·6772·7562·322f·7573··0·/boot/grub2/us000f9610:·3020·2f62·6f6f·742f·6772·7562·322f·7573··0·/boot/grub2/us
000f9620:·6572·2e63·6667·0a0a·656c·7365·0a20·2020··er.cfg..else.···000f9620:·6572·2e63·6667·0a0a·656c·7365·0a20·2020··er.cfg..else.···
Offset 64251, 22 lines modifiedOffset 64251, 22 lines modified
000fafa0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe000fafa0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
000fafb0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/000fafb0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
000fafc0:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:000fafc0:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:
000fafd0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000fafd0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000fafe0:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000fafe0:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000faff0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file000faff0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
000fb000:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.000fb000:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
000fb010:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000fb020:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000fb030:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000fb040:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000fb050:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000fb010:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000fb060:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000fb020:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000fb070:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000fb030:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000fb040:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000fb050:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000fb060:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000fb070:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000fb080:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000fb080:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000fb090:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000fb090:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000fb0a0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000fb0a0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000fb0b0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000fb0b0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000fb0c0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000fb0c0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000fb0d0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000fb0d0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000fb0e0:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860000fb0e0:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860
000fb0f0:·3232·2d31·0a20·202d·2043·4a49·532d·352e··22-1.··-·CJIS-5.000fb0f0:·3232·2d31·0a20·202d·2043·4a49·532d·352e··22-1.··-·CJIS-5.
Offset 64287, 22 lines modifiedOffset 64287, 22 lines modified
000fb1e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000fb1e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000fb1f0:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b000fb1f0:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b
000fb200:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c000fb200:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
000fb210:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000fb210:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000fb220:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000fb220:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000fb230:·2f75·7365·722e·6366·670a·2020·2020·6f77··/user.cfg.····ow000fb230:·2f75·7365·722e·6366·670a·2020·2020·6f77··/user.cfg.····ow
000fb240:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:000fb240:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:
000fb250:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000fb260:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou 
000fb270:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000fb280:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
000fb290:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2000fb250:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
000fb2a0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi000fb260:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
000fb2b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000fb270:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000fb280:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000fb290:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000fb2a0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000fb2b0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
000fb2c0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000fb2c0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
000fb2d0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t000fb2d0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
000fb2e0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc000fb2e0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
000fb2f0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op000fb2f0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
000fb300:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",000fb300:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
000fb310:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000fb310:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
Max diff block lines reached; 13223/23082 bytes (57.29%) of diff not shown.
7.16 KB
html2text {}
    
Offset 8459, 16 lines modifiedOffset 8459, 16 lines modified
8459 ··-·no_reboot_needed8459 ··-·no_reboot_needed
  
8460 -·name:·Test·for·existence·/boot/grub2/user.cfg8460 -·name:·Test·for·existence·/boot/grub2/user.cfg
8461 ··stat:8461 ··stat:
8462 ····path:·/boot/grub2/user.cfg8462 ····path:·/boot/grub2/user.cfg
8463 ··register:·file_exists8463 ··register:·file_exists
8464 ··when:8464 ··when:
8465 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8466 ··-·'"grub2-common"·in·ansible_facts.packages'8465 ··-·'"grub2-common"·in·ansible_facts.packages'
 8466 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8468 ··tags:8468 ··tags:
8469 ··-·CCE-86013-08469 ··-·CCE-86013-0
8470 ··-·CJIS-5.5.2.28470 ··-·CJIS-5.5.2.2
8471 ··-·NIST-800-171-3.4.58471 ··-·NIST-800-171-3.4.5
8472 ··-·NIST-800-53-AC-6(1)8472 ··-·NIST-800-53-AC-6(1)
8473 ··-·NIST-800-53-CM-6(a)8473 ··-·NIST-800-53-CM-6(a)
Offset 8481, 16 lines modifiedOffset 8481, 16 lines modified
8481 ··-·no_reboot_needed8481 ··-·no_reboot_needed
  
8482 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8482 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8483 ··file:8483 ··file:
8484 ····path:·/boot/grub2/user.cfg8484 ····path:·/boot/grub2/user.cfg
8485 ····group:·'0'8485 ····group:·'0'
8486 ··when:8486 ··when:
8487 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8488 ··-·'"grub2-common"·in·ansible_facts.packages'8487 ··-·'"grub2-common"·in·ansible_facts.packages'
 8488 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8489 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8489 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8490 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8490 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8491 ··tags:8491 ··tags:
8492 ··-·CCE-86013-08492 ··-·CCE-86013-0
8493 ··-·CJIS-5.5.2.28493 ··-·CJIS-5.5.2.2
8494 ··-·NIST-800-171-3.4.58494 ··-·NIST-800-171-3.4.5
8495 ··-·NIST-800-53-AC-6(1)8495 ··-·NIST-800-53-AC-6(1)
Offset 8503, 15 lines modifiedOffset 8503, 15 lines modified
8503 ··-·medium_severity8503 ··-·medium_severity
8504 ··-·no_reboot_needed8504 ··-·no_reboot_needed
8505 Remediation_Shell_script_⇲8505 Remediation_Shell_script_⇲
8506 Complexity:·low8506 Complexity:·low
8507 Disruption:·low8507 Disruption:·low
8508 Strategy:···configure8508 Strategy:···configure
8509 #·Remediation·is·applicable·only·in·certain·platforms8509 #·Remediation·is·applicable·only·in·certain·platforms
8510 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8510 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8511 chgrp·0·/boot/grub2/user.cfg8511 chgrp·0·/boot/grub2/user.cfg
  
8512 else8512 else
8513 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8513 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8514 fi8514 fi
8515 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***8515 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 8544, 16 lines modifiedOffset 8544, 16 lines modified
8544 ··-·no_reboot_needed8544 ··-·no_reboot_needed
  
8545 -·name:·Test·for·existence·/boot/grub2/user.cfg8545 -·name:·Test·for·existence·/boot/grub2/user.cfg
8546 ··stat:8546 ··stat:
8547 ····path:·/boot/grub2/user.cfg8547 ····path:·/boot/grub2/user.cfg
8548 ··register:·file_exists8548 ··register:·file_exists
8549 ··when:8549 ··when:
8550 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8551 ··-·'"grub2-common"·in·ansible_facts.packages'8550 ··-·'"grub2-common"·in·ansible_facts.packages'
 8551 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8552 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8552 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8553 ··tags:8553 ··tags:
8554 ··-·CCE-86022-18554 ··-·CCE-86022-1
8555 ··-·CJIS-5.5.2.28555 ··-·CJIS-5.5.2.2
8556 ··-·NIST-800-171-3.4.58556 ··-·NIST-800-171-3.4.5
8557 ··-·NIST-800-53-AC-6(1)8557 ··-·NIST-800-53-AC-6(1)
8558 ··-·NIST-800-53-CM-6(a)8558 ··-·NIST-800-53-CM-6(a)
Offset 8566, 16 lines modifiedOffset 8566, 16 lines modified
8566 ··-·no_reboot_needed8566 ··-·no_reboot_needed
  
8567 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg8567 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
8568 ··file:8568 ··file:
8569 ····path:·/boot/grub2/user.cfg8569 ····path:·/boot/grub2/user.cfg
8570 ····owner:·'0'8570 ····owner:·'0'
8571 ··when:8571 ··when:
8572 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8573 ··-·'"grub2-common"·in·ansible_facts.packages'8572 ··-·'"grub2-common"·in·ansible_facts.packages'
 8573 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8574 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8574 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8576 ··tags:8576 ··tags:
8577 ··-·CCE-86022-18577 ··-·CCE-86022-1
8578 ··-·CJIS-5.5.2.28578 ··-·CJIS-5.5.2.2
8579 ··-·NIST-800-171-3.4.58579 ··-·NIST-800-171-3.4.5
8580 ··-·NIST-800-53-AC-6(1)8580 ··-·NIST-800-53-AC-6(1)
Offset 8588, 15 lines modifiedOffset 8588, 15 lines modified
8588 ··-·medium_severity8588 ··-·medium_severity
8589 ··-·no_reboot_needed8589 ··-·no_reboot_needed
8590 Remediation_Shell_script_⇲8590 Remediation_Shell_script_⇲
8591 Complexity:·low8591 Complexity:·low
8592 Disruption:·low8592 Disruption:·low
8593 Strategy:···configure8593 Strategy:···configure
8594 #·Remediation·is·applicable·only·in·certain·platforms8594 #·Remediation·is·applicable·only·in·certain·platforms
8595 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8595 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8596 chown·0·/boot/grub2/user.cfg8596 chown·0·/boot/grub2/user.cfg
  
8597 else8597 else
8598 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8598 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8599 fi8599 fi
8600 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***8600 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 8627, 16 lines modifiedOffset 8627, 16 lines modified
8627 ··-·no_reboot_needed8627 ··-·no_reboot_needed
  
8628 -·name:·Test·for·existence·/boot/grub2/grub.cfg8628 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8629 ··stat:8629 ··stat:
8630 ····path:·/boot/grub2/grub.cfg8630 ····path:·/boot/grub2/grub.cfg
8631 ··register:·file_exists8631 ··register:·file_exists
8632 ··when:8632 ··when:
8633 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8634 ··-·'"grub2-common"·in·ansible_facts.packages'8633 ··-·'"grub2-common"·in·ansible_facts.packages'
 8634 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8635 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8635 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8636 ··tags:8636 ··tags:
8637 ··-·CCE-85925-68637 ··-·CCE-85925-6
8638 ··-·NIST-800-171-3.4.58638 ··-·NIST-800-171-3.4.5
8639 ··-·NIST-800-53-AC-6(1)8639 ··-·NIST-800-53-AC-6(1)
8640 ··-·NIST-800-53-CM-6(a)8640 ··-·NIST-800-53-CM-6(a)
8641 ··-·configure_strategy8641 ··-·configure_strategy
Offset 8647, 16 lines modifiedOffset 8647, 16 lines modified
8647 ··-·no_reboot_needed8647 ··-·no_reboot_needed
  
8648 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg8648 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
8649 ··file:8649 ··file:
8650 ····path:·/boot/grub2/grub.cfg8650 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2945/7305 bytes (40.31%) of diff not shown.
30.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_workstation_l2.html
    
Offset 190942, 22 lines modifiedOffset 190942, 22 lines modified
002e9dd0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for002e9dd0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
002e9de0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot002e9de0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
002e9df0:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.002e9df0:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
002e9e00:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path002e9e00:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
002e9e10:·3a20·2f62·6f6f·742f·6772·7562·322f·7573··:·/boot/grub2/us002e9e10:·3a20·2f62·6f6f·742f·6772·7562·322f·7573··:·/boot/grub2/us
002e9e20:·6572·2e63·6667·0a20·2072·6567·6973·7465··er.cfg.··registe002e9e20:·6572·2e63·6667·0a20·2072·6567·6973·7465··er.cfg.··registe
002e9e30:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·002e9e30:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
002e9e40:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo002e9e40:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
002e9e50:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
002e9e60:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
002e9e70:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
002e9e80:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
002e9e90:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i002e9e50:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
002e9ea0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.002e9e60:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
002e9eb0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an002e9e70:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 002e9e80:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 002e9e90:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002e9ea0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002e9eb0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
002e9ec0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza002e9ec0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
002e9ed0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in002e9ed0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
002e9ee0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc002e9ee0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
002e9ef0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po002e9ef0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
002e9f00:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe002e9f00:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
002e9f10:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·002e9f10:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
002e9f20:·4343·452d·3836·3031·332d·300a·2020·2d20··CCE-86013-0.··-·002e9f20:·4343·452d·3836·3031·332d·300a·2020·2d20··CCE-86013-0.··-·
Offset 190979, 22 lines modifiedOffset 190979, 22 lines modified
002ea020:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g002ea020:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
002ea030:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·002ea030:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
002ea040:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002ea040:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002ea050:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···002ea050:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
002ea060:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002ea060:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002ea070:·6232·2f75·7365·722e·6366·670a·2020·2020··b2/user.cfg.····002ea070:·6232·2f75·7365·722e·6366·670a·2020·2020··b2/user.cfg.····
002ea080:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe002ea080:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
002ea090:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e002ea090:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
002ea0a0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m 
002ea0b0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002ea0c0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
002ea0d0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
002ea0e0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an002ea0a0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
002ea0f0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack002ea0b0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 002ea0c0:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002ea0d0:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo
 002ea0e0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 002ea0f0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
002ea100:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl002ea100:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
002ea110:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization002ea110:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
002ea120:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d002ea120:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
002ea130:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"002ea130:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
002ea140:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman002ea140:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
002ea150:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].002ea150:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
002ea160:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.002ea160:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.
002ea170:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·002ea170:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·
Offset 191045, 19 lines modifiedOffset 191045, 19 lines modified
002ea440:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str002ea440:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
002ea450:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c002ea450:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
002ea460:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t002ea460:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
002ea470:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><002ea470:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
002ea480:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati002ea480:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
002ea490:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable002ea490:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
002ea4a0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain002ea4a0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
002ea4b0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·002ea4b0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
002ea4c0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware 
002ea4d0:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp 
002ea4e0:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q002ea4c0:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
002ea4f0:·2067·7275·6232·2d63·6f6d·6d6f·6e20·2661···grub2-common·&a002ea4d0:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 002ea4e0:·616d·703b·205b·202d·6620·2f73·7973·2f66··amp;·[·-f·/sys/f
 002ea4f0:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a
002ea500:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-002ea500:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-
002ea510:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·002ea510:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
002ea520:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-002ea520:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
002ea530:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe002ea530:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
002ea540:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.002ea540:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.
002ea550:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g002ea550:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g
002ea560:·7275·6232·2f75·7365·722e·6366·670a·0a65··rub2/user.cfg..e002ea560:·7275·6232·2f75·7365·722e·6366·670a·0a65··rub2/user.cfg..e
Offset 191471, 22 lines modifiedOffset 191471, 22 lines modified
002ebee0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for002ebee0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
002ebef0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot002ebef0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
002ebf00:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.002ebf00:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
002ebf10:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path002ebf10:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
002ebf20:·3a20·2f62·6f6f·742f·6772·7562·322f·7573··:·/boot/grub2/us002ebf20:·3a20·2f62·6f6f·742f·6772·7562·322f·7573··:·/boot/grub2/us
002ebf30:·6572·2e63·6667·0a20·2072·6567·6973·7465··er.cfg.··registe002ebf30:·6572·2e63·6667·0a20·2072·6567·6973·7465··er.cfg.··registe
002ebf40:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·002ebf40:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
002ebf50:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo002ebf50:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
002ebf60:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
002ebf70:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
002ebf80:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
002ebf90:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
002ebfa0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i002ebf60:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
002ebfb0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.002ebf70:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
002ebfc0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an002ebf80:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 002ebf90:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 002ebfa0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002ebfb0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002ebfc0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
002ebfd0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza002ebfd0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
002ebfe0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in002ebfe0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
002ebff0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc002ebff0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
002ec000:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po002ec000:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
002ec010:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe002ec010:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
002ec020:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·002ec020:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
002ec030:·4343·452d·3836·3032·322d·310a·2020·2d20··CCE-86022-1.··-·002ec030:·4343·452d·3836·3032·322d·310a·2020·2d20··CCE-86022-1.··-·
Offset 191507, 22 lines modifiedOffset 191507, 22 lines modified
002ec120:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam002ec120:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
002ec130:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·002ec130:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
002ec140:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002ec140:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002ec150:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file002ec150:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file
002ec160:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002ec160:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002ec170:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg002ec170:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
002ec180:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.002ec180:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.
002ec190:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002ec190:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002ec1a0:·6f6f·742f·6566·6922·2069·6e20·616e·7369··oot/efi"·in·ansi 
002ec1b0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
002ec1c0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
002ec1d0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
002ec1e0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·002ec1a0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
002ec1f0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts002ec1b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
002ec200:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a002ec1c0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 002ec1d0:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib
 002ec1e0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 002ec1f0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 002ec200:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
002ec210:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz002ec210:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
002ec220:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i002ec220:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
002ec230:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx002ec230:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
002ec240:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p002ec240:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
002ec250:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain002ec250:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
Max diff block lines reached; 13375/23382 bytes (57.20%) of diff not shown.
7.18 KB
html2text {}
    
Offset 42284, 16 lines modifiedOffset 42284, 16 lines modified
42284 ··-·no_reboot_needed42284 ··-·no_reboot_needed
  
42285 -·name:·Test·for·existence·/boot/grub2/user.cfg42285 -·name:·Test·for·existence·/boot/grub2/user.cfg
42286 ··stat:42286 ··stat:
42287 ····path:·/boot/grub2/user.cfg42287 ····path:·/boot/grub2/user.cfg
42288 ··register:·file_exists42288 ··register:·file_exists
42289 ··when:42289 ··when:
42290 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42291 ··-·'"grub2-common"·in·ansible_facts.packages'42290 ··-·'"grub2-common"·in·ansible_facts.packages'
 42291 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42292 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42292 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42293 ··tags:42293 ··tags:
42294 ··-·CCE-86013-042294 ··-·CCE-86013-0
42295 ··-·CJIS-5.5.2.242295 ··-·CJIS-5.5.2.2
42296 ··-·NIST-800-171-3.4.542296 ··-·NIST-800-171-3.4.5
42297 ··-·NIST-800-53-AC-6(1)42297 ··-·NIST-800-53-AC-6(1)
42298 ··-·NIST-800-53-CM-6(a)42298 ··-·NIST-800-53-CM-6(a)
Offset 42306, 16 lines modifiedOffset 42306, 16 lines modified
42306 ··-·no_reboot_needed42306 ··-·no_reboot_needed
  
42307 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg42307 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
42308 ··file:42308 ··file:
42309 ····path:·/boot/grub2/user.cfg42309 ····path:·/boot/grub2/user.cfg
42310 ····group:·'0'42310 ····group:·'0'
42311 ··when:42311 ··when:
42312 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42313 ··-·'"grub2-common"·in·ansible_facts.packages'42312 ··-·'"grub2-common"·in·ansible_facts.packages'
 42313 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42314 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42314 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42315 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42315 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42316 ··tags:42316 ··tags:
42317 ··-·CCE-86013-042317 ··-·CCE-86013-0
42318 ··-·CJIS-5.5.2.242318 ··-·CJIS-5.5.2.2
42319 ··-·NIST-800-171-3.4.542319 ··-·NIST-800-171-3.4.5
42320 ··-·NIST-800-53-AC-6(1)42320 ··-·NIST-800-53-AC-6(1)
Offset 42328, 15 lines modifiedOffset 42328, 15 lines modified
42328 ··-·medium_severity42328 ··-·medium_severity
42329 ··-·no_reboot_needed42329 ··-·no_reboot_needed
42330 Remediation_Shell_script_⇲42330 Remediation_Shell_script_⇲
42331 Complexity:·low42331 Complexity:·low
42332 Disruption:·low42332 Disruption:·low
42333 Strategy:···configure42333 Strategy:···configure
42334 #·Remediation·is·applicable·only·in·certain·platforms42334 #·Remediation·is·applicable·only·in·certain·platforms
42335 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42335 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42336 chgrp·0·/boot/grub2/user.cfg42336 chgrp·0·/boot/grub2/user.cfg
  
42337 else42337 else
42338 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42338 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42339 fi42339 fi
42340 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***42340 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 42369, 16 lines modifiedOffset 42369, 16 lines modified
42369 ··-·no_reboot_needed42369 ··-·no_reboot_needed
  
42370 -·name:·Test·for·existence·/boot/grub2/user.cfg42370 -·name:·Test·for·existence·/boot/grub2/user.cfg
42371 ··stat:42371 ··stat:
42372 ····path:·/boot/grub2/user.cfg42372 ····path:·/boot/grub2/user.cfg
42373 ··register:·file_exists42373 ··register:·file_exists
42374 ··when:42374 ··when:
42375 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42376 ··-·'"grub2-common"·in·ansible_facts.packages'42375 ··-·'"grub2-common"·in·ansible_facts.packages'
 42376 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42377 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42377 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42378 ··tags:42378 ··tags:
42379 ··-·CCE-86022-142379 ··-·CCE-86022-1
42380 ··-·CJIS-5.5.2.242380 ··-·CJIS-5.5.2.2
42381 ··-·NIST-800-171-3.4.542381 ··-·NIST-800-171-3.4.5
42382 ··-·NIST-800-53-AC-6(1)42382 ··-·NIST-800-53-AC-6(1)
42383 ··-·NIST-800-53-CM-6(a)42383 ··-·NIST-800-53-CM-6(a)
Offset 42391, 16 lines modifiedOffset 42391, 16 lines modified
42391 ··-·no_reboot_needed42391 ··-·no_reboot_needed
  
42392 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg42392 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
42393 ··file:42393 ··file:
42394 ····path:·/boot/grub2/user.cfg42394 ····path:·/boot/grub2/user.cfg
42395 ····owner:·'0'42395 ····owner:·'0'
42396 ··when:42396 ··when:
42397 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42398 ··-·'"grub2-common"·in·ansible_facts.packages'42397 ··-·'"grub2-common"·in·ansible_facts.packages'
 42398 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42399 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42399 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42400 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists42400 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
42401 ··tags:42401 ··tags:
42402 ··-·CCE-86022-142402 ··-·CCE-86022-1
42403 ··-·CJIS-5.5.2.242403 ··-·CJIS-5.5.2.2
42404 ··-·NIST-800-171-3.4.542404 ··-·NIST-800-171-3.4.5
42405 ··-·NIST-800-53-AC-6(1)42405 ··-·NIST-800-53-AC-6(1)
Offset 42413, 15 lines modifiedOffset 42413, 15 lines modified
42413 ··-·medium_severity42413 ··-·medium_severity
42414 ··-·no_reboot_needed42414 ··-·no_reboot_needed
42415 Remediation_Shell_script_⇲42415 Remediation_Shell_script_⇲
42416 Complexity:·low42416 Complexity:·low
42417 Disruption:·low42417 Disruption:·low
42418 Strategy:···configure42418 Strategy:···configure
42419 #·Remediation·is·applicable·only·in·certain·platforms42419 #·Remediation·is·applicable·only·in·certain·platforms
42420 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then42420 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
42421 chown·0·/boot/grub2/user.cfg42421 chown·0·/boot/grub2/user.cfg
  
42422 else42422 else
42423 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'42423 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
42424 fi42424 fi
42425 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***42425 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 42452, 16 lines modifiedOffset 42452, 16 lines modified
42452 ··-·no_reboot_needed42452 ··-·no_reboot_needed
  
42453 -·name:·Test·for·existence·/boot/grub2/grub.cfg42453 -·name:·Test·for·existence·/boot/grub2/grub.cfg
42454 ··stat:42454 ··stat:
42455 ····path:·/boot/grub2/grub.cfg42455 ····path:·/boot/grub2/grub.cfg
42456 ··register:·file_exists42456 ··register:·file_exists
42457 ··when:42457 ··when:
42458 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
42459 ··-·'"grub2-common"·in·ansible_facts.packages'42458 ··-·'"grub2-common"·in·ansible_facts.packages'
 42459 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
42460 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]42460 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
42461 ··tags:42461 ··tags:
42462 ··-·CCE-85925-642462 ··-·CCE-85925-6
42463 ··-·NIST-800-171-3.4.542463 ··-·NIST-800-171-3.4.5
42464 ··-·NIST-800-53-AC-6(1)42464 ··-·NIST-800-53-AC-6(1)
42465 ··-·NIST-800-53-CM-6(a)42465 ··-·NIST-800-53-CM-6(a)
42466 ··-·configure_strategy42466 ··-·configure_strategy
Offset 42472, 16 lines modifiedOffset 42472, 16 lines modified
42472 ··-·no_reboot_needed42472 ··-·no_reboot_needed
  
42473 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg42473 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
42474 ··file:42474 ··file:
42475 ····path:·/boot/grub2/grub.cfg42475 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2953/7329 bytes (40.29%) of diff not shown.
5.21 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-stig.html
    
Offset 431202, 23 lines modifiedOffset 431202, 23 lines modified
00694610:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict00694610:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict
00694620:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····00694620:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····
00694630:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl00694630:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl
00694640:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction00694640:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction
00694650:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet00694650:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet
00694660:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···00694660:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···
00694670:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen00694670:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
00694680:·740a·2020·7768·656e·3a0a·2020·2d20·2722··t.··when:.··-·'"00694680:·740a·2020·7768·656e·3a0a·2020·2d20·616e··t.··when:.··-·an
00694690:·706f·7374·6669·7822·2069·6e20·616e·7369··postfix"·in·ansi 
006946a0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
006946b0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
006946c0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
006946d0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
006946e0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
006946f0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00694700:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00694690:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 006946a0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 006946b0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 006946c0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 006946d0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 006946e0:·7222·5d0a·2020·2d20·2722·706f·7374·6669··r"].··-·'"postfi
 006946f0:·7822·2069·6e20·616e·7369·626c·655f·6661··x"·in·ansible_fa
 00694700:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
00694710:·7461·6773·3a0a·2020·2d20·4343·452d·3837··tags:.··-·CCE-8700694710:·7461·6773·3a0a·2020·2d20·4343·452d·3837··tags:.··-·CCE-87
00694720:·3233·322d·350a·2020·2d20·6c6f·775f·636f··232-5.··-·low_co00694720:·3233·322d·350a·2020·2d20·6c6f·775f·636f··232-5.··-·low_co
00694730:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low00694730:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low
00694740:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·00694740:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
00694750:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity.00694750:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity.
00694760:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne00694760:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne
00694770:·6564·6564·0a20·202d·2070·6f73·7466·6978··eded.··-·postfix00694770:·6564·6564·0a20·202d·2070·6f73·7466·6978··eded.··-·postfix
Offset 431242, 20 lines modifiedOffset 431242, 20 lines modified
00694890:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla00694890:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
006948a0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id006948a0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
006948b0:·3d22·6964·6d36·3730·3834·223e·3c70·7265··="idm67084"><pre006948b0:·3d22·6964·6d36·3730·3834·223e·3c70·7265··="idm67084"><pre
006948c0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia006948c0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
006948d0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab006948d0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
006948e0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa006948e0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
006948f0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·006948f0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
00694900:·7270·6d20·2d2d·7175·6965·7420·2d71·2070··rpm·--quiet·-q·p 
00694910:·6f73·7466·6978·2026·616d·703b·2661·6d70··ostfix·&amp;&amp 
00694920:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke00694900:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
00694930:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp00694910:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
00694940:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c00694920:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
00694950:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t00694930:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp
 00694940:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui
 00694950:·6574·202d·7120·706f·7374·6669·783b·2074··et·-q·postfix;·t
00694960:·6865·6e0a·0a69·6620·2120·6772·6570·202d··hen..if·!·grep·-00694960:·6865·6e0a·0a69·6620·2120·6772·6570·202d··hen..if·!·grep·-
00694970:·7120·5e73·6d74·7064·5f63·6c69·656e·745f··q·^smtpd_client_00694970:·7120·5e73·6d74·7064·5f63·6c69·656e·745f··q·^smtpd_client_
00694980:·7265·7374·7269·6374·696f·6e73·202f·6574··restrictions·/et00694980:·7265·7374·7269·6374·696f·6e73·202f·6574··restrictions·/et
00694990:·632f·706f·7374·6669·782f·6d61·696e·2e63··c/postfix/main.c00694990:·632f·706f·7374·6669·782f·6d61·696e·2e63··c/postfix/main.c
006949a0:·663b·2074·6865·6e0a·0965·6368·6f20·2273··f;·then..echo·"s006949a0:·663b·2074·6865·6e0a·0965·6368·6f20·2273··f;·then..echo·"s
006949b0:·6d74·7064·5f63·6c69·656e·745f·7265·7374··mtpd_client_rest006949b0:·6d74·7064·5f63·6c69·656e·745f·7265·7374··mtpd_client_rest
006949c0:·7269·6374·696f·6e73·203d·2070·6572·6d69··rictions·=·permi006949c0:·7269·6374·696f·6e73·203d·2070·6572·6d69··rictions·=·permi
1.14 KB
html2text {}
    
Offset 90301, 27 lines modifiedOffset 90301, 27 lines modified
90301 ····lineinfile:90301 ····lineinfile:
90302 ······path:·/etc/postfix/main.cf90302 ······path:·/etc/postfix/main.cf
90303 ······create:·true90303 ······create:·true
90304 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*90304 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
90305 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject90305 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
90306 ······state:·present90306 ······state:·present
90307 ··when:90307 ··when:
90308 ··-·'"postfix"·in·ansible_facts.packages' 
90309 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]90308 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 90309 ··-·'"postfix"·in·ansible_facts.packages'
90310 ··tags:90310 ··tags:
90311 ··-·CCE-87232-590311 ··-·CCE-87232-5
90312 ··-·low_complexity90312 ··-·low_complexity
90313 ··-·low_disruption90313 ··-·low_disruption
90314 ··-·medium_severity90314 ··-·medium_severity
90315 ··-·no_reboot_needed90315 ··-·no_reboot_needed
90316 ··-·postfix_prevent_unrestricted_relay90316 ··-·postfix_prevent_unrestricted_relay
90317 ··-·restrict_strategy90317 ··-·restrict_strategy
90318 Remediation_Shell_script_⇲90318 Remediation_Shell_script_⇲
90319 #·Remediation·is·applicable·only·in·certain·platforms90319 #·Remediation·is·applicable·only·in·certain·platforms
90320 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then90320 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
90321 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then90321 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
90322 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf90322 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
90323 else90323 else
90324 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf90324 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
90325 fi90325 fi
  
5.35 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-stig_gui.html
    
Offset 430845, 23 lines modifiedOffset 430845, 23 lines modified
00692fc0:·7269·6374·696f·6e73·5c73·2a3d·5c73·2a0a··rictions\s*=\s*.00692fc0:·7269·6374·696f·6e73·5c73·2a3d·5c73·2a0a··rictions\s*=\s*.
00692fd0:·2020·2020·2020·6c69·6e65·3a20·736d·7470········line:·smtp00692fd0:·2020·2020·2020·6c69·6e65·3a20·736d·7470········line:·smtp
00692fe0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric00692fe0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
00692ff0:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m00692ff0:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m
00693000:·796e·6574·776f·726b·732c·7265·6a65·6374··ynetworks,reject00693000:·796e·6574·776f·726b·732c·7265·6a65·6374··ynetworks,reject
00693010:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr00693010:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
00693020:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··00693020:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··
00693030:·2d20·2722·706f·7374·6669·7822·2069·6e20··-·'"postfix"·in· 
00693040:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
00693050:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
00693060:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
00693070:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
00693080:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
00693090:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
006930a0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"00693030:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 00693040:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 00693050:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 00693060:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 00693070:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 00693080:·6169·6e65·7222·5d0a·2020·2d20·2722·706f··ainer"].··-·'"po
 00693090:·7374·6669·7822·2069·6e20·616e·7369·626c··stfix"·in·ansibl
 006930a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
006930b0:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC006930b0:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC
006930c0:·452d·3837·3233·322d·350a·2020·2d20·6c6f··E-87232-5.··-·lo006930c0:·452d·3837·3233·322d·350a·2020·2d20·6c6f··E-87232-5.··-·lo
006930d0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-006930d0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
006930e0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.006930e0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
006930f0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever006930f0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
00693100:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo00693100:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
00693110:·745f·6e65·6564·6564·0a20·202d·2070·6f73··t_needed.··-·pos00693110:·745f·6e65·6564·6564·0a20·202d·2070·6f73··t_needed.··-·pos
00693120:·7466·6978·5f70·7265·7665·6e74·5f75·6e72··tfix_prevent_unr00693120:·7466·6978·5f70·7265·7665·6e74·5f75·6e72··tfix_prevent_unr
Offset 430884, 21 lines modifiedOffset 430884, 21 lines modified
00693230:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c00693230:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
00693240:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse00693240:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
00693250:·2220·6964·3d22·6964·6d36·3730·3834·223e··"·id="idm67084">00693250:·2220·6964·3d22·6964·6d36·3730·3834·223e··"·id="idm67084">
00693260:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem00693260:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
00693270:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl00693270:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
00693280:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c00693280:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
00693290:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms00693290:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
006932a0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet· 
006932b0:·2d71·2070·6f73·7466·6978·2026·616d·703b··-q·postfix·&amp; 
006932c0:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d006932a0:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc
006932d0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;006932b0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
006932e0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru006932c0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
006932f0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·006932d0:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·
 006932e0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·-
 006932f0:·2d71·7569·6574·202d·7120·706f·7374·6669··-quiet·-q·postfi
00693300:·5d3b·2074·6865·6e0a·0a69·6620·2120·6772··];·then..if·!·gr00693300:·783b·2074·6865·6e0a·0a69·6620·2120·6772··x;·then..if·!·gr
00693310:·6570·202d·7120·5e73·6d74·7064·5f63·6c69··ep·-q·^smtpd_cli00693310:·6570·202d·7120·5e73·6d74·7064·5f63·6c69··ep·-q·^smtpd_cli
00693320:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions00693320:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions
00693330:·202f·6574·632f·706f·7374·6669·782f·6d61···/etc/postfix/ma00693330:·202f·6574·632f·706f·7374·6669·782f·6d61···/etc/postfix/ma
00693340:·696e·2e63·663b·2074·6865·6e0a·0965·6368··in.cf;·then..ech00693340:·696e·2e63·663b·2074·6865·6e0a·0965·6368··in.cf;·then..ech
00693350:·6f20·2273·6d74·7064·5f63·6c69·656e·745f··o·"smtpd_client_00693350:·6f20·2273·6d74·7064·5f63·6c69·656e·745f··o·"smtpd_client_
00693360:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p00693360:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p
00693370:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks00693370:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks
1.14 KB
html2text {}
    
Offset 90225, 27 lines modifiedOffset 90225, 27 lines modified
90225 ····lineinfile:90225 ····lineinfile:
90226 ······path:·/etc/postfix/main.cf90226 ······path:·/etc/postfix/main.cf
90227 ······create:·true90227 ······create:·true
90228 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*90228 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
90229 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject90229 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
90230 ······state:·present90230 ······state:·present
90231 ··when:90231 ··when:
90232 ··-·'"postfix"·in·ansible_facts.packages' 
90233 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]90232 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 90233 ··-·'"postfix"·in·ansible_facts.packages'
90234 ··tags:90234 ··tags:
90235 ··-·CCE-87232-590235 ··-·CCE-87232-5
90236 ··-·low_complexity90236 ··-·low_complexity
90237 ··-·low_disruption90237 ··-·low_disruption
90238 ··-·medium_severity90238 ··-·medium_severity
90239 ··-·no_reboot_needed90239 ··-·no_reboot_needed
90240 ··-·postfix_prevent_unrestricted_relay90240 ··-·postfix_prevent_unrestricted_relay
90241 ··-·restrict_strategy90241 ··-·restrict_strategy
90242 Remediation_Shell_script_⇲90242 Remediation_Shell_script_⇲
90243 #·Remediation·is·applicable·only·in·certain·platforms90243 #·Remediation·is·applicable·only·in·certain·platforms
90244 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then90244 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
90245 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then90245 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
90246 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf90246 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
90247 else90247 else
90248 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf90248 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
90249 fi90249 fi
  
15.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-pci-dss.html
    
Offset 176397, 22 lines modifiedOffset 176397, 22 lines modified
002b10c0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002b10c0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002b10d0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002b10d0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002b10e0:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:002b10e0:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
002b10f0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002b10f0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002b1100:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002b1100:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002b1110:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002b1110:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002b1120:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002b1120:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002b1130:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002b1140:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002b1150:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
002b1160:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002b1170:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
002b1180:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002b1190:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|002b1130:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 002b1140:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 002b1150:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002b1160:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
 002b1170:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr
 002b1180:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002b1190:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
002b11a0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib002b11a0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
002b11b0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002b11b0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002b11c0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002b11c0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002b11d0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002b11d0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002b11e0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002b11e0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002b11f0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002b11f0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002b1200:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI002b1200:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
002b1210:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI002b1210:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 176433, 22 lines modifiedOffset 176433, 22 lines modified
002b1300:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o002b1300:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
002b1310:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/002b1310:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
002b1320:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002b1320:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002b1330:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002b1330:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002b1340:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002b1340:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002b1350:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:002b1350:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
002b1360:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002b1360:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
 002b1370:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002b1380:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002b1390:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
002b1370:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002b1380:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002b1390:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
002b13a0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002b13b0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b13c0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b13d0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li002b13a0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 002b13b0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 002b13c0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002b13d0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
002b13e0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_002b13e0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
002b13f0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002b13f0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002b1400:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002b1400:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002b1410:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002b1410:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002b1420:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002b1420:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002b1430:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002b1430:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002b1440:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002b1440:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002b1450:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002b1450:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 176498, 19 lines modifiedOffset 176498, 19 lines modified
002b1710:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002b1710:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002b1720:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002b1720:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002b1730:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002b1730:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002b1740:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002b1740:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002b1750:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002b1750:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002b1760:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002b1760:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002b1770:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002b1770:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002b1780:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q002b1780:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
002b1790:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co 
002b17a0:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;· 
002b17b0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm 
002b17c0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;002b1790:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef
 002b17a0:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r
 002b17b0:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 002b17c0:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
002b17d0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/002b17d0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
002b17e0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am002b17e0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
002b17f0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/002b17f0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
002b1800:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren002b1800:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
002b1810:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch002b1810:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
002b1820:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub002b1820:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
002b1830:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else002b1830:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 176972, 22 lines modifiedOffset 176972, 22 lines modified
002b34b0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence002b34b0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
002b34c0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002b34c0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002b34d0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002b34d0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002b34e0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002b34e0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002b34f0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r002b34f0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
002b3500:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex002b3500:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
002b3510:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-002b3510:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
 002b3520:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002b3530:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002b3540:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
002b3520:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002b3530:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002b3540:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
002b3550:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002b3560:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b3570:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b3580:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li002b3550:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 002b3560:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 002b3570:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002b3580:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
002b3590:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_002b3590:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
002b35a0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002b35a0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002b35b0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002b35b0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002b35c0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002b35c0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002b35d0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002b35d0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002b35e0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002b35e0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002b35f0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5002b35f0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
002b3600:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-002b3600:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 177007, 22 lines modifiedOffset 177007, 22 lines modified
002b36e0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002b36e0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002b36f0:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo002b36f0:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
002b3700:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002b3700:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002b3710:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat002b3710:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
002b3720:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g002b3720:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
002b3730:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne002b3730:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne
002b3740:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·002b3740:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·
002b3750:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
002b3760:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
002b3770:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
002b3780:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
002b3790:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
002b37a0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
002b37b0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·002b3750:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002b3760:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002b3770:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002b3780:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.51 KB
html2text {}
    
Offset 39547, 16 lines modifiedOffset 39547, 16 lines modified
39547 ··-·no_reboot_needed39547 ··-·no_reboot_needed
  
39548 -·name:·Test·for·existence·/boot/grub2/grub.cfg39548 -·name:·Test·for·existence·/boot/grub2/grub.cfg
39549 ··stat:39549 ··stat:
39550 ····path:·/boot/grub2/grub.cfg39550 ····path:·/boot/grub2/grub.cfg
39551 ··register:·file_exists39551 ··register:·file_exists
39552 ··when:39552 ··when:
39553 ··-·'"grub2-common"·in·ansible_facts.packages' 
39554 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39553 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39554 ··-·'"grub2-common"·in·ansible_facts.packages'
39555 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39555 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39556 ··tags:39556 ··tags:
39557 ··-·CJIS-5.5.2.239557 ··-·CJIS-5.5.2.2
39558 ··-·NIST-800-171-3.4.539558 ··-·NIST-800-171-3.4.5
39559 ··-·NIST-800-53-AC-6(1)39559 ··-·NIST-800-53-AC-6(1)
39560 ··-·NIST-800-53-CM-6(a)39560 ··-·NIST-800-53-CM-6(a)
39561 ··-·PCI-DSS-Req-7.139561 ··-·PCI-DSS-Req-7.1
Offset 39568, 16 lines modifiedOffset 39568, 16 lines modified
39568 ··-·no_reboot_needed39568 ··-·no_reboot_needed
  
39569 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg39569 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
39570 ··file:39570 ··file:
39571 ····path:·/boot/grub2/grub.cfg39571 ····path:·/boot/grub2/grub.cfg
39572 ····group:·'0'39572 ····group:·'0'
39573 ··when:39573 ··when:
39574 ··-·'"grub2-common"·in·ansible_facts.packages' 
39575 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39574 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39575 ··-·'"grub2-common"·in·ansible_facts.packages'
39576 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39576 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39577 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39577 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39578 ··tags:39578 ··tags:
39579 ··-·CJIS-5.5.2.239579 ··-·CJIS-5.5.2.2
39580 ··-·NIST-800-171-3.4.539580 ··-·NIST-800-171-3.4.5
39581 ··-·NIST-800-53-AC-6(1)39581 ··-·NIST-800-53-AC-6(1)
39582 ··-·NIST-800-53-CM-6(a)39582 ··-·NIST-800-53-CM-6(a)
Offset 39589, 15 lines modifiedOffset 39589, 15 lines modified
39589 ··-·medium_severity39589 ··-·medium_severity
39590 ··-·no_reboot_needed39590 ··-·no_reboot_needed
39591 Remediation_Shell_script_⇲39591 Remediation_Shell_script_⇲
39592 Complexity:·low39592 Complexity:·low
39593 Disruption:·low39593 Disruption:·low
39594 Strategy:···configure39594 Strategy:···configure
39595 #·Remediation·is·applicable·only·in·certain·platforms39595 #·Remediation·is·applicable·only·in·certain·platforms
39596 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39596 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39597 chgrp·0·/boot/grub2/grub.cfg39597 chgrp·0·/boot/grub2/grub.cfg
  
39598 else39598 else
39599 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39599 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39600 fi39600 fi
39601 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***39601 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 39628, 16 lines modifiedOffset 39628, 16 lines modified
39628 ··-·no_reboot_needed39628 ··-·no_reboot_needed
  
39629 -·name:·Test·for·existence·/boot/grub2/grub.cfg39629 -·name:·Test·for·existence·/boot/grub2/grub.cfg
39630 ··stat:39630 ··stat:
39631 ····path:·/boot/grub2/grub.cfg39631 ····path:·/boot/grub2/grub.cfg
39632 ··register:·file_exists39632 ··register:·file_exists
39633 ··when:39633 ··when:
39634 ··-·'"grub2-common"·in·ansible_facts.packages' 
39635 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39634 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39635 ··-·'"grub2-common"·in·ansible_facts.packages'
39636 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39636 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39637 ··tags:39637 ··tags:
39638 ··-·CJIS-5.5.2.239638 ··-·CJIS-5.5.2.2
39639 ··-·NIST-800-171-3.4.539639 ··-·NIST-800-171-3.4.5
39640 ··-·NIST-800-53-AC-6(1)39640 ··-·NIST-800-53-AC-6(1)
39641 ··-·NIST-800-53-CM-6(a)39641 ··-·NIST-800-53-CM-6(a)
39642 ··-·PCI-DSS-Req-7.139642 ··-·PCI-DSS-Req-7.1
Offset 39649, 16 lines modifiedOffset 39649, 16 lines modified
39649 ··-·no_reboot_needed39649 ··-·no_reboot_needed
  
39650 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg39650 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
39651 ··file:39651 ··file:
39652 ····path:·/boot/grub2/grub.cfg39652 ····path:·/boot/grub2/grub.cfg
39653 ····owner:·'0'39653 ····owner:·'0'
39654 ··when:39654 ··when:
39655 ··-·'"grub2-common"·in·ansible_facts.packages' 
39656 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39655 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39656 ··-·'"grub2-common"·in·ansible_facts.packages'
39657 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39657 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39658 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39658 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39659 ··tags:39659 ··tags:
39660 ··-·CJIS-5.5.2.239660 ··-·CJIS-5.5.2.2
39661 ··-·NIST-800-171-3.4.539661 ··-·NIST-800-171-3.4.5
39662 ··-·NIST-800-53-AC-6(1)39662 ··-·NIST-800-53-AC-6(1)
39663 ··-·NIST-800-53-CM-6(a)39663 ··-·NIST-800-53-CM-6(a)
Offset 39670, 15 lines modifiedOffset 39670, 15 lines modified
39670 ··-·medium_severity39670 ··-·medium_severity
39671 ··-·no_reboot_needed39671 ··-·no_reboot_needed
39672 Remediation_Shell_script_⇲39672 Remediation_Shell_script_⇲
39673 Complexity:·low39673 Complexity:·low
39674 Disruption:·low39674 Disruption:·low
39675 Strategy:···configure39675 Strategy:···configure
39676 #·Remediation·is·applicable·only·in·certain·platforms39676 #·Remediation·is·applicable·only·in·certain·platforms
39677 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39677 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39678 chown·0·/boot/grub2/grub.cfg39678 chown·0·/boot/grub2/grub.cfg
  
39679 else39679 else
39680 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39680 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39681 fi39681 fi
39682 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules39682 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules
22.4 KB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-rhvh-stig.html
    
Offset 256218, 22 lines modifiedOffset 256218, 22 lines modified
003e8d90:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence003e8d90:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
003e8da0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru003e8da0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
003e8db0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··003e8db0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
003e8dc0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr003e8dc0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
003e8dd0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r003e8dd0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
003e8de0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex003e8de0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
003e8df0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-003e8df0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
 003e8e00:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 003e8e10:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 003e8e20:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
003e8e00:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
003e8e10:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
003e8e20:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
003e8e30:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
003e8e40:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
003e8e50:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
003e8e60:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li003e8e30:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 003e8e40:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 003e8e50:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 003e8e60:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
003e8e70:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_003e8e70:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
003e8e80:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t003e8e80:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
003e8e90:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc003e8e90:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
003e8ea0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op003e8ea0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
003e8eb0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",003e8eb0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
003e8ec0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··003e8ec0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
003e8ed0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5003e8ed0:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
003e8ee0:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-003e8ee0:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 256254, 21 lines modifiedOffset 256254, 21 lines modified
003e8fd0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne003e8fd0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
003e8fe0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru003e8fe0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
003e8ff0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi003e8ff0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi
003e9000:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b003e9000:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
003e9010:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c003e9010:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
003e9020:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0003e9020:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
003e9030:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"003e9030:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
003e9040:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
003e9050:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
003e9060:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
003e9070:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
003e9080:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
003e9090:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
003e90a0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'003e9040:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 003e9050:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 003e9060:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 003e9070:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 003e9080:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
 003e9090:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 003e90a0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
003e90b0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir003e90b0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
003e90c0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type003e90c0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
003e90d0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker003e90d0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
003e90e0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv003e90e0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
003e90f0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c003e90f0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
003e9100:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f003e9100:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
003e9110:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·003e9110:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 256319, 19 lines modifiedOffset 256319, 19 lines modified
003e93e0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</003e93e0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
003e93f0:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure003e93f0:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
003e9400:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl003e9400:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
003e9410:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R003e9410:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
003e9420:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap003e9420:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
003e9430:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in003e9430:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
003e9440:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor003e9440:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
003e9450:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
003e9460:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo 
003e9470:·6e20·2661·6d70·3b26·616d·703b·205b·2021··n·&amp;&amp;·[·! 
003e9480:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar 
003e9490:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am003e9450:·6d73·0a69·6620·5b20·2120·2d66·202f·7379··ms.if·[·!·-f·/sy
 003e9460:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
 003e9470:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
 003e9480:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2
 003e9490:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am
003e94a0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do003e94a0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
003e94b0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&003e94b0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
003e94c0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run003e94c0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
003e94d0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]003e94d0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
003e94e0:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp003e94e0:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp
003e94f0:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g003e94f0:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g
003e9500:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··003e9500:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··
Offset 256793, 21 lines modifiedOffset 256793, 21 lines modified
003eb180:·666f·7220·6578·6973·7465·6e63·6520·2f62··for·existence·/b003eb180:·666f·7220·6578·6973·7465·6e63·6520·2f62··for·existence·/b
003eb190:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c003eb190:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
003eb1a0:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p003eb1a0:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p
003eb1b0:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2003eb1b0:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
003eb1c0:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi003eb1c0:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi
003eb1d0:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist003eb1d0:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist
003eb1e0:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"003eb1e0:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"
003eb1f0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
003eb200:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
003eb210:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
003eb220:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
003eb230:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
003eb240:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
003eb250:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'003eb1f0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 003eb200:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 003eb210:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 003eb220:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 003eb230:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
 003eb240:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 003eb250:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
003eb260:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir003eb260:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
003eb270:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type003eb270:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
003eb280:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker003eb280:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
003eb290:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv003eb290:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
003eb2a0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c003eb2a0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
003eb2b0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag003eb2b0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
003eb2c0:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.003eb2c0:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 256828, 22 lines modifiedOffset 256828, 22 lines modified
003eb3b0:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow003eb3b0:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow
003eb3c0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g003eb3c0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
003eb3d0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··003eb3d0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
003eb3e0:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·003eb3e0:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
003eb3f0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub003eb3f0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
003eb400:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·003eb400:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·
003eb410:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·003eb410:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
003eb420:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
003eb430:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
003eb440:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·' 
003eb450:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
003eb460:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
003eb470:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
003eb480:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis003eb420:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 003eb430:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 003eb440:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 003eb450:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 003eb460:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
Max diff block lines reached; 7978/17364 bytes (45.95%) of diff not shown.
5.33 KB
html2text {}
    
Offset 56202, 16 lines modifiedOffset 56202, 16 lines modified
56202 ··-·no_reboot_needed56202 ··-·no_reboot_needed
  
56203 -·name:·Test·for·existence·/boot/grub2/grub.cfg56203 -·name:·Test·for·existence·/boot/grub2/grub.cfg
56204 ··stat:56204 ··stat:
56205 ····path:·/boot/grub2/grub.cfg56205 ····path:·/boot/grub2/grub.cfg
56206 ··register:·file_exists56206 ··register:·file_exists
56207 ··when:56207 ··when:
56208 ··-·'"grub2-common"·in·ansible_facts.packages' 
56209 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'56208 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 56209 ··-·'"grub2-common"·in·ansible_facts.packages'
56210 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]56210 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
56211 ··tags:56211 ··tags:
56212 ··-·CJIS-5.5.2.256212 ··-·CJIS-5.5.2.2
56213 ··-·NIST-800-171-3.4.556213 ··-·NIST-800-171-3.4.5
56214 ··-·NIST-800-53-AC-6(1)56214 ··-·NIST-800-53-AC-6(1)
56215 ··-·NIST-800-53-CM-6(a)56215 ··-·NIST-800-53-CM-6(a)
56216 ··-·PCI-DSS-Req-7.156216 ··-·PCI-DSS-Req-7.1
Offset 56223, 16 lines modifiedOffset 56223, 16 lines modified
56223 ··-·no_reboot_needed56223 ··-·no_reboot_needed
  
56224 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg56224 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
56225 ··file:56225 ··file:
56226 ····path:·/boot/grub2/grub.cfg56226 ····path:·/boot/grub2/grub.cfg
56227 ····group:·'0'56227 ····group:·'0'
56228 ··when:56228 ··when:
56229 ··-·'"grub2-common"·in·ansible_facts.packages' 
56230 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'56229 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 56230 ··-·'"grub2-common"·in·ansible_facts.packages'
56231 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]56231 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
56232 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists56232 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
56233 ··tags:56233 ··tags:
56234 ··-·CJIS-5.5.2.256234 ··-·CJIS-5.5.2.2
56235 ··-·NIST-800-171-3.4.556235 ··-·NIST-800-171-3.4.5
56236 ··-·NIST-800-53-AC-6(1)56236 ··-·NIST-800-53-AC-6(1)
56237 ··-·NIST-800-53-CM-6(a)56237 ··-·NIST-800-53-CM-6(a)
Offset 56244, 15 lines modifiedOffset 56244, 15 lines modified
56244 ··-·medium_severity56244 ··-·medium_severity
56245 ··-·no_reboot_needed56245 ··-·no_reboot_needed
56246 Remediation_Shell_script_⇲56246 Remediation_Shell_script_⇲
56247 Complexity:·low56247 Complexity:·low
56248 Disruption:·low56248 Disruption:·low
56249 Strategy:···configure56249 Strategy:···configure
56250 #·Remediation·is·applicable·only·in·certain·platforms56250 #·Remediation·is·applicable·only·in·certain·platforms
56251 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then56251 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
56252 chgrp·0·/boot/grub2/grub.cfg56252 chgrp·0·/boot/grub2/grub.cfg
  
56253 else56253 else
56254 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'56254 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
56255 fi56255 fi
56256 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***56256 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 56283, 16 lines modifiedOffset 56283, 16 lines modified
56283 ··-·no_reboot_needed56283 ··-·no_reboot_needed
  
56284 -·name:·Test·for·existence·/boot/grub2/grub.cfg56284 -·name:·Test·for·existence·/boot/grub2/grub.cfg
56285 ··stat:56285 ··stat:
56286 ····path:·/boot/grub2/grub.cfg56286 ····path:·/boot/grub2/grub.cfg
56287 ··register:·file_exists56287 ··register:·file_exists
56288 ··when:56288 ··when:
56289 ··-·'"grub2-common"·in·ansible_facts.packages' 
56290 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'56289 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 56290 ··-·'"grub2-common"·in·ansible_facts.packages'
56291 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]56291 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
56292 ··tags:56292 ··tags:
56293 ··-·CJIS-5.5.2.256293 ··-·CJIS-5.5.2.2
56294 ··-·NIST-800-171-3.4.556294 ··-·NIST-800-171-3.4.5
56295 ··-·NIST-800-53-AC-6(1)56295 ··-·NIST-800-53-AC-6(1)
56296 ··-·NIST-800-53-CM-6(a)56296 ··-·NIST-800-53-CM-6(a)
56297 ··-·PCI-DSS-Req-7.156297 ··-·PCI-DSS-Req-7.1
Offset 56304, 16 lines modifiedOffset 56304, 16 lines modified
56304 ··-·no_reboot_needed56304 ··-·no_reboot_needed
  
56305 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg56305 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
56306 ··file:56306 ··file:
56307 ····path:·/boot/grub2/grub.cfg56307 ····path:·/boot/grub2/grub.cfg
56308 ····owner:·'0'56308 ····owner:·'0'
56309 ··when:56309 ··when:
56310 ··-·'"grub2-common"·in·ansible_facts.packages' 
56311 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'56310 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 56311 ··-·'"grub2-common"·in·ansible_facts.packages'
56312 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]56312 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
56313 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists56313 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
56314 ··tags:56314 ··tags:
56315 ··-·CJIS-5.5.2.256315 ··-·CJIS-5.5.2.2
56316 ··-·NIST-800-171-3.4.556316 ··-·NIST-800-171-3.4.5
56317 ··-·NIST-800-53-AC-6(1)56317 ··-·NIST-800-53-AC-6(1)
56318 ··-·NIST-800-53-CM-6(a)56318 ··-·NIST-800-53-CM-6(a)
Offset 56325, 15 lines modifiedOffset 56325, 15 lines modified
56325 ··-·medium_severity56325 ··-·medium_severity
56326 ··-·no_reboot_needed56326 ··-·no_reboot_needed
56327 Remediation_Shell_script_⇲56327 Remediation_Shell_script_⇲
56328 Complexity:·low56328 Complexity:·low
56329 Disruption:·low56329 Disruption:·low
56330 Strategy:···configure56330 Strategy:···configure
56331 #·Remediation·is·applicable·only·in·certain·platforms56331 #·Remediation·is·applicable·only·in·certain·platforms
56332 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then56332 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
56333 chown·0·/boot/grub2/grub.cfg56333 chown·0·/boot/grub2/grub.cfg
  
56334 else56334 else
56335 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'56335 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
56336 fi56336 fi
56337 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***56337 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***
Offset 56362, 16 lines modifiedOffset 56362, 16 lines modified
56362 ··-·no_reboot_needed56362 ··-·no_reboot_needed
  
56363 -·name:·Test·for·existence·/boot/grub2/grub.cfg56363 -·name:·Test·for·existence·/boot/grub2/grub.cfg
56364 ··stat:56364 ··stat:
56365 ····path:·/boot/grub2/grub.cfg56365 ····path:·/boot/grub2/grub.cfg
56366 ··register:·file_exists56366 ··register:·file_exists
56367 ··when:56367 ··when:
56368 ··-·'"grub2-common"·in·ansible_facts.packages' 
56369 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'56368 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 56369 ··-·'"grub2-common"·in·ansible_facts.packages'
56370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]56370 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
56371 ··tags:56371 ··tags:
56372 ··-·NIST-800-171-3.4.556372 ··-·NIST-800-171-3.4.5
56373 ··-·NIST-800-53-AC-6(1)56373 ··-·NIST-800-53-AC-6(1)
56374 ··-·NIST-800-53-CM-6(a)56374 ··-·NIST-800-53-CM-6(a)
56375 ··-·configure_strategy56375 ··-·configure_strategy
56376 ··-·file_permissions_grub2_cfg56376 ··-·file_permissions_grub2_cfg
Offset 56381, 16 lines modifiedOffset 56381, 16 lines modified
56381 ··-·no_reboot_needed56381 ··-·no_reboot_needed
  
56382 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg56382 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
56383 ··file:56383 ··file:
56384 ····path:·/boot/grub2/grub.cfg56384 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1100/5431 bytes (20.25%) of diff not shown.
21.9 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis.html
    
Offset 167903, 22 lines modifiedOffset 167903, 22 lines modified
0028fde0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f0028fde0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f
0028fdf0:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo0028fdf0:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo
0028fe00:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0028fe00:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0028fe10:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa0028fe10:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
0028fe20:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/0028fe20:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
0028fe30:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis0028fe30:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis
0028fe40:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists0028fe40:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
0028fe50:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0028fe50:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0028fe60:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0028fe70:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0028fe80:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0028fe90:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0028fea0:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in 
0028feb0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0028fec0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans0028fe60:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible
 0028fe70:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0028fe80:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 0028fe90:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 0028fea0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 0028feb0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 0028fec0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
0028fed0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat0028fed0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
0028fee0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·0028fee0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
0028fef0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"0028fef0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
0028ff00:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod0028ff00:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
0028ff10:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container0028ff10:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0028ff20:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C0028ff20:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
0028ff30:·4345·2d38·3538·3439·2d38·0a20·202d·2043··CE-85849-8.··-·C0028ff30:·4345·2d38·3538·3439·2d38·0a20·202d·2043··CE-85849-8.··-·C
Offset 167940, 21 lines modifiedOffset 167940, 21 lines modified
00290030:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group00290030:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group
00290040:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo00290040:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
00290050:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00290050:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00290060:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat00290060:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
00290070:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g00290070:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
00290080:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou00290080:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou
00290090:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·00290090:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·
002900a0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002900b0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
002900c0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002900d0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
002900e0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
002900f0:·6232·2220·696e·2061·6e73·6962·6c65·5f66··b2"·in·ansible_f 
00290100:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002900a0:·202d·2027·2267·7275·6232·2220·696e·2061···-·'"grub2"·in·a
 002900b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002900c0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 002900d0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 002900e0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 002900f0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 00290100:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
00290110:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu00290110:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00290120:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00290120:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00290130:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",00290130:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00290140:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"00290140:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00290150:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con00290150:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00290160:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil00290160:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
00290170:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is00290170:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 168006, 18 lines modifiedOffset 168006, 18 lines modified
00290450:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th00290450:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
00290460:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</00290460:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
00290470:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>00290470:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
00290480:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem00290480:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
00290490:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl00290490:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
002904a0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c002904a0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
002904b0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms002904b0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 002904c0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 002904d0:·2d71·2067·7275·6232·2026·616d·703b·2661··-q·grub2·&amp;&a
002904c0:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/002904e0:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/
002904d0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&002904f0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
002904e0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
002904f0:·7175·6965·7420·2d71·2067·7275·6232·2026··quiet·-q·grub2·& 
00290500:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·00290500:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
00290510:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]00290510:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
00290520:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·00290520:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
00290530:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain00290530:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
00290540:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then00290540:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
00290550:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/00290550:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/
00290560:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..00290560:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..
Offset 168515, 21 lines modifiedOffset 168515, 21 lines modified
00292420:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis00292420:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
00292430:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub00292430:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
00292440:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta00292440:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
00292450:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo00292450:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
00292460:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00292460:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00292470:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00292470:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
00292480:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when00292480:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
00292490:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002924a0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002924b0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002924c0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002924d0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002924e0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl 
002924f0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00292490:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i
 002924a0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 002924b0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 002924c0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 002924d0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 002924e0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 002924f0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
00292500:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi00292500:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
00292510:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ00292510:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
00292520:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke00292520:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
00292530:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open00292530:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
00292540:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"00292540:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00292550:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta00292550:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
00292560:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-858400292560:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-8584
Offset 168551, 21 lines modifiedOffset 168551, 21 lines modified
00292660:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o00292660:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
00292670:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/00292670:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
00292680:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·00292680:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
00292690:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:00292690:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002926a0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002926a0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002926b0:·622e·6366·670a·2020·2020·6f77·6e65·723a··b.cfg.····owner:002926b0:·622e·6366·670a·2020·2020·6f77·6e65·723a··b.cfg.····owner:
002926c0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002926c0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
002926d0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002926e0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002926f0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
00292700:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
00292710:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
00292720:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00292730:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002926d0:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans
 002926e0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002926f0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00292700:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00292710:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00292720:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00292730:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
00292740:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00292740:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
Max diff block lines reached; 7909/17088 bytes (46.28%) of diff not shown.
5.11 KB
html2text {}
    
Offset 38061, 16 lines modifiedOffset 38061, 16 lines modified
38061 ··-·no_reboot_needed38061 ··-·no_reboot_needed
  
38062 -·name:·Test·for·existence·/boot/grub2/grub.cfg38062 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38063 ··stat:38063 ··stat:
38064 ····path:·/boot/grub2/grub.cfg38064 ····path:·/boot/grub2/grub.cfg
38065 ··register:·file_exists38065 ··register:·file_exists
38066 ··when:38066 ··when:
38067 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38068 ··-·'"grub2"·in·ansible_facts.packages'38067 ··-·'"grub2"·in·ansible_facts.packages'
 38068 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38070 ··tags:38070 ··tags:
38071 ··-·CCE-85849-838071 ··-·CCE-85849-8
38072 ··-·CJIS-5.5.2.238072 ··-·CJIS-5.5.2.2
38073 ··-·NIST-800-171-3.4.538073 ··-·NIST-800-171-3.4.5
38074 ··-·NIST-800-53-AC-6(1)38074 ··-·NIST-800-53-AC-6(1)
38075 ··-·NIST-800-53-CM-6(a)38075 ··-·NIST-800-53-CM-6(a)
Offset 38083, 16 lines modifiedOffset 38083, 16 lines modified
38083 ··-·no_reboot_needed38083 ··-·no_reboot_needed
  
38084 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg38084 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
38085 ··file:38085 ··file:
38086 ····path:·/boot/grub2/grub.cfg38086 ····path:·/boot/grub2/grub.cfg
38087 ····group:·'0'38087 ····group:·'0'
38088 ··when:38088 ··when:
38089 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38090 ··-·'"grub2"·in·ansible_facts.packages'38089 ··-·'"grub2"·in·ansible_facts.packages'
 38090 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38091 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38091 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38092 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38092 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38093 ··tags:38093 ··tags:
38094 ··-·CCE-85849-838094 ··-·CCE-85849-8
38095 ··-·CJIS-5.5.2.238095 ··-·CJIS-5.5.2.2
38096 ··-·NIST-800-171-3.4.538096 ··-·NIST-800-171-3.4.5
38097 ··-·NIST-800-53-AC-6(1)38097 ··-·NIST-800-53-AC-6(1)
Offset 38105, 15 lines modifiedOffset 38105, 15 lines modified
38105 ··-·medium_severity38105 ··-·medium_severity
38106 ··-·no_reboot_needed38106 ··-·no_reboot_needed
38107 Remediation_Shell_script_⇲38107 Remediation_Shell_script_⇲
38108 Complexity:·low38108 Complexity:·low
38109 Disruption:·low38109 Disruption:·low
38110 Strategy:···configure38110 Strategy:···configure
38111 #·Remediation·is·applicable·only·in·certain·platforms38111 #·Remediation·is·applicable·only·in·certain·platforms
38112 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38112 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38113 };·then38113 };·then
  
38114 chgrp·0·/boot/grub2/grub.cfg38114 chgrp·0·/boot/grub2/grub.cfg
  
38115 else38115 else
38116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38117 fi38117 fi
Offset 38154, 16 lines modifiedOffset 38154, 16 lines modified
38154 ··-·no_reboot_needed38154 ··-·no_reboot_needed
  
38155 -·name:·Test·for·existence·/boot/grub2/grub.cfg38155 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38156 ··stat:38156 ··stat:
38157 ····path:·/boot/grub2/grub.cfg38157 ····path:·/boot/grub2/grub.cfg
38158 ··register:·file_exists38158 ··register:·file_exists
38159 ··when:38159 ··when:
38160 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38161 ··-·'"grub2"·in·ansible_facts.packages'38160 ··-·'"grub2"·in·ansible_facts.packages'
 38161 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38162 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38162 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38163 ··tags:38163 ··tags:
38164 ··-·CCE-85848-038164 ··-·CCE-85848-0
38165 ··-·CJIS-5.5.2.238165 ··-·CJIS-5.5.2.2
38166 ··-·NIST-800-171-3.4.538166 ··-·NIST-800-171-3.4.5
38167 ··-·NIST-800-53-AC-6(1)38167 ··-·NIST-800-53-AC-6(1)
38168 ··-·NIST-800-53-CM-6(a)38168 ··-·NIST-800-53-CM-6(a)
Offset 38176, 16 lines modifiedOffset 38176, 16 lines modified
38176 ··-·no_reboot_needed38176 ··-·no_reboot_needed
  
38177 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg38177 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
38178 ··file:38178 ··file:
38179 ····path:·/boot/grub2/grub.cfg38179 ····path:·/boot/grub2/grub.cfg
38180 ····owner:·'0'38180 ····owner:·'0'
38181 ··when:38181 ··when:
38182 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38183 ··-·'"grub2"·in·ansible_facts.packages'38182 ··-·'"grub2"·in·ansible_facts.packages'
 38183 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38184 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38184 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38185 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38185 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38186 ··tags:38186 ··tags:
38187 ··-·CCE-85848-038187 ··-·CCE-85848-0
38188 ··-·CJIS-5.5.2.238188 ··-·CJIS-5.5.2.2
38189 ··-·NIST-800-171-3.4.538189 ··-·NIST-800-171-3.4.5
38190 ··-·NIST-800-53-AC-6(1)38190 ··-·NIST-800-53-AC-6(1)
Offset 38198, 15 lines modifiedOffset 38198, 15 lines modified
38198 ··-·medium_severity38198 ··-·medium_severity
38199 ··-·no_reboot_needed38199 ··-·no_reboot_needed
38200 Remediation_Shell_script_⇲38200 Remediation_Shell_script_⇲
38201 Complexity:·low38201 Complexity:·low
38202 Disruption:·low38202 Disruption:·low
38203 Strategy:···configure38203 Strategy:···configure
38204 #·Remediation·is·applicable·only·in·certain·platforms38204 #·Remediation·is·applicable·only·in·certain·platforms
38205 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38205 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38206 };·then38206 };·then
  
38207 chown·0·/boot/grub2/grub.cfg38207 chown·0·/boot/grub2/grub.cfg
  
38208 else38208 else
38209 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38209 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38210 fi38210 fi
Offset 38245, 16 lines modifiedOffset 38245, 16 lines modified
38245 ··-·no_reboot_needed38245 ··-·no_reboot_needed
  
38246 -·name:·Test·for·existence·/boot/grub2/grub.cfg38246 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38247 ··stat:38247 ··stat:
38248 ····path:·/boot/grub2/grub.cfg38248 ····path:·/boot/grub2/grub.cfg
38249 ··register:·file_exists38249 ··register:·file_exists
38250 ··when:38250 ··when:
38251 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38252 ··-·'"grub2"·in·ansible_facts.packages'38251 ··-·'"grub2"·in·ansible_facts.packages'
 38252 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38254 ··tags:38254 ··tags:
38255 ··-·CCE-91426-738255 ··-·CCE-91426-7
38256 ··-·NIST-800-171-3.4.538256 ··-·NIST-800-171-3.4.5
38257 ··-·NIST-800-53-AC-6(1)38257 ··-·NIST-800-53-AC-6(1)
38258 ··-·NIST-800-53-CM-6(a)38258 ··-·NIST-800-53-CM-6(a)
38259 ··-·configure_strategy38259 ··-·configure_strategy
Offset 38265, 16 lines modifiedOffset 38265, 16 lines modified
38265 ··-·no_reboot_needed38265 ··-·no_reboot_needed
  
38266 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg38266 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
38267 ··file:38267 ··file:
38268 ····path:·/boot/grub2/grub.cfg38268 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 998/5207 bytes (19.17%) of diff not shown.
21.8 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_server_l1.html
    
Offset 47494, 22 lines modifiedOffset 47494, 22 lines modified
000b9850:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo000b9850:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo
000b9860:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo000b9860:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo
000b9870:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000b9870:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000b9880:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat000b9880:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat
000b9890:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g000b9890:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
000b98a0:·7275·622e·6366·670a·2020·7265·6769·7374··rub.cfg.··regist000b98a0:·7275·622e·6366·670a·2020·7265·6769·7374··rub.cfg.··regist
000b98b0:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.000b98b0:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.
000b98c0:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b000b98c0:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
000b98d0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
000b98e0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
000b98f0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
000b9900:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
000b9910:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in· 
000b9920:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000b98d0:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_
 000b98e0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000b98f0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000b9900:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 000b9910:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 000b9920:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
000b9930:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000b9930:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
000b9940:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000b9940:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000b9950:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000b9950:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000b9960:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000b9960:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000b9970:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000b9970:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000b9980:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000b9980:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000b9990:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC000b9990:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC
000b99a0:·452d·3835·3834·392d·380a·2020·2d20·434a··E-85849-8.··-·CJ000b99a0:·452d·3835·3834·392d·380a·2020·2d20·434a··E-85849-8.··-·CJ
Offset 47531, 21 lines modifiedOffset 47531, 21 lines modified
000b9aa0:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·000b9aa0:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·
000b9ab0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot000b9ab0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
000b9ac0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000b9ac0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000b9ad0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path000b9ad0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
000b9ae0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000b9ae0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000b9af0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group000b9af0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group
000b9b00:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··000b9b00:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
000b9b10:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
000b9b20:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
000b9b30:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000b9b40:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000b9b50:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000b9b60:·3222·2069·6e20·616e·7369·626c·655f·6661··2"·in·ansible_fa 
000b9b70:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000b9b10:·2d20·2722·6772·7562·3222·2069·6e20·616e··-·'"grub2"·in·an
 000b9b20:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000b9b30:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000b9b40:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000b9b50:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000b9b60:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000b9b70:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000b9b80:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000b9b80:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000b9b90:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000b9b90:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000b9ba0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000b9ba0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000b9bb0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000b9bb0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000b9bc0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000b9bc0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000b9bd0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file000b9bd0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
000b9be0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·000b9be0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 47597, 18 lines modifiedOffset 47597, 18 lines modified
000b9ec0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>000b9ec0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
000b9ed0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t000b9ed0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t
000b9ee0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><000b9ee0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
000b9ef0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000b9ef0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000b9f00:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000b9f00:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000b9f10:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000b9f10:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000b9f20:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000b9f20:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 000b9f30:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 000b9f40:·7120·6772·7562·3220·2661·6d70·3b26·616d··q·grub2·&amp;&am
000b9f30:·6966·205b·2021·202d·6620·2f73·7973·2f66··if·[·!·-f·/sys/f000b9f50:·703b·205b·2021·202d·6620·2f73·7973·2f66··p;·[·!·-f·/sys/f
000b9f40:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a000b9f60:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a
000b9f50:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
000b9f60:·7569·6574·202d·7120·6772·7562·3220·2661··uiet·-q·grub2·&a 
000b9f70:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-000b9f70:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-
000b9f80:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·000b9f80:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
000b9f90:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-000b9f90:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
000b9fa0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe000b9fa0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
000b9fb0:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.000b9fb0:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.
000b9fc0:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g000b9fc0:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g
000b9fd0:·7275·6232·2f67·7275·622e·6366·670a·0a65··rub2/grub.cfg..e000b9fd0:·7275·6232·2f67·7275·622e·6366·670a·0a65··rub2/grub.cfg..e
Offset 48106, 21 lines modifiedOffset 48106, 21 lines modified
000bbe90:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist000bbe90:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
000bbea0:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2000bbea0:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2
000bbeb0:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat000bbeb0:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
000bbec0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000bbec0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000bbed0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000bbed0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000bbee0:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil000bbee0:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
000bbef0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:000bbef0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
000bbf00:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000bbf10:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000bbf20:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000bbf30:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000bbf40:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000bbf50:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible 
000bbf60:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'000bbf00:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in
 000bbf10:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000bbf20:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 000bbf30:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
 000bbf40:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 000bbf50:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 000bbf60:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
000bbf70:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir000bbf70:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
000bbf80:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type000bbf80:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
000bbf90:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker000bbf90:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
000bbfa0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv000bbfa0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
000bbfb0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c000bbfb0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
000bbfc0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000bbfc0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
000bbfd0:·733a·0a20·202d·2043·4345·2d38·3538·3438··s:.··-·CCE-85848000bbfd0:·733a·0a20·202d·2043·4345·2d38·3538·3438··s:.··-·CCE-85848
Offset 48142, 21 lines modifiedOffset 48142, 21 lines modified
000bc0d0:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow000bc0d0:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow
000bc0e0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g000bc0e0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
000bc0f0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000bc0f0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000bc100:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·000bc100:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
000bc110:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000bc110:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000bc120:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·000bc120:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·
000bc130:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·000bc130:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
000bc140:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
000bc150:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000bc160:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000bc170:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000bc180:·7374·270a·2020·2d20·2722·6772·7562·3222··st'.··-·'"grub2" 
000bc190:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000bc1a0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000bc140:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi
 000bc150:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000bc160:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000bc170:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000bc180:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000bc190:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000bc1a0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
000bc1b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000bc1b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000bc1c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000bc1c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
Max diff block lines reached; 7694/16932 bytes (45.44%) of diff not shown.
5.09 KB
html2text {}
    
Offset 5503, 16 lines modifiedOffset 5503, 16 lines modified
5503 ··-·no_reboot_needed5503 ··-·no_reboot_needed
  
5504 -·name:·Test·for·existence·/boot/grub2/grub.cfg5504 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5505 ··stat:5505 ··stat:
5506 ····path:·/boot/grub2/grub.cfg5506 ····path:·/boot/grub2/grub.cfg
5507 ··register:·file_exists5507 ··register:·file_exists
5508 ··when:5508 ··when:
5509 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5510 ··-·'"grub2"·in·ansible_facts.packages'5509 ··-·'"grub2"·in·ansible_facts.packages'
 5510 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5512 ··tags:5512 ··tags:
5513 ··-·CCE-85849-85513 ··-·CCE-85849-8
5514 ··-·CJIS-5.5.2.25514 ··-·CJIS-5.5.2.2
5515 ··-·NIST-800-171-3.4.55515 ··-·NIST-800-171-3.4.5
5516 ··-·NIST-800-53-AC-6(1)5516 ··-·NIST-800-53-AC-6(1)
5517 ··-·NIST-800-53-CM-6(a)5517 ··-·NIST-800-53-CM-6(a)
Offset 5525, 16 lines modifiedOffset 5525, 16 lines modified
5525 ··-·no_reboot_needed5525 ··-·no_reboot_needed
  
5526 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5526 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5527 ··file:5527 ··file:
5528 ····path:·/boot/grub2/grub.cfg5528 ····path:·/boot/grub2/grub.cfg
5529 ····group:·'0'5529 ····group:·'0'
5530 ··when:5530 ··when:
5531 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5532 ··-·'"grub2"·in·ansible_facts.packages'5531 ··-·'"grub2"·in·ansible_facts.packages'
 5532 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5533 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5533 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5534 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5534 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5535 ··tags:5535 ··tags:
5536 ··-·CCE-85849-85536 ··-·CCE-85849-8
5537 ··-·CJIS-5.5.2.25537 ··-·CJIS-5.5.2.2
5538 ··-·NIST-800-171-3.4.55538 ··-·NIST-800-171-3.4.5
5539 ··-·NIST-800-53-AC-6(1)5539 ··-·NIST-800-53-AC-6(1)
Offset 5547, 15 lines modifiedOffset 5547, 15 lines modified
5547 ··-·medium_severity5547 ··-·medium_severity
5548 ··-·no_reboot_needed5548 ··-·no_reboot_needed
5549 Remediation_Shell_script_⇲5549 Remediation_Shell_script_⇲
5550 Complexity:·low5550 Complexity:·low
5551 Disruption:·low5551 Disruption:·low
5552 Strategy:···configure5552 Strategy:···configure
5553 #·Remediation·is·applicable·only·in·certain·platforms5553 #·Remediation·is·applicable·only·in·certain·platforms
5554 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5554 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5555 };·then5555 };·then
  
5556 chgrp·0·/boot/grub2/grub.cfg5556 chgrp·0·/boot/grub2/grub.cfg
  
5557 else5557 else
5558 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5558 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5559 fi5559 fi
Offset 5596, 16 lines modifiedOffset 5596, 16 lines modified
5596 ··-·no_reboot_needed5596 ··-·no_reboot_needed
  
5597 -·name:·Test·for·existence·/boot/grub2/grub.cfg5597 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5598 ··stat:5598 ··stat:
5599 ····path:·/boot/grub2/grub.cfg5599 ····path:·/boot/grub2/grub.cfg
5600 ··register:·file_exists5600 ··register:·file_exists
5601 ··when:5601 ··when:
5602 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5603 ··-·'"grub2"·in·ansible_facts.packages'5602 ··-·'"grub2"·in·ansible_facts.packages'
 5603 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5604 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5604 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5605 ··tags:5605 ··tags:
5606 ··-·CCE-85848-05606 ··-·CCE-85848-0
5607 ··-·CJIS-5.5.2.25607 ··-·CJIS-5.5.2.2
5608 ··-·NIST-800-171-3.4.55608 ··-·NIST-800-171-3.4.5
5609 ··-·NIST-800-53-AC-6(1)5609 ··-·NIST-800-53-AC-6(1)
5610 ··-·NIST-800-53-CM-6(a)5610 ··-·NIST-800-53-CM-6(a)
Offset 5618, 16 lines modifiedOffset 5618, 16 lines modified
5618 ··-·no_reboot_needed5618 ··-·no_reboot_needed
  
5619 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5619 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5620 ··file:5620 ··file:
5621 ····path:·/boot/grub2/grub.cfg5621 ····path:·/boot/grub2/grub.cfg
5622 ····owner:·'0'5622 ····owner:·'0'
5623 ··when:5623 ··when:
5624 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5625 ··-·'"grub2"·in·ansible_facts.packages'5624 ··-·'"grub2"·in·ansible_facts.packages'
 5625 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5627 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5627 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5628 ··tags:5628 ··tags:
5629 ··-·CCE-85848-05629 ··-·CCE-85848-0
5630 ··-·CJIS-5.5.2.25630 ··-·CJIS-5.5.2.2
5631 ··-·NIST-800-171-3.4.55631 ··-·NIST-800-171-3.4.5
5632 ··-·NIST-800-53-AC-6(1)5632 ··-·NIST-800-53-AC-6(1)
Offset 5640, 15 lines modifiedOffset 5640, 15 lines modified
5640 ··-·medium_severity5640 ··-·medium_severity
5641 ··-·no_reboot_needed5641 ··-·no_reboot_needed
5642 Remediation_Shell_script_⇲5642 Remediation_Shell_script_⇲
5643 Complexity:·low5643 Complexity:·low
5644 Disruption:·low5644 Disruption:·low
5645 Strategy:···configure5645 Strategy:···configure
5646 #·Remediation·is·applicable·only·in·certain·platforms5646 #·Remediation·is·applicable·only·in·certain·platforms
5647 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5647 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5648 };·then5648 };·then
  
5649 chown·0·/boot/grub2/grub.cfg5649 chown·0·/boot/grub2/grub.cfg
  
5650 else5650 else
5651 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5651 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5652 fi5652 fi
Offset 5687, 16 lines modifiedOffset 5687, 16 lines modified
5687 ··-·no_reboot_needed5687 ··-·no_reboot_needed
  
5688 -·name:·Test·for·existence·/boot/grub2/grub.cfg5688 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5689 ··stat:5689 ··stat:
5690 ····path:·/boot/grub2/grub.cfg5690 ····path:·/boot/grub2/grub.cfg
5691 ··register:·file_exists5691 ··register:·file_exists
5692 ··when:5692 ··when:
5693 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5694 ··-·'"grub2"·in·ansible_facts.packages'5693 ··-·'"grub2"·in·ansible_facts.packages'
 5694 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5695 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5695 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5696 ··tags:5696 ··tags:
5697 ··-·CCE-91426-75697 ··-·CCE-91426-7
5698 ··-·NIST-800-171-3.4.55698 ··-·NIST-800-171-3.4.5
5699 ··-·NIST-800-53-AC-6(1)5699 ··-·NIST-800-53-AC-6(1)
5700 ··-·NIST-800-53-CM-6(a)5700 ··-·NIST-800-53-CM-6(a)
5701 ··-·configure_strategy5701 ··-·configure_strategy
Offset 5707, 16 lines modifiedOffset 5707, 16 lines modified
5707 ··-·no_reboot_needed5707 ··-·no_reboot_needed
  
5708 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5708 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5709 ··file:5709 ··file:
5710 ····path:·/boot/grub2/grub.cfg5710 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 996/5189 bytes (19.19%) of diff not shown.
21.9 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_workstation_l1.html
    
Offset 47486, 21 lines modifiedOffset 47486, 21 lines modified
000b97d0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·000b97d0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
000b97e0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000b97e0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000b97f0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···000b97f0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
000b9800:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000b9800:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000b9810:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re000b9810:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
000b9820:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi000b9820:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
000b9830:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·000b9830:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
000b9840:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
000b9850:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000b9860:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000b9870:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000b9880:·7374·270a·2020·2d20·2722·6772·7562·3222··st'.··-·'"grub2" 
000b9890:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000b98a0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000b9840:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi
 000b9850:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000b9860:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000b9870:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000b9880:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000b9890:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000b98a0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
000b98b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000b98b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000b98c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000b98c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000b98d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000b98d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000b98e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000b98e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000b98f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000b98f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000b9900:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000b9900:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000b9910:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··000b9910:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··
Offset 47522, 21 lines modifiedOffset 47522, 21 lines modified
000b9a10:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000b9a10:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000b9a20:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000b9a20:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000b9a30:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000b9a30:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000b9a40:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000b9a40:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000b9a50:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000b9a50:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000b9a60:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000b9a60:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000b9a70:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000b9a70:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000b9a80:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000b9a90:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000b9aa0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000b9ab0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000b9ac0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000b9ad0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl 
000b9ae0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000b9a80:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i
 000b9a90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000b9aa0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000b9ab0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000b9ac0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000b9ad0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000b9ae0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000b9af0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000b9af0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000b9b00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000b9b00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000b9b10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000b9b10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000b9b20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000b9b20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000b9b30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000b9b30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000b9b40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·000b9b40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000b9b50:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat000b9b50:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 47588, 19 lines modifiedOffset 47588, 19 lines modified
000b9e30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000b9e30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000b9e40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur000b9e40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
000b9e50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab000b9e50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
000b9e60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·000b9e60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
000b9e70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000b9e70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000b9e80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000b9e80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000b9e90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000b9e90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 000b9ea0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 000b9eb0:·6574·202d·7120·6772·7562·3220·2661·6d70··et·-q·grub2·&amp
000b9ea0:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s000b9ec0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s
000b9eb0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·000b9ed0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
000b9ec0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
000b9ed0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
000b9ee0:·3220·2661·6d70·3b26·616d·703b·207b·205b··2·&amp;&amp;·{·[000b9ee0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
000b9ef0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000b9ef0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000b9f00:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000b9f00:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000b9f10:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000b9f10:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000b9f20:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000b9f20:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000b9f30:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000b9f30:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000b9f40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000b9f40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000b9f50:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000b9f50:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 48097, 22 lines modifiedOffset 48097, 22 lines modified
000bbe00:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000bbe00:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000bbe10:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000bbe10:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000bbe20:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000bbe20:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000bbe30:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000bbe30:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000bbe40:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000bbe40:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000bbe50:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000bbe50:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000bbe60:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000bbe60:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000bbe70:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000bbe70:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000bbe80:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000bbe90:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000bbea0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000bbeb0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
000bbec0:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans 
000bbed0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000bbe80:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000bbe90:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000bbea0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 000bbeb0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 000bbec0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000bbed0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000bbee0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000bbee0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000bbef0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000bbef0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000bbf00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000bbf00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000bbf10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000bbf10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000bbf20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000bbf20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000bbf30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000bbf30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000bbf40:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8000bbf40:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
000bbf50:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-000bbf50:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-
Offset 48133, 21 lines modifiedOffset 48133, 21 lines modified
000bc040:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur000bc040:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur
000bc050:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo000bc050:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo
000bc060:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000bc060:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000bc070:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa000bc070:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
000bc080:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/000bc080:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
000bc090:·6772·7562·2e63·6667·0a20·2020·206f·776e··grub.cfg.····own000bc090:·6772·7562·2e63·6667·0a20·2020·206f·776e··grub.cfg.····own
000bc0a0:·6572·3a20·2730·270a·2020·7768·656e·3a0a··er:·'0'.··when:.000bc0a0:·6572·3a20·2730·270a·2020·7768·656e·3a0a··er:·'0'.··when:.
000bc0b0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000bc0c0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
000bc0d0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000bc0e0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000bc0f0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000bc100:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_ 
000bc110:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000bc0b0:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in·
 000bc0c0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000bc0d0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 000bc0e0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 000bc0f0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 000bc100:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 000bc110:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
000bc120:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt000bc120:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
Max diff block lines reached; 7763/17070 bytes (45.48%) of diff not shown.
5.09 KB
html2text {}
    
Offset 5501, 16 lines modifiedOffset 5501, 16 lines modified
5501 ··-·no_reboot_needed5501 ··-·no_reboot_needed
  
5502 -·name:·Test·for·existence·/boot/grub2/grub.cfg5502 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5503 ··stat:5503 ··stat:
5504 ····path:·/boot/grub2/grub.cfg5504 ····path:·/boot/grub2/grub.cfg
5505 ··register:·file_exists5505 ··register:·file_exists
5506 ··when:5506 ··when:
5507 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5508 ··-·'"grub2"·in·ansible_facts.packages'5507 ··-·'"grub2"·in·ansible_facts.packages'
 5508 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5510 ··tags:5510 ··tags:
5511 ··-·CCE-85849-85511 ··-·CCE-85849-8
5512 ··-·CJIS-5.5.2.25512 ··-·CJIS-5.5.2.2
5513 ··-·NIST-800-171-3.4.55513 ··-·NIST-800-171-3.4.5
5514 ··-·NIST-800-53-AC-6(1)5514 ··-·NIST-800-53-AC-6(1)
5515 ··-·NIST-800-53-CM-6(a)5515 ··-·NIST-800-53-CM-6(a)
Offset 5523, 16 lines modifiedOffset 5523, 16 lines modified
5523 ··-·no_reboot_needed5523 ··-·no_reboot_needed
  
5524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5525 ··file:5525 ··file:
5526 ····path:·/boot/grub2/grub.cfg5526 ····path:·/boot/grub2/grub.cfg
5527 ····group:·'0'5527 ····group:·'0'
5528 ··when:5528 ··when:
5529 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5530 ··-·'"grub2"·in·ansible_facts.packages'5529 ··-·'"grub2"·in·ansible_facts.packages'
 5530 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5533 ··tags:5533 ··tags:
5534 ··-·CCE-85849-85534 ··-·CCE-85849-8
5535 ··-·CJIS-5.5.2.25535 ··-·CJIS-5.5.2.2
5536 ··-·NIST-800-171-3.4.55536 ··-·NIST-800-171-3.4.5
5537 ··-·NIST-800-53-AC-6(1)5537 ··-·NIST-800-53-AC-6(1)
Offset 5545, 15 lines modifiedOffset 5545, 15 lines modified
5545 ··-·medium_severity5545 ··-·medium_severity
5546 ··-·no_reboot_needed5546 ··-·no_reboot_needed
5547 Remediation_Shell_script_⇲5547 Remediation_Shell_script_⇲
5548 Complexity:·low5548 Complexity:·low
5549 Disruption:·low5549 Disruption:·low
5550 Strategy:···configure5550 Strategy:···configure
5551 #·Remediation·is·applicable·only·in·certain·platforms5551 #·Remediation·is·applicable·only·in·certain·platforms
5552 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5552 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5553 };·then5553 };·then
  
5554 chgrp·0·/boot/grub2/grub.cfg5554 chgrp·0·/boot/grub2/grub.cfg
  
5555 else5555 else
5556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5557 fi5557 fi
Offset 5594, 16 lines modifiedOffset 5594, 16 lines modified
5594 ··-·no_reboot_needed5594 ··-·no_reboot_needed
  
5595 -·name:·Test·for·existence·/boot/grub2/grub.cfg5595 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5596 ··stat:5596 ··stat:
5597 ····path:·/boot/grub2/grub.cfg5597 ····path:·/boot/grub2/grub.cfg
5598 ··register:·file_exists5598 ··register:·file_exists
5599 ··when:5599 ··when:
5600 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5601 ··-·'"grub2"·in·ansible_facts.packages'5600 ··-·'"grub2"·in·ansible_facts.packages'
 5601 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5602 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5602 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5603 ··tags:5603 ··tags:
5604 ··-·CCE-85848-05604 ··-·CCE-85848-0
5605 ··-·CJIS-5.5.2.25605 ··-·CJIS-5.5.2.2
5606 ··-·NIST-800-171-3.4.55606 ··-·NIST-800-171-3.4.5
5607 ··-·NIST-800-53-AC-6(1)5607 ··-·NIST-800-53-AC-6(1)
5608 ··-·NIST-800-53-CM-6(a)5608 ··-·NIST-800-53-CM-6(a)
Offset 5616, 16 lines modifiedOffset 5616, 16 lines modified
5616 ··-·no_reboot_needed5616 ··-·no_reboot_needed
  
5617 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5617 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5618 ··file:5618 ··file:
5619 ····path:·/boot/grub2/grub.cfg5619 ····path:·/boot/grub2/grub.cfg
5620 ····owner:·'0'5620 ····owner:·'0'
5621 ··when:5621 ··when:
5622 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5623 ··-·'"grub2"·in·ansible_facts.packages'5622 ··-·'"grub2"·in·ansible_facts.packages'
 5623 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5624 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5624 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5625 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5625 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5626 ··tags:5626 ··tags:
5627 ··-·CCE-85848-05627 ··-·CCE-85848-0
5628 ··-·CJIS-5.5.2.25628 ··-·CJIS-5.5.2.2
5629 ··-·NIST-800-171-3.4.55629 ··-·NIST-800-171-3.4.5
5630 ··-·NIST-800-53-AC-6(1)5630 ··-·NIST-800-53-AC-6(1)
Offset 5638, 15 lines modifiedOffset 5638, 15 lines modified
5638 ··-·medium_severity5638 ··-·medium_severity
5639 ··-·no_reboot_needed5639 ··-·no_reboot_needed
5640 Remediation_Shell_script_⇲5640 Remediation_Shell_script_⇲
5641 Complexity:·low5641 Complexity:·low
5642 Disruption:·low5642 Disruption:·low
5643 Strategy:···configure5643 Strategy:···configure
5644 #·Remediation·is·applicable·only·in·certain·platforms5644 #·Remediation·is·applicable·only·in·certain·platforms
5645 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5645 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5646 };·then5646 };·then
  
5647 chown·0·/boot/grub2/grub.cfg5647 chown·0·/boot/grub2/grub.cfg
  
5648 else5648 else
5649 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5649 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5650 fi5650 fi
Offset 5685, 16 lines modifiedOffset 5685, 16 lines modified
5685 ··-·no_reboot_needed5685 ··-·no_reboot_needed
  
5686 -·name:·Test·for·existence·/boot/grub2/grub.cfg5686 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5687 ··stat:5687 ··stat:
5688 ····path:·/boot/grub2/grub.cfg5688 ····path:·/boot/grub2/grub.cfg
5689 ··register:·file_exists5689 ··register:·file_exists
5690 ··when:5690 ··when:
5691 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5692 ··-·'"grub2"·in·ansible_facts.packages'5691 ··-·'"grub2"·in·ansible_facts.packages'
 5692 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5693 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5693 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5694 ··tags:5694 ··tags:
5695 ··-·CCE-91426-75695 ··-·CCE-91426-7
5696 ··-·NIST-800-171-3.4.55696 ··-·NIST-800-171-3.4.5
5697 ··-·NIST-800-53-AC-6(1)5697 ··-·NIST-800-53-AC-6(1)
5698 ··-·NIST-800-53-CM-6(a)5698 ··-·NIST-800-53-CM-6(a)
5699 ··-·configure_strategy5699 ··-·configure_strategy
Offset 5705, 16 lines modifiedOffset 5705, 16 lines modified
5705 ··-·no_reboot_needed5705 ··-·no_reboot_needed
  
5706 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5706 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5707 ··file:5707 ··file:
5708 ····path:·/boot/grub2/grub.cfg5708 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 996/5189 bytes (19.19%) of diff not shown.
21.9 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_workstation_l2.html
    
Offset 167900, 21 lines modifiedOffset 167900, 21 lines modified
0028fdb0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·0028fdb0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
0028fdc0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub0028fdc0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
0028fdd0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···0028fdd0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
0028fde0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru0028fde0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
0028fdf0:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re0028fdf0:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
0028fe00:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi0028fe00:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
0028fe10:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·0028fe10:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
0028fe20:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
0028fe30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
0028fe40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
0028fe50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
0028fe60:·7374·270a·2020·2d20·2722·6772·7562·3222··st'.··-·'"grub2" 
0028fe70:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
0028fe80:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0028fe20:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi
 0028fe30:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 0028fe40:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 0028fe50:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 0028fe60:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 0028fe70:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 0028fe80:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
0028fe90:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali0028fe90:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
0028fea0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·0028fea0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
0028feb0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l0028feb0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
0028fec0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"0028fec0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
0028fed0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai0028fed0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0028fee0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··0028fee0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
0028fef0:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··0028fef0:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··
Offset 167936, 21 lines modifiedOffset 167936, 21 lines modified
0028fff0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr0028fff0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
00290000:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/00290000:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
00290010:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00290010:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00290020:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····00290020:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
00290030:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00290030:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00290040:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g00290040:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
00290050:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when00290050:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
00290060:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
00290070:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00290080:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00290090:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002900a0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002900b0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl 
002900c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00290060:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i
 00290070:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00290080:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 00290090:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 002900a0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 002900b0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 002900c0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
002900d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi002900d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
002900e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ002900e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
002900f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke002900f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
00290100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open00290100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
00290110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"00290110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00290120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·00290120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
00290130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat00290130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 168002, 19 lines modifiedOffset 168002, 19 lines modified
00290410:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<00290410:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
00290420:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur00290420:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
00290430:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab00290430:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
00290440:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·00290440:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
00290450:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a00290450:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
00290460:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i00290460:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
00290470:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo00290470:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 00290480:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 00290490:·6574·202d·7120·6772·7562·3220·2661·6d70··et·-q·grub2·&amp
00290480:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s002904a0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s
00290490:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·002904b0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
002904a0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
002904b0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
002904c0:·3220·2661·6d70·3b26·616d·703b·207b·205b··2·&amp;&amp;·{·[002904c0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
002904d0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren002904d0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
002904e0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[002904e0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
002904f0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont002904f0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
00290500:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t00290500:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
00290510:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo00290510:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
00290520:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00290520:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00290530:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;00290530:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 168511, 22 lines modifiedOffset 168511, 22 lines modified
002923e0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e002923e0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
002923f0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g002923f0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
00292400:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··00292400:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
00292410:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·00292410:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
00292420:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00292420:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00292430:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:00292430:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
00292440:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w00292440:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
00292450:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot00292450:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
00292460:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
00292470:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
00292480:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
00292490:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002924a0:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans 
002924b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa00292460:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 00292470:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 00292480:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 00292490:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002924a0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 002924b0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
002924c0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible002924c0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
002924d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002924d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002924e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002924e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002924f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002924f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
00292500:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"00292500:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
00292510:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·00292510:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
00292520:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-800292520:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
00292530:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-00292530:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-
Offset 168547, 21 lines modifiedOffset 168547, 21 lines modified
00292620:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur00292620:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur
00292630:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo00292630:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo
00292640:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00292640:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00292650:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa00292650:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
00292660:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/00292660:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
00292670:·6772·7562·2e63·6667·0a20·2020·206f·776e··grub.cfg.····own00292670:·6772·7562·2e63·6667·0a20·2020·206f·776e··grub.cfg.····own
00292680:·6572·3a20·2730·270a·2020·7768·656e·3a0a··er:·'0'.··when:.00292680:·6572·3a20·2730·270a·2020·7768·656e·3a0a··er:·'0'.··when:.
00292690:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002926a0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002926b0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002926c0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002926d0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002926e0:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_ 
002926f0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.00292690:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in·
 002926a0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 002926b0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 002926c0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 002926d0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 002926e0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 002926f0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
00292700:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt00292700:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
Max diff block lines reached; 7771/17088 bytes (45.48%) of diff not shown.
5.11 KB
html2text {}
    
Offset 38060, 16 lines modifiedOffset 38060, 16 lines modified
38060 ··-·no_reboot_needed38060 ··-·no_reboot_needed
  
38061 -·name:·Test·for·existence·/boot/grub2/grub.cfg38061 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38062 ··stat:38062 ··stat:
38063 ····path:·/boot/grub2/grub.cfg38063 ····path:·/boot/grub2/grub.cfg
38064 ··register:·file_exists38064 ··register:·file_exists
38065 ··when:38065 ··when:
38066 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38067 ··-·'"grub2"·in·ansible_facts.packages'38066 ··-·'"grub2"·in·ansible_facts.packages'
 38067 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38068 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38068 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38069 ··tags:38069 ··tags:
38070 ··-·CCE-85849-838070 ··-·CCE-85849-8
38071 ··-·CJIS-5.5.2.238071 ··-·CJIS-5.5.2.2
38072 ··-·NIST-800-171-3.4.538072 ··-·NIST-800-171-3.4.5
38073 ··-·NIST-800-53-AC-6(1)38073 ··-·NIST-800-53-AC-6(1)
38074 ··-·NIST-800-53-CM-6(a)38074 ··-·NIST-800-53-CM-6(a)
Offset 38082, 16 lines modifiedOffset 38082, 16 lines modified
38082 ··-·no_reboot_needed38082 ··-·no_reboot_needed
  
38083 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg38083 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
38084 ··file:38084 ··file:
38085 ····path:·/boot/grub2/grub.cfg38085 ····path:·/boot/grub2/grub.cfg
38086 ····group:·'0'38086 ····group:·'0'
38087 ··when:38087 ··when:
38088 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38089 ··-·'"grub2"·in·ansible_facts.packages'38088 ··-·'"grub2"·in·ansible_facts.packages'
 38089 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38091 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38091 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38092 ··tags:38092 ··tags:
38093 ··-·CCE-85849-838093 ··-·CCE-85849-8
38094 ··-·CJIS-5.5.2.238094 ··-·CJIS-5.5.2.2
38095 ··-·NIST-800-171-3.4.538095 ··-·NIST-800-171-3.4.5
38096 ··-·NIST-800-53-AC-6(1)38096 ··-·NIST-800-53-AC-6(1)
Offset 38104, 15 lines modifiedOffset 38104, 15 lines modified
38104 ··-·medium_severity38104 ··-·medium_severity
38105 ··-·no_reboot_needed38105 ··-·no_reboot_needed
38106 Remediation_Shell_script_⇲38106 Remediation_Shell_script_⇲
38107 Complexity:·low38107 Complexity:·low
38108 Disruption:·low38108 Disruption:·low
38109 Strategy:···configure38109 Strategy:···configure
38110 #·Remediation·is·applicable·only·in·certain·platforms38110 #·Remediation·is·applicable·only·in·certain·platforms
38111 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38111 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38112 };·then38112 };·then
  
38113 chgrp·0·/boot/grub2/grub.cfg38113 chgrp·0·/boot/grub2/grub.cfg
  
38114 else38114 else
38115 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38115 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38116 fi38116 fi
Offset 38153, 16 lines modifiedOffset 38153, 16 lines modified
38153 ··-·no_reboot_needed38153 ··-·no_reboot_needed
  
38154 -·name:·Test·for·existence·/boot/grub2/grub.cfg38154 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38155 ··stat:38155 ··stat:
38156 ····path:·/boot/grub2/grub.cfg38156 ····path:·/boot/grub2/grub.cfg
38157 ··register:·file_exists38157 ··register:·file_exists
38158 ··when:38158 ··when:
38159 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38160 ··-·'"grub2"·in·ansible_facts.packages'38159 ··-·'"grub2"·in·ansible_facts.packages'
 38160 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38162 ··tags:38162 ··tags:
38163 ··-·CCE-85848-038163 ··-·CCE-85848-0
38164 ··-·CJIS-5.5.2.238164 ··-·CJIS-5.5.2.2
38165 ··-·NIST-800-171-3.4.538165 ··-·NIST-800-171-3.4.5
38166 ··-·NIST-800-53-AC-6(1)38166 ··-·NIST-800-53-AC-6(1)
38167 ··-·NIST-800-53-CM-6(a)38167 ··-·NIST-800-53-CM-6(a)
Offset 38175, 16 lines modifiedOffset 38175, 16 lines modified
38175 ··-·no_reboot_needed38175 ··-·no_reboot_needed
  
38176 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg38176 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
38177 ··file:38177 ··file:
38178 ····path:·/boot/grub2/grub.cfg38178 ····path:·/boot/grub2/grub.cfg
38179 ····owner:·'0'38179 ····owner:·'0'
38180 ··when:38180 ··when:
38181 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38182 ··-·'"grub2"·in·ansible_facts.packages'38181 ··-·'"grub2"·in·ansible_facts.packages'
 38182 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38183 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38183 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38184 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38184 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38185 ··tags:38185 ··tags:
38186 ··-·CCE-85848-038186 ··-·CCE-85848-0
38187 ··-·CJIS-5.5.2.238187 ··-·CJIS-5.5.2.2
38188 ··-·NIST-800-171-3.4.538188 ··-·NIST-800-171-3.4.5
38189 ··-·NIST-800-53-AC-6(1)38189 ··-·NIST-800-53-AC-6(1)
Offset 38197, 15 lines modifiedOffset 38197, 15 lines modified
38197 ··-·medium_severity38197 ··-·medium_severity
38198 ··-·no_reboot_needed38198 ··-·no_reboot_needed
38199 Remediation_Shell_script_⇲38199 Remediation_Shell_script_⇲
38200 Complexity:·low38200 Complexity:·low
38201 Disruption:·low38201 Disruption:·low
38202 Strategy:···configure38202 Strategy:···configure
38203 #·Remediation·is·applicable·only·in·certain·platforms38203 #·Remediation·is·applicable·only·in·certain·platforms
38204 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38204 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38205 };·then38205 };·then
  
38206 chown·0·/boot/grub2/grub.cfg38206 chown·0·/boot/grub2/grub.cfg
  
38207 else38207 else
38208 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38208 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38209 fi38209 fi
Offset 38244, 16 lines modifiedOffset 38244, 16 lines modified
38244 ··-·no_reboot_needed38244 ··-·no_reboot_needed
  
38245 -·name:·Test·for·existence·/boot/grub2/grub.cfg38245 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38246 ··stat:38246 ··stat:
38247 ····path:·/boot/grub2/grub.cfg38247 ····path:·/boot/grub2/grub.cfg
38248 ··register:·file_exists38248 ··register:·file_exists
38249 ··when:38249 ··when:
38250 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
38251 ··-·'"grub2"·in·ansible_facts.packages'38250 ··-·'"grub2"·in·ansible_facts.packages'
 38251 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
38252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38253 ··tags:38253 ··tags:
38254 ··-·CCE-91426-738254 ··-·CCE-91426-7
38255 ··-·NIST-800-171-3.4.538255 ··-·NIST-800-171-3.4.5
38256 ··-·NIST-800-53-AC-6(1)38256 ··-·NIST-800-53-AC-6(1)
38257 ··-·NIST-800-53-CM-6(a)38257 ··-·NIST-800-53-CM-6(a)
38258 ··-·configure_strategy38258 ··-·configure_strategy
Offset 38264, 16 lines modifiedOffset 38264, 16 lines modified
38264 ··-·no_reboot_needed38264 ··-·no_reboot_needed
  
38265 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg38265 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
38266 ··file:38266 ··file:
38267 ····path:·/boot/grub2/grub.cfg38267 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 998/5207 bytes (19.17%) of diff not shown.
21.7 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-hipaa.html
    
Offset 194045, 21 lines modifiedOffset 194045, 21 lines modified
002f5fc0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002f5fc0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002f5fd0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002f5fd0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002f5fe0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta002f5fe0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
002f5ff0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002f5ff0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002f6000:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf002f6000:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
002f6010:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi002f6010:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
002f6020:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when002f6020:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
002f6030:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002f6040:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002f6050:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002f6060:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002f6070:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002f6080:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl 
002f6090:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages002f6030:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i
 002f6040:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 002f6050:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 002f6060:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 002f6070:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 002f6080:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 002f6090:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
002f60a0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi002f60a0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
002f60b0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ002f60b0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
002f60c0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke002f60c0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
002f60d0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open002f60d0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
002f60e0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"002f60e0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
002f60f0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta002f60f0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
002f6100:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-8584002f6100:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-8584
Offset 194081, 22 lines modifiedOffset 194081, 22 lines modified
002f6200:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens002f6200:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
002f6210:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·002f6210:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
002f6220:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002f6220:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002f6230:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file002f6230:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
002f6240:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002f6240:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002f6250:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002f6250:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002f6260:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.002f6260:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
002f6270:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002f6270:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002f6280:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002f6290:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002f62a0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002f62b0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002f62c0:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in· 
002f62d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa002f6280:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_
 002f6290:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 002f62a0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 002f62b0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 002f62c0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002f62d0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
002f62e0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi002f62e0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
002f62f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002f62f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002f6300:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002f6300:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002f6310:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002f6310:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002f6320:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002f6320:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002f6330:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002f6330:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002f6340:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist002f6340:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
002f6350:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define002f6350:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 194147, 19 lines modifiedOffset 194147, 19 lines modified
002f6620:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra002f6620:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
002f6630:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co002f6630:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co
002f6640:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr002f6640:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr
002f6650:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c002f6650:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
002f6660:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio002f6660:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
002f6670:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·002f6670:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
002f6680:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·002f6680:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
002f6690:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!002f6690:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 002f66a0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub
 002f66b0:·3220·2661·6d70·3b26·616d·703b·205b·2021··2·&amp;&amp;·[·!
002f66a0:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar002f66c0:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
002f66b0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am002f66d0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
002f66c0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·- 
002f66d0:·7120·6772·7562·3220·2661·6d70·3b26·616d··q·grub2·&amp;&am 
002f66e0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do002f66e0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
002f66f0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&002f66f0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
002f6700:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run002f6700:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
002f6710:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]002f6710:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
002f6720:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp002f6720:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp
002f6730:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g002f6730:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g
002f6740:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··002f6740:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··
Offset 194657, 21 lines modifiedOffset 194657, 21 lines modified
002f8600:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/002f8600:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
002f8610:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.002f8610:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
002f8620:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····002f8620:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
002f8630:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub002f8630:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
002f8640:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg002f8640:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
002f8650:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis002f8650:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
002f8660:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'002f8660:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
002f8670:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
002f8680:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002f8690:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002f86a0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
002f86b0:·7427·0a20·202d·2027·2267·7275·6232·2220··t'.··-·'"grub2"· 
002f86c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002f86d0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a002f8670:·2267·7275·6232·2220·696e·2061·6e73·6962··"grub2"·in·ansib
 002f8680:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 002f8690:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 002f86a0:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 002f86b0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 002f86c0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 002f86d0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
002f86e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz002f86e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
002f86f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i002f86f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
002f8700:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx002f8700:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
002f8710:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p002f8710:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
002f8720:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain002f8720:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
002f8730:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-002f8730:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
002f8740:·2043·4345·2d38·3538·3438·2d30·0a20·202d···CCE-85848-0.··-002f8740:·2043·4345·2d38·3538·3438·2d30·0a20·202d···CCE-85848-0.··-
Offset 194692, 22 lines modifiedOffset 194692, 22 lines modified
002f8830:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:002f8830:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:
002f8840:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·002f8840:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·
002f8850:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g002f8850:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g
002f8860:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.002f8860:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.
002f8870:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/002f8870:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
002f8880:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002f8880:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002f8890:·2020·206f·776e·6572·3a20·2730·270a·2020·····owner:·'0'.··002f8890:·2020·206f·776e·6572·3a20·2730·270a·2020·····owner:·'0'.··
002f88a0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002f88a0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002f88b0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002f88c0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002f88d0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002f88e0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002f88f0:·2d20·2722·6772·7562·3222·2069·6e20·616e··-·'"grub2"·in·an 
002f8900:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack002f88b0:·3222·2069·6e20·616e·7369·626c·655f·6661··2"·in·ansible_fa
 002f88c0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 002f88d0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 002f88e0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 002f88f0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 002f8900:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
002f8910:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl002f8910:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
002f8920:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization002f8920:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
Max diff block lines reached; 7357/16812 bytes (43.76%) of diff not shown.
5.14 KB
html2text {}
    
Offset 47501, 16 lines modifiedOffset 47501, 16 lines modified
47501 ··-·no_reboot_needed47501 ··-·no_reboot_needed
  
47502 -·name:·Test·for·existence·/boot/grub2/grub.cfg47502 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47503 ··stat:47503 ··stat:
47504 ····path:·/boot/grub2/grub.cfg47504 ····path:·/boot/grub2/grub.cfg
47505 ··register:·file_exists47505 ··register:·file_exists
47506 ··when:47506 ··when:
47507 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47508 ··-·'"grub2"·in·ansible_facts.packages'47507 ··-·'"grub2"·in·ansible_facts.packages'
 47508 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47510 ··tags:47510 ··tags:
47511 ··-·CCE-85849-847511 ··-·CCE-85849-8
47512 ··-·CJIS-5.5.2.247512 ··-·CJIS-5.5.2.2
47513 ··-·NIST-800-171-3.4.547513 ··-·NIST-800-171-3.4.5
47514 ··-·NIST-800-53-AC-6(1)47514 ··-·NIST-800-53-AC-6(1)
47515 ··-·NIST-800-53-CM-6(a)47515 ··-·NIST-800-53-CM-6(a)
Offset 47523, 16 lines modifiedOffset 47523, 16 lines modified
47523 ··-·no_reboot_needed47523 ··-·no_reboot_needed
  
47524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg47524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
47525 ··file:47525 ··file:
47526 ····path:·/boot/grub2/grub.cfg47526 ····path:·/boot/grub2/grub.cfg
47527 ····group:·'0'47527 ····group:·'0'
47528 ··when:47528 ··when:
47529 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47530 ··-·'"grub2"·in·ansible_facts.packages'47529 ··-·'"grub2"·in·ansible_facts.packages'
 47530 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47533 ··tags:47533 ··tags:
47534 ··-·CCE-85849-847534 ··-·CCE-85849-8
47535 ··-·CJIS-5.5.2.247535 ··-·CJIS-5.5.2.2
47536 ··-·NIST-800-171-3.4.547536 ··-·NIST-800-171-3.4.5
47537 ··-·NIST-800-53-AC-6(1)47537 ··-·NIST-800-53-AC-6(1)
Offset 47545, 15 lines modifiedOffset 47545, 15 lines modified
47545 ··-·medium_severity47545 ··-·medium_severity
47546 ··-·no_reboot_needed47546 ··-·no_reboot_needed
47547 Remediation_Shell_script_⇲47547 Remediation_Shell_script_⇲
47548 Complexity:·low47548 Complexity:·low
47549 Disruption:·low47549 Disruption:·low
47550 Strategy:···configure47550 Strategy:···configure
47551 #·Remediation·is·applicable·only·in·certain·platforms47551 #·Remediation·is·applicable·only·in·certain·platforms
47552 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};47552 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
47553 then47553 then
  
47554 chgrp·0·/boot/grub2/grub.cfg47554 chgrp·0·/boot/grub2/grub.cfg
  
47555 else47555 else
47556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47557 fi47557 fi
Offset 47593, 16 lines modifiedOffset 47593, 16 lines modified
47593 ··-·no_reboot_needed47593 ··-·no_reboot_needed
  
47594 -·name:·Test·for·existence·/boot/grub2/grub.cfg47594 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47595 ··stat:47595 ··stat:
47596 ····path:·/boot/grub2/grub.cfg47596 ····path:·/boot/grub2/grub.cfg
47597 ··register:·file_exists47597 ··register:·file_exists
47598 ··when:47598 ··when:
47599 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47600 ··-·'"grub2"·in·ansible_facts.packages'47599 ··-·'"grub2"·in·ansible_facts.packages'
 47600 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47601 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47601 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47602 ··tags:47602 ··tags:
47603 ··-·CCE-85848-047603 ··-·CCE-85848-0
47604 ··-·CJIS-5.5.2.247604 ··-·CJIS-5.5.2.2
47605 ··-·NIST-800-171-3.4.547605 ··-·NIST-800-171-3.4.5
47606 ··-·NIST-800-53-AC-6(1)47606 ··-·NIST-800-53-AC-6(1)
47607 ··-·NIST-800-53-CM-6(a)47607 ··-·NIST-800-53-CM-6(a)
Offset 47615, 16 lines modifiedOffset 47615, 16 lines modified
47615 ··-·no_reboot_needed47615 ··-·no_reboot_needed
  
47616 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg47616 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
47617 ··file:47617 ··file:
47618 ····path:·/boot/grub2/grub.cfg47618 ····path:·/boot/grub2/grub.cfg
47619 ····owner:·'0'47619 ····owner:·'0'
47620 ··when:47620 ··when:
47621 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47622 ··-·'"grub2"·in·ansible_facts.packages'47621 ··-·'"grub2"·in·ansible_facts.packages'
 47622 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47624 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47624 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47625 ··tags:47625 ··tags:
47626 ··-·CCE-85848-047626 ··-·CCE-85848-0
47627 ··-·CJIS-5.5.2.247627 ··-·CJIS-5.5.2.2
47628 ··-·NIST-800-171-3.4.547628 ··-·NIST-800-171-3.4.5
47629 ··-·NIST-800-53-AC-6(1)47629 ··-·NIST-800-53-AC-6(1)
Offset 47637, 15 lines modifiedOffset 47637, 15 lines modified
47637 ··-·medium_severity47637 ··-·medium_severity
47638 ··-·no_reboot_needed47638 ··-·no_reboot_needed
47639 Remediation_Shell_script_⇲47639 Remediation_Shell_script_⇲
47640 Complexity:·low47640 Complexity:·low
47641 Disruption:·low47641 Disruption:·low
47642 Strategy:···configure47642 Strategy:···configure
47643 #·Remediation·is·applicable·only·in·certain·platforms47643 #·Remediation·is·applicable·only·in·certain·platforms
47644 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};47644 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
47645 then47645 then
  
47646 chown·0·/boot/grub2/grub.cfg47646 chown·0·/boot/grub2/grub.cfg
  
47647 else47647 else
47648 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47648 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47649 fi47649 fi
Offset 47683, 16 lines modifiedOffset 47683, 16 lines modified
47683 ··-·no_reboot_needed47683 ··-·no_reboot_needed
  
47684 -·name:·Test·for·existence·/boot/grub2/grub.cfg47684 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47685 ··stat:47685 ··stat:
47686 ····path:·/boot/grub2/grub.cfg47686 ····path:·/boot/grub2/grub.cfg
47687 ··register:·file_exists47687 ··register:·file_exists
47688 ··when:47688 ··when:
47689 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47690 ··-·'"grub2"·in·ansible_facts.packages'47689 ··-·'"grub2"·in·ansible_facts.packages'
 47690 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47691 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47691 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47692 ··tags:47692 ··tags:
47693 ··-·CCE-91426-747693 ··-·CCE-91426-7
47694 ··-·NIST-800-171-3.4.547694 ··-·NIST-800-171-3.4.5
47695 ··-·NIST-800-53-AC-6(1)47695 ··-·NIST-800-53-AC-6(1)
47696 ··-·NIST-800-53-CM-6(a)47696 ··-·NIST-800-53-CM-6(a)
47697 ··-·configure_strategy47697 ··-·configure_strategy
Offset 47703, 16 lines modifiedOffset 47703, 16 lines modified
47703 ··-·no_reboot_needed47703 ··-·no_reboot_needed
  
47704 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg47704 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
47705 ··file:47705 ··file:
47706 ····path:·/boot/grub2/grub.cfg47706 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1020/5235 bytes (19.48%) of diff not shown.
14.5 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pci-dss-4.html
    
Offset 231035, 21 lines modifiedOffset 231035, 21 lines modified
003867a0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/003867a0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
003867b0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.003867b0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
003867c0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····003867c0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
003867d0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub003867d0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
003867e0:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg003867e0:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
003867f0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis003867f0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
00386800:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'00386800:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
00386810:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
00386820:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
00386830:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
00386840:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
00386850:·7427·0a20·202d·2027·2267·7275·6232·2220··t'.··-·'"grub2"· 
00386860:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00386870:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a00386810:·2267·7275·6232·2220·696e·2061·6e73·6962··"grub2"·in·ansib
 00386820:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 00386830:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 00386840:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 00386850:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 00386860:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 00386870:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
00386880:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz00386880:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
00386890:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i00386890:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
003868a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx003868a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
003868b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p003868b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
003868c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain003868c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
003868d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-003868d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
003868e0:·2043·4345·2d38·3538·3439·2d38·0a20·202d···CCE-85849-8.··-003868e0:·2043·4345·2d38·3538·3439·2d38·0a20·202d···CCE-85849-8.··-
Offset 231071, 21 lines modifiedOffset 231071, 21 lines modified
003869e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro003869e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
003869f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b003869f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b
00386a00:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00386a00:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00386a10:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p00386a10:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
00386a20:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub200386a20:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
00386a30:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr00386a30:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr
00386a40:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:00386a40:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:
00386a50:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
00386a60:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
00386a70:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
00386a80:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
00386a90:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
00386aa0:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible 
00386ab0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'00386a50:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in
 00386a60:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 00386a70:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 00386a80:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
 00386a90:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 00386aa0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 00386ab0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
00386ac0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00386ac0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00386ad0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00386ad0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00386ae0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00386ae0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00386af0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00386af0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00386b00:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00386b00:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00386b10:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f00386b10:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
00386b20:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·00386b20:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 231137, 18 lines modifiedOffset 231137, 18 lines modified
00386e00:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</00386e00:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
00386e10:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure00386e10:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
00386e20:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl00386e20:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
00386e30:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R00386e30:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
00386e40:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap00386e40:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
00386e50:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in00386e50:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
00386e60:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor00386e60:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 00386e70:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 00386e80:·7420·2d71·2067·7275·6232·2026·616d·703b··t·-q·grub2·&amp;
00386e70:·6d73·0a69·6620·5b20·2120·2d66·202f·7379··ms.if·[·!·-f·/sy00386e90:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
00386e80:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]00386ea0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
00386e90:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm· 
00386ea0:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2 
00386eb0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·00386eb0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
00386ec0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv00386ec0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
00386ed0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·00386ed0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
00386ee0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta00386ee0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
00386ef0:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th00386ef0:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
00386f00:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo00386f00:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
00386f10:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00386f10:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 231646, 22 lines modifiedOffset 231646, 22 lines modified
00388dd0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00388dd0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00388de0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00388de0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00388df0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s00388df0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
00388e00:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/00388e00:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
00388e10:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00388e10:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00388e20:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·00388e20:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
00388e30:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh00388e30:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
00388e40:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/00388e40:·656e·3a0a·2020·2d20·2722·6772·7562·3222··en:.··-·'"grub2"
00388e50:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
00388e60:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
00388e70:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
00388e80:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
00388e90:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi 
00388ea0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag00388e50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 00388e60:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 00388e70:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 00388e80:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 00388e90:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 00388ea0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
00388eb0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_00388eb0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
00388ec0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t00388ec0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
00388ed0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc00388ed0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
00388ee0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op00388ee0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
00388ef0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",00388ef0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
00388f00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00388f00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
00388f10:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-8500388f10:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-85
00388f20:·3834·382d·300a·2020·2d20·434a·4953·2d35··848-0.··-·CJIS-500388f20:·3834·382d·300a·2020·2d20·434a·4953·2d35··848-0.··-·CJIS-5
Offset 231682, 21 lines modifiedOffset 231682, 21 lines modified
00389010:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure00389010:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
00389020:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo00389020:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
00389030:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00389030:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00389040:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat00389040:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
00389050:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g00389050:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
00389060:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne00389060:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne
00389070:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·00389070:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·
00389080:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
00389090:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
003890a0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
003890b0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
003890c0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
003890d0:·6232·2220·696e·2061·6e73·6962·6c65·5f66··b2"·in·ansible_f 
003890e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·00389080:·202d·2027·2267·7275·6232·2220·696e·2061···-·'"grub2"·in·a
 00389090:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 003890a0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 003890b0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 003890c0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 003890d0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 003890e0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
003890f0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu003890f0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00389100:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00389100:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
Max diff block lines reached; 1960/11208 bytes (17.49%) of diff not shown.
3.39 KB
html2text {}
    
Offset 54978, 16 lines modifiedOffset 54978, 16 lines modified
54978 ··-·no_reboot_needed54978 ··-·no_reboot_needed
  
54979 -·name:·Test·for·existence·/boot/grub2/grub.cfg54979 -·name:·Test·for·existence·/boot/grub2/grub.cfg
54980 ··stat:54980 ··stat:
54981 ····path:·/boot/grub2/grub.cfg54981 ····path:·/boot/grub2/grub.cfg
54982 ··register:·file_exists54982 ··register:·file_exists
54983 ··when:54983 ··when:
54984 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
54985 ··-·'"grub2"·in·ansible_facts.packages'54984 ··-·'"grub2"·in·ansible_facts.packages'
 54985 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
54986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]54986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
54987 ··tags:54987 ··tags:
54988 ··-·CCE-85849-854988 ··-·CCE-85849-8
54989 ··-·CJIS-5.5.2.254989 ··-·CJIS-5.5.2.2
54990 ··-·NIST-800-171-3.4.554990 ··-·NIST-800-171-3.4.5
54991 ··-·NIST-800-53-AC-6(1)54991 ··-·NIST-800-53-AC-6(1)
54992 ··-·NIST-800-53-CM-6(a)54992 ··-·NIST-800-53-CM-6(a)
Offset 55000, 16 lines modifiedOffset 55000, 16 lines modified
55000 ··-·no_reboot_needed55000 ··-·no_reboot_needed
  
55001 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg55001 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
55002 ··file:55002 ··file:
55003 ····path:·/boot/grub2/grub.cfg55003 ····path:·/boot/grub2/grub.cfg
55004 ····group:·'0'55004 ····group:·'0'
55005 ··when:55005 ··when:
55006 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
55007 ··-·'"grub2"·in·ansible_facts.packages'55006 ··-·'"grub2"·in·ansible_facts.packages'
 55007 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
55008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]55008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
55009 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists55009 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
55010 ··tags:55010 ··tags:
55011 ··-·CCE-85849-855011 ··-·CCE-85849-8
55012 ··-·CJIS-5.5.2.255012 ··-·CJIS-5.5.2.2
55013 ··-·NIST-800-171-3.4.555013 ··-·NIST-800-171-3.4.5
55014 ··-·NIST-800-53-AC-6(1)55014 ··-·NIST-800-53-AC-6(1)
Offset 55022, 15 lines modifiedOffset 55022, 15 lines modified
55022 ··-·medium_severity55022 ··-·medium_severity
55023 ··-·no_reboot_needed55023 ··-·no_reboot_needed
55024 Remediation_Shell_script_⇲55024 Remediation_Shell_script_⇲
55025 Complexity:·low55025 Complexity:·low
55026 Disruption:·low55026 Disruption:·low
55027 Strategy:···configure55027 Strategy:···configure
55028 #·Remediation·is·applicable·only·in·certain·platforms55028 #·Remediation·is·applicable·only·in·certain·platforms
55029 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};55029 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
55030 then55030 then
  
55031 chgrp·0·/boot/grub2/grub.cfg55031 chgrp·0·/boot/grub2/grub.cfg
  
55032 else55032 else
55033 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'55033 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
55034 fi55034 fi
Offset 55070, 16 lines modifiedOffset 55070, 16 lines modified
55070 ··-·no_reboot_needed55070 ··-·no_reboot_needed
  
55071 -·name:·Test·for·existence·/boot/grub2/grub.cfg55071 -·name:·Test·for·existence·/boot/grub2/grub.cfg
55072 ··stat:55072 ··stat:
55073 ····path:·/boot/grub2/grub.cfg55073 ····path:·/boot/grub2/grub.cfg
55074 ··register:·file_exists55074 ··register:·file_exists
55075 ··when:55075 ··when:
55076 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
55077 ··-·'"grub2"·in·ansible_facts.packages'55076 ··-·'"grub2"·in·ansible_facts.packages'
 55077 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
55078 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]55078 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
55079 ··tags:55079 ··tags:
55080 ··-·CCE-85848-055080 ··-·CCE-85848-0
55081 ··-·CJIS-5.5.2.255081 ··-·CJIS-5.5.2.2
55082 ··-·NIST-800-171-3.4.555082 ··-·NIST-800-171-3.4.5
55083 ··-·NIST-800-53-AC-6(1)55083 ··-·NIST-800-53-AC-6(1)
55084 ··-·NIST-800-53-CM-6(a)55084 ··-·NIST-800-53-CM-6(a)
Offset 55092, 16 lines modifiedOffset 55092, 16 lines modified
55092 ··-·no_reboot_needed55092 ··-·no_reboot_needed
  
55093 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg55093 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
55094 ··file:55094 ··file:
55095 ····path:·/boot/grub2/grub.cfg55095 ····path:·/boot/grub2/grub.cfg
55096 ····owner:·'0'55096 ····owner:·'0'
55097 ··when:55097 ··when:
55098 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
55099 ··-·'"grub2"·in·ansible_facts.packages'55098 ··-·'"grub2"·in·ansible_facts.packages'
 55099 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
55100 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]55100 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
55101 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists55101 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
55102 ··tags:55102 ··tags:
55103 ··-·CCE-85848-055103 ··-·CCE-85848-0
55104 ··-·CJIS-5.5.2.255104 ··-·CJIS-5.5.2.2
55105 ··-·NIST-800-171-3.4.555105 ··-·NIST-800-171-3.4.5
55106 ··-·NIST-800-53-AC-6(1)55106 ··-·NIST-800-53-AC-6(1)
Offset 55114, 15 lines modifiedOffset 55114, 15 lines modified
55114 ··-·medium_severity55114 ··-·medium_severity
55115 ··-·no_reboot_needed55115 ··-·no_reboot_needed
55116 Remediation_Shell_script_⇲55116 Remediation_Shell_script_⇲
55117 Complexity:·low55117 Complexity:·low
55118 Disruption:·low55118 Disruption:·low
55119 Strategy:···configure55119 Strategy:···configure
55120 #·Remediation·is·applicable·only·in·certain·platforms55120 #·Remediation·is·applicable·only·in·certain·platforms
55121 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};55121 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
55122 then55122 then
  
55123 chown·0·/boot/grub2/grub.cfg55123 chown·0·/boot/grub2/grub.cfg
  
55124 else55124 else
55125 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'55125 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
55126 fi55126 fi
14.7 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pci-dss.html
    
Offset 217990, 22 lines modifiedOffset 217990, 22 lines modified
00353850:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00353850:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00353860:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00353860:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00353870:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s00353870:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
00353880:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/00353880:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
00353890:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00353890:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
003538a0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·003538a0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
003538b0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh003538b0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
003538c0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/003538c0:·656e·3a0a·2020·2d20·2722·6772·7562·3222··en:.··-·'"grub2"
003538d0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
003538e0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
003538f0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
00353900:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
00353910:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi 
00353920:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag003538d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 003538e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 003538f0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 00353900:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 00353910:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 00353920:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
00353930:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_00353930:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
00353940:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t00353940:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
00353950:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc00353950:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
00353960:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op00353960:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
00353970:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",00353970:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
00353980:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00353980:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
00353990:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-8500353990:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-85
003539a0:·3834·392d·380a·2020·2d20·434a·4953·2d35··849-8.··-·CJIS-5003539a0:·3834·392d·380a·2020·2d20·434a·4953·2d35··849-8.··-·CJIS-5
Offset 218027, 21 lines modifiedOffset 218027, 21 lines modified
00353aa0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne00353aa0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
00353ab0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru00353ab0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
00353ac0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi00353ac0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi
00353ad0:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b00353ad0:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
00353ae0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00353ae0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00353af0:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'000353af0:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
00353b00:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"00353b00:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
00353b10:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
00353b20:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
00353b30:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
00353b40:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
00353b50:·270a·2020·2d20·2722·6772·7562·3222·2069··'.··-·'"grub2"·i 
00353b60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00353b70:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an00353b10:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl
 00353b20:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 00353b30:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 00353b40:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 00353b50:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 00353b60:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 00353b70:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
00353b80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza00353b80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
00353b90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in00353b90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
00353ba0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc00353ba0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
00353bb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po00353bb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
00353bc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00353bc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00353bd0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi00353bd0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
00353be0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi00353be0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 218092, 19 lines modifiedOffset 218092, 19 lines modified
00353eb0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St00353eb0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
00353ec0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>00353ec0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
00353ed0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></00353ed0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
00353ee0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>00353ee0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
00353ef0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat00353ef0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
00353f00:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl00353f00:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
00353f10:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai00353f10:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
00353f20:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[00353f20:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
 00353f30:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 00353f40:·7562·3220·2661·6d70·3b26·616d·703b·205b··ub2·&amp;&amp;·[
00353f30:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw00353f50:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw
00353f40:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;&00353f60:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;&
00353f50:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
00353f60:·202d·7120·6772·7562·3220·2661·6d70·3b26···-q·grub2·&amp;& 
00353f70:·616d·703b·207b·205b·2021·202d·6620·2f2e··amp;·{·[·!·-f·/.00353f70:·616d·703b·207b·205b·2021·202d·6620·2f2e··amp;·{·[·!·-f·/.
00353f80:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp00353f80:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
00353f90:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r00353f90:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
00353fa0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv00353fa0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
00353fb0:·205d·3b20·7d3b·2074·6865·6e0a·0a63·6867···];·};·then..chg00353fb0:·205d·3b20·7d3b·2074·6865·6e0a·0a63·6867···];·};·then..chg
00353fc0:·7270·2030·202f·626f·6f74·2f67·7275·6232··rp·0·/boot/grub200353fc0:·7270·2030·202f·626f·6f74·2f67·7275·6232··rp·0·/boot/grub2
00353fd0:·2f67·7275·622e·6366·670a·0a65·6c73·650a··/grub.cfg..else.00353fd0:·2f67·7275·622e·6366·670a·0a65·6c73·650a··/grub.cfg..else.
Offset 218602, 21 lines modifiedOffset 218602, 21 lines modified
00355e90:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence00355e90:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
00355ea0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00355ea0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00355eb0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··00355eb0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
00355ec0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr00355ec0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
00355ed0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r00355ed0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
00355ee0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex00355ee0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
00355ef0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-00355ef0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
00355f00:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
00355f10:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
00355f20:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
00355f30:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
00355f40:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
00355f50:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00355f60:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00355f00:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans
 00355f10:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00355f20:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00355f30:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00355f40:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00355f50:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00355f60:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
00355f70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00355f70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
00355f80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not00355f80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
00355f90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"00355f90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
00355fa0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·00355fa0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
00355fb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00355fb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00355fc0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·00355fc0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00355fd0:·202d·2043·4345·2d38·3538·3438·2d30·0a20···-·CCE-85848-0.·00355fd0:·202d·2043·4345·2d38·3538·3438·2d30·0a20···-·CCE-85848-0.·
Offset 218637, 22 lines modifiedOffset 218637, 22 lines modified
003560c0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam003560c0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
003560d0:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·003560d0:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
003560e0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2003560e0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
003560f0:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file003560f0:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
00356100:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo00356100:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
00356110:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00356110:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00356120:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.00356120:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.
00356130:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b00356130:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
00356140:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
00356150:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
00356160:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
00356170:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
00356180:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in· 
00356190:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa00356140:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_
 00356150:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 00356160:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 00356170:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 00356180:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 00356190:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
003561a0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi003561a0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
003561b0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati003561b0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
Max diff block lines reached; 2029/11484 bytes (17.67%) of diff not shown.
3.39 KB
html2text {}
    
Offset 52526, 16 lines modifiedOffset 52526, 16 lines modified
52526 ··-·no_reboot_needed52526 ··-·no_reboot_needed
  
52527 -·name:·Test·for·existence·/boot/grub2/grub.cfg52527 -·name:·Test·for·existence·/boot/grub2/grub.cfg
52528 ··stat:52528 ··stat:
52529 ····path:·/boot/grub2/grub.cfg52529 ····path:·/boot/grub2/grub.cfg
52530 ··register:·file_exists52530 ··register:·file_exists
52531 ··when:52531 ··when:
52532 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
52533 ··-·'"grub2"·in·ansible_facts.packages'52532 ··-·'"grub2"·in·ansible_facts.packages'
 52533 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
52534 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52534 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52535 ··tags:52535 ··tags:
52536 ··-·CCE-85849-852536 ··-·CCE-85849-8
52537 ··-·CJIS-5.5.2.252537 ··-·CJIS-5.5.2.2
52538 ··-·NIST-800-171-3.4.552538 ··-·NIST-800-171-3.4.5
52539 ··-·NIST-800-53-AC-6(1)52539 ··-·NIST-800-53-AC-6(1)
52540 ··-·NIST-800-53-CM-6(a)52540 ··-·NIST-800-53-CM-6(a)
Offset 52548, 16 lines modifiedOffset 52548, 16 lines modified
52548 ··-·no_reboot_needed52548 ··-·no_reboot_needed
  
52549 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg52549 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
52550 ··file:52550 ··file:
52551 ····path:·/boot/grub2/grub.cfg52551 ····path:·/boot/grub2/grub.cfg
52552 ····group:·'0'52552 ····group:·'0'
52553 ··when:52553 ··when:
52554 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
52555 ··-·'"grub2"·in·ansible_facts.packages'52554 ··-·'"grub2"·in·ansible_facts.packages'
 52555 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
52556 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52556 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52557 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists52557 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
52558 ··tags:52558 ··tags:
52559 ··-·CCE-85849-852559 ··-·CCE-85849-8
52560 ··-·CJIS-5.5.2.252560 ··-·CJIS-5.5.2.2
52561 ··-·NIST-800-171-3.4.552561 ··-·NIST-800-171-3.4.5
52562 ··-·NIST-800-53-AC-6(1)52562 ··-·NIST-800-53-AC-6(1)
Offset 52570, 15 lines modifiedOffset 52570, 15 lines modified
52570 ··-·medium_severity52570 ··-·medium_severity
52571 ··-·no_reboot_needed52571 ··-·no_reboot_needed
52572 Remediation_Shell_script_⇲52572 Remediation_Shell_script_⇲
52573 Complexity:·low52573 Complexity:·low
52574 Disruption:·low52574 Disruption:·low
52575 Strategy:···configure52575 Strategy:···configure
52576 #·Remediation·is·applicable·only·in·certain·platforms52576 #·Remediation·is·applicable·only·in·certain·platforms
52577 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};52577 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
52578 then52578 then
  
52579 chgrp·0·/boot/grub2/grub.cfg52579 chgrp·0·/boot/grub2/grub.cfg
  
52580 else52580 else
52581 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'52581 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
52582 fi52582 fi
Offset 52618, 16 lines modifiedOffset 52618, 16 lines modified
52618 ··-·no_reboot_needed52618 ··-·no_reboot_needed
  
52619 -·name:·Test·for·existence·/boot/grub2/grub.cfg52619 -·name:·Test·for·existence·/boot/grub2/grub.cfg
52620 ··stat:52620 ··stat:
52621 ····path:·/boot/grub2/grub.cfg52621 ····path:·/boot/grub2/grub.cfg
52622 ··register:·file_exists52622 ··register:·file_exists
52623 ··when:52623 ··when:
52624 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
52625 ··-·'"grub2"·in·ansible_facts.packages'52624 ··-·'"grub2"·in·ansible_facts.packages'
 52625 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
52626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52627 ··tags:52627 ··tags:
52628 ··-·CCE-85848-052628 ··-·CCE-85848-0
52629 ··-·CJIS-5.5.2.252629 ··-·CJIS-5.5.2.2
52630 ··-·NIST-800-171-3.4.552630 ··-·NIST-800-171-3.4.5
52631 ··-·NIST-800-53-AC-6(1)52631 ··-·NIST-800-53-AC-6(1)
52632 ··-·NIST-800-53-CM-6(a)52632 ··-·NIST-800-53-CM-6(a)
Offset 52640, 16 lines modifiedOffset 52640, 16 lines modified
52640 ··-·no_reboot_needed52640 ··-·no_reboot_needed
  
52641 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg52641 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
52642 ··file:52642 ··file:
52643 ····path:·/boot/grub2/grub.cfg52643 ····path:·/boot/grub2/grub.cfg
52644 ····owner:·'0'52644 ····owner:·'0'
52645 ··when:52645 ··when:
52646 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
52647 ··-·'"grub2"·in·ansible_facts.packages'52646 ··-·'"grub2"·in·ansible_facts.packages'
 52647 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
52648 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52648 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52649 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists52649 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
52650 ··tags:52650 ··tags:
52651 ··-·CCE-85848-052651 ··-·CCE-85848-0
52652 ··-·CJIS-5.5.2.252652 ··-·CJIS-5.5.2.2
52653 ··-·NIST-800-171-3.4.552653 ··-·NIST-800-171-3.4.5
52654 ··-·NIST-800-53-AC-6(1)52654 ··-·NIST-800-53-AC-6(1)
Offset 52662, 15 lines modifiedOffset 52662, 15 lines modified
52662 ··-·medium_severity52662 ··-·medium_severity
52663 ··-·no_reboot_needed52663 ··-·no_reboot_needed
52664 Remediation_Shell_script_⇲52664 Remediation_Shell_script_⇲
52665 Complexity:·low52665 Complexity:·low
52666 Disruption:·low52666 Disruption:·low
52667 Strategy:···configure52667 Strategy:···configure
52668 #·Remediation·is·applicable·only·in·certain·platforms52668 #·Remediation·is·applicable·only·in·certain·platforms
52669 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};52669 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
52670 then52670 then
  
52671 chown·0·/boot/grub2/grub.cfg52671 chown·0·/boot/grub2/grub.cfg
  
52672 else52672 else
52673 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'52673 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
52674 fi52674 fi
3.75 KB
./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-ospp.html
    
Offset 4121, 15 lines modifiedOffset 4121, 15 lines modified
4121 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>4121 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4122 ··</td>4122 ··</td>
4123 ··<td·xml:lang="en-US">4123 ··<td·xml:lang="en-US">
4124 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4124 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4125 time-based·limit,·effects·of·potential·attacks·against4125 time-based·limit,·effects·of·potential·attacks·against
4126 encryption·keys·are·limited.4126 encryption·keys·are·limited.
4127 ··</td>4127 ··</td>
4128 ··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>4128 ··<td>var_rekey_limit_time=1hour<br/>var_rekey_limit_size=1G</td>
4129 </tr>4129 </tr>
4130 <tr>4130 <tr>
4131 ··<td></td>4131 ··<td></td>
4132 ··<td>N/A</td>4132 ··<td>N/A</td>
4133 ··<td>SSH·server·uses·strong·entropy·to·seed</td>4133 ··<td>SSH·server·uses·strong·entropy·to·seed</td>
4134 ··<td·xml:lang="en-US">4134 ··<td·xml:lang="en-US">
4135 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.4135 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.
3.02 KB
html2text {}
    
Offset 1898, 16 lines modifiedOffset 1898, 16 lines modified
1898 ········SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness1898 ········SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness
1899 ·····N/·strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption1899 ·····N/·strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption
1900 ·····A··to·seed·(Bash-···profile.d/cc-ssh-strong-rng.sh·contains·line·············································keys.·Plaintext·padding,·initialization·vectors·in·encryption1900 ·····A··to·seed·(Bash-···profile.d/cc-ssh-strong-rng.sh·contains·line·············································keys.·Plaintext·padding,·initialization·vectors·in·encryption
1901 ········like·shells)·····export·SSH_USE_STRONG_RNG=32·····························································algorithms,·and·high-quality·entropy·eliminates·the1901 ········like·shells)·····export·SSH_USE_STRONG_RNG=32·····························································algorithms,·and·high-quality·entropy·eliminates·the
1902 ·························.························································································possibility·that·the·output·of·the·random·number·generator1902 ·························.························································································possibility·that·the·output·of·the·random·number·generator
1903 ··················································································································used·by·SSH·would·be·known·to·potential·attackers.1903 ··················································································································used·by·SSH·would·be·known·to·potential·attackers.
1904 ·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,1904 ·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,
1905 ·····N/·Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············By·decreasing·the·limit·based·on·the·amount·of·data·and········var_rekey_limit_size=1G1905 ·····N/·Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············By·decreasing·the·limit·based·on·the·amount·of·data·and········var_rekey_limit_time=1hour
1906 ·····A··session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·limit,·effects·of·potential·attacks········var_rekey_limit_time=1hour1906 ·····A··session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·limit,·effects·of·potential·attacks········var_rekey_limit_size=1G
1907 ········renegotiation····sshd_config:·············································································against·encryption·keys·are·limited.1907 ········renegotiation····sshd_config:·············································································against·encryption·keys·are·limited.
1908 ·························RekeyLimit·1G·1hour1908 ·························RekeyLimit·1G·1hour
1909 ··················································································································SSH·implementation·in·Oracle·Linux·8·uses·the·openssl·library,1909 ··················································································································SSH·implementation·in·Oracle·Linux·8·uses·the·openssl·library,
1910 ·························To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·/etc/sysconfig/·which·doesn't·use·high-entropy·sources·by·default.·Randomness1910 ·························To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·/etc/sysconfig/·which·doesn't·use·high-entropy·sources·by·default.·Randomness
1911 ·····N/·SSH·server·uses··sshd·file.·The·SSH_USE_STRONG_RNG·configuration·value·determines·how·many·bytes·of·······is·needed·to·generate·data-encryption·keys,·and·as·plaintext1911 ·····N/·SSH·server·uses··sshd·file.·The·SSH_USE_STRONG_RNG·configuration·value·determines·how·many·bytes·of·······is·needed·to·generate·data-encryption·keys,·and·as·plaintext
1912 ·····A··strong·entropy···entropy·to·use,·so·make·sure·that·the·file·contains·line·································padding·and·initialization·vectors·in·encryption·algorithms,1912 ·····A··strong·entropy···entropy·to·use,·so·make·sure·that·the·file·contains·line·································padding·and·initialization·vectors·in·encryption·algorithms,
1913 ········to·seed··········SSH_USE_STRONG_RNG=32····································································and·high-quality·entropy·elliminates·the·possibility·that·the1913 ········to·seed··········SSH_USE_STRONG_RNG=32····································································and·high-quality·entropy·elliminates·the·possibility·that·the
6.68 KB
./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-stig.html
    
Offset 7986, 18 lines modifiedOffset 7986, 18 lines modified
0001f310:·7573·2070·6173·7377·6f72·6473·2068·656c··us·passwords·hel0001f310:·7573·2070·6173·7377·6f72·6473·2068·656c··us·passwords·hel
0001f320:·7073·2065·6e73·7572·6520·7468·6174·2061··ps·ensure·that·a0001f320:·7073·2065·6e73·7572·6520·7468·6174·2061··ps·ensure·that·a
0001f330:·2063·6f6d·7072·6f6d·6973·6564·2070·6173···compromised·pas0001f330:·2063·6f6d·7072·6f6d·6973·6564·2070·6173···compromised·pas
0001f340:·7377·6f72·6420·6973·206e·6f74·2072·652d··sword·is·not·re-0001f340:·7377·6f72·6420·6973·206e·6f74·2072·652d··sword·is·not·re-
0001f350:·7573·6564·2062·7920·6120·7573·6572·2e0a··used·by·a·user..0001f350:·7573·6564·2062·7920·6120·7573·6572·2e0a··used·by·a·user..
0001f360:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va0001f360:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va
0001f370:·725f·7061·7373·776f·7264·5f70·616d·5f72··r_password_pam_r0001f370:·725f·7061·7373·776f·7264·5f70·616d·5f72··r_password_pam_r
 0001f380:·656d·656d·6265·723d·353c·6272·2f3e·7661··emember=5<br/>va
 0001f390:·725f·7061·7373·776f·7264·5f70·616d·5f72··r_password_pam_r
0001f380:·656d·656d·6265·725f·636f·6e74·726f·6c5f··emember_control_0001f3a0:·656d·656d·6265·725f·636f·6e74·726f·6c5f··emember_control_
0001f390:·666c·6167·3d6f·6c38·3c62·722f·3e76·6172··flag=ol8<br/>var0001f3b0:·666c·6167·3d6f·6c38·3c2f·7464·3e0a·3c2f··flag=ol8</td>.</
0001f3a0:·5f70·6173·7377·6f72·645f·7061·6d5f·7265··_password_pam_re 
0001f3b0:·6d65·6d62·6572·3d35·3c2f·7464·3e0a·3c2f··member=5</td>.</ 
0001f3c0:·7472·3e0a·3c74·723e·0a20·203c·7464·3e49··tr>.<tr>.··<td>I0001f3c0:·7472·3e0a·3c74·723e·0a20·203c·7464·3e49··tr>.<tr>.··<td>I
0001f3d0:·412d·3528·6629·3c62·722f·3e49·412d·3528··A-5(f)<br/>IA-5(0001f3d0:·412d·3528·6629·3c62·722f·3e49·412d·3528··A-5(f)<br/>IA-5(
0001f3e0:·3129·2865·293c·2f74·643e·0a20·203c·7464··1)(e)</td>.··<td0001f3e0:·3129·2865·293c·2f74·643e·0a20·203c·7464··1)(e)</td>.··<td
0001f3f0:·3e4e·2f41·3c2f·7464·3e0a·2020·3c74·643e··>N/A</td>.··<td>0001f3f0:·3e4e·2f41·3c2f·7464·3e0a·2020·3c74·643e··>N/A</td>.··<td>
0001f400:·4c69·6d69·7420·5061·7373·776f·7264·2052··Limit·Password·R0001f400:·4c69·6d69·7420·5061·7373·776f·7264·2052··Limit·Password·R
0001f410:·6575·7365·3a20·7379·7374·656d·2d61·7574··euse:·system-aut0001f410:·6575·7365·3a20·7379·7374·656d·2d61·7574··euse:·system-aut
0001f420:·683c·2f74·643e·0a20·203c·7464·2078·6d6c··h</td>.··<td·xml0001f420:·683c·2f74·643e·0a20·203c·7464·2078·6d6c··h</td>.··<td·xml
Offset 8042, 18 lines modifiedOffset 8042, 18 lines modified
0001f690:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps0001f690:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps
0001f6a0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c0001f6a0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c
0001f6b0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw0001f6b0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw
0001f6c0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us0001f6c0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us
0001f6d0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··0001f6d0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··
0001f6e0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_0001f6e0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
0001f6f0:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem0001f6f0:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001f700:·656d·6265·723d·353c·6272·2f3e·7661·725f··ember=5<br/>var_
 0001f710:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
0001f700:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl0001f720:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl
0001f710:·6167·3d6f·6c38·3c62·722f·3e76·6172·5f70··ag=ol8<br/>var_p 
0001f720:·6173·7377·6f72·645f·7061·6d5f·7265·6d65··assword_pam_reme 
0001f730:·6d62·6572·3d35·3c2f·7464·3e0a·3c2f·7472··mber=5</td>.</tr0001f730:·6167·3d6f·6c38·3c2f·7464·3e0a·3c2f·7472··ag=ol8</td>.</tr
0001f740:·3e0a·3c74·723e·0a20·203c·7464·3e49·412d··>.<tr>.··<td>IA-0001f740:·3e0a·3c74·723e·0a20·203c·7464·3e49·412d··>.<tr>.··<td>IA-
0001f750:·3528·6329·3c62·722f·3e49·412d·3528·3129··5(c)<br/>IA-5(1)0001f750:·3528·6329·3c62·722f·3e49·412d·3528·3129··5(c)<br/>IA-5(1)
0001f760:·2861·293c·6272·2f3e·434d·2d36·2861·293c··(a)<br/>CM-6(a)<0001f760:·2861·293c·6272·2f3e·434d·2d36·2861·293c··(a)<br/>CM-6(a)<
0001f770:·6272·2f3e·4941·2d35·2834·293c·2f74·643e··br/>IA-5(4)</td>0001f770:·6272·2f3e·4941·2d35·2834·293c·2f74·643e··br/>IA-5(4)</td>
0001f780:·0a20·203c·7464·3e4e·2f41·3c2f·7464·3e0a··.··<td>N/A</td>.0001f780:·0a20·203c·7464·3e4e·2f41·3c2f·7464·3e0a··.··<td>N/A</td>.
0001f790:·2020·3c74·643e·456e·7375·7265·2050·414d····<td>Ensure·PAM0001f790:·2020·3c74·643e·456e·7375·7265·2050·414d····<td>Ensure·PAM
0001f7a0:·2045·6e66·6f72·6365·7320·5061·7373·776f···Enforces·Passwo0001f7a0:·2045·6e66·6f72·6365·7320·5061·7373·776f···Enforces·Passwo
3.55 KB
html2text {}
    
Offset 1510, 26 lines modifiedOffset 1510, 26 lines modified
1510 ·································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes1510 ·································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes
1511 ·································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search1511 ·································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search
1512 ·······················································································space.1512 ·······················································································space.
1513 ·································Do·not·allow·users·to·reuse·recent·passwords.·This1513 ·································Do·not·allow·users·to·reuse·recent·passwords.·This
1514 ·································can·be·accomplished·by·using·the·remember·option·for1514 ·································can·be·accomplished·by·using·the·remember·option·for
1515 ·································the·pam_pwhistory·PAM·module.1515 ·································the·pam_pwhistory·PAM·module.
1516 IA-5(f)1516 IA-5(f)
1517 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=ol81517 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=5
1518 (e)·····A··password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=51518 (e)·····A··password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=ol8
1519 ·································equal·to·or·greater·than·5.·For·example:1519 ·································equal·to·or·greater·than·5.·For·example:
1520 ·································password·control_flag·pam_pwhistory.so1520 ·································password·control_flag·pam_pwhistory.so
1521 ·································...existing_options...·remember=5·use_authtok1521 ·································...existing_options...·remember=5·use_authtok
1522 ·································control_flag·should·be·one·of·the·next·values:·ol81522 ·································control_flag·should·be·one·of·the·next·values:·ol8
1523 ·································Do·not·allow·users·to·reuse·recent·passwords.·This1523 ·································Do·not·allow·users·to·reuse·recent·passwords.·This
1524 ·································can·be·accomplished·by·using·the·remember·option·for1524 ·································can·be·accomplished·by·using·the·remember·option·for
1525 ·································the·pam_pwhistory·PAM·module.1525 ·································the·pam_pwhistory·PAM·module.
1526 IA-5(f)1526 IA-5(f)
1527 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=ol81527 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=5
1528 (e)·····A··system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=51528 (e)·····A··system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=ol8
1529 ·································equal·to·or·greater·than·5·For·example:1529 ·································equal·to·or·greater·than·5·For·example:
1530 ·································password·control_flag·pam_pwhistory.so1530 ·································password·control_flag·pam_pwhistory.so
1531 ·································...existing_options...·remember=5·use_authtok1531 ·································...existing_options...·remember=5·use_authtok
1532 ·································control_flag·should·be·one·of·the·next·values:·ol81532 ·································control_flag·should·be·one·of·the·next·values:·ol8
1533 ·································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources1533 ·································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources
1534 ·································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is1534 ·································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is
1535 IA-5(c)····Ensure·PAM·Enforces···in·a·password.·When·set·to·a·negative·number,·any·····a·measure·of·the·effectiveness·of·a·password·in·resisting·attempts·at1535 IA-5(c)····Ensure·PAM·Enforces···in·a·password.·When·set·to·a·negative·number,·any·····a·measure·of·the·effectiveness·of·a·password·in·resisting·attempts·at
10.1 KB
./usr/share/doc/ssg-nondebian/table-rhel7-nistrefs-stig.html
    
Offset 7676, 19 lines modifiedOffset 7676, 19 lines modified
0001dfb0:·2070·7265·7669·6f75·7320·7061·7373·776f···previous·passwo0001dfb0:·2070·7265·7669·6f75·7320·7061·7373·776f···previous·passwo
0001dfc0:·7264·7320·6865·6c70·7320·656e·7375·7265··rds·helps·ensure0001dfc0:·7264·7320·6865·6c70·7320·656e·7375·7265··rds·helps·ensure
0001dfd0:·2074·6861·7420·6120·636f·6d70·726f·6d69···that·a·compromi0001dfd0:·2074·6861·7420·6120·636f·6d70·726f·6d69···that·a·compromi
0001dfe0:·7365·6420·7061·7373·776f·7264·2069·7320··sed·password·is·0001dfe0:·7365·6420·7061·7373·776f·7264·2069·7320··sed·password·is·
0001dff0:·6e6f·7420·7265·2d75·7365·6420·6279·2061··not·re-used·by·a0001dff0:·6e6f·7420·7265·2d75·7365·6420·6279·2061··not·re-used·by·a
0001e000:·2075·7365·722e·0a20·203c·2f74·643e·0a20···user..··</td>.·0001e000:·2075·7365·722e·0a20·203c·2f74·643e·0a20···user..··</td>.·
0001e010:·203c·7464·3e76·6172·5f70·6173·7377·6f72···<td>var_passwor0001e010:·203c·7464·3e76·6172·5f70·6173·7377·6f72···<td>var_passwor
0001e020:·645f·7061·6d5f·7265·6d65·6d62·6572·3d35··d_pam_remember=5 
0001e030:·3c62·722f·3e76·6172·5f70·6173·7377·6f72··<br/>var_passwor 
0001e040:·645f·7061·6d5f·7265·6d65·6d62·6572·5f63··d_pam_remember_c0001e020:·645f·7061·6d5f·7265·6d65·6d62·6572·5f63··d_pam_remember_c
0001e050:·6f6e·7472·6f6c·5f66·6c61·673d·7265·7175··ontrol_flag=requ0001e030:·6f6e·7472·6f6c·5f66·6c61·673d·7265·7175··ontrol_flag=requ
 0001e040:·6973·6974·653c·6272·2f3e·7661·725f·7061··isite<br/>var_pa
 0001e050:·7373·776f·7264·5f70·616d·5f72·656d·656d··ssword_pam_remem
0001e060:·6973·6974·653c·2f74·643e·0a3c·2f74·723e··isite</td>.</tr>0001e060:·6265·723d·353c·2f74·643e·0a3c·2f74·723e··ber=5</td>.</tr>
0001e070:·0a3c·7472·3e0a·2020·3c74·643e·4941·2d35··.<tr>.··<td>IA-50001e070:·0a3c·7472·3e0a·2020·3c74·643e·4941·2d35··.<tr>.··<td>IA-5
0001e080:·2866·293c·6272·2f3e·4941·2d35·2831·2928··(f)<br/>IA-5(1)(0001e080:·2866·293c·6272·2f3e·4941·2d35·2831·2928··(f)<br/>IA-5(1)(
0001e090:·6529·3c2f·7464·3e0a·2020·3c74·643e·4343··e)</td>.··<td>CC0001e090:·6529·3c2f·7464·3e0a·2020·3c74·643e·4343··e)</td>.··<td>CC
0001e0a0:·452d·3833·3437·392d·363c·2f74·643e·0a20··E-83479-6</td>.·0001e0a0:·452d·3833·3437·392d·363c·2f74·643e·0a20··E-83479-6</td>.·
0001e0b0:·203c·7464·3e4c·696d·6974·2050·6173·7377···<td>Limit·Passw0001e0b0:·203c·7464·3e4c·696d·6974·2050·6173·7377···<td>Limit·Passw
0001e0c0:·6f72·6420·5265·7573·653a·2073·7973·7465··ord·Reuse:·syste0001e0c0:·6f72·6420·5265·7573·653a·2073·7973·7465··ord·Reuse:·syste
0001e0d0:·6d2d·6175·7468·3c2f·7464·3e0a·2020·3c74··m-auth</td>.··<t0001e0d0:·6d2d·6175·7468·3c2f·7464·3e0a·2020·3c74··m-auth</td>.··<t
Offset 7734, 18 lines modifiedOffset 7734, 18 lines modified
0001e350:·776f·7264·7320·6865·6c70·7320·656e·7375··words·helps·ensu0001e350:·776f·7264·7320·6865·6c70·7320·656e·7375··words·helps·ensu
0001e360:·7265·2074·6861·7420·6120·636f·6d70·726f··re·that·a·compro0001e360:·7265·2074·6861·7420·6120·636f·6d70·726f··re·that·a·compro
0001e370:·6d69·7365·6420·7061·7373·776f·7264·2069··mised·password·i0001e370:·6d69·7365·6420·7061·7373·776f·7264·2069··mised·password·i
0001e380:·7320·6e6f·7420·7265·2d75·7365·6420·6279··s·not·re-used·by0001e380:·7320·6e6f·7420·7265·2d75·7365·6420·6279··s·not·re-used·by
0001e390:·2061·2075·7365·722e·0a20·203c·2f74·643e···a·user..··</td>0001e390:·2061·2075·7365·722e·0a20·203c·2f74·643e···a·user..··</td>
0001e3a0:·0a20·203c·7464·3e76·6172·5f70·6173·7377··.··<td>var_passw0001e3a0:·0a20·203c·7464·3e76·6172·5f70·6173·7377··.··<td>var_passw
0001e3b0:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember0001e3b0:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember
0001e3c0:·3d35·3c62·722f·3e76·6172·5f70·6173·7377··=5<br/>var_passw 
0001e3d0:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember 
0001e3e0:·5f63·6f6e·7472·6f6c·5f66·6c61·673d·7265··_control_flag=re0001e3c0:·5f63·6f6e·7472·6f6c·5f66·6c61·673d·7265··_control_flag=re
0001e3f0:·7175·6973·6974·653c·2f74·643e·0a3c·2f74··quisite</td>.</t0001e3d0:·7175·6973·6974·653c·6272·2f3e·7661·725f··quisite<br/>var_
 0001e3e0:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001e3f0:·656d·6265·723d·353c·2f74·643e·0a3c·2f74··ember=5</td>.</t
0001e400:·723e·0a3c·7472·3e0a·2020·3c74·643e·4941··r>.<tr>.··<td>IA0001e400:·723e·0a3c·7472·3e0a·2020·3c74·643e·4941··r>.<tr>.··<td>IA
0001e410:·2d35·2863·293c·6272·2f3e·4941·2d35·2831··-5(c)<br/>IA-5(10001e410:·2d35·2863·293c·6272·2f3e·4941·2d35·2831··-5(c)<br/>IA-5(1
0001e420:·2928·6129·3c62·722f·3e43·4d2d·3628·6129··)(a)<br/>CM-6(a)0001e420:·2928·6129·3c62·722f·3e43·4d2d·3628·6129··)(a)<br/>CM-6(a)
0001e430:·3c62·722f·3e49·412d·3528·3429·3c2f·7464··<br/>IA-5(4)</td0001e430:·3c62·722f·3e49·412d·3528·3429·3c2f·7464··<br/>IA-5(4)</td
0001e440:·3e0a·2020·3c74·643e·4343·452d·3237·3230··>.··<td>CCE-27200001e440:·3e0a·2020·3c74·643e·4343·452d·3237·3230··>.··<td>CCE-2720
0001e450:·302d·353c·2f74·643e·0a20·203c·7464·3e45··0-5</td>.··<td>E0001e450:·302d·353c·2f74·643e·0a20·203c·7464·3e45··0-5</td>.··<td>E
0001e460:·6e73·7572·6520·5041·4d20·456e·666f·7263··nsure·PAM·Enforc0001e460:·6e73·7572·6520·5041·4d20·456e·666f·7263··nsure·PAM·Enforc
Offset 8578, 18 lines modifiedOffset 8578, 18 lines modified
00021810:·7573·6520·7468·6520·696e·666f·726d·6174··use·the·informat00021810:·7573·6520·7468·6520·696e·666f·726d·6174··use·the·informat
00021820:·696f·6e20·746f·2070·6f74·656e·7469·616c··ion·to·potential00021820:·696f·6e20·746f·2070·6f74·656e·7469·616c··ion·to·potential
00021830:·6c79·2063·6f6d·7072·6f6d·6973·6520·7468··ly·compromise·th00021830:·6c79·2063·6f6d·7072·6f6d·6973·6520·7468··ly·compromise·th
00021840:·6520·696e·7465·6772·6974·7920·6f66·2074··e·integrity·of·t00021840:·6520·696e·7465·6772·6974·7920·6f66·2074··e·integrity·of·t
00021850:·6865·2073·7973·7465·6d20·616e·640a·6e65··he·system·and.ne00021850:·6865·2073·7973·7465·6d20·616e·640a·6e65··he·system·and.ne
00021860:·7477·6f72·6b28·7329·2e0a·2020·3c2f·7464··twork(s)..··</td00021860:·7477·6f72·6b28·7329·2e0a·2020·3c2f·7464··twork(s)..··</td
00021870:·3e0a·2020·3c74·643e·7661·725f·736e·6d70··>.··<td>var_snmp00021870:·3e0a·2020·3c74·643e·7661·725f·736e·6d70··>.··<td>var_snmp
00021880:·645f·726f·5f73·7472·696e·673d·6368·616e··d_ro_string=chan00021880:·645f·7277·5f73·7472·696e·673d·6368·616e··d_rw_string=chan
00021890:·6765·6d65·726f·3c62·722f·3e76·6172·5f73··gemero<br/>var_s00021890:·6765·6d65·7277·3c62·722f·3e76·6172·5f73··gemerw<br/>var_s
000218a0:·6e6d·7064·5f72·775f·7374·7269·6e67·3d63··nmpd_rw_string=c000218a0:·6e6d·7064·5f72·6f5f·7374·7269·6e67·3d63··nmpd_ro_string=c
000218b0:·6861·6e67·656d·6572·773c·2f74·643e·0a3c··hangemerw</td>.<000218b0:·6861·6e67·656d·6572·6f3c·2f74·643e·0a3c··hangemero</td>.<
000218c0:·2f74·723e·0a3c·7472·3e0a·2020·3c74·643e··/tr>.<tr>.··<td>000218c0:·2f74·723e·0a3c·7472·3e0a·2020·3c74·643e··/tr>.<tr>.··<td>
000218d0:·434d·2d35·2831·293c·6272·2f3e·4155·2d37··CM-5(1)<br/>AU-7000218d0:·434d·2d35·2831·293c·6272·2f3e·4155·2d37··CM-5(1)<br/>AU-7
000218e0:·2861·293c·6272·2f3e·4155·2d37·2862·293c··(a)<br/>AU-7(b)<000218e0:·2861·293c·6272·2f3e·4155·2d37·2862·293c··(a)<br/>AU-7(b)<
000218f0:·6272·2f3e·4155·2d38·2862·293c·6272·2f3e··br/>AU-8(b)<br/>000218f0:·6272·2f3e·4155·2d38·2862·293c·6272·2f3e··br/>AU-8(b)<br/>
00021900:·4155·2d31·3228·3329·3c62·722f·3e41·432d··AU-12(3)<br/>AC-00021900:·4155·2d31·3228·3329·3c62·722f·3e41·432d··AU-12(3)<br/>AC-
00021910:·3628·3929·3c2f·7464·3e0a·2020·3c74·643e··6(9)</td>.··<td>00021910:·3628·3929·3c2f·7464·3e0a·2020·3c74·643e··6(9)</td>.··<td>
00021920:·4343·452d·3833·3535·352d·333c·2f74·643e··CCE-83555-3</td>00021920:·4343·452d·3833·3535·352d·333c·2f74·643e··CCE-83555-3</td>
5.37 KB
html2text {}
    
Offset 1669, 30 lines modifiedOffset 1669, 30 lines modified
1669 ··················································································search·space.1669 ··················································································search·space.
1670 ······································Do·not·allow·users·to·reuse·recent1670 ······································Do·not·allow·users·to·reuse·recent
1671 ······································passwords.·This·can·be·accomplished·by1671 ······································passwords.·This·can·be·accomplished·by
1672 ······································using·the·remember·option·for·the1672 ······································using·the·remember·option·for·the
1673 ······································pam_pwhistory·PAM·module.1673 ······································pam_pwhistory·PAM·module.
  
1674 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/password-auth,·make1674 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/password-auth,·make
1675 IA-5(1)·83476-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember=51675 IA-5(1)·83476-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember_control_flag=requisite
1676 (e)·····2······password-auth··········it·has·a·value·equal·to·or·greater·than·5.··compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember_control_flag=requisite1676 (e)·····2······password-auth··········it·has·a·value·equal·to·or·greater·than·5.··compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember=5
1677 ······································For·example:1677 ······································For·example:
1678 ······································password·control_flag·pam_pwhistory.so1678 ······································password·control_flag·pam_pwhistory.so
1679 ······································...existing_options...·remember=51679 ······································...existing_options...·remember=5
1680 ······································use_authtok1680 ······································use_authtok
1681 ······································control_flag·should·be·one·of·the·next1681 ······································control_flag·should·be·one·of·the·next
1682 ······································values:·requisite1682 ······································values:·requisite
1683 ······································Do·not·allow·users·to·reuse·recent1683 ······································Do·not·allow·users·to·reuse·recent
1684 ······································passwords.·This·can·be·accomplished·by1684 ······································passwords.·This·can·be·accomplished·by
1685 ······································using·the·remember·option·for·the1685 ······································using·the·remember·option·for·the
1686 ······································pam_pwhistory·PAM·module.1686 ······································pam_pwhistory·PAM·module.
  
1687 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/system-auth,·make1687 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/system-auth,·make
1688 IA-5(1)·83479-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember=51688 IA-5(1)·83479-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember_control_flag=requisite
1689 (e)·····6······system-auth············it·has·a·value·equal·to·or·greater·than·5···compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember_control_flag=requisite1689 (e)·····6······system-auth············it·has·a·value·equal·to·or·greater·than·5···compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember=5
1690 ······································For·example:1690 ······································For·example:
1691 ······································password·control_flag·pam_pwhistory.so1691 ······································password·control_flag·pam_pwhistory.so
1692 ······································...existing_options...·remember=51692 ······································...existing_options...·remember=5
1693 ······································use_authtok1693 ······································use_authtok
1694 ······································control_flag·should·be·one·of·the·next1694 ······································control_flag·should·be·one·of·the·next
1695 ······································values:·requisite1695 ······································values:·requisite
1696 ······································The·pam_pwquality·module's·ucredit=·········Use·of·a·complex·password·helps·to·increase·the·time·and1696 ······································The·pam_pwquality·module's·ucredit=·········Use·of·a·complex·password·helps·to·increase·the·time·and
Offset 1839, 16 lines modifiedOffset 1839, 16 lines modified
1839 ······································This·will·help·ensure·when·local·users······configuration·option·ensures·the·use·of·a·strong·hashing1839 ······································This·will·help·ensure·when·local·users······configuration·option·ensures·the·use·of·a·strong·hashing
1840 ······································change·their·passwords,·hashes·for·the·new··algorithm·that·makes·password·cracking·attacks·more·difficult.1840 ······································change·their·passwords,·hashes·for·the·new··algorithm·that·makes·password·cracking·attacks·more·difficult.
1841 ······································passwords·will·be·generated·using·the·SHA-1841 ······································passwords·will·be·generated·using·the·SHA-
1842 ······································512·algorithm.·This·is·the·default.1842 ······································512·algorithm.·This·is·the·default.
1843 ······································Edit·/etc/snmp/snmpd.conf,·remove·or·change1843 ······································Edit·/etc/snmp/snmpd.conf,·remove·or·change
1844 ······································the·default·community·strings·of·public·and·Whether·active·or·not,·default·simple·network·management1844 ······································the·default·community·strings·of·public·and·Whether·active·or·not,·default·simple·network·management
1845 ········CCE-··························private.·This·profile·configures·new·read-··protocol·(SNMP)·community·strings·must·be·changed·to·maintain1845 ········CCE-··························private.·This·profile·configures·new·read-··protocol·(SNMP)·community·strings·must·be·changed·to·maintain
1846 IA-5(e)·27386-·Ensure·Default·SNMP····only·community·string·to·changemero·and·····security.·If·the·service·is·running·with·the·default···········var_snmpd_ro_string=changemero1846 IA-5(e)·27386-·Ensure·Default·SNMP····only·community·string·to·changemero·and·····security.·If·the·service·is·running·with·the·default···········var_snmpd_rw_string=changemerw
1847 ········2······Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·then·anyone·can·gather·data·about·the·system···var_snmpd_rw_string=changemerw1847 ········2······Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·then·anyone·can·gather·data·about·the·system···var_snmpd_ro_string=changemero
1848 ······································Once·the·default·community·strings·have·····and·the·network·and·use·the·information·to·potentially1848 ······································Once·the·default·community·strings·have·····and·the·network·and·use·the·information·to·potentially
1849 ······································been·changed,·restart·the·SNMP·service:·····compromise·the·integrity·of·the·system·and·network(s).1849 ······································been·changed,·restart·the·SNMP·service:·····compromise·the·integrity·of·the·system·and·network(s).
1850 ······································$·sudo·service·snmpd·restart1850 ······································$·sudo·service·snmpd·restart
1851 ······································Verify·the·system·generates·an·audit·record1851 ······································Verify·the·system·generates·an·audit·record
1852 ······································when·privileged·functions·are·executed.·If1852 ······································when·privileged·functions·are·executed.·If
1853 ······································audit·is·using·the·"auditctl"·tool·to·load1853 ······································audit·is·using·the·"auditctl"·tool·to·load
1854 ······································the·rules,·run·the·following·command:1854 ······································the·rules,·run·the·following·command:
7.39 KB
./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-ospp.html
    
Offset 4020, 15 lines modifiedOffset 4020, 15 lines modified
4020 <tt>RekeyLimit</tt>.4020 <tt>RekeyLimit</tt>.
4021 ··</td>4021 ··</td>
4022 ··<td·xml:lang="en-US">4022 ··<td·xml:lang="en-US">
4023 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4023 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4024 time-based·limit,·effects·of·potential·attacks·against4024 time-based·limit,·effects·of·potential·attacks·against
4025 encryption·keys·are·limited.4025 encryption·keys·are·limited.
4026 ··</td>4026 ··</td>
4027 ··<td>var_ssh_client_rekey_limit_time=1hour<br/>var_ssh_client_rekey_limit_size=1G</td>4027 ··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>
4028 </tr>4028 </tr>
4029 <tr>4029 <tr>
4030 ··<td></td>4030 ··<td></td>
4031 ··<td>CCE-83349-1</td>4031 ··<td>CCE-83349-1</td>
4032 ··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>4032 ··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4033 ··<td·xml:lang="en-US">4033 ··<td·xml:lang="en-US">
4034 To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure4034 To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4083, 15 lines modifiedOffset 4083, 15 lines modified
4083 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>4083 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4084 ··</td>4084 ··</td>
4085 ··<td·xml:lang="en-US">4085 ··<td·xml:lang="en-US">
4086 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4086 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4087 time-based·limit,·effects·of·potential·attacks·against4087 time-based·limit,·effects·of·potential·attacks·against
4088 encryption·keys·are·limited.4088 encryption·keys·are·limited.
4089 ··</td>4089 ··</td>
4090 ··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>4090 ··<td>var_rekey_limit_time=1hour<br/>var_rekey_limit_size=1G</td>
4091 </tr>4091 </tr>
4092 <tr>4092 <tr>
4093 ··<td></td>4093 ··<td></td>
4094 ··<td>CCE-82462-3</td>4094 ··<td>CCE-82462-3</td>
4095 ··<td>SSH·server·uses·strong·entropy·to·seed</td>4095 ··<td>SSH·server·uses·strong·entropy·to·seed</td>
4096 ··<td·xml:lang="en-US">4096 ··<td·xml:lang="en-US">
4097 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.4097 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.
6.02 KB
html2text {}
    
Offset 1864, 16 lines modifiedOffset 1864, 16 lines modified
1864 ·····CCE-···Ensure·/var/tmp··The·/var/tmp·directory·is·a·world-writable·directory·used·for·temporary·file·storage.····The·/var/tmp·partition·is·used·as·temporary·storage·by·many1864 ·····CCE-···Ensure·/var/tmp··The·/var/tmp·directory·is·a·world-writable·directory·used·for·temporary·file·storage.····The·/var/tmp·partition·is·used·as·temporary·storage·by·many
1865 ·····82730-·Located·On·······Ensure·it·has·its·own·partition·or·logical·volume·at·installation·time,·or·migrate·it····programs.·Placing·/var/tmp·in·its·own·partition·enables·the1865 ·····82730-·Located·On·······Ensure·it·has·its·own·partition·or·logical·volume·at·installation·time,·or·migrate·it····programs.·Placing·/var/tmp·in·its·own·partition·enables·the
1866 ·····3······Separate·········using·LVM.···············································································setting·of·more·restrictive·mount·options,·which·can·help1866 ·····3······Separate·········using·LVM.···············································································setting·of·more·restrictive·mount·options,·which·can·help
1867 ············Partition·································································································protect·programs·which·use·it.1867 ············Partition·································································································protect·programs·which·use·it.
1868 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in1868 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in
1869 ·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the1869 ·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the
1870 ·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····By·decreasing·the·limit·based·on·the·amount·of·data·and1870 ·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····By·decreasing·the·limit·based·on·the·amount·of·data·and
1871 ·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·limit,·effects·of·potential·attacks········var_ssh_client_rekey_limit_time=1hour1871 ·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·limit,·effects·of·potential·attacks········var_ssh_client_rekey_limit_size=1G
1872 ·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·against·encryption·keys·are·limited.···························var_ssh_client_rekey_limit_size=1G1872 ·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·against·encryption·keys·are·limited.···························var_ssh_client_rekey_limit_time=1hour
1873 ············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order1873 ············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order
1874 ·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf1874 ·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf
1875 ·····························containing·definition·of·RekeyLimit.1875 ·····························containing·definition·of·RekeyLimit.
1876 ·····························To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure·that·the·······Some·SSH·implementations·use·the·openssl·library·for·entropy,1876 ·····························To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure·that·the·······Some·SSH·implementations·use·the·openssl·library·for·entropy,
1877 ············SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness1877 ············SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness
1878 ·····CCE-···strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption1878 ·····CCE-···strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption
1879 ·····83349-·to·seed·(for·CSH·profile.d/cc-ssh-strong-rng.csh·contains·line············································keys.·Plaintext·padding,·initialization·vectors·in·encryption1879 ·····83349-·to·seed·(for·CSH·profile.d/cc-ssh-strong-rng.csh·contains·line············································keys.·Plaintext·padding,·initialization·vectors·in·encryption
Offset 1884, 16 lines modifiedOffset 1884, 16 lines modified
1884 ············SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness1884 ············SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness
1885 ·····CCE-···strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption1885 ·····CCE-···strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption
1886 ·····83346-·to·seed·(Bash-···profile.d/cc-ssh-strong-rng.sh·contains·line·············································keys.·Plaintext·padding,·initialization·vectors·in·encryption1886 ·····83346-·to·seed·(Bash-···profile.d/cc-ssh-strong-rng.sh·contains·line·············································keys.·Plaintext·padding,·initialization·vectors·in·encryption
1887 ·····7······like·shells)·····export·SSH_USE_STRONG_RNG=32·····························································algorithms,·and·high-quality·entropy·eliminates·the1887 ·····7······like·shells)·····export·SSH_USE_STRONG_RNG=32·····························································algorithms,·and·high-quality·entropy·eliminates·the
1888 ·····························.························································································possibility·that·the·output·of·the·random·number·generator1888 ·····························.························································································possibility·that·the·output·of·the·random·number·generator
1889 ······················································································································used·by·SSH·would·be·known·to·potential·attackers.1889 ······················································································································used·by·SSH·would·be·known·to·potential·attackers.
1890 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,1890 ·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,
1891 ·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············By·decreasing·the·limit·based·on·the·amount·of·data·and········var_rekey_limit_size=1G1891 ·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············By·decreasing·the·limit·based·on·the·amount·of·data·and········var_rekey_limit_time=1hour
1892 ·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·limit,·effects·of·potential·attacks········var_rekey_limit_time=1hour1892 ·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·limit,·effects·of·potential·attacks········var_rekey_limit_size=1G
1893 ·····7······renegotiation····sshd_config:·············································································against·encryption·keys·are·limited.1893 ·····7······renegotiation····sshd_config:·············································································against·encryption·keys·are·limited.
1894 ·····························RekeyLimit·1G·1hour1894 ·····························RekeyLimit·1G·1hour
1895 ······················································································································SSH·implementation·in·Red·Hat·Enterprise·Linux·8·uses·the1895 ······················································································································SSH·implementation·in·Red·Hat·Enterprise·Linux·8·uses·the
1896 ·····························To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·/etc/sysconfig/·openssl·library,·which·doesn't·use·high-entropy·sources·by1896 ·····························To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·/etc/sysconfig/·openssl·library,·which·doesn't·use·high-entropy·sources·by
1897 ·····CCE-···SSH·server·uses··sshd·file.·The·SSH_USE_STRONG_RNG·configuration·value·determines·how·many·bytes·of·······default.·Randomness·is·needed·to·generate·data-encryption1897 ·····CCE-···SSH·server·uses··sshd·file.·The·SSH_USE_STRONG_RNG·configuration·value·determines·how·many·bytes·of·······default.·Randomness·is·needed·to·generate·data-encryption
1898 ·····82462-·strong·entropy···entropy·to·use,·so·make·sure·that·the·file·contains·line·································keys,·and·as·plaintext·padding·and·initialization·vectors·in1898 ·····82462-·strong·entropy···entropy·to·use,·so·make·sure·that·the·file·contains·line·································keys,·and·as·plaintext·padding·and·initialization·vectors·in
1899 ·····3······to·seed··········SSH_USE_STRONG_RNG=32····································································encryption·algorithms,·and·high-quality·entropy·elliminates1899 ·····3······to·seed··········SSH_USE_STRONG_RNG=32····································································encryption·algorithms,·and·high-quality·entropy·elliminates
10.7 KB
./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-stig.html
    
Offset 7842, 18 lines modifiedOffset 7842, 18 lines modified
0001ea10:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps0001ea10:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps
0001ea20:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c0001ea20:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c
0001ea30:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw0001ea30:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw
0001ea40:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us0001ea40:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us
0001ea50:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··0001ea50:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··
0001ea60:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_0001ea60:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
0001ea70:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem0001ea70:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001ea80:·656d·6265·723d·353c·6272·2f3e·7661·725f··ember=5<br/>var_
 0001ea90:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
0001ea80:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl0001eaa0:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl
0001ea90:·6167·3d72·6571·7569·7265·643c·6272·2f3e··ag=required<br/>0001eab0:·6167·3d72·6571·7569·7265·643c·2f74·643e··ag=required</td>
0001eaa0:·7661·725f·7061·7373·776f·7264·5f70·616d··var_password_pam 
0001eab0:·5f72·656d·656d·6265·723d·353c·2f74·643e··_remember=5</td> 
0001eac0:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t0001eac0:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0001ead0:·643e·4941·2d35·2866·293c·6272·2f3e·4941··d>IA-5(f)<br/>IA0001ead0:·643e·4941·2d35·2866·293c·6272·2f3e·4941··d>IA-5(f)<br/>IA
0001eae0:·2d35·2831·2928·6529·3c2f·7464·3e0a·2020··-5(1)(e)</td>.··0001eae0:·2d35·2831·2928·6529·3c2f·7464·3e0a·2020··-5(1)(e)</td>.··
0001eaf0:·3c74·643e·4343·452d·3833·3438·302d·343c··<td>CCE-83480-4<0001eaf0:·3c74·643e·4343·452d·3833·3438·302d·343c··<td>CCE-83480-4<
0001eb00:·2f74·643e·0a20·203c·7464·3e4c·696d·6974··/td>.··<td>Limit0001eb00:·2f74·643e·0a20·203c·7464·3e4c·696d·6974··/td>.··<td>Limit
0001eb10:·2050·6173·7377·6f72·6420·5265·7573·653a···Password·Reuse:0001eb10:·2050·6173·7377·6f72·6420·5265·7573·653a···Password·Reuse:
0001eb20:·2073·7973·7465·6d2d·6175·7468·3c2f·7464···system-auth</td0001eb20:·2073·7973·7465·6d2d·6175·7468·3c2f·7464···system-auth</td
Offset 7899, 18 lines modifiedOffset 7899, 18 lines modified
0001eda0:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps0001eda0:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps
0001edb0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c0001edb0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c
0001edc0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw0001edc0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw
0001edd0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us0001edd0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us
0001ede0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··0001ede0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··
0001edf0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_0001edf0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
0001ee00:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem0001ee00:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001ee10:·656d·6265·723d·353c·6272·2f3e·7661·725f··ember=5<br/>var_
 0001ee20:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
0001ee10:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl0001ee30:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl
0001ee20:·6167·3d72·6571·7569·7265·643c·6272·2f3e··ag=required<br/>0001ee40:·6167·3d72·6571·7569·7265·643c·2f74·643e··ag=required</td>
0001ee30:·7661·725f·7061·7373·776f·7264·5f70·616d··var_password_pam 
0001ee40:·5f72·656d·656d·6265·723d·353c·2f74·643e··_remember=5</td> 
0001ee50:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t0001ee50:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0001ee60:·643e·4941·2d35·2863·293c·6272·2f3e·4941··d>IA-5(c)<br/>IA0001ee60:·643e·4941·2d35·2863·293c·6272·2f3e·4941··d>IA-5(c)<br/>IA
0001ee70:·2d35·2831·2928·6129·3c62·722f·3e43·4d2d··-5(1)(a)<br/>CM-0001ee70:·2d35·2831·2928·6129·3c62·722f·3e43·4d2d··-5(1)(a)<br/>CM-
0001ee80:·3628·6129·3c62·722f·3e49·412d·3528·3429··6(a)<br/>IA-5(4)0001ee80:·3628·6129·3c62·722f·3e49·412d·3528·3429··6(a)<br/>IA-5(4)
0001ee90:·3c2f·7464·3e0a·2020·3c74·643e·4343·452d··</td>.··<td>CCE-0001ee90:·3c2f·7464·3e0a·2020·3c74·643e·4343·452d··</td>.··<td>CCE-
0001eea0:·3830·3636·352d·333c·2f74·643e·0a20·203c··80665-3</td>.··<0001eea0:·3830·3636·352d·333c·2f74·643e·0a20·203c··80665-3</td>.··<
0001eeb0:·7464·3e45·6e73·7572·6520·5041·4d20·456e··td>Ensure·PAM·En0001eeb0:·7464·3e45·6e73·7572·6520·5041·4d20·456e··td>Ensure·PAM·En
Offset 23491, 18 lines modifiedOffset 23491, 18 lines modified
0005bc20:·656e·6162·6c69·6e67·0a74·696d·652d·6261··enabling.time-ba0005bc20:·656e·6162·6c69·6e67·0a74·696d·652d·6261··enabling.time-ba
0005bc30:·7365·6420·6c69·6d69·742c·2065·6666·6563··sed·limit,·effec0005bc30:·7365·6420·6c69·6d69·742c·2065·6666·6563··sed·limit,·effec
0005bc40:·7473·206f·6620·706f·7465·6e74·6961·6c20··ts·of·potential·0005bc40:·7473·206f·6620·706f·7465·6e74·6961·6c20··ts·of·potential·
0005bc50:·6174·7461·636b·7320·6167·6169·6e73·740a··attacks·against.0005bc50:·6174·7461·636b·7320·6167·6169·6e73·740a··attacks·against.
0005bc60:·656e·6372·7970·7469·6f6e·206b·6579·7320··encryption·keys·0005bc60:·656e·6372·7970·7469·6f6e·206b·6579·7320··encryption·keys·
0005bc70:·6172·6520·6c69·6d69·7465·642e·0a20·203c··are·limited..··<0005bc70:·6172·6520·6c69·6d69·7465·642e·0a20·203c··are·limited..··<
0005bc80:·2f74·643e·0a20·203c·7464·3e76·6172·5f72··/td>.··<td>var_r0005bc80:·2f74·643e·0a20·203c·7464·3e76·6172·5f72··/td>.··<td>var_r
0005bc90:·656b·6579·5f6c·696d·6974·5f73·697a·653d··ekey_limit_size=0005bc90:·656b·6579·5f6c·696d·6974·5f74·696d·653d··ekey_limit_time=
0005bca0:·3147·3c62·722f·3e76·6172·5f72·656b·6579··1G<br/>var_rekey 
0005bcb0:·5f6c·696d·6974·5f74·696d·653d·3168·6f75··_limit_time=1hou0005bca0:·3168·6f75·723c·6272·2f3e·7661·725f·7265··1hour<br/>var_re
 0005bcb0:·6b65·795f·6c69·6d69·745f·7369·7a65·3d31··key_limit_size=1
0005bcc0:·723c·2f74·643e·0a3c·2f74·723e·0a3c·7472··r</td>.</tr>.<tr0005bcc0:·473c·2f74·643e·0a3c·2f74·723e·0a3c·7472··G</td>.</tr>.<tr
0005bcd0:·3e0a·2020·3c74·643e·3c2f·7464·3e0a·2020··>.··<td></td>.··0005bcd0:·3e0a·2020·3c74·643e·3c2f·7464·3e0a·2020··>.··<td></td>.··
0005bce0:·3c74·643e·4343·452d·3832·3436·322d·333c··<td>CCE-82462-3<0005bce0:·3c74·643e·4343·452d·3832·3436·322d·333c··<td>CCE-82462-3<
0005bcf0:·2f74·643e·0a20·203c·7464·3e53·5348·2073··/td>.··<td>SSH·s0005bcf0:·2f74·643e·0a20·203c·7464·3e53·5348·2073··/td>.··<td>SSH·s
0005bd00:·6572·7665·7220·7573·6573·2073·7472·6f6e··erver·uses·stron0005bd00:·6572·7665·7220·7573·6573·2073·7472·6f6e··erver·uses·stron
0005bd10:·6720·656e·7472·6f70·7920·746f·2073·6565··g·entropy·to·see0005bd10:·6720·656e·7472·6f70·7920·746f·2073·6565··g·entropy·to·see
0005bd20:·643c·2f74·643e·0a20·203c·7464·2078·6d6c··d</td>.··<td·xml0005bd20:·643c·2f74·643e·0a20·203c·7464·2078·6d6c··d</td>.··<td·xml
0005bd30:·3a6c·616e·673d·2265·6e2d·5553·223e·0a54··:lang="en-US">.T0005bd30:·3a6c·616e·673d·2265·6e2d·5553·223e·0a54··:lang="en-US">.T
6.03 KB
html2text {}
    
Offset 1472, 27 lines modifiedOffset 1472, 27 lines modified
1472 ·····································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes1472 ·····································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes
1473 ·····································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search1473 ·····································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search
1474 ···························································································space.1474 ···························································································space.
1475 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This1475 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This
1476 ·····································can·be·accomplished·by·using·the·remember·option·for1476 ·····································can·be·accomplished·by·using·the·remember·option·for
1477 ·····································the·pam_pwhistory·PAM·module.1477 ·····································the·pam_pwhistory·PAM·module.
  
1478 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=required1478 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=5
1479 IA-5(1)·83478-·password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=51479 IA-5(1)·83478-·password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=required
1480 (e)·····8····························equal·to·or·greater·than·5.·For·example:1480 (e)·····8····························equal·to·or·greater·than·5.·For·example:
1481 ·····································password·control_flag·pam_pwhistory.so1481 ·····································password·control_flag·pam_pwhistory.so
1482 ·····································...existing_options...·remember=5·use_authtok1482 ·····································...existing_options...·remember=5·use_authtok
1483 ·····································control_flag·should·be·one·of·the·next·values:1483 ·····································control_flag·should·be·one·of·the·next·values:
1484 ·····································required1484 ·····································required
1485 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This1485 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This
1486 ·····································can·be·accomplished·by·using·the·remember·option·for1486 ·····································can·be·accomplished·by·using·the·remember·option·for
1487 ·····································the·pam_pwhistory·PAM·module.1487 ·····································the·pam_pwhistory·PAM·module.
  
1488 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=required1488 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=5
1489 IA-5(1)·83480-·system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=51489 IA-5(1)·83480-·system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=required
1490 (e)·····4····························equal·to·or·greater·than·5·For·example:1490 (e)·····4····························equal·to·or·greater·than·5·For·example:
1491 ·····································password·control_flag·pam_pwhistory.so1491 ·····································password·control_flag·pam_pwhistory.so
1492 ·····································...existing_options...·remember=5·use_authtok1492 ·····································...existing_options...·remember=5·use_authtok
1493 ·····································control_flag·should·be·one·of·the·next·values:1493 ·····································control_flag·should·be·one·of·the·next·values:
1494 ·····································required1494 ·····································required
1495 ·····································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources1495 ·····································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources
1496 ·····································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is1496 ·····································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is
Offset 4103, 16 lines modifiedOffset 4103, 16 lines modified
4103 ········89707-·Rounds·in·/etc/·······SHA_CRYPT_MIN_ROUNDS·5000·····························Passwords·that·are·encrypted·with·a·weak·algorithm·are·no·more·protected4103 ········89707-·Rounds·in·/etc/·······SHA_CRYPT_MIN_ROUNDS·5000·····························Passwords·that·are·encrypted·with·a·weak·algorithm·are·no·more·protected
4104 ········4······login.defs············SHA_CRYPT_MAX_ROUNDS·5000·····························than·if·they·are·kept·in·plain·text.4104 ········4······login.defs············SHA_CRYPT_MAX_ROUNDS·5000·····························than·if·they·are·kept·in·plain·text.
4105 ·····································Notice·that·if·neither·are·set,·they·already·have·the4105 ·····································Notice·that·if·neither·are·set,·they·already·have·the
4106 ·····································default·value·of·5000.·If·either·is·set,·they·must····Using·more·hashing·rounds·makes·password·cracking·attacks·more·difficult.4106 ·····································default·value·of·5000.·If·either·is·set,·they·must····Using·more·hashing·rounds·makes·password·cracking·attacks·more·difficult.
4107 ·····································have·the·minimum·value·of·5000.4107 ·····································have·the·minimum·value·of·5000.
4108 ·····································The·RekeyLimit·parameter·specifies·how·often·the4108 ·····································The·RekeyLimit·parameter·specifies·how·often·the
4109 ·····································session·key·of·the·is·renegotiated,·both·in·terms·of4109 ·····································session·key·of·the·is·renegotiated,·both·in·terms·of
4110 ········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling·time-·····var_rekey_limit_size=1G4110 ········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling·time-·····var_rekey_limit_time=1hour
4111 ········82177-·session·key···········elapsed.··············································based·limit,·effects·of·potential·attacks·against·encryption·keys·are······var_rekey_limit_time=1hour4111 ········82177-·session·key···········elapsed.··············································based·limit,·effects·of·potential·attacks·against·encryption·keys·are······var_rekey_limit_size=1G
4112 ········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limited.4112 ········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limited.
4113 ·····································following·line·in·/etc/ssh/sshd_config:4113 ·····································following·line·in·/etc/ssh/sshd_config:
4114 ·····································RekeyLimit·1G·1hour4114 ·····································RekeyLimit·1G·1hour
4115 ·····································To·set·up·SSH·server·to·use·entropy·from·a·high-······SSH·implementation·in·Red·Hat·Enterprise·Linux·8·uses·the·openssl·library,4115 ·····································To·set·up·SSH·server·to·use·entropy·from·a·high-······SSH·implementation·in·Red·Hat·Enterprise·Linux·8·uses·the·openssl·library,
4116 ········CCE-···SSH·server·uses·······quality·source,·edit·the·/etc/sysconfig/sshd·file.····which·doesn't·use·high-entropy·sources·by·default.·Randomness·is·needed·to4116 ········CCE-···SSH·server·uses·······quality·source,·edit·the·/etc/sysconfig/sshd·file.····which·doesn't·use·high-entropy·sources·by·default.·Randomness·is·needed·to
4117 ········82462-·strong·entropy·to·····The·SSH_USE_STRONG_RNG·configuration·value·determines·generate·data-encryption·keys,·and·as·plaintext·padding·and·initialization4117 ········82462-·strong·entropy·to·····The·SSH_USE_STRONG_RNG·configuration·value·determines·generate·data-encryption·keys,·and·as·plaintext·padding·and·initialization
4118 ········3······seed··················how·many·bytes·of·entropy·to·use,·so·make·sure·that···vectors·in·encryption·algorithms,·and·high-quality·entropy·elliminates·the4118 ········3······seed··················how·many·bytes·of·entropy·to·use,·so·make·sure·that···vectors·in·encryption·algorithms,·and·high-quality·entropy·elliminates·the
24.3 KB
./usr/share/scap-security-guide/ansible/alinux2-playbook-cis.yml
Ordering differences only
    
Offset 1124, 16 lines modifiedOffset 1124, 16 lines modified
  
1124 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1124 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1125 ······find:1125 ······find:
1126 ········paths:·/etc/audit/rules.d/1126 ········paths:·/etc/audit/rules.d/
1127 ········patterns:·'*.rules'1127 ········patterns:·'*.rules'
1128 ······register:·find_rules_d1128 ······register:·find_rules_d
1129 ······when:1129 ······when:
1130 ······-·'"audit"·in·ansible_facts.packages' 
1131 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1130 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1131 ······-·'"audit"·in·ansible_facts.packages'
1132 ······tags:1132 ······tags:
1133 ······-·CJIS-5.4.1.11133 ······-·CJIS-5.4.1.1
1134 ······-·NIST-800-171-3.3.11134 ······-·NIST-800-171-3.3.1
1135 ······-·NIST-800-171-3.4.31135 ······-·NIST-800-171-3.4.3
1136 ······-·NIST-800-53-AC-6(9)1136 ······-·NIST-800-53-AC-6(9)
1137 ······-·NIST-800-53-CM-6(a)1137 ······-·NIST-800-53-CM-6(a)
1138 ······-·PCI-DSS-Req-10.5.21138 ······-·PCI-DSS-Req-10.5.2
Offset 1148, 16 lines modifiedOffset 1148, 16 lines modified
1148 ······lineinfile:1148 ······lineinfile:
1149 ········path:·'{{·item·}}'1149 ········path:·'{{·item·}}'
1150 ········regexp:·^\s*(?:-e)\s+.*$1150 ········regexp:·^\s*(?:-e)\s+.*$
1151 ········state:·absent1151 ········state:·absent
1152 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1152 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1153 ········}}'1153 ········}}'
1154 ······when:1154 ······when:
1155 ······-·'"audit"·in·ansible_facts.packages' 
1156 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1155 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1156 ······-·'"audit"·in·ansible_facts.packages'
1157 ······tags:1157 ······tags:
1158 ······-·CJIS-5.4.1.11158 ······-·CJIS-5.4.1.1
1159 ······-·NIST-800-171-3.3.11159 ······-·NIST-800-171-3.3.1
1160 ······-·NIST-800-171-3.4.31160 ······-·NIST-800-171-3.4.3
1161 ······-·NIST-800-53-AC-6(9)1161 ······-·NIST-800-53-AC-6(9)
1162 ······-·NIST-800-53-CM-6(a)1162 ······-·NIST-800-53-CM-6(a)
1163 ······-·PCI-DSS-Req-10.5.21163 ······-·PCI-DSS-Req-10.5.2
Offset 1174, 16 lines modifiedOffset 1174, 16 lines modified
1174 ········create:·true1174 ········create:·true
1175 ········line:·-e·21175 ········line:·-e·2
1176 ········mode:·o-rwx1176 ········mode:·o-rwx
1177 ······loop:1177 ······loop:
1178 ······-·/etc/audit/audit.rules1178 ······-·/etc/audit/audit.rules
1179 ······-·/etc/audit/rules.d/immutable.rules1179 ······-·/etc/audit/rules.d/immutable.rules
1180 ······when:1180 ······when:
1181 ······-·'"audit"·in·ansible_facts.packages' 
1182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1181 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1182 ······-·'"audit"·in·ansible_facts.packages'
1183 ······tags:1183 ······tags:
1184 ······-·CJIS-5.4.1.11184 ······-·CJIS-5.4.1.1
1185 ······-·NIST-800-171-3.3.11185 ······-·NIST-800-171-3.3.1
1186 ······-·NIST-800-171-3.4.31186 ······-·NIST-800-171-3.4.3
1187 ······-·NIST-800-53-AC-6(9)1187 ······-·NIST-800-53-AC-6(9)
1188 ······-·NIST-800-53-CM-6(a)1188 ······-·NIST-800-53-CM-6(a)
1189 ······-·PCI-DSS-Req-10.5.21189 ······-·PCI-DSS-Req-10.5.2
Offset 1218, 16 lines modifiedOffset 1218, 16 lines modified
1218 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1218 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1219 ······find:1219 ······find:
1220 ········paths:·/etc/audit/rules.d1220 ········paths:·/etc/audit/rules.d
1221 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1221 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1222 ········patterns:·'*.rules'1222 ········patterns:·'*.rules'
1223 ······register:·find_existing_watch_rules_d1223 ······register:·find_existing_watch_rules_d
1224 ······when:1224 ······when:
1225 ······-·'"audit"·in·ansible_facts.packages' 
1226 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1225 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1226 ······-·'"audit"·in·ansible_facts.packages'
1227 ······tags:1227 ······tags:
1228 ······-·CJIS-5.4.1.11228 ······-·CJIS-5.4.1.1
1229 ······-·NIST-800-171-3.1.71229 ······-·NIST-800-171-3.1.7
1230 ······-·NIST-800-53-AC-2(7)(b)1230 ······-·NIST-800-53-AC-2(7)(b)
1231 ······-·NIST-800-53-AC-6(9)1231 ······-·NIST-800-53-AC-6(9)
1232 ······-·NIST-800-53-AU-12(c)1232 ······-·NIST-800-53-AU-12(c)
1233 ······-·NIST-800-53-AU-2(d)1233 ······-·NIST-800-53-AU-2(d)
Offset 1244, 16 lines modifiedOffset 1244, 16 lines modified
1244 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1244 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1245 ······find:1245 ······find:
1246 ········paths:·/etc/audit/rules.d1246 ········paths:·/etc/audit/rules.d
1247 ········contains:·^.*(?:-F·key=|-k\s+)actions$1247 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1248 ········patterns:·'*.rules'1248 ········patterns:·'*.rules'
1249 ······register:·find_watch_key1249 ······register:·find_watch_key
1250 ······when:1250 ······when:
1251 ······-·'"audit"·in·ansible_facts.packages' 
1252 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1251 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1252 ······-·'"audit"·in·ansible_facts.packages'
1253 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1253 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1254 ········==·01254 ········==·0
1255 ······tags:1255 ······tags:
1256 ······-·CJIS-5.4.1.11256 ······-·CJIS-5.4.1.1
1257 ······-·NIST-800-171-3.1.71257 ······-·NIST-800-171-3.1.7
1258 ······-·NIST-800-53-AC-2(7)(b)1258 ······-·NIST-800-53-AC-2(7)(b)
1259 ······-·NIST-800-53-AC-6(9)1259 ······-·NIST-800-53-AC-6(9)
Offset 1270, 16 lines modifiedOffset 1270, 16 lines modified
1270 ······-·restrict_strategy1270 ······-·restrict_strategy
  
1271 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1271 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1272 ······set_fact:1272 ······set_fact:
1273 ········all_files:1273 ········all_files:
1274 ········-·/etc/audit/rules.d/actions.rules1274 ········-·/etc/audit/rules.d/actions.rules
1275 ······when:1275 ······when:
1276 ······-·'"audit"·in·ansible_facts.packages' 
1277 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1276 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1277 ······-·'"audit"·in·ansible_facts.packages'
1278 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1278 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1279 ········is·defined·and·find_existing_watch_rules_d.matched·==·01279 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1280 ······tags:1280 ······tags:
1281 ······-·CJIS-5.4.1.11281 ······-·CJIS-5.4.1.1
1282 ······-·NIST-800-171-3.1.71282 ······-·NIST-800-171-3.1.7
1283 ······-·NIST-800-53-AC-2(7)(b)1283 ······-·NIST-800-53-AC-2(7)(b)
1284 ······-·NIST-800-53-AC-6(9)1284 ······-·NIST-800-53-AC-6(9)
Offset 1296, 16 lines modifiedOffset 1296, 16 lines modified
1296 ······-·restrict_strategy1296 ······-·restrict_strategy
  
1297 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1297 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1298 ······set_fact:1298 ······set_fact:
1299 ········all_files:1299 ········all_files:
1300 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1300 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1301 ······when:1301 ······when:
1302 ······-·'"audit"·in·ansible_facts.packages' 
1303 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1302 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1303 ······-·'"audit"·in·ansible_facts.packages'
1304 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1304 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1305 ········is·defined·and·find_existing_watch_rules_d.matched·==·01305 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1306 ······tags:1306 ······tags:
1307 ······-·CJIS-5.4.1.11307 ······-·CJIS-5.4.1.1
1308 ······-·NIST-800-171-3.1.71308 ······-·NIST-800-171-3.1.7
1309 ······-·NIST-800-53-AC-2(7)(b)1309 ······-·NIST-800-53-AC-2(7)(b)
1310 ······-·NIST-800-53-AC-6(9)1310 ······-·NIST-800-53-AC-6(9)
Offset 1324, 16 lines modifiedOffset 1324, 16 lines modified
1324 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1324 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 20013/24693 bytes (81.05%) of diff not shown.
3.91 KB
./usr/share/scap-security-guide/ansible/alinux2-playbook-cis_l1.yml
Ordering differences only
    
Offset 1230, 16 lines modifiedOffset 1230, 16 lines modified
1230 ······-·no_reboot_needed1230 ······-·no_reboot_needed
  
1231 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1231 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1232 ······stat:1232 ······stat:
1233 ········path:·/boot/grub2/grub.cfg1233 ········path:·/boot/grub2/grub.cfg
1234 ······register:·file_exists1234 ······register:·file_exists
1235 ······when:1235 ······when:
1236 ······-·'"grub2-common"·in·ansible_facts.packages' 
1237 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'1236 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1237 ······-·'"grub2-common"·in·ansible_facts.packages'
1238 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1238 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1239 ······tags:1239 ······tags:
1240 ······-·CJIS-5.5.2.21240 ······-·CJIS-5.5.2.2
1241 ······-·NIST-800-171-3.4.51241 ······-·NIST-800-171-3.4.5
1242 ······-·NIST-800-53-AC-6(1)1242 ······-·NIST-800-53-AC-6(1)
1243 ······-·NIST-800-53-CM-6(a)1243 ······-·NIST-800-53-CM-6(a)
1244 ······-·PCI-DSS-Req-7.11244 ······-·PCI-DSS-Req-7.1
Offset 1251, 16 lines modifiedOffset 1251, 16 lines modified
1251 ······-·no_reboot_needed1251 ······-·no_reboot_needed
  
1252 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg1252 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
1253 ······file:1253 ······file:
1254 ········path:·/boot/grub2/grub.cfg1254 ········path:·/boot/grub2/grub.cfg
1255 ········group:·'0'1255 ········group:·'0'
1256 ······when:1256 ······when:
1257 ······-·'"grub2-common"·in·ansible_facts.packages' 
1258 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'1257 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1258 ······-·'"grub2-common"·in·ansible_facts.packages'
1259 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1259 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1260 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1260 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1261 ······tags:1261 ······tags:
1262 ······-·CJIS-5.5.2.21262 ······-·CJIS-5.5.2.2
1263 ······-·NIST-800-171-3.4.51263 ······-·NIST-800-171-3.4.5
1264 ······-·NIST-800-53-AC-6(1)1264 ······-·NIST-800-53-AC-6(1)
1265 ······-·NIST-800-53-CM-6(a)1265 ······-·NIST-800-53-CM-6(a)
Offset 1290, 16 lines modifiedOffset 1290, 16 lines modified
1290 ······-·no_reboot_needed1290 ······-·no_reboot_needed
  
1291 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1291 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1292 ······stat:1292 ······stat:
1293 ········path:·/boot/grub2/grub.cfg1293 ········path:·/boot/grub2/grub.cfg
1294 ······register:·file_exists1294 ······register:·file_exists
1295 ······when:1295 ······when:
1296 ······-·'"grub2-common"·in·ansible_facts.packages' 
1297 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'1296 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1297 ······-·'"grub2-common"·in·ansible_facts.packages'
1298 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1298 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1299 ······tags:1299 ······tags:
1300 ······-·CJIS-5.5.2.21300 ······-·CJIS-5.5.2.2
1301 ······-·NIST-800-171-3.4.51301 ······-·NIST-800-171-3.4.5
1302 ······-·NIST-800-53-AC-6(1)1302 ······-·NIST-800-53-AC-6(1)
1303 ······-·NIST-800-53-CM-6(a)1303 ······-·NIST-800-53-CM-6(a)
1304 ······-·PCI-DSS-Req-7.11304 ······-·PCI-DSS-Req-7.1
Offset 1311, 16 lines modifiedOffset 1311, 16 lines modified
1311 ······-·no_reboot_needed1311 ······-·no_reboot_needed
  
1312 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg1312 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
1313 ······file:1313 ······file:
1314 ········path:·/boot/grub2/grub.cfg1314 ········path:·/boot/grub2/grub.cfg
1315 ········owner:·'0'1315 ········owner:·'0'
1316 ······when:1316 ······when:
1317 ······-·'"grub2-common"·in·ansible_facts.packages' 
1318 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'1317 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1318 ······-·'"grub2-common"·in·ansible_facts.packages'
1319 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1319 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1320 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1320 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1321 ······tags:1321 ······tags:
1322 ······-·CJIS-5.5.2.21322 ······-·CJIS-5.5.2.2
1323 ······-·NIST-800-171-3.4.51323 ······-·NIST-800-171-3.4.5
1324 ······-·NIST-800-53-AC-6(1)1324 ······-·NIST-800-53-AC-6(1)
1325 ······-·NIST-800-53-CM-6(a)1325 ······-·NIST-800-53-CM-6(a)
Offset 1348, 16 lines modifiedOffset 1348, 16 lines modified
1348 ······-·no_reboot_needed1348 ······-·no_reboot_needed
  
1349 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1349 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1350 ······stat:1350 ······stat:
1351 ········path:·/boot/grub2/grub.cfg1351 ········path:·/boot/grub2/grub.cfg
1352 ······register:·file_exists1352 ······register:·file_exists
1353 ······when:1353 ······when:
1354 ······-·'"grub2-common"·in·ansible_facts.packages' 
1355 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'1354 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1355 ······-·'"grub2-common"·in·ansible_facts.packages'
1356 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1356 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1357 ······tags:1357 ······tags:
1358 ······-·NIST-800-171-3.4.51358 ······-·NIST-800-171-3.4.5
1359 ······-·NIST-800-53-AC-6(1)1359 ······-·NIST-800-53-AC-6(1)
1360 ······-·NIST-800-53-CM-6(a)1360 ······-·NIST-800-53-CM-6(a)
1361 ······-·configure_strategy1361 ······-·configure_strategy
1362 ······-·file_permissions_efi_grub2_cfg1362 ······-·file_permissions_efi_grub2_cfg
Offset 1367, 16 lines modifiedOffset 1367, 16 lines modified
1367 ······-·no_reboot_needed1367 ······-·no_reboot_needed
  
1368 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg1368 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
1369 ······file:1369 ······file:
1370 ········path:·/boot/grub2/grub.cfg1370 ········path:·/boot/grub2/grub.cfg
1371 ········mode:·u-s,g-xwrs,o-xwrt1371 ········mode:·u-s,g-xwrs,o-xwrt
1372 ······when:1372 ······when:
1373 ······-·'"grub2-common"·in·ansible_facts.packages' 
1374 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'1373 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1374 ······-·'"grub2-common"·in·ansible_facts.packages'
1375 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1375 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1376 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1376 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1377 ······tags:1377 ······tags:
1378 ······-·NIST-800-171-3.4.51378 ······-·NIST-800-171-3.4.5
1379 ······-·NIST-800-53-AC-6(1)1379 ······-·NIST-800-53-AC-6(1)
1380 ······-·NIST-800-53-CM-6(a)1380 ······-·NIST-800-53-CM-6(a)
1381 ······-·configure_strategy1381 ······-·configure_strategy
4.02 KB
./usr/share/scap-security-guide/ansible/alinux3-playbook-cis.yml
Ordering differences only
    
Offset 2766, 16 lines modifiedOffset 2766, 16 lines modified
2766 ······-·no_reboot_needed2766 ······-·no_reboot_needed
  
2767 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2767 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2768 ······stat:2768 ······stat:
2769 ········path:·/boot/grub2/grub.cfg2769 ········path:·/boot/grub2/grub.cfg
2770 ······register:·file_exists2770 ······register:·file_exists
2771 ······when:2771 ······when:
2772 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2773 ······-·'"grub2-common"·in·ansible_facts.packages'2772 ······-·'"grub2-common"·in·ansible_facts.packages'
 2773 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
2774 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2774 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2775 ······tags:2775 ······tags:
2776 ······-·CJIS-5.5.2.22776 ······-·CJIS-5.5.2.2
2777 ······-·NIST-800-171-3.4.52777 ······-·NIST-800-171-3.4.5
2778 ······-·NIST-800-53-AC-6(1)2778 ······-·NIST-800-53-AC-6(1)
2779 ······-·NIST-800-53-CM-6(a)2779 ······-·NIST-800-53-CM-6(a)
2780 ······-·PCI-DSS-Req-7.12780 ······-·PCI-DSS-Req-7.1
Offset 2787, 16 lines modifiedOffset 2787, 16 lines modified
2787 ······-·no_reboot_needed2787 ······-·no_reboot_needed
  
2788 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2788 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2789 ······file:2789 ······file:
2790 ········path:·/boot/grub2/grub.cfg2790 ········path:·/boot/grub2/grub.cfg
2791 ········group:·'0'2791 ········group:·'0'
2792 ······when:2792 ······when:
2793 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2794 ······-·'"grub2-common"·in·ansible_facts.packages'2793 ······-·'"grub2-common"·in·ansible_facts.packages'
 2794 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
2795 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2795 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2796 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2796 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2797 ······tags:2797 ······tags:
2798 ······-·CJIS-5.5.2.22798 ······-·CJIS-5.5.2.2
2799 ······-·NIST-800-171-3.4.52799 ······-·NIST-800-171-3.4.5
2800 ······-·NIST-800-53-AC-6(1)2800 ······-·NIST-800-53-AC-6(1)
2801 ······-·NIST-800-53-CM-6(a)2801 ······-·NIST-800-53-CM-6(a)
Offset 2826, 16 lines modifiedOffset 2826, 16 lines modified
2826 ······-·no_reboot_needed2826 ······-·no_reboot_needed
  
2827 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2827 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2828 ······stat:2828 ······stat:
2829 ········path:·/boot/grub2/grub.cfg2829 ········path:·/boot/grub2/grub.cfg
2830 ······register:·file_exists2830 ······register:·file_exists
2831 ······when:2831 ······when:
2832 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2833 ······-·'"grub2-common"·in·ansible_facts.packages'2832 ······-·'"grub2-common"·in·ansible_facts.packages'
 2833 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
2834 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2834 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2835 ······tags:2835 ······tags:
2836 ······-·CJIS-5.5.2.22836 ······-·CJIS-5.5.2.2
2837 ······-·NIST-800-171-3.4.52837 ······-·NIST-800-171-3.4.5
2838 ······-·NIST-800-53-AC-6(1)2838 ······-·NIST-800-53-AC-6(1)
2839 ······-·NIST-800-53-CM-6(a)2839 ······-·NIST-800-53-CM-6(a)
2840 ······-·PCI-DSS-Req-7.12840 ······-·PCI-DSS-Req-7.1
Offset 2847, 16 lines modifiedOffset 2847, 16 lines modified
2847 ······-·no_reboot_needed2847 ······-·no_reboot_needed
  
2848 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2848 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2849 ······file:2849 ······file:
2850 ········path:·/boot/grub2/grub.cfg2850 ········path:·/boot/grub2/grub.cfg
2851 ········owner:·'0'2851 ········owner:·'0'
2852 ······when:2852 ······when:
2853 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2854 ······-·'"grub2-common"·in·ansible_facts.packages'2853 ······-·'"grub2-common"·in·ansible_facts.packages'
 2854 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
2855 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2855 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2856 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2856 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2857 ······tags:2857 ······tags:
2858 ······-·CJIS-5.5.2.22858 ······-·CJIS-5.5.2.2
2859 ······-·NIST-800-171-3.4.52859 ······-·NIST-800-171-3.4.5
2860 ······-·NIST-800-53-AC-6(1)2860 ······-·NIST-800-53-AC-6(1)
2861 ······-·NIST-800-53-CM-6(a)2861 ······-·NIST-800-53-CM-6(a)
Offset 2884, 16 lines modifiedOffset 2884, 16 lines modified
2884 ······-·no_reboot_needed2884 ······-·no_reboot_needed
  
2885 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2885 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2886 ······stat:2886 ······stat:
2887 ········path:·/boot/grub2/grub.cfg2887 ········path:·/boot/grub2/grub.cfg
2888 ······register:·file_exists2888 ······register:·file_exists
2889 ······when:2889 ······when:
2890 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2891 ······-·'"grub2-common"·in·ansible_facts.packages'2890 ······-·'"grub2-common"·in·ansible_facts.packages'
 2891 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
2892 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2892 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2893 ······tags:2893 ······tags:
2894 ······-·NIST-800-171-3.4.52894 ······-·NIST-800-171-3.4.5
2895 ······-·NIST-800-53-AC-6(1)2895 ······-·NIST-800-53-AC-6(1)
2896 ······-·NIST-800-53-CM-6(a)2896 ······-·NIST-800-53-CM-6(a)
2897 ······-·configure_strategy2897 ······-·configure_strategy
2898 ······-·file_permissions_efi_grub2_cfg2898 ······-·file_permissions_efi_grub2_cfg
Offset 2903, 16 lines modifiedOffset 2903, 16 lines modified
2903 ······-·no_reboot_needed2903 ······-·no_reboot_needed
  
2904 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2904 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2905 ······file:2905 ······file:
2906 ········path:·/boot/grub2/grub.cfg2906 ········path:·/boot/grub2/grub.cfg
2907 ········mode:·u-s,g-xwrs,o-xwrt2907 ········mode:·u-s,g-xwrs,o-xwrt
2908 ······when:2908 ······when:
2909 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2910 ······-·'"grub2-common"·in·ansible_facts.packages'2909 ······-·'"grub2-common"·in·ansible_facts.packages'
 2910 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
2911 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2911 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2912 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2912 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2913 ······tags:2913 ······tags:
2914 ······-·NIST-800-171-3.4.52914 ······-·NIST-800-171-3.4.5
2915 ······-·NIST-800-53-AC-6(1)2915 ······-·NIST-800-53-AC-6(1)
2916 ······-·NIST-800-53-CM-6(a)2916 ······-·NIST-800-53-CM-6(a)
2917 ······-·configure_strategy2917 ······-·configure_strategy
4.03 KB
./usr/share/scap-security-guide/ansible/alinux3-playbook-cis_l1.yml
Ordering differences only
    
Offset 1199, 16 lines modifiedOffset 1199, 16 lines modified
1199 ······-·no_reboot_needed1199 ······-·no_reboot_needed
  
1200 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1200 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1201 ······stat:1201 ······stat:
1202 ········path:·/boot/grub2/grub.cfg1202 ········path:·/boot/grub2/grub.cfg
1203 ······register:·file_exists1203 ······register:·file_exists
1204 ······when:1204 ······when:
1205 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1206 ······-·'"grub2-common"·in·ansible_facts.packages'1205 ······-·'"grub2-common"·in·ansible_facts.packages'
 1206 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1207 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1207 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1208 ······tags:1208 ······tags:
1209 ······-·CJIS-5.5.2.21209 ······-·CJIS-5.5.2.2
1210 ······-·NIST-800-171-3.4.51210 ······-·NIST-800-171-3.4.5
1211 ······-·NIST-800-53-AC-6(1)1211 ······-·NIST-800-53-AC-6(1)
1212 ······-·NIST-800-53-CM-6(a)1212 ······-·NIST-800-53-CM-6(a)
1213 ······-·PCI-DSS-Req-7.11213 ······-·PCI-DSS-Req-7.1
Offset 1220, 16 lines modifiedOffset 1220, 16 lines modified
1220 ······-·no_reboot_needed1220 ······-·no_reboot_needed
  
1221 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg1221 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
1222 ······file:1222 ······file:
1223 ········path:·/boot/grub2/grub.cfg1223 ········path:·/boot/grub2/grub.cfg
1224 ········group:·'0'1224 ········group:·'0'
1225 ······when:1225 ······when:
1226 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1227 ······-·'"grub2-common"·in·ansible_facts.packages'1226 ······-·'"grub2-common"·in·ansible_facts.packages'
 1227 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1228 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1228 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1229 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1229 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1230 ······tags:1230 ······tags:
1231 ······-·CJIS-5.5.2.21231 ······-·CJIS-5.5.2.2
1232 ······-·NIST-800-171-3.4.51232 ······-·NIST-800-171-3.4.5
1233 ······-·NIST-800-53-AC-6(1)1233 ······-·NIST-800-53-AC-6(1)
1234 ······-·NIST-800-53-CM-6(a)1234 ······-·NIST-800-53-CM-6(a)
Offset 1259, 16 lines modifiedOffset 1259, 16 lines modified
1259 ······-·no_reboot_needed1259 ······-·no_reboot_needed
  
1260 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1260 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1261 ······stat:1261 ······stat:
1262 ········path:·/boot/grub2/grub.cfg1262 ········path:·/boot/grub2/grub.cfg
1263 ······register:·file_exists1263 ······register:·file_exists
1264 ······when:1264 ······when:
1265 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1266 ······-·'"grub2-common"·in·ansible_facts.packages'1265 ······-·'"grub2-common"·in·ansible_facts.packages'
 1266 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1268 ······tags:1268 ······tags:
1269 ······-·CJIS-5.5.2.21269 ······-·CJIS-5.5.2.2
1270 ······-·NIST-800-171-3.4.51270 ······-·NIST-800-171-3.4.5
1271 ······-·NIST-800-53-AC-6(1)1271 ······-·NIST-800-53-AC-6(1)
1272 ······-·NIST-800-53-CM-6(a)1272 ······-·NIST-800-53-CM-6(a)
1273 ······-·PCI-DSS-Req-7.11273 ······-·PCI-DSS-Req-7.1
Offset 1280, 16 lines modifiedOffset 1280, 16 lines modified
1280 ······-·no_reboot_needed1280 ······-·no_reboot_needed
  
1281 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg1281 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
1282 ······file:1282 ······file:
1283 ········path:·/boot/grub2/grub.cfg1283 ········path:·/boot/grub2/grub.cfg
1284 ········owner:·'0'1284 ········owner:·'0'
1285 ······when:1285 ······when:
1286 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1287 ······-·'"grub2-common"·in·ansible_facts.packages'1286 ······-·'"grub2-common"·in·ansible_facts.packages'
 1287 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1288 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1288 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1289 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1289 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1290 ······tags:1290 ······tags:
1291 ······-·CJIS-5.5.2.21291 ······-·CJIS-5.5.2.2
1292 ······-·NIST-800-171-3.4.51292 ······-·NIST-800-171-3.4.5
1293 ······-·NIST-800-53-AC-6(1)1293 ······-·NIST-800-53-AC-6(1)
1294 ······-·NIST-800-53-CM-6(a)1294 ······-·NIST-800-53-CM-6(a)
Offset 1317, 16 lines modifiedOffset 1317, 16 lines modified
1317 ······-·no_reboot_needed1317 ······-·no_reboot_needed
  
1318 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1318 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1319 ······stat:1319 ······stat:
1320 ········path:·/boot/grub2/grub.cfg1320 ········path:·/boot/grub2/grub.cfg
1321 ······register:·file_exists1321 ······register:·file_exists
1322 ······when:1322 ······when:
1323 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1324 ······-·'"grub2-common"·in·ansible_facts.packages'1323 ······-·'"grub2-common"·in·ansible_facts.packages'
 1324 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1325 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1325 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1326 ······tags:1326 ······tags:
1327 ······-·NIST-800-171-3.4.51327 ······-·NIST-800-171-3.4.5
1328 ······-·NIST-800-53-AC-6(1)1328 ······-·NIST-800-53-AC-6(1)
1329 ······-·NIST-800-53-CM-6(a)1329 ······-·NIST-800-53-CM-6(a)
1330 ······-·configure_strategy1330 ······-·configure_strategy
1331 ······-·file_permissions_efi_grub2_cfg1331 ······-·file_permissions_efi_grub2_cfg
Offset 1336, 16 lines modifiedOffset 1336, 16 lines modified
1336 ······-·no_reboot_needed1336 ······-·no_reboot_needed
  
1337 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg1337 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
1338 ······file:1338 ······file:
1339 ········path:·/boot/grub2/grub.cfg1339 ········path:·/boot/grub2/grub.cfg
1340 ········mode:·u-s,g-xwrs,o-xwrt1340 ········mode:·u-s,g-xwrs,o-xwrt
1341 ······when:1341 ······when:
1342 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1343 ······-·'"grub2-common"·in·ansible_facts.packages'1342 ······-·'"grub2-common"·in·ansible_facts.packages'
 1343 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1345 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1345 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1346 ······tags:1346 ······tags:
1347 ······-·NIST-800-171-3.4.51347 ······-·NIST-800-171-3.4.5
1348 ······-·NIST-800-53-AC-6(1)1348 ······-·NIST-800-53-AC-6(1)
1349 ······-·NIST-800-53-CM-6(a)1349 ······-·NIST-800-53-CM-6(a)
1350 ······-·configure_strategy1350 ······-·configure_strategy
16.0 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis.yml
Ordering differences only
    
Offset 21830, 16 lines modifiedOffset 21830, 16 lines modified
21830 ······-·no_reboot_needed21830 ······-·no_reboot_needed
  
21831 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21831 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21832 ······stat:21832 ······stat:
21833 ········path:·/boot/grub2/grub.cfg21833 ········path:·/boot/grub2/grub.cfg
21834 ······register:·file_exists21834 ······register:·file_exists
21835 ······when:21835 ······when:
21836 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21837 ······-·'"grub2-common"·in·ansible_facts.packages'21836 ······-·'"grub2-common"·in·ansible_facts.packages'
 21837 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21839 ······tags:21839 ······tags:
21840 ······-·CJIS-5.5.2.221840 ······-·CJIS-5.5.2.2
21841 ······-·NIST-800-171-3.4.521841 ······-·NIST-800-171-3.4.5
21842 ······-·NIST-800-53-AC-6(1)21842 ······-·NIST-800-53-AC-6(1)
21843 ······-·NIST-800-53-CM-6(a)21843 ······-·NIST-800-53-CM-6(a)
21844 ······-·PCI-DSS-Req-7.121844 ······-·PCI-DSS-Req-7.1
Offset 21851, 16 lines modifiedOffset 21851, 16 lines modified
21851 ······-·no_reboot_needed21851 ······-·no_reboot_needed
  
21852 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21852 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21853 ······file:21853 ······file:
21854 ········path:·/boot/grub2/grub.cfg21854 ········path:·/boot/grub2/grub.cfg
21855 ········group:·'0'21855 ········group:·'0'
21856 ······when:21856 ······when:
21857 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21858 ······-·'"grub2-common"·in·ansible_facts.packages'21857 ······-·'"grub2-common"·in·ansible_facts.packages'
 21858 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21860 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21860 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21861 ······tags:21861 ······tags:
21862 ······-·CJIS-5.5.2.221862 ······-·CJIS-5.5.2.2
21863 ······-·NIST-800-171-3.4.521863 ······-·NIST-800-171-3.4.5
21864 ······-·NIST-800-53-AC-6(1)21864 ······-·NIST-800-53-AC-6(1)
21865 ······-·NIST-800-53-CM-6(a)21865 ······-·NIST-800-53-CM-6(a)
Offset 21890, 16 lines modifiedOffset 21890, 16 lines modified
21890 ······-·no_reboot_needed21890 ······-·no_reboot_needed
  
21891 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21891 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21892 ······stat:21892 ······stat:
21893 ········path:·/boot/grub2/user.cfg21893 ········path:·/boot/grub2/user.cfg
21894 ······register:·file_exists21894 ······register:·file_exists
21895 ······when:21895 ······when:
21896 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21897 ······-·'"grub2-common"·in·ansible_facts.packages'21896 ······-·'"grub2-common"·in·ansible_facts.packages'
 21897 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21898 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21898 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21899 ······tags:21899 ······tags:
21900 ······-·CJIS-5.5.2.221900 ······-·CJIS-5.5.2.2
21901 ······-·NIST-800-171-3.4.521901 ······-·NIST-800-171-3.4.5
21902 ······-·NIST-800-53-AC-6(1)21902 ······-·NIST-800-53-AC-6(1)
21903 ······-·NIST-800-53-CM-6(a)21903 ······-·NIST-800-53-CM-6(a)
21904 ······-·PCI-DSS-Req-7.121904 ······-·PCI-DSS-Req-7.1
Offset 21911, 16 lines modifiedOffset 21911, 16 lines modified
21911 ······-·no_reboot_needed21911 ······-·no_reboot_needed
  
21912 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21912 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21913 ······file:21913 ······file:
21914 ········path:·/boot/grub2/user.cfg21914 ········path:·/boot/grub2/user.cfg
21915 ········group:·'0'21915 ········group:·'0'
21916 ······when:21916 ······when:
21917 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21918 ······-·'"grub2-common"·in·ansible_facts.packages'21917 ······-·'"grub2-common"·in·ansible_facts.packages'
 21918 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21919 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21919 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21920 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21920 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21921 ······tags:21921 ······tags:
21922 ······-·CJIS-5.5.2.221922 ······-·CJIS-5.5.2.2
21923 ······-·NIST-800-171-3.4.521923 ······-·NIST-800-171-3.4.5
21924 ······-·NIST-800-53-AC-6(1)21924 ······-·NIST-800-53-AC-6(1)
21925 ······-·NIST-800-53-CM-6(a)21925 ······-·NIST-800-53-CM-6(a)
Offset 21950, 16 lines modifiedOffset 21950, 16 lines modified
21950 ······-·no_reboot_needed21950 ······-·no_reboot_needed
  
21951 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21951 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21952 ······stat:21952 ······stat:
21953 ········path:·/boot/grub2/grub.cfg21953 ········path:·/boot/grub2/grub.cfg
21954 ······register:·file_exists21954 ······register:·file_exists
21955 ······when:21955 ······when:
21956 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21957 ······-·'"grub2-common"·in·ansible_facts.packages'21956 ······-·'"grub2-common"·in·ansible_facts.packages'
 21957 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21958 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21958 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21959 ······tags:21959 ······tags:
21960 ······-·CJIS-5.5.2.221960 ······-·CJIS-5.5.2.2
21961 ······-·NIST-800-171-3.4.521961 ······-·NIST-800-171-3.4.5
21962 ······-·NIST-800-53-AC-6(1)21962 ······-·NIST-800-53-AC-6(1)
21963 ······-·NIST-800-53-CM-6(a)21963 ······-·NIST-800-53-CM-6(a)
21964 ······-·PCI-DSS-Req-7.121964 ······-·PCI-DSS-Req-7.1
Offset 21971, 16 lines modifiedOffset 21971, 16 lines modified
21971 ······-·no_reboot_needed21971 ······-·no_reboot_needed
  
21972 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21972 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21973 ······file:21973 ······file:
21974 ········path:·/boot/grub2/grub.cfg21974 ········path:·/boot/grub2/grub.cfg
21975 ········owner:·'0'21975 ········owner:·'0'
21976 ······when:21976 ······when:
21977 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21978 ······-·'"grub2-common"·in·ansible_facts.packages'21977 ······-·'"grub2-common"·in·ansible_facts.packages'
 21978 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21981 ······tags:21981 ······tags:
21982 ······-·CJIS-5.5.2.221982 ······-·CJIS-5.5.2.2
21983 ······-·NIST-800-171-3.4.521983 ······-·NIST-800-171-3.4.5
21984 ······-·NIST-800-53-AC-6(1)21984 ······-·NIST-800-53-AC-6(1)
21985 ······-·NIST-800-53-CM-6(a)21985 ······-·NIST-800-53-CM-6(a)
Offset 22010, 16 lines modifiedOffset 22010, 16 lines modified
22010 ······-·no_reboot_needed22010 ······-·no_reboot_needed
  
22011 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22011 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22012 ······stat:22012 ······stat:
22013 ········path:·/boot/grub2/user.cfg22013 ········path:·/boot/grub2/user.cfg
22014 ······register:·file_exists22014 ······register:·file_exists
22015 ······when:22015 ······when:
22016 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22017 ······-·'"grub2-common"·in·ansible_facts.packages'22016 ······-·'"grub2-common"·in·ansible_facts.packages'
 22017 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22018 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22018 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22019 ······tags:22019 ······tags:
22020 ······-·CJIS-5.5.2.222020 ······-·CJIS-5.5.2.2
22021 ······-·NIST-800-171-3.4.522021 ······-·NIST-800-171-3.4.5
22022 ······-·NIST-800-53-AC-6(1)22022 ······-·NIST-800-53-AC-6(1)
22023 ······-·NIST-800-53-CM-6(a)22023 ······-·NIST-800-53-CM-6(a)
22024 ······-·PCI-DSS-Req-7.122024 ······-·PCI-DSS-Req-7.1
Offset 22031, 16 lines modifiedOffset 22031, 16 lines modified
22031 ······-·no_reboot_needed22031 ······-·no_reboot_needed
Max diff block lines reached; 11553/16224 bytes (71.21%) of diff not shown.
16.0 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5312, 16 lines modifiedOffset 5312, 16 lines modified
5312 ······-·no_reboot_needed5312 ······-·no_reboot_needed
  
5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5314 ······stat:5314 ······stat:
5315 ········path:·/boot/grub2/grub.cfg5315 ········path:·/boot/grub2/grub.cfg
5316 ······register:·file_exists5316 ······register:·file_exists
5317 ······when:5317 ······when:
5318 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5319 ······-·'"grub2-common"·in·ansible_facts.packages'5318 ······-·'"grub2-common"·in·ansible_facts.packages'
 5319 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5321 ······tags:5321 ······tags:
5322 ······-·CJIS-5.5.2.25322 ······-·CJIS-5.5.2.2
5323 ······-·NIST-800-171-3.4.55323 ······-·NIST-800-171-3.4.5
5324 ······-·NIST-800-53-AC-6(1)5324 ······-·NIST-800-53-AC-6(1)
5325 ······-·NIST-800-53-CM-6(a)5325 ······-·NIST-800-53-CM-6(a)
5326 ······-·PCI-DSS-Req-7.15326 ······-·PCI-DSS-Req-7.1
Offset 5333, 16 lines modifiedOffset 5333, 16 lines modified
5333 ······-·no_reboot_needed5333 ······-·no_reboot_needed
  
5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5335 ······file:5335 ······file:
5336 ········path:·/boot/grub2/grub.cfg5336 ········path:·/boot/grub2/grub.cfg
5337 ········group:·'0'5337 ········group:·'0'
5338 ······when:5338 ······when:
5339 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5340 ······-·'"grub2-common"·in·ansible_facts.packages'5339 ······-·'"grub2-common"·in·ansible_facts.packages'
 5340 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5343 ······tags:5343 ······tags:
5344 ······-·CJIS-5.5.2.25344 ······-·CJIS-5.5.2.2
5345 ······-·NIST-800-171-3.4.55345 ······-·NIST-800-171-3.4.5
5346 ······-·NIST-800-53-AC-6(1)5346 ······-·NIST-800-53-AC-6(1)
5347 ······-·NIST-800-53-CM-6(a)5347 ······-·NIST-800-53-CM-6(a)
Offset 5372, 16 lines modifiedOffset 5372, 16 lines modified
5372 ······-·no_reboot_needed5372 ······-·no_reboot_needed
  
5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5374 ······stat:5374 ······stat:
5375 ········path:·/boot/grub2/user.cfg5375 ········path:·/boot/grub2/user.cfg
5376 ······register:·file_exists5376 ······register:·file_exists
5377 ······when:5377 ······when:
5378 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5379 ······-·'"grub2-common"·in·ansible_facts.packages'5378 ······-·'"grub2-common"·in·ansible_facts.packages'
 5379 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5381 ······tags:5381 ······tags:
5382 ······-·CJIS-5.5.2.25382 ······-·CJIS-5.5.2.2
5383 ······-·NIST-800-171-3.4.55383 ······-·NIST-800-171-3.4.5
5384 ······-·NIST-800-53-AC-6(1)5384 ······-·NIST-800-53-AC-6(1)
5385 ······-·NIST-800-53-CM-6(a)5385 ······-·NIST-800-53-CM-6(a)
5386 ······-·PCI-DSS-Req-7.15386 ······-·PCI-DSS-Req-7.1
Offset 5393, 16 lines modifiedOffset 5393, 16 lines modified
5393 ······-·no_reboot_needed5393 ······-·no_reboot_needed
  
5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5395 ······file:5395 ······file:
5396 ········path:·/boot/grub2/user.cfg5396 ········path:·/boot/grub2/user.cfg
5397 ········group:·'0'5397 ········group:·'0'
5398 ······when:5398 ······when:
5399 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5400 ······-·'"grub2-common"·in·ansible_facts.packages'5399 ······-·'"grub2-common"·in·ansible_facts.packages'
 5400 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5403 ······tags:5403 ······tags:
5404 ······-·CJIS-5.5.2.25404 ······-·CJIS-5.5.2.2
5405 ······-·NIST-800-171-3.4.55405 ······-·NIST-800-171-3.4.5
5406 ······-·NIST-800-53-AC-6(1)5406 ······-·NIST-800-53-AC-6(1)
5407 ······-·NIST-800-53-CM-6(a)5407 ······-·NIST-800-53-CM-6(a)
Offset 5432, 16 lines modifiedOffset 5432, 16 lines modified
5432 ······-·no_reboot_needed5432 ······-·no_reboot_needed
  
5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5434 ······stat:5434 ······stat:
5435 ········path:·/boot/grub2/grub.cfg5435 ········path:·/boot/grub2/grub.cfg
5436 ······register:·file_exists5436 ······register:·file_exists
5437 ······when:5437 ······when:
5438 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5439 ······-·'"grub2-common"·in·ansible_facts.packages'5438 ······-·'"grub2-common"·in·ansible_facts.packages'
 5439 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5441 ······tags:5441 ······tags:
5442 ······-·CJIS-5.5.2.25442 ······-·CJIS-5.5.2.2
5443 ······-·NIST-800-171-3.4.55443 ······-·NIST-800-171-3.4.5
5444 ······-·NIST-800-53-AC-6(1)5444 ······-·NIST-800-53-AC-6(1)
5445 ······-·NIST-800-53-CM-6(a)5445 ······-·NIST-800-53-CM-6(a)
5446 ······-·PCI-DSS-Req-7.15446 ······-·PCI-DSS-Req-7.1
Offset 5453, 16 lines modifiedOffset 5453, 16 lines modified
5453 ······-·no_reboot_needed5453 ······-·no_reboot_needed
  
5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5455 ······file:5455 ······file:
5456 ········path:·/boot/grub2/grub.cfg5456 ········path:·/boot/grub2/grub.cfg
5457 ········owner:·'0'5457 ········owner:·'0'
5458 ······when:5458 ······when:
5459 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5460 ······-·'"grub2-common"·in·ansible_facts.packages'5459 ······-·'"grub2-common"·in·ansible_facts.packages'
 5460 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5463 ······tags:5463 ······tags:
5464 ······-·CJIS-5.5.2.25464 ······-·CJIS-5.5.2.2
5465 ······-·NIST-800-171-3.4.55465 ······-·NIST-800-171-3.4.5
5466 ······-·NIST-800-53-AC-6(1)5466 ······-·NIST-800-53-AC-6(1)
5467 ······-·NIST-800-53-CM-6(a)5467 ······-·NIST-800-53-CM-6(a)
Offset 5492, 16 lines modifiedOffset 5492, 16 lines modified
5492 ······-·no_reboot_needed5492 ······-·no_reboot_needed
  
5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5494 ······stat:5494 ······stat:
5495 ········path:·/boot/grub2/user.cfg5495 ········path:·/boot/grub2/user.cfg
5496 ······register:·file_exists5496 ······register:·file_exists
5497 ······when:5497 ······when:
5498 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5499 ······-·'"grub2-common"·in·ansible_facts.packages'5498 ······-·'"grub2-common"·in·ansible_facts.packages'
 5499 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5501 ······tags:5501 ······tags:
5502 ······-·CJIS-5.5.2.25502 ······-·CJIS-5.5.2.2
5503 ······-·NIST-800-171-3.4.55503 ······-·NIST-800-171-3.4.5
5504 ······-·NIST-800-53-AC-6(1)5504 ······-·NIST-800-53-AC-6(1)
5505 ······-·NIST-800-53-CM-6(a)5505 ······-·NIST-800-53-CM-6(a)
5506 ······-·PCI-DSS-Req-7.15506 ······-·PCI-DSS-Req-7.1
Offset 5513, 16 lines modifiedOffset 5513, 16 lines modified
5513 ······-·no_reboot_needed5513 ······-·no_reboot_needed
Max diff block lines reached; 11521/16176 bytes (71.22%) of diff not shown.
16.0 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5312, 16 lines modifiedOffset 5312, 16 lines modified
5312 ······-·no_reboot_needed5312 ······-·no_reboot_needed
  
5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5314 ······stat:5314 ······stat:
5315 ········path:·/boot/grub2/grub.cfg5315 ········path:·/boot/grub2/grub.cfg
5316 ······register:·file_exists5316 ······register:·file_exists
5317 ······when:5317 ······when:
5318 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5319 ······-·'"grub2-common"·in·ansible_facts.packages'5318 ······-·'"grub2-common"·in·ansible_facts.packages'
 5319 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5321 ······tags:5321 ······tags:
5322 ······-·CJIS-5.5.2.25322 ······-·CJIS-5.5.2.2
5323 ······-·NIST-800-171-3.4.55323 ······-·NIST-800-171-3.4.5
5324 ······-·NIST-800-53-AC-6(1)5324 ······-·NIST-800-53-AC-6(1)
5325 ······-·NIST-800-53-CM-6(a)5325 ······-·NIST-800-53-CM-6(a)
5326 ······-·PCI-DSS-Req-7.15326 ······-·PCI-DSS-Req-7.1
Offset 5333, 16 lines modifiedOffset 5333, 16 lines modified
5333 ······-·no_reboot_needed5333 ······-·no_reboot_needed
  
5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5335 ······file:5335 ······file:
5336 ········path:·/boot/grub2/grub.cfg5336 ········path:·/boot/grub2/grub.cfg
5337 ········group:·'0'5337 ········group:·'0'
5338 ······when:5338 ······when:
5339 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5340 ······-·'"grub2-common"·in·ansible_facts.packages'5339 ······-·'"grub2-common"·in·ansible_facts.packages'
 5340 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5343 ······tags:5343 ······tags:
5344 ······-·CJIS-5.5.2.25344 ······-·CJIS-5.5.2.2
5345 ······-·NIST-800-171-3.4.55345 ······-·NIST-800-171-3.4.5
5346 ······-·NIST-800-53-AC-6(1)5346 ······-·NIST-800-53-AC-6(1)
5347 ······-·NIST-800-53-CM-6(a)5347 ······-·NIST-800-53-CM-6(a)
Offset 5372, 16 lines modifiedOffset 5372, 16 lines modified
5372 ······-·no_reboot_needed5372 ······-·no_reboot_needed
  
5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5374 ······stat:5374 ······stat:
5375 ········path:·/boot/grub2/user.cfg5375 ········path:·/boot/grub2/user.cfg
5376 ······register:·file_exists5376 ······register:·file_exists
5377 ······when:5377 ······when:
5378 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5379 ······-·'"grub2-common"·in·ansible_facts.packages'5378 ······-·'"grub2-common"·in·ansible_facts.packages'
 5379 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5381 ······tags:5381 ······tags:
5382 ······-·CJIS-5.5.2.25382 ······-·CJIS-5.5.2.2
5383 ······-·NIST-800-171-3.4.55383 ······-·NIST-800-171-3.4.5
5384 ······-·NIST-800-53-AC-6(1)5384 ······-·NIST-800-53-AC-6(1)
5385 ······-·NIST-800-53-CM-6(a)5385 ······-·NIST-800-53-CM-6(a)
5386 ······-·PCI-DSS-Req-7.15386 ······-·PCI-DSS-Req-7.1
Offset 5393, 16 lines modifiedOffset 5393, 16 lines modified
5393 ······-·no_reboot_needed5393 ······-·no_reboot_needed
  
5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5395 ······file:5395 ······file:
5396 ········path:·/boot/grub2/user.cfg5396 ········path:·/boot/grub2/user.cfg
5397 ········group:·'0'5397 ········group:·'0'
5398 ······when:5398 ······when:
5399 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5400 ······-·'"grub2-common"·in·ansible_facts.packages'5399 ······-·'"grub2-common"·in·ansible_facts.packages'
 5400 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5403 ······tags:5403 ······tags:
5404 ······-·CJIS-5.5.2.25404 ······-·CJIS-5.5.2.2
5405 ······-·NIST-800-171-3.4.55405 ······-·NIST-800-171-3.4.5
5406 ······-·NIST-800-53-AC-6(1)5406 ······-·NIST-800-53-AC-6(1)
5407 ······-·NIST-800-53-CM-6(a)5407 ······-·NIST-800-53-CM-6(a)
Offset 5432, 16 lines modifiedOffset 5432, 16 lines modified
5432 ······-·no_reboot_needed5432 ······-·no_reboot_needed
  
5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5434 ······stat:5434 ······stat:
5435 ········path:·/boot/grub2/grub.cfg5435 ········path:·/boot/grub2/grub.cfg
5436 ······register:·file_exists5436 ······register:·file_exists
5437 ······when:5437 ······when:
5438 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5439 ······-·'"grub2-common"·in·ansible_facts.packages'5438 ······-·'"grub2-common"·in·ansible_facts.packages'
 5439 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5441 ······tags:5441 ······tags:
5442 ······-·CJIS-5.5.2.25442 ······-·CJIS-5.5.2.2
5443 ······-·NIST-800-171-3.4.55443 ······-·NIST-800-171-3.4.5
5444 ······-·NIST-800-53-AC-6(1)5444 ······-·NIST-800-53-AC-6(1)
5445 ······-·NIST-800-53-CM-6(a)5445 ······-·NIST-800-53-CM-6(a)
5446 ······-·PCI-DSS-Req-7.15446 ······-·PCI-DSS-Req-7.1
Offset 5453, 16 lines modifiedOffset 5453, 16 lines modified
5453 ······-·no_reboot_needed5453 ······-·no_reboot_needed
  
5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5455 ······file:5455 ······file:
5456 ········path:·/boot/grub2/grub.cfg5456 ········path:·/boot/grub2/grub.cfg
5457 ········owner:·'0'5457 ········owner:·'0'
5458 ······when:5458 ······when:
5459 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5460 ······-·'"grub2-common"·in·ansible_facts.packages'5459 ······-·'"grub2-common"·in·ansible_facts.packages'
 5460 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5463 ······tags:5463 ······tags:
5464 ······-·CJIS-5.5.2.25464 ······-·CJIS-5.5.2.2
5465 ······-·NIST-800-171-3.4.55465 ······-·NIST-800-171-3.4.5
5466 ······-·NIST-800-53-AC-6(1)5466 ······-·NIST-800-53-AC-6(1)
5467 ······-·NIST-800-53-CM-6(a)5467 ······-·NIST-800-53-CM-6(a)
Offset 5492, 16 lines modifiedOffset 5492, 16 lines modified
5492 ······-·no_reboot_needed5492 ······-·no_reboot_needed
  
5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5494 ······stat:5494 ······stat:
5495 ········path:·/boot/grub2/user.cfg5495 ········path:·/boot/grub2/user.cfg
5496 ······register:·file_exists5496 ······register:·file_exists
5497 ······when:5497 ······when:
5498 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5499 ······-·'"grub2-common"·in·ansible_facts.packages'5498 ······-·'"grub2-common"·in·ansible_facts.packages'
 5499 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5501 ······tags:5501 ······tags:
5502 ······-·CJIS-5.5.2.25502 ······-·CJIS-5.5.2.2
5503 ······-·NIST-800-171-3.4.55503 ······-·NIST-800-171-3.4.5
5504 ······-·NIST-800-53-AC-6(1)5504 ······-·NIST-800-53-AC-6(1)
5505 ······-·NIST-800-53-CM-6(a)5505 ······-·NIST-800-53-CM-6(a)
5506 ······-·PCI-DSS-Req-7.15506 ······-·PCI-DSS-Req-7.1
Offset 5513, 16 lines modifiedOffset 5513, 16 lines modified
5513 ······-·no_reboot_needed5513 ······-·no_reboot_needed
Max diff block lines reached; 11521/16176 bytes (71.22%) of diff not shown.
16.0 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 21830, 16 lines modifiedOffset 21830, 16 lines modified
21830 ······-·no_reboot_needed21830 ······-·no_reboot_needed
  
21831 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21831 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21832 ······stat:21832 ······stat:
21833 ········path:·/boot/grub2/grub.cfg21833 ········path:·/boot/grub2/grub.cfg
21834 ······register:·file_exists21834 ······register:·file_exists
21835 ······when:21835 ······when:
21836 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21837 ······-·'"grub2-common"·in·ansible_facts.packages'21836 ······-·'"grub2-common"·in·ansible_facts.packages'
 21837 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21839 ······tags:21839 ······tags:
21840 ······-·CJIS-5.5.2.221840 ······-·CJIS-5.5.2.2
21841 ······-·NIST-800-171-3.4.521841 ······-·NIST-800-171-3.4.5
21842 ······-·NIST-800-53-AC-6(1)21842 ······-·NIST-800-53-AC-6(1)
21843 ······-·NIST-800-53-CM-6(a)21843 ······-·NIST-800-53-CM-6(a)
21844 ······-·PCI-DSS-Req-7.121844 ······-·PCI-DSS-Req-7.1
Offset 21851, 16 lines modifiedOffset 21851, 16 lines modified
21851 ······-·no_reboot_needed21851 ······-·no_reboot_needed
  
21852 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21852 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21853 ······file:21853 ······file:
21854 ········path:·/boot/grub2/grub.cfg21854 ········path:·/boot/grub2/grub.cfg
21855 ········group:·'0'21855 ········group:·'0'
21856 ······when:21856 ······when:
21857 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21858 ······-·'"grub2-common"·in·ansible_facts.packages'21857 ······-·'"grub2-common"·in·ansible_facts.packages'
 21858 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21860 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21860 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21861 ······tags:21861 ······tags:
21862 ······-·CJIS-5.5.2.221862 ······-·CJIS-5.5.2.2
21863 ······-·NIST-800-171-3.4.521863 ······-·NIST-800-171-3.4.5
21864 ······-·NIST-800-53-AC-6(1)21864 ······-·NIST-800-53-AC-6(1)
21865 ······-·NIST-800-53-CM-6(a)21865 ······-·NIST-800-53-CM-6(a)
Offset 21890, 16 lines modifiedOffset 21890, 16 lines modified
21890 ······-·no_reboot_needed21890 ······-·no_reboot_needed
  
21891 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21891 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21892 ······stat:21892 ······stat:
21893 ········path:·/boot/grub2/user.cfg21893 ········path:·/boot/grub2/user.cfg
21894 ······register:·file_exists21894 ······register:·file_exists
21895 ······when:21895 ······when:
21896 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21897 ······-·'"grub2-common"·in·ansible_facts.packages'21896 ······-·'"grub2-common"·in·ansible_facts.packages'
 21897 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21898 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21898 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21899 ······tags:21899 ······tags:
21900 ······-·CJIS-5.5.2.221900 ······-·CJIS-5.5.2.2
21901 ······-·NIST-800-171-3.4.521901 ······-·NIST-800-171-3.4.5
21902 ······-·NIST-800-53-AC-6(1)21902 ······-·NIST-800-53-AC-6(1)
21903 ······-·NIST-800-53-CM-6(a)21903 ······-·NIST-800-53-CM-6(a)
21904 ······-·PCI-DSS-Req-7.121904 ······-·PCI-DSS-Req-7.1
Offset 21911, 16 lines modifiedOffset 21911, 16 lines modified
21911 ······-·no_reboot_needed21911 ······-·no_reboot_needed
  
21912 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21912 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21913 ······file:21913 ······file:
21914 ········path:·/boot/grub2/user.cfg21914 ········path:·/boot/grub2/user.cfg
21915 ········group:·'0'21915 ········group:·'0'
21916 ······when:21916 ······when:
21917 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21918 ······-·'"grub2-common"·in·ansible_facts.packages'21917 ······-·'"grub2-common"·in·ansible_facts.packages'
 21918 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21919 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21919 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21920 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21920 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21921 ······tags:21921 ······tags:
21922 ······-·CJIS-5.5.2.221922 ······-·CJIS-5.5.2.2
21923 ······-·NIST-800-171-3.4.521923 ······-·NIST-800-171-3.4.5
21924 ······-·NIST-800-53-AC-6(1)21924 ······-·NIST-800-53-AC-6(1)
21925 ······-·NIST-800-53-CM-6(a)21925 ······-·NIST-800-53-CM-6(a)
Offset 21950, 16 lines modifiedOffset 21950, 16 lines modified
21950 ······-·no_reboot_needed21950 ······-·no_reboot_needed
  
21951 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21951 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21952 ······stat:21952 ······stat:
21953 ········path:·/boot/grub2/grub.cfg21953 ········path:·/boot/grub2/grub.cfg
21954 ······register:·file_exists21954 ······register:·file_exists
21955 ······when:21955 ······when:
21956 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21957 ······-·'"grub2-common"·in·ansible_facts.packages'21956 ······-·'"grub2-common"·in·ansible_facts.packages'
 21957 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21958 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21958 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21959 ······tags:21959 ······tags:
21960 ······-·CJIS-5.5.2.221960 ······-·CJIS-5.5.2.2
21961 ······-·NIST-800-171-3.4.521961 ······-·NIST-800-171-3.4.5
21962 ······-·NIST-800-53-AC-6(1)21962 ······-·NIST-800-53-AC-6(1)
21963 ······-·NIST-800-53-CM-6(a)21963 ······-·NIST-800-53-CM-6(a)
21964 ······-·PCI-DSS-Req-7.121964 ······-·PCI-DSS-Req-7.1
Offset 21971, 16 lines modifiedOffset 21971, 16 lines modified
21971 ······-·no_reboot_needed21971 ······-·no_reboot_needed
  
21972 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21972 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21973 ······file:21973 ······file:
21974 ········path:·/boot/grub2/grub.cfg21974 ········path:·/boot/grub2/grub.cfg
21975 ········owner:·'0'21975 ········owner:·'0'
21976 ······when:21976 ······when:
21977 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21978 ······-·'"grub2-common"·in·ansible_facts.packages'21977 ······-·'"grub2-common"·in·ansible_facts.packages'
 21978 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21981 ······tags:21981 ······tags:
21982 ······-·CJIS-5.5.2.221982 ······-·CJIS-5.5.2.2
21983 ······-·NIST-800-171-3.4.521983 ······-·NIST-800-171-3.4.5
21984 ······-·NIST-800-53-AC-6(1)21984 ······-·NIST-800-53-AC-6(1)
21985 ······-·NIST-800-53-CM-6(a)21985 ······-·NIST-800-53-CM-6(a)
Offset 22010, 16 lines modifiedOffset 22010, 16 lines modified
22010 ······-·no_reboot_needed22010 ······-·no_reboot_needed
  
22011 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22011 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22012 ······stat:22012 ······stat:
22013 ········path:·/boot/grub2/user.cfg22013 ········path:·/boot/grub2/user.cfg
22014 ······register:·file_exists22014 ······register:·file_exists
22015 ······when:22015 ······when:
22016 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22017 ······-·'"grub2-common"·in·ansible_facts.packages'22016 ······-·'"grub2-common"·in·ansible_facts.packages'
 22017 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22018 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22018 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22019 ······tags:22019 ······tags:
22020 ······-·CJIS-5.5.2.222020 ······-·CJIS-5.5.2.2
22021 ······-·NIST-800-171-3.4.522021 ······-·NIST-800-171-3.4.5
22022 ······-·NIST-800-53-AC-6(1)22022 ······-·NIST-800-53-AC-6(1)
22023 ······-·NIST-800-53-CM-6(a)22023 ······-·NIST-800-53-CM-6(a)
22024 ······-·PCI-DSS-Req-7.122024 ······-·PCI-DSS-Req-7.1
Offset 22031, 16 lines modifiedOffset 22031, 16 lines modified
22031 ······-·no_reboot_needed22031 ······-·no_reboot_needed
Max diff block lines reached; 11553/16224 bytes (71.21%) of diff not shown.
2.74 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cjis.yml
Ordering differences only
    
Offset 13554, 16 lines modifiedOffset 13554, 16 lines modified
13554 ······-·no_reboot_needed13554 ······-·no_reboot_needed
  
13555 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg13555 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
13556 ······stat:13556 ······stat:
13557 ········path:·/boot/grub2/grub.cfg13557 ········path:·/boot/grub2/grub.cfg
13558 ······register:·file_exists13558 ······register:·file_exists
13559 ······when:13559 ······when:
13560 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13561 ······-·'"grub2-common"·in·ansible_facts.packages'13560 ······-·'"grub2-common"·in·ansible_facts.packages'
 13561 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13562 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13562 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13563 ······tags:13563 ······tags:
13564 ······-·CJIS-5.5.2.213564 ······-·CJIS-5.5.2.2
13565 ······-·NIST-800-171-3.4.513565 ······-·NIST-800-171-3.4.5
13566 ······-·NIST-800-53-AC-6(1)13566 ······-·NIST-800-53-AC-6(1)
13567 ······-·NIST-800-53-CM-6(a)13567 ······-·NIST-800-53-CM-6(a)
13568 ······-·PCI-DSS-Req-7.113568 ······-·PCI-DSS-Req-7.1
Offset 13575, 16 lines modifiedOffset 13575, 16 lines modified
13575 ······-·no_reboot_needed13575 ······-·no_reboot_needed
  
13576 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg13576 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
13577 ······file:13577 ······file:
13578 ········path:·/boot/grub2/grub.cfg13578 ········path:·/boot/grub2/grub.cfg
13579 ········group:·'0'13579 ········group:·'0'
13580 ······when:13580 ······when:
13581 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13582 ······-·'"grub2-common"·in·ansible_facts.packages'13581 ······-·'"grub2-common"·in·ansible_facts.packages'
 13582 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13583 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13583 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13584 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists13584 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
13585 ······tags:13585 ······tags:
13586 ······-·CJIS-5.5.2.213586 ······-·CJIS-5.5.2.2
13587 ······-·NIST-800-171-3.4.513587 ······-·NIST-800-171-3.4.5
13588 ······-·NIST-800-53-AC-6(1)13588 ······-·NIST-800-53-AC-6(1)
13589 ······-·NIST-800-53-CM-6(a)13589 ······-·NIST-800-53-CM-6(a)
Offset 13614, 16 lines modifiedOffset 13614, 16 lines modified
13614 ······-·no_reboot_needed13614 ······-·no_reboot_needed
  
13615 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg13615 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
13616 ······stat:13616 ······stat:
13617 ········path:·/boot/grub2/grub.cfg13617 ········path:·/boot/grub2/grub.cfg
13618 ······register:·file_exists13618 ······register:·file_exists
13619 ······when:13619 ······when:
13620 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13621 ······-·'"grub2-common"·in·ansible_facts.packages'13620 ······-·'"grub2-common"·in·ansible_facts.packages'
 13621 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13622 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13622 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13623 ······tags:13623 ······tags:
13624 ······-·CJIS-5.5.2.213624 ······-·CJIS-5.5.2.2
13625 ······-·NIST-800-171-3.4.513625 ······-·NIST-800-171-3.4.5
13626 ······-·NIST-800-53-AC-6(1)13626 ······-·NIST-800-53-AC-6(1)
13627 ······-·NIST-800-53-CM-6(a)13627 ······-·NIST-800-53-CM-6(a)
13628 ······-·PCI-DSS-Req-7.113628 ······-·PCI-DSS-Req-7.1
Offset 13635, 16 lines modifiedOffset 13635, 16 lines modified
13635 ······-·no_reboot_needed13635 ······-·no_reboot_needed
  
13636 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg13636 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
13637 ······file:13637 ······file:
13638 ········path:·/boot/grub2/grub.cfg13638 ········path:·/boot/grub2/grub.cfg
13639 ········owner:·'0'13639 ········owner:·'0'
13640 ······when:13640 ······when:
13641 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13642 ······-·'"grub2-common"·in·ansible_facts.packages'13641 ······-·'"grub2-common"·in·ansible_facts.packages'
 13642 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13643 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13643 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13644 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists13644 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
13645 ······tags:13645 ······tags:
13646 ······-·CJIS-5.5.2.213646 ······-·CJIS-5.5.2.2
13647 ······-·NIST-800-171-3.4.513647 ······-·NIST-800-171-3.4.5
13648 ······-·NIST-800-53-AC-6(1)13648 ······-·NIST-800-53-AC-6(1)
13649 ······-·NIST-800-53-CM-6(a)13649 ······-·NIST-800-53-CM-6(a)
2.74 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-hipaa.yml
Ordering differences only
    
Offset 22210, 16 lines modifiedOffset 22210, 16 lines modified
22210 ······-·no_reboot_needed22210 ······-·no_reboot_needed
  
22211 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22211 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22212 ······stat:22212 ······stat:
22213 ········path:·/boot/grub2/grub.cfg22213 ········path:·/boot/grub2/grub.cfg
22214 ······register:·file_exists22214 ······register:·file_exists
22215 ······when:22215 ······when:
22216 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22217 ······-·'"grub2-common"·in·ansible_facts.packages'22216 ······-·'"grub2-common"·in·ansible_facts.packages'
 22217 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22219 ······tags:22219 ······tags:
22220 ······-·CJIS-5.5.2.222220 ······-·CJIS-5.5.2.2
22221 ······-·NIST-800-171-3.4.522221 ······-·NIST-800-171-3.4.5
22222 ······-·NIST-800-53-AC-6(1)22222 ······-·NIST-800-53-AC-6(1)
22223 ······-·NIST-800-53-CM-6(a)22223 ······-·NIST-800-53-CM-6(a)
22224 ······-·PCI-DSS-Req-7.122224 ······-·PCI-DSS-Req-7.1
Offset 22231, 16 lines modifiedOffset 22231, 16 lines modified
22231 ······-·no_reboot_needed22231 ······-·no_reboot_needed
  
22232 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22232 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22233 ······file:22233 ······file:
22234 ········path:·/boot/grub2/grub.cfg22234 ········path:·/boot/grub2/grub.cfg
22235 ········group:·'0'22235 ········group:·'0'
22236 ······when:22236 ······when:
22237 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22238 ······-·'"grub2-common"·in·ansible_facts.packages'22237 ······-·'"grub2-common"·in·ansible_facts.packages'
 22238 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22241 ······tags:22241 ······tags:
22242 ······-·CJIS-5.5.2.222242 ······-·CJIS-5.5.2.2
22243 ······-·NIST-800-171-3.4.522243 ······-·NIST-800-171-3.4.5
22244 ······-·NIST-800-53-AC-6(1)22244 ······-·NIST-800-53-AC-6(1)
22245 ······-·NIST-800-53-CM-6(a)22245 ······-·NIST-800-53-CM-6(a)
Offset 22270, 16 lines modifiedOffset 22270, 16 lines modified
22270 ······-·no_reboot_needed22270 ······-·no_reboot_needed
  
22271 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22271 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22272 ······stat:22272 ······stat:
22273 ········path:·/boot/grub2/grub.cfg22273 ········path:·/boot/grub2/grub.cfg
22274 ······register:·file_exists22274 ······register:·file_exists
22275 ······when:22275 ······when:
22276 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22277 ······-·'"grub2-common"·in·ansible_facts.packages'22276 ······-·'"grub2-common"·in·ansible_facts.packages'
 22277 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22279 ······tags:22279 ······tags:
22280 ······-·CJIS-5.5.2.222280 ······-·CJIS-5.5.2.2
22281 ······-·NIST-800-171-3.4.522281 ······-·NIST-800-171-3.4.5
22282 ······-·NIST-800-53-AC-6(1)22282 ······-·NIST-800-53-AC-6(1)
22283 ······-·NIST-800-53-CM-6(a)22283 ······-·NIST-800-53-CM-6(a)
22284 ······-·PCI-DSS-Req-7.122284 ······-·PCI-DSS-Req-7.1
Offset 22291, 16 lines modifiedOffset 22291, 16 lines modified
22291 ······-·no_reboot_needed22291 ······-·no_reboot_needed
  
22292 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22292 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22293 ······file:22293 ······file:
22294 ········path:·/boot/grub2/grub.cfg22294 ········path:·/boot/grub2/grub.cfg
22295 ········owner:·'0'22295 ········owner:·'0'
22296 ······when:22296 ······when:
22297 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22298 ······-·'"grub2-common"·in·ansible_facts.packages'22297 ······-·'"grub2-common"·in·ansible_facts.packages'
 22298 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22301 ······tags:22301 ······tags:
22302 ······-·CJIS-5.5.2.222302 ······-·CJIS-5.5.2.2
22303 ······-·NIST-800-171-3.4.522303 ······-·NIST-800-171-3.4.5
22304 ······-·NIST-800-53-AC-6(1)22304 ······-·NIST-800-53-AC-6(1)
22305 ······-·NIST-800-53-CM-6(a)22305 ······-·NIST-800-53-CM-6(a)
2.74 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-pci-dss.yml
Ordering differences only
    
Offset 22991, 16 lines modifiedOffset 22991, 16 lines modified
22991 ······-·no_reboot_needed22991 ······-·no_reboot_needed
  
22992 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22992 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22993 ······stat:22993 ······stat:
22994 ········path:·/boot/grub2/grub.cfg22994 ········path:·/boot/grub2/grub.cfg
22995 ······register:·file_exists22995 ······register:·file_exists
22996 ······when:22996 ······when:
22997 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22998 ······-·'"grub2-common"·in·ansible_facts.packages'22997 ······-·'"grub2-common"·in·ansible_facts.packages'
 22998 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22999 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22999 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23000 ······tags:23000 ······tags:
23001 ······-·CJIS-5.5.2.223001 ······-·CJIS-5.5.2.2
23002 ······-·NIST-800-171-3.4.523002 ······-·NIST-800-171-3.4.5
23003 ······-·NIST-800-53-AC-6(1)23003 ······-·NIST-800-53-AC-6(1)
23004 ······-·NIST-800-53-CM-6(a)23004 ······-·NIST-800-53-CM-6(a)
23005 ······-·PCI-DSS-Req-7.123005 ······-·PCI-DSS-Req-7.1
Offset 23012, 16 lines modifiedOffset 23012, 16 lines modified
23012 ······-·no_reboot_needed23012 ······-·no_reboot_needed
  
23013 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg23013 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
23014 ······file:23014 ······file:
23015 ········path:·/boot/grub2/grub.cfg23015 ········path:·/boot/grub2/grub.cfg
23016 ········group:·'0'23016 ········group:·'0'
23017 ······when:23017 ······when:
23018 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23019 ······-·'"grub2-common"·in·ansible_facts.packages'23018 ······-·'"grub2-common"·in·ansible_facts.packages'
 23019 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23020 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23020 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23021 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists23021 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
23022 ······tags:23022 ······tags:
23023 ······-·CJIS-5.5.2.223023 ······-·CJIS-5.5.2.2
23024 ······-·NIST-800-171-3.4.523024 ······-·NIST-800-171-3.4.5
23025 ······-·NIST-800-53-AC-6(1)23025 ······-·NIST-800-53-AC-6(1)
23026 ······-·NIST-800-53-CM-6(a)23026 ······-·NIST-800-53-CM-6(a)
Offset 23051, 16 lines modifiedOffset 23051, 16 lines modified
23051 ······-·no_reboot_needed23051 ······-·no_reboot_needed
  
23052 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg23052 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
23053 ······stat:23053 ······stat:
23054 ········path:·/boot/grub2/grub.cfg23054 ········path:·/boot/grub2/grub.cfg
23055 ······register:·file_exists23055 ······register:·file_exists
23056 ······when:23056 ······when:
23057 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23058 ······-·'"grub2-common"·in·ansible_facts.packages'23057 ······-·'"grub2-common"·in·ansible_facts.packages'
 23058 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23059 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23059 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23060 ······tags:23060 ······tags:
23061 ······-·CJIS-5.5.2.223061 ······-·CJIS-5.5.2.2
23062 ······-·NIST-800-171-3.4.523062 ······-·NIST-800-171-3.4.5
23063 ······-·NIST-800-53-AC-6(1)23063 ······-·NIST-800-53-AC-6(1)
23064 ······-·NIST-800-53-CM-6(a)23064 ······-·NIST-800-53-CM-6(a)
23065 ······-·PCI-DSS-Req-7.123065 ······-·PCI-DSS-Req-7.1
Offset 23072, 16 lines modifiedOffset 23072, 16 lines modified
23072 ······-·no_reboot_needed23072 ······-·no_reboot_needed
  
23073 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg23073 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
23074 ······file:23074 ······file:
23075 ········path:·/boot/grub2/grub.cfg23075 ········path:·/boot/grub2/grub.cfg
23076 ········owner:·'0'23076 ········owner:·'0'
23077 ······when:23077 ······when:
23078 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23079 ······-·'"grub2-common"·in·ansible_facts.packages'23078 ······-·'"grub2-common"·in·ansible_facts.packages'
 23079 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23080 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23080 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23081 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists23081 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
23082 ······tags:23082 ······tags:
23083 ······-·CJIS-5.5.2.223083 ······-·CJIS-5.5.2.2
23084 ······-·NIST-800-171-3.4.523084 ······-·NIST-800-171-3.4.5
23085 ······-·NIST-800-53-AC-6(1)23085 ······-·NIST-800-53-AC-6(1)
23086 ······-·NIST-800-53-CM-6(a)23086 ······-·NIST-800-53-CM-6(a)
4.08 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-rht-ccp.yml
Ordering differences only
    
Offset 3210, 16 lines modifiedOffset 3210, 16 lines modified
3210 ······-·no_reboot_needed3210 ······-·no_reboot_needed
  
3211 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3211 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3212 ······stat:3212 ······stat:
3213 ········path:·/boot/grub2/grub.cfg3213 ········path:·/boot/grub2/grub.cfg
3214 ······register:·file_exists3214 ······register:·file_exists
3215 ······when:3215 ······when:
3216 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3217 ······-·'"grub2-common"·in·ansible_facts.packages'3216 ······-·'"grub2-common"·in·ansible_facts.packages'
 3217 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3219 ······tags:3219 ······tags:
3220 ······-·CJIS-5.5.2.23220 ······-·CJIS-5.5.2.2
3221 ······-·NIST-800-171-3.4.53221 ······-·NIST-800-171-3.4.5
3222 ······-·NIST-800-53-AC-6(1)3222 ······-·NIST-800-53-AC-6(1)
3223 ······-·NIST-800-53-CM-6(a)3223 ······-·NIST-800-53-CM-6(a)
3224 ······-·PCI-DSS-Req-7.13224 ······-·PCI-DSS-Req-7.1
Offset 3231, 16 lines modifiedOffset 3231, 16 lines modified
3231 ······-·no_reboot_needed3231 ······-·no_reboot_needed
  
3232 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3232 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3233 ······file:3233 ······file:
3234 ········path:·/boot/grub2/grub.cfg3234 ········path:·/boot/grub2/grub.cfg
3235 ········group:·'0'3235 ········group:·'0'
3236 ······when:3236 ······when:
3237 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3238 ······-·'"grub2-common"·in·ansible_facts.packages'3237 ······-·'"grub2-common"·in·ansible_facts.packages'
 3238 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3241 ······tags:3241 ······tags:
3242 ······-·CJIS-5.5.2.23242 ······-·CJIS-5.5.2.2
3243 ······-·NIST-800-171-3.4.53243 ······-·NIST-800-171-3.4.5
3244 ······-·NIST-800-53-AC-6(1)3244 ······-·NIST-800-53-AC-6(1)
3245 ······-·NIST-800-53-CM-6(a)3245 ······-·NIST-800-53-CM-6(a)
Offset 3270, 16 lines modifiedOffset 3270, 16 lines modified
3270 ······-·no_reboot_needed3270 ······-·no_reboot_needed
  
3271 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3271 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3272 ······stat:3272 ······stat:
3273 ········path:·/boot/grub2/grub.cfg3273 ········path:·/boot/grub2/grub.cfg
3274 ······register:·file_exists3274 ······register:·file_exists
3275 ······when:3275 ······when:
3276 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3277 ······-·'"grub2-common"·in·ansible_facts.packages'3276 ······-·'"grub2-common"·in·ansible_facts.packages'
 3277 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3279 ······tags:3279 ······tags:
3280 ······-·CJIS-5.5.2.23280 ······-·CJIS-5.5.2.2
3281 ······-·NIST-800-171-3.4.53281 ······-·NIST-800-171-3.4.5
3282 ······-·NIST-800-53-AC-6(1)3282 ······-·NIST-800-53-AC-6(1)
3283 ······-·NIST-800-53-CM-6(a)3283 ······-·NIST-800-53-CM-6(a)
3284 ······-·PCI-DSS-Req-7.13284 ······-·PCI-DSS-Req-7.1
Offset 3291, 16 lines modifiedOffset 3291, 16 lines modified
3291 ······-·no_reboot_needed3291 ······-·no_reboot_needed
  
3292 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3292 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3293 ······file:3293 ······file:
3294 ········path:·/boot/grub2/grub.cfg3294 ········path:·/boot/grub2/grub.cfg
3295 ········owner:·'0'3295 ········owner:·'0'
3296 ······when:3296 ······when:
3297 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3298 ······-·'"grub2-common"·in·ansible_facts.packages'3297 ······-·'"grub2-common"·in·ansible_facts.packages'
 3298 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3301 ······tags:3301 ······tags:
3302 ······-·CJIS-5.5.2.23302 ······-·CJIS-5.5.2.2
3303 ······-·NIST-800-171-3.4.53303 ······-·NIST-800-171-3.4.5
3304 ······-·NIST-800-53-AC-6(1)3304 ······-·NIST-800-53-AC-6(1)
3305 ······-·NIST-800-53-CM-6(a)3305 ······-·NIST-800-53-CM-6(a)
Offset 3328, 16 lines modifiedOffset 3328, 16 lines modified
3328 ······-·no_reboot_needed3328 ······-·no_reboot_needed
  
3329 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3329 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3330 ······stat:3330 ······stat:
3331 ········path:·/boot/grub2/grub.cfg3331 ········path:·/boot/grub2/grub.cfg
3332 ······register:·file_exists3332 ······register:·file_exists
3333 ······when:3333 ······when:
3334 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3335 ······-·'"grub2-common"·in·ansible_facts.packages'3334 ······-·'"grub2-common"·in·ansible_facts.packages'
 3335 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3337 ······tags:3337 ······tags:
3338 ······-·NIST-800-171-3.4.53338 ······-·NIST-800-171-3.4.5
3339 ······-·NIST-800-53-AC-6(1)3339 ······-·NIST-800-53-AC-6(1)
3340 ······-·NIST-800-53-CM-6(a)3340 ······-·NIST-800-53-CM-6(a)
3341 ······-·configure_strategy3341 ······-·configure_strategy
3342 ······-·file_permissions_grub2_cfg3342 ······-·file_permissions_grub2_cfg
Offset 3347, 16 lines modifiedOffset 3347, 16 lines modified
3347 ······-·no_reboot_needed3347 ······-·no_reboot_needed
  
3348 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg3348 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
3349 ······file:3349 ······file:
3350 ········path:·/boot/grub2/grub.cfg3350 ········path:·/boot/grub2/grub.cfg
3351 ········mode:·u-xs,g-xwrs,o-xwrt3351 ········mode:·u-xs,g-xwrs,o-xwrt
3352 ······when:3352 ······when:
3353 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3354 ······-·'"grub2-common"·in·ansible_facts.packages'3353 ······-·'"grub2-common"·in·ansible_facts.packages'
 3354 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3355 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3355 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3356 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3356 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3357 ······tags:3357 ······tags:
3358 ······-·NIST-800-171-3.4.53358 ······-·NIST-800-171-3.4.5
3359 ······-·NIST-800-53-AC-6(1)3359 ······-·NIST-800-53-AC-6(1)
3360 ······-·NIST-800-53-CM-6(a)3360 ······-·NIST-800-53-CM-6(a)
3361 ······-·configure_strategy3361 ······-·configure_strategy
811 B
./usr/share/scap-security-guide/ansible/centos8-playbook-stig.yml
Ordering differences only
    
Offset 37476, 16 lines modifiedOffset 37476, 16 lines modified
37476 ········lineinfile:37476 ········lineinfile:
37477 ··········path:·/etc/postfix/main.cf37477 ··········path:·/etc/postfix/main.cf
37478 ··········create:·true37478 ··········create:·true
37479 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*37479 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
37480 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject37480 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
37481 ··········state:·present37481 ··········state:·present
37482 ······when:37482 ······when:
37483 ······-·'"postfix"·in·ansible_facts.packages' 
37484 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 37484 ······-·'"postfix"·in·ansible_facts.packages'
37485 ······tags:37485 ······tags:
37486 ······-·DISA-STIG-RHEL-08-04029037486 ······-·DISA-STIG-RHEL-08-040290
37487 ······-·low_complexity37487 ······-·low_complexity
37488 ······-·low_disruption37488 ······-·low_disruption
37489 ······-·medium_severity37489 ······-·medium_severity
37490 ······-·no_reboot_needed37490 ······-·no_reboot_needed
37491 ······-·postfix_prevent_unrestricted_relay37491 ······-·postfix_prevent_unrestricted_relay
819 B
./usr/share/scap-security-guide/ansible/centos8-playbook-stig_gui.yml
Ordering differences only
    
Offset 37467, 16 lines modifiedOffset 37467, 16 lines modified
37467 ········lineinfile:37467 ········lineinfile:
37468 ··········path:·/etc/postfix/main.cf37468 ··········path:·/etc/postfix/main.cf
37469 ··········create:·true37469 ··········create:·true
37470 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*37470 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
37471 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject37471 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
37472 ··········state:·present37472 ··········state:·present
37473 ······when:37473 ······when:
37474 ······-·'"postfix"·in·ansible_facts.packages' 
37475 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]37474 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 37475 ······-·'"postfix"·in·ansible_facts.packages'
37476 ······tags:37476 ······tags:
37477 ······-·DISA-STIG-RHEL-08-04029037477 ······-·DISA-STIG-RHEL-08-040290
37478 ······-·low_complexity37478 ······-·low_complexity
37479 ······-·low_disruption37479 ······-·low_disruption
37480 ······-·medium_severity37480 ······-·medium_severity
37481 ······-·no_reboot_needed37481 ······-·no_reboot_needed
37482 ······-·postfix_prevent_unrestricted_relay37482 ······-·postfix_prevent_unrestricted_relay
5.36 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis.yml
Ordering differences only
    
Offset 21742, 16 lines modifiedOffset 21742, 16 lines modified
21742 ······-·no_reboot_needed21742 ······-·no_reboot_needed
  
21743 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21743 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21744 ······stat:21744 ······stat:
21745 ········path:·/boot/grub2/user.cfg21745 ········path:·/boot/grub2/user.cfg
21746 ······register:·file_exists21746 ······register:·file_exists
21747 ······when:21747 ······when:
21748 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21749 ······-·'"grub2-common"·in·ansible_facts.packages'21748 ······-·'"grub2-common"·in·ansible_facts.packages'
 21749 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21750 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21750 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21751 ······tags:21751 ······tags:
21752 ······-·CJIS-5.5.2.221752 ······-·CJIS-5.5.2.2
21753 ······-·NIST-800-171-3.4.521753 ······-·NIST-800-171-3.4.5
21754 ······-·NIST-800-53-AC-6(1)21754 ······-·NIST-800-53-AC-6(1)
21755 ······-·NIST-800-53-CM-6(a)21755 ······-·NIST-800-53-CM-6(a)
21756 ······-·PCI-DSS-Req-7.121756 ······-·PCI-DSS-Req-7.1
Offset 21763, 16 lines modifiedOffset 21763, 16 lines modified
21763 ······-·no_reboot_needed21763 ······-·no_reboot_needed
  
21764 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21764 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21765 ······file:21765 ······file:
21766 ········path:·/boot/grub2/user.cfg21766 ········path:·/boot/grub2/user.cfg
21767 ········group:·'0'21767 ········group:·'0'
21768 ······when:21768 ······when:
21769 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21770 ······-·'"grub2-common"·in·ansible_facts.packages'21769 ······-·'"grub2-common"·in·ansible_facts.packages'
 21770 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21772 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21772 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21773 ······tags:21773 ······tags:
21774 ······-·CJIS-5.5.2.221774 ······-·CJIS-5.5.2.2
21775 ······-·NIST-800-171-3.4.521775 ······-·NIST-800-171-3.4.5
21776 ······-·NIST-800-53-AC-6(1)21776 ······-·NIST-800-53-AC-6(1)
21777 ······-·NIST-800-53-CM-6(a)21777 ······-·NIST-800-53-CM-6(a)
Offset 21802, 16 lines modifiedOffset 21802, 16 lines modified
21802 ······-·no_reboot_needed21802 ······-·no_reboot_needed
  
21803 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21803 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21804 ······stat:21804 ······stat:
21805 ········path:·/boot/grub2/user.cfg21805 ········path:·/boot/grub2/user.cfg
21806 ······register:·file_exists21806 ······register:·file_exists
21807 ······when:21807 ······when:
21808 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21809 ······-·'"grub2-common"·in·ansible_facts.packages'21808 ······-·'"grub2-common"·in·ansible_facts.packages'
 21809 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21810 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21810 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21811 ······tags:21811 ······tags:
21812 ······-·CJIS-5.5.2.221812 ······-·CJIS-5.5.2.2
21813 ······-·NIST-800-171-3.4.521813 ······-·NIST-800-171-3.4.5
21814 ······-·NIST-800-53-AC-6(1)21814 ······-·NIST-800-53-AC-6(1)
21815 ······-·NIST-800-53-CM-6(a)21815 ······-·NIST-800-53-CM-6(a)
21816 ······-·PCI-DSS-Req-7.121816 ······-·PCI-DSS-Req-7.1
Offset 21823, 16 lines modifiedOffset 21823, 16 lines modified
21823 ······-·no_reboot_needed21823 ······-·no_reboot_needed
  
21824 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg21824 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
21825 ······file:21825 ······file:
21826 ········path:·/boot/grub2/user.cfg21826 ········path:·/boot/grub2/user.cfg
21827 ········owner:·'0'21827 ········owner:·'0'
21828 ······when:21828 ······when:
21829 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21830 ······-·'"grub2-common"·in·ansible_facts.packages'21829 ······-·'"grub2-common"·in·ansible_facts.packages'
 21830 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21831 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21831 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21832 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21832 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21833 ······tags:21833 ······tags:
21834 ······-·CJIS-5.5.2.221834 ······-·CJIS-5.5.2.2
21835 ······-·NIST-800-171-3.4.521835 ······-·NIST-800-171-3.4.5
21836 ······-·NIST-800-53-AC-6(1)21836 ······-·NIST-800-53-AC-6(1)
21837 ······-·NIST-800-53-CM-6(a)21837 ······-·NIST-800-53-CM-6(a)
Offset 21860, 16 lines modifiedOffset 21860, 16 lines modified
21860 ······-·no_reboot_needed21860 ······-·no_reboot_needed
  
21861 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21861 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21862 ······stat:21862 ······stat:
21863 ········path:·/boot/grub2/grub.cfg21863 ········path:·/boot/grub2/grub.cfg
21864 ······register:·file_exists21864 ······register:·file_exists
21865 ······when:21865 ······when:
21866 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21867 ······-·'"grub2-common"·in·ansible_facts.packages'21866 ······-·'"grub2-common"·in·ansible_facts.packages'
 21867 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21868 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21868 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21869 ······tags:21869 ······tags:
21870 ······-·NIST-800-171-3.4.521870 ······-·NIST-800-171-3.4.5
21871 ······-·NIST-800-53-AC-6(1)21871 ······-·NIST-800-53-AC-6(1)
21872 ······-·NIST-800-53-CM-6(a)21872 ······-·NIST-800-53-CM-6(a)
21873 ······-·configure_strategy21873 ······-·configure_strategy
21874 ······-·file_permissions_efi_grub2_cfg21874 ······-·file_permissions_efi_grub2_cfg
Offset 21879, 16 lines modifiedOffset 21879, 16 lines modified
21879 ······-·no_reboot_needed21879 ······-·no_reboot_needed
  
21880 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg21880 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
21881 ······file:21881 ······file:
21882 ········path:·/boot/grub2/grub.cfg21882 ········path:·/boot/grub2/grub.cfg
21883 ········mode:·u-s,g-xwrs,o-xwrt21883 ········mode:·u-s,g-xwrs,o-xwrt
21884 ······when:21884 ······when:
21885 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21886 ······-·'"grub2-common"·in·ansible_facts.packages'21885 ······-·'"grub2-common"·in·ansible_facts.packages'
 21886 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21889 ······tags:21889 ······tags:
21890 ······-·NIST-800-171-3.4.521890 ······-·NIST-800-171-3.4.5
21891 ······-·NIST-800-53-AC-6(1)21891 ······-·NIST-800-53-AC-6(1)
21892 ······-·NIST-800-53-CM-6(a)21892 ······-·NIST-800-53-CM-6(a)
21893 ······-·configure_strategy21893 ······-·configure_strategy
Offset 21914, 16 lines modifiedOffset 21914, 16 lines modified
21914 ······-·no_reboot_needed21914 ······-·no_reboot_needed
  
21915 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21915 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21916 ······stat:21916 ······stat:
21917 ········path:·/boot/grub2/user.cfg21917 ········path:·/boot/grub2/user.cfg
21918 ······register:·file_exists21918 ······register:·file_exists
21919 ······when:21919 ······when:
21920 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21921 ······-·'"grub2-common"·in·ansible_facts.packages'21920 ······-·'"grub2-common"·in·ansible_facts.packages'
 21921 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21922 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21922 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21923 ······tags:21923 ······tags:
21924 ······-·NIST-800-171-3.4.521924 ······-·NIST-800-171-3.4.5
21925 ······-·NIST-800-53-AC-6(1)21925 ······-·NIST-800-53-AC-6(1)
21926 ······-·NIST-800-53-CM-6(a)21926 ······-·NIST-800-53-CM-6(a)
21927 ······-·configure_strategy21927 ······-·configure_strategy
21928 ······-·file_permissions_efi_user_cfg21928 ······-·file_permissions_efi_user_cfg
Offset 21933, 16 lines modifiedOffset 21933, 16 lines modified
21933 ······-·no_reboot_needed21933 ······-·no_reboot_needed
Max diff block lines reached; 655/5345 bytes (12.25%) of diff not shown.
5.37 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5405, 16 lines modifiedOffset 5405, 16 lines modified
5405 ······-·no_reboot_needed5405 ······-·no_reboot_needed
  
5406 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5406 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5407 ······stat:5407 ······stat:
5408 ········path:·/boot/grub2/user.cfg5408 ········path:·/boot/grub2/user.cfg
5409 ······register:·file_exists5409 ······register:·file_exists
5410 ······when:5410 ······when:
5411 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5412 ······-·'"grub2-common"·in·ansible_facts.packages'5411 ······-·'"grub2-common"·in·ansible_facts.packages'
 5412 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5413 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5413 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5414 ······tags:5414 ······tags:
5415 ······-·CJIS-5.5.2.25415 ······-·CJIS-5.5.2.2
5416 ······-·NIST-800-171-3.4.55416 ······-·NIST-800-171-3.4.5
5417 ······-·NIST-800-53-AC-6(1)5417 ······-·NIST-800-53-AC-6(1)
5418 ······-·NIST-800-53-CM-6(a)5418 ······-·NIST-800-53-CM-6(a)
5419 ······-·PCI-DSS-Req-7.15419 ······-·PCI-DSS-Req-7.1
Offset 5426, 16 lines modifiedOffset 5426, 16 lines modified
5426 ······-·no_reboot_needed5426 ······-·no_reboot_needed
  
5427 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5427 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5428 ······file:5428 ······file:
5429 ········path:·/boot/grub2/user.cfg5429 ········path:·/boot/grub2/user.cfg
5430 ········group:·'0'5430 ········group:·'0'
5431 ······when:5431 ······when:
5432 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5433 ······-·'"grub2-common"·in·ansible_facts.packages'5432 ······-·'"grub2-common"·in·ansible_facts.packages'
 5433 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5434 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5434 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5435 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5435 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5436 ······tags:5436 ······tags:
5437 ······-·CJIS-5.5.2.25437 ······-·CJIS-5.5.2.2
5438 ······-·NIST-800-171-3.4.55438 ······-·NIST-800-171-3.4.5
5439 ······-·NIST-800-53-AC-6(1)5439 ······-·NIST-800-53-AC-6(1)
5440 ······-·NIST-800-53-CM-6(a)5440 ······-·NIST-800-53-CM-6(a)
Offset 5465, 16 lines modifiedOffset 5465, 16 lines modified
5465 ······-·no_reboot_needed5465 ······-·no_reboot_needed
  
5466 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5466 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5467 ······stat:5467 ······stat:
5468 ········path:·/boot/grub2/user.cfg5468 ········path:·/boot/grub2/user.cfg
5469 ······register:·file_exists5469 ······register:·file_exists
5470 ······when:5470 ······when:
5471 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5472 ······-·'"grub2-common"·in·ansible_facts.packages'5471 ······-·'"grub2-common"·in·ansible_facts.packages'
 5472 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5473 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5473 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5474 ······tags:5474 ······tags:
5475 ······-·CJIS-5.5.2.25475 ······-·CJIS-5.5.2.2
5476 ······-·NIST-800-171-3.4.55476 ······-·NIST-800-171-3.4.5
5477 ······-·NIST-800-53-AC-6(1)5477 ······-·NIST-800-53-AC-6(1)
5478 ······-·NIST-800-53-CM-6(a)5478 ······-·NIST-800-53-CM-6(a)
5479 ······-·PCI-DSS-Req-7.15479 ······-·PCI-DSS-Req-7.1
Offset 5486, 16 lines modifiedOffset 5486, 16 lines modified
5486 ······-·no_reboot_needed5486 ······-·no_reboot_needed
  
5487 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg5487 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
5488 ······file:5488 ······file:
5489 ········path:·/boot/grub2/user.cfg5489 ········path:·/boot/grub2/user.cfg
5490 ········owner:·'0'5490 ········owner:·'0'
5491 ······when:5491 ······when:
5492 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5493 ······-·'"grub2-common"·in·ansible_facts.packages'5492 ······-·'"grub2-common"·in·ansible_facts.packages'
 5493 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5494 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5494 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5495 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5495 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5496 ······tags:5496 ······tags:
5497 ······-·CJIS-5.5.2.25497 ······-·CJIS-5.5.2.2
5498 ······-·NIST-800-171-3.4.55498 ······-·NIST-800-171-3.4.5
5499 ······-·NIST-800-53-AC-6(1)5499 ······-·NIST-800-53-AC-6(1)
5500 ······-·NIST-800-53-CM-6(a)5500 ······-·NIST-800-53-CM-6(a)
Offset 5523, 16 lines modifiedOffset 5523, 16 lines modified
5523 ······-·no_reboot_needed5523 ······-·no_reboot_needed
  
5524 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5524 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5525 ······stat:5525 ······stat:
5526 ········path:·/boot/grub2/grub.cfg5526 ········path:·/boot/grub2/grub.cfg
5527 ······register:·file_exists5527 ······register:·file_exists
5528 ······when:5528 ······when:
5529 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5530 ······-·'"grub2-common"·in·ansible_facts.packages'5529 ······-·'"grub2-common"·in·ansible_facts.packages'
 5530 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5531 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5531 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5532 ······tags:5532 ······tags:
5533 ······-·NIST-800-171-3.4.55533 ······-·NIST-800-171-3.4.5
5534 ······-·NIST-800-53-AC-6(1)5534 ······-·NIST-800-53-AC-6(1)
5535 ······-·NIST-800-53-CM-6(a)5535 ······-·NIST-800-53-CM-6(a)
5536 ······-·configure_strategy5536 ······-·configure_strategy
5537 ······-·file_permissions_efi_grub2_cfg5537 ······-·file_permissions_efi_grub2_cfg
Offset 5542, 16 lines modifiedOffset 5542, 16 lines modified
5542 ······-·no_reboot_needed5542 ······-·no_reboot_needed
  
5543 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5543 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5544 ······file:5544 ······file:
5545 ········path:·/boot/grub2/grub.cfg5545 ········path:·/boot/grub2/grub.cfg
5546 ········mode:·u-s,g-xwrs,o-xwrt5546 ········mode:·u-s,g-xwrs,o-xwrt
5547 ······when:5547 ······when:
5548 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5549 ······-·'"grub2-common"·in·ansible_facts.packages'5548 ······-·'"grub2-common"·in·ansible_facts.packages'
 5549 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5550 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5550 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5551 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5551 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5552 ······tags:5552 ······tags:
5553 ······-·NIST-800-171-3.4.55553 ······-·NIST-800-171-3.4.5
5554 ······-·NIST-800-53-AC-6(1)5554 ······-·NIST-800-53-AC-6(1)
5555 ······-·NIST-800-53-CM-6(a)5555 ······-·NIST-800-53-CM-6(a)
5556 ······-·configure_strategy5556 ······-·configure_strategy
Offset 5577, 16 lines modifiedOffset 5577, 16 lines modified
5577 ······-·no_reboot_needed5577 ······-·no_reboot_needed
  
5578 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5578 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5579 ······stat:5579 ······stat:
5580 ········path:·/boot/grub2/user.cfg5580 ········path:·/boot/grub2/user.cfg
5581 ······register:·file_exists5581 ······register:·file_exists
5582 ······when:5582 ······when:
5583 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5584 ······-·'"grub2-common"·in·ansible_facts.packages'5583 ······-·'"grub2-common"·in·ansible_facts.packages'
 5584 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5585 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5585 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5586 ······tags:5586 ······tags:
5587 ······-·NIST-800-171-3.4.55587 ······-·NIST-800-171-3.4.5
5588 ······-·NIST-800-53-AC-6(1)5588 ······-·NIST-800-53-AC-6(1)
5589 ······-·NIST-800-53-CM-6(a)5589 ······-·NIST-800-53-CM-6(a)
5590 ······-·configure_strategy5590 ······-·configure_strategy
5591 ······-·file_permissions_efi_user_cfg5591 ······-·file_permissions_efi_user_cfg
Offset 5596, 16 lines modifiedOffset 5596, 16 lines modified
5596 ······-·no_reboot_needed5596 ······-·no_reboot_needed
Max diff block lines reached; 655/5329 bytes (12.29%) of diff not shown.
5.38 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5405, 16 lines modifiedOffset 5405, 16 lines modified
5405 ······-·no_reboot_needed5405 ······-·no_reboot_needed
  
5406 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5406 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5407 ······stat:5407 ······stat:
5408 ········path:·/boot/grub2/user.cfg5408 ········path:·/boot/grub2/user.cfg
5409 ······register:·file_exists5409 ······register:·file_exists
5410 ······when:5410 ······when:
5411 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5412 ······-·'"grub2-common"·in·ansible_facts.packages'5411 ······-·'"grub2-common"·in·ansible_facts.packages'
 5412 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5413 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5413 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5414 ······tags:5414 ······tags:
5415 ······-·CJIS-5.5.2.25415 ······-·CJIS-5.5.2.2
5416 ······-·NIST-800-171-3.4.55416 ······-·NIST-800-171-3.4.5
5417 ······-·NIST-800-53-AC-6(1)5417 ······-·NIST-800-53-AC-6(1)
5418 ······-·NIST-800-53-CM-6(a)5418 ······-·NIST-800-53-CM-6(a)
5419 ······-·PCI-DSS-Req-7.15419 ······-·PCI-DSS-Req-7.1
Offset 5426, 16 lines modifiedOffset 5426, 16 lines modified
5426 ······-·no_reboot_needed5426 ······-·no_reboot_needed
  
5427 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5427 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5428 ······file:5428 ······file:
5429 ········path:·/boot/grub2/user.cfg5429 ········path:·/boot/grub2/user.cfg
5430 ········group:·'0'5430 ········group:·'0'
5431 ······when:5431 ······when:
5432 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5433 ······-·'"grub2-common"·in·ansible_facts.packages'5432 ······-·'"grub2-common"·in·ansible_facts.packages'
 5433 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5434 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5434 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5435 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5435 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5436 ······tags:5436 ······tags:
5437 ······-·CJIS-5.5.2.25437 ······-·CJIS-5.5.2.2
5438 ······-·NIST-800-171-3.4.55438 ······-·NIST-800-171-3.4.5
5439 ······-·NIST-800-53-AC-6(1)5439 ······-·NIST-800-53-AC-6(1)
5440 ······-·NIST-800-53-CM-6(a)5440 ······-·NIST-800-53-CM-6(a)
Offset 5465, 16 lines modifiedOffset 5465, 16 lines modified
5465 ······-·no_reboot_needed5465 ······-·no_reboot_needed
  
5466 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5466 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5467 ······stat:5467 ······stat:
5468 ········path:·/boot/grub2/user.cfg5468 ········path:·/boot/grub2/user.cfg
5469 ······register:·file_exists5469 ······register:·file_exists
5470 ······when:5470 ······when:
5471 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5472 ······-·'"grub2-common"·in·ansible_facts.packages'5471 ······-·'"grub2-common"·in·ansible_facts.packages'
 5472 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5473 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5473 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5474 ······tags:5474 ······tags:
5475 ······-·CJIS-5.5.2.25475 ······-·CJIS-5.5.2.2
5476 ······-·NIST-800-171-3.4.55476 ······-·NIST-800-171-3.4.5
5477 ······-·NIST-800-53-AC-6(1)5477 ······-·NIST-800-53-AC-6(1)
5478 ······-·NIST-800-53-CM-6(a)5478 ······-·NIST-800-53-CM-6(a)
5479 ······-·PCI-DSS-Req-7.15479 ······-·PCI-DSS-Req-7.1
Offset 5486, 16 lines modifiedOffset 5486, 16 lines modified
5486 ······-·no_reboot_needed5486 ······-·no_reboot_needed
  
5487 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg5487 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
5488 ······file:5488 ······file:
5489 ········path:·/boot/grub2/user.cfg5489 ········path:·/boot/grub2/user.cfg
5490 ········owner:·'0'5490 ········owner:·'0'
5491 ······when:5491 ······when:
5492 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5493 ······-·'"grub2-common"·in·ansible_facts.packages'5492 ······-·'"grub2-common"·in·ansible_facts.packages'
 5493 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5494 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5494 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5495 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5495 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5496 ······tags:5496 ······tags:
5497 ······-·CJIS-5.5.2.25497 ······-·CJIS-5.5.2.2
5498 ······-·NIST-800-171-3.4.55498 ······-·NIST-800-171-3.4.5
5499 ······-·NIST-800-53-AC-6(1)5499 ······-·NIST-800-53-AC-6(1)
5500 ······-·NIST-800-53-CM-6(a)5500 ······-·NIST-800-53-CM-6(a)
Offset 5523, 16 lines modifiedOffset 5523, 16 lines modified
5523 ······-·no_reboot_needed5523 ······-·no_reboot_needed
  
5524 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5524 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5525 ······stat:5525 ······stat:
5526 ········path:·/boot/grub2/grub.cfg5526 ········path:·/boot/grub2/grub.cfg
5527 ······register:·file_exists5527 ······register:·file_exists
5528 ······when:5528 ······when:
5529 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5530 ······-·'"grub2-common"·in·ansible_facts.packages'5529 ······-·'"grub2-common"·in·ansible_facts.packages'
 5530 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5531 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5531 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5532 ······tags:5532 ······tags:
5533 ······-·NIST-800-171-3.4.55533 ······-·NIST-800-171-3.4.5
5534 ······-·NIST-800-53-AC-6(1)5534 ······-·NIST-800-53-AC-6(1)
5535 ······-·NIST-800-53-CM-6(a)5535 ······-·NIST-800-53-CM-6(a)
5536 ······-·configure_strategy5536 ······-·configure_strategy
5537 ······-·file_permissions_efi_grub2_cfg5537 ······-·file_permissions_efi_grub2_cfg
Offset 5542, 16 lines modifiedOffset 5542, 16 lines modified
5542 ······-·no_reboot_needed5542 ······-·no_reboot_needed
  
5543 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5543 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5544 ······file:5544 ······file:
5545 ········path:·/boot/grub2/grub.cfg5545 ········path:·/boot/grub2/grub.cfg
5546 ········mode:·u-s,g-xwrs,o-xwrt5546 ········mode:·u-s,g-xwrs,o-xwrt
5547 ······when:5547 ······when:
5548 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5549 ······-·'"grub2-common"·in·ansible_facts.packages'5548 ······-·'"grub2-common"·in·ansible_facts.packages'
 5549 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5550 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5550 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5551 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5551 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5552 ······tags:5552 ······tags:
5553 ······-·NIST-800-171-3.4.55553 ······-·NIST-800-171-3.4.5
5554 ······-·NIST-800-53-AC-6(1)5554 ······-·NIST-800-53-AC-6(1)
5555 ······-·NIST-800-53-CM-6(a)5555 ······-·NIST-800-53-CM-6(a)
5556 ······-·configure_strategy5556 ······-·configure_strategy
Offset 5577, 16 lines modifiedOffset 5577, 16 lines modified
5577 ······-·no_reboot_needed5577 ······-·no_reboot_needed
  
5578 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5578 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5579 ······stat:5579 ······stat:
5580 ········path:·/boot/grub2/user.cfg5580 ········path:·/boot/grub2/user.cfg
5581 ······register:·file_exists5581 ······register:·file_exists
5582 ······when:5582 ······when:
5583 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5584 ······-·'"grub2-common"·in·ansible_facts.packages'5583 ······-·'"grub2-common"·in·ansible_facts.packages'
 5584 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5585 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5585 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5586 ······tags:5586 ······tags:
5587 ······-·NIST-800-171-3.4.55587 ······-·NIST-800-171-3.4.5
5588 ······-·NIST-800-53-AC-6(1)5588 ······-·NIST-800-53-AC-6(1)
5589 ······-·NIST-800-53-CM-6(a)5589 ······-·NIST-800-53-CM-6(a)
5590 ······-·configure_strategy5590 ······-·configure_strategy
5591 ······-·file_permissions_efi_user_cfg5591 ······-·file_permissions_efi_user_cfg
Offset 5596, 16 lines modifiedOffset 5596, 16 lines modified
5596 ······-·no_reboot_needed5596 ······-·no_reboot_needed
Max diff block lines reached; 655/5329 bytes (12.29%) of diff not shown.
5.39 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 21742, 16 lines modifiedOffset 21742, 16 lines modified
21742 ······-·no_reboot_needed21742 ······-·no_reboot_needed
  
21743 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21743 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21744 ······stat:21744 ······stat:
21745 ········path:·/boot/grub2/user.cfg21745 ········path:·/boot/grub2/user.cfg
21746 ······register:·file_exists21746 ······register:·file_exists
21747 ······when:21747 ······when:
21748 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21749 ······-·'"grub2-common"·in·ansible_facts.packages'21748 ······-·'"grub2-common"·in·ansible_facts.packages'
 21749 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21750 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21750 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21751 ······tags:21751 ······tags:
21752 ······-·CJIS-5.5.2.221752 ······-·CJIS-5.5.2.2
21753 ······-·NIST-800-171-3.4.521753 ······-·NIST-800-171-3.4.5
21754 ······-·NIST-800-53-AC-6(1)21754 ······-·NIST-800-53-AC-6(1)
21755 ······-·NIST-800-53-CM-6(a)21755 ······-·NIST-800-53-CM-6(a)
21756 ······-·PCI-DSS-Req-7.121756 ······-·PCI-DSS-Req-7.1
Offset 21763, 16 lines modifiedOffset 21763, 16 lines modified
21763 ······-·no_reboot_needed21763 ······-·no_reboot_needed
  
21764 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21764 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21765 ······file:21765 ······file:
21766 ········path:·/boot/grub2/user.cfg21766 ········path:·/boot/grub2/user.cfg
21767 ········group:·'0'21767 ········group:·'0'
21768 ······when:21768 ······when:
21769 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21770 ······-·'"grub2-common"·in·ansible_facts.packages'21769 ······-·'"grub2-common"·in·ansible_facts.packages'
 21770 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21772 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21772 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21773 ······tags:21773 ······tags:
21774 ······-·CJIS-5.5.2.221774 ······-·CJIS-5.5.2.2
21775 ······-·NIST-800-171-3.4.521775 ······-·NIST-800-171-3.4.5
21776 ······-·NIST-800-53-AC-6(1)21776 ······-·NIST-800-53-AC-6(1)
21777 ······-·NIST-800-53-CM-6(a)21777 ······-·NIST-800-53-CM-6(a)
Offset 21802, 16 lines modifiedOffset 21802, 16 lines modified
21802 ······-·no_reboot_needed21802 ······-·no_reboot_needed
  
21803 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21803 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21804 ······stat:21804 ······stat:
21805 ········path:·/boot/grub2/user.cfg21805 ········path:·/boot/grub2/user.cfg
21806 ······register:·file_exists21806 ······register:·file_exists
21807 ······when:21807 ······when:
21808 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21809 ······-·'"grub2-common"·in·ansible_facts.packages'21808 ······-·'"grub2-common"·in·ansible_facts.packages'
 21809 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21810 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21810 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21811 ······tags:21811 ······tags:
21812 ······-·CJIS-5.5.2.221812 ······-·CJIS-5.5.2.2
21813 ······-·NIST-800-171-3.4.521813 ······-·NIST-800-171-3.4.5
21814 ······-·NIST-800-53-AC-6(1)21814 ······-·NIST-800-53-AC-6(1)
21815 ······-·NIST-800-53-CM-6(a)21815 ······-·NIST-800-53-CM-6(a)
21816 ······-·PCI-DSS-Req-7.121816 ······-·PCI-DSS-Req-7.1
Offset 21823, 16 lines modifiedOffset 21823, 16 lines modified
21823 ······-·no_reboot_needed21823 ······-·no_reboot_needed
  
21824 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg21824 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
21825 ······file:21825 ······file:
21826 ········path:·/boot/grub2/user.cfg21826 ········path:·/boot/grub2/user.cfg
21827 ········owner:·'0'21827 ········owner:·'0'
21828 ······when:21828 ······when:
21829 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21830 ······-·'"grub2-common"·in·ansible_facts.packages'21829 ······-·'"grub2-common"·in·ansible_facts.packages'
 21830 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21831 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21831 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21832 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21832 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21833 ······tags:21833 ······tags:
21834 ······-·CJIS-5.5.2.221834 ······-·CJIS-5.5.2.2
21835 ······-·NIST-800-171-3.4.521835 ······-·NIST-800-171-3.4.5
21836 ······-·NIST-800-53-AC-6(1)21836 ······-·NIST-800-53-AC-6(1)
21837 ······-·NIST-800-53-CM-6(a)21837 ······-·NIST-800-53-CM-6(a)
Offset 21860, 16 lines modifiedOffset 21860, 16 lines modified
21860 ······-·no_reboot_needed21860 ······-·no_reboot_needed
  
21861 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21861 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21862 ······stat:21862 ······stat:
21863 ········path:·/boot/grub2/grub.cfg21863 ········path:·/boot/grub2/grub.cfg
21864 ······register:·file_exists21864 ······register:·file_exists
21865 ······when:21865 ······when:
21866 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21867 ······-·'"grub2-common"·in·ansible_facts.packages'21866 ······-·'"grub2-common"·in·ansible_facts.packages'
 21867 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21868 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21868 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21869 ······tags:21869 ······tags:
21870 ······-·NIST-800-171-3.4.521870 ······-·NIST-800-171-3.4.5
21871 ······-·NIST-800-53-AC-6(1)21871 ······-·NIST-800-53-AC-6(1)
21872 ······-·NIST-800-53-CM-6(a)21872 ······-·NIST-800-53-CM-6(a)
21873 ······-·configure_strategy21873 ······-·configure_strategy
21874 ······-·file_permissions_efi_grub2_cfg21874 ······-·file_permissions_efi_grub2_cfg
Offset 21879, 16 lines modifiedOffset 21879, 16 lines modified
21879 ······-·no_reboot_needed21879 ······-·no_reboot_needed
  
21880 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg21880 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
21881 ······file:21881 ······file:
21882 ········path:·/boot/grub2/grub.cfg21882 ········path:·/boot/grub2/grub.cfg
21883 ········mode:·u-s,g-xwrs,o-xwrt21883 ········mode:·u-s,g-xwrs,o-xwrt
21884 ······when:21884 ······when:
21885 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21886 ······-·'"grub2-common"·in·ansible_facts.packages'21885 ······-·'"grub2-common"·in·ansible_facts.packages'
 21886 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21889 ······tags:21889 ······tags:
21890 ······-·NIST-800-171-3.4.521890 ······-·NIST-800-171-3.4.5
21891 ······-·NIST-800-53-AC-6(1)21891 ······-·NIST-800-53-AC-6(1)
21892 ······-·NIST-800-53-CM-6(a)21892 ······-·NIST-800-53-CM-6(a)
21893 ······-·configure_strategy21893 ······-·configure_strategy
Offset 21914, 16 lines modifiedOffset 21914, 16 lines modified
21914 ······-·no_reboot_needed21914 ······-·no_reboot_needed
  
21915 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21915 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21916 ······stat:21916 ······stat:
21917 ········path:·/boot/grub2/user.cfg21917 ········path:·/boot/grub2/user.cfg
21918 ······register:·file_exists21918 ······register:·file_exists
21919 ······when:21919 ······when:
21920 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21921 ······-·'"grub2-common"·in·ansible_facts.packages'21920 ······-·'"grub2-common"·in·ansible_facts.packages'
 21921 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
21922 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21922 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21923 ······tags:21923 ······tags:
21924 ······-·NIST-800-171-3.4.521924 ······-·NIST-800-171-3.4.5
21925 ······-·NIST-800-53-AC-6(1)21925 ······-·NIST-800-53-AC-6(1)
21926 ······-·NIST-800-53-CM-6(a)21926 ······-·NIST-800-53-CM-6(a)
21927 ······-·configure_strategy21927 ······-·configure_strategy
21928 ······-·file_permissions_efi_user_cfg21928 ······-·file_permissions_efi_user_cfg
Offset 21933, 16 lines modifiedOffset 21933, 16 lines modified
21933 ······-·no_reboot_needed21933 ······-·no_reboot_needed
Max diff block lines reached; 655/5345 bytes (12.25%) of diff not shown.
796 B
./usr/share/scap-security-guide/ansible/cs9-playbook-stig.yml
Ordering differences only
    
Offset 43513, 16 lines modifiedOffset 43513, 16 lines modified
43513 ········lineinfile:43513 ········lineinfile:
43514 ··········path:·/etc/postfix/main.cf43514 ··········path:·/etc/postfix/main.cf
43515 ··········create:·true43515 ··········create:·true
43516 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*43516 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
43517 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject43517 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
43518 ··········state:·present43518 ··········state:·present
43519 ······when:43519 ······when:
43520 ······-·'"postfix"·in·ansible_facts.packages' 
43521 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43520 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 43521 ······-·'"postfix"·in·ansible_facts.packages'
43522 ······tags:43522 ······tags:
43523 ······-·low_complexity43523 ······-·low_complexity
43524 ······-·low_disruption43524 ······-·low_disruption
43525 ······-·medium_severity43525 ······-·medium_severity
43526 ······-·no_reboot_needed43526 ······-·no_reboot_needed
43527 ······-·postfix_prevent_unrestricted_relay43527 ······-·postfix_prevent_unrestricted_relay
43528 ······-·restrict_strategy43528 ······-·restrict_strategy
804 B
./usr/share/scap-security-guide/ansible/cs9-playbook-stig_gui.yml
Ordering differences only
    
Offset 43487, 16 lines modifiedOffset 43487, 16 lines modified
43487 ········lineinfile:43487 ········lineinfile:
43488 ··········path:·/etc/postfix/main.cf43488 ··········path:·/etc/postfix/main.cf
43489 ··········create:·true43489 ··········create:·true
43490 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*43490 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
43491 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject43491 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
43492 ··········state:·present43492 ··········state:·present
43493 ······when:43493 ······when:
43494 ······-·'"postfix"·in·ansible_facts.packages' 
43495 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43494 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 43495 ······-·'"postfix"·in·ansible_facts.packages'
43496 ······tags:43496 ······tags:
43497 ······-·low_complexity43497 ······-·low_complexity
43498 ······-·low_disruption43498 ······-·low_disruption
43499 ······-·medium_severity43499 ······-·medium_severity
43500 ······-·no_reboot_needed43500 ······-·no_reboot_needed
43501 ······-·postfix_prevent_unrestricted_relay43501 ······-·postfix_prevent_unrestricted_relay
43502 ······-·restrict_strategy43502 ······-·restrict_strategy
250 KB
./usr/share/scap-security-guide/ansible/fedora-playbook-ospp.yml
Ordering differences only
    
Offset 5154, 16 lines modifiedOffset 5154, 16 lines modified
5154 ······-·reboot_required5154 ······-·reboot_required
5155 ······-·restrict_strategy5155 ······-·restrict_strategy
  
5156 ····-·name:·Set·architecture·for·audit·open·tasks5156 ····-·name:·Set·architecture·for·audit·open·tasks
5157 ······set_fact:5157 ······set_fact:
5158 ········audit_arch:·b645158 ········audit_arch:·b64
5159 ······when:5159 ······when:
5160 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5161 ······-·'"audit"·in·ansible_facts.packages'5160 ······-·'"audit"·in·ansible_facts.packages'
 5161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5162 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5162 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5163 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5163 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5164 ······tags:5164 ······tags:
5165 ······-·NIST-800-53-AC-2(4)5165 ······-·NIST-800-53-AC-2(4)
5166 ······-·NIST-800-53-AC-6(9)5166 ······-·NIST-800-53-AC-6(9)
5167 ······-·NIST-800-53-AU-12(c)5167 ······-·NIST-800-53-AU-12(c)
5168 ······-·NIST-800-53-AU-2(d)5168 ······-·NIST-800-53-AU-2(d)
Offset 5292, 16 lines modifiedOffset 5292, 16 lines modified
5292 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group5292 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group
5293 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5293 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5294 ··········create:·true5294 ··········create:·true
5295 ··········mode:·o-rwx5295 ··········mode:·o-rwx
5296 ··········state:·present5296 ··········state:·present
5297 ········when:·syscalls_found·|·length·==·05297 ········when:·syscalls_found·|·length·==·0
5298 ······when:5298 ······when:
5299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5300 ······-·'"audit"·in·ansible_facts.packages'5299 ······-·'"audit"·in·ansible_facts.packages'
 5300 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5301 ······tags:5301 ······tags:
5302 ······-·NIST-800-53-AC-2(4)5302 ······-·NIST-800-53-AC-2(4)
5303 ······-·NIST-800-53-AC-6(9)5303 ······-·NIST-800-53-AC-6(9)
5304 ······-·NIST-800-53-AU-12(c)5304 ······-·NIST-800-53-AU-12(c)
5305 ······-·NIST-800-53-AU-2(d)5305 ······-·NIST-800-53-AU-2(d)
5306 ······-·NIST-800-53-CM-6(a)5306 ······-·NIST-800-53-CM-6(a)
5307 ······-·audit_rules_etc_group_open5307 ······-·audit_rules_etc_group_open
Offset 5428, 16 lines modifiedOffset 5428, 16 lines modified
5428 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group5428 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group
5429 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5429 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5430 ··········create:·true5430 ··········create:·true
5431 ··········mode:·o-rwx5431 ··········mode:·o-rwx
5432 ··········state:·present5432 ··········state:·present
5433 ········when:·syscalls_found·|·length·==·05433 ········when:·syscalls_found·|·length·==·0
5434 ······when:5434 ······when:
5435 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5436 ······-·'"audit"·in·ansible_facts.packages'5435 ······-·'"audit"·in·ansible_facts.packages'
 5436 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5437 ······-·audit_arch·==·"b64"5437 ······-·audit_arch·==·"b64"
5438 ······tags:5438 ······tags:
5439 ······-·NIST-800-53-AC-2(4)5439 ······-·NIST-800-53-AC-2(4)
5440 ······-·NIST-800-53-AC-6(9)5440 ······-·NIST-800-53-AC-6(9)
5441 ······-·NIST-800-53-AU-12(c)5441 ······-·NIST-800-53-AU-12(c)
5442 ······-·NIST-800-53-AU-2(d)5442 ······-·NIST-800-53-AU-2(d)
5443 ······-·NIST-800-53-CM-6(a)5443 ······-·NIST-800-53-CM-6(a)
Offset 5465, 16 lines modifiedOffset 5465, 16 lines modified
5465 ······-·reboot_required5465 ······-·reboot_required
5466 ······-·restrict_strategy5466 ······-·restrict_strategy
  
5467 ····-·name:·Set·architecture·for·audit·open_by_handle_at·tasks5467 ····-·name:·Set·architecture·for·audit·open_by_handle_at·tasks
5468 ······set_fact:5468 ······set_fact:
5469 ········audit_arch:·b645469 ········audit_arch:·b64
5470 ······when:5470 ······when:
5471 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5472 ······-·'"audit"·in·ansible_facts.packages'5471 ······-·'"audit"·in·ansible_facts.packages'
 5472 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5473 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5473 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5474 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5474 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5475 ······tags:5475 ······tags:
5476 ······-·NIST-800-53-AC-2(4)5476 ······-·NIST-800-53-AC-2(4)
5477 ······-·NIST-800-53-AC-6(9)5477 ······-·NIST-800-53-AC-6(9)
5478 ······-·NIST-800-53-AU-12(c)5478 ······-·NIST-800-53-AU-12(c)
5479 ······-·NIST-800-53-AU-2(d)5479 ······-·NIST-800-53-AU-2(d)
Offset 5603, 16 lines modifiedOffset 5603, 16 lines modified
5603 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group5603 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group
5604 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5604 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5605 ··········create:·true5605 ··········create:·true
5606 ··········mode:·o-rwx5606 ··········mode:·o-rwx
5607 ··········state:·present5607 ··········state:·present
5608 ········when:·syscalls_found·|·length·==·05608 ········when:·syscalls_found·|·length·==·0
5609 ······when:5609 ······when:
5610 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5611 ······-·'"audit"·in·ansible_facts.packages'5610 ······-·'"audit"·in·ansible_facts.packages'
 5611 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5612 ······tags:5612 ······tags:
5613 ······-·NIST-800-53-AC-2(4)5613 ······-·NIST-800-53-AC-2(4)
5614 ······-·NIST-800-53-AC-6(9)5614 ······-·NIST-800-53-AC-6(9)
5615 ······-·NIST-800-53-AU-12(c)5615 ······-·NIST-800-53-AU-12(c)
5616 ······-·NIST-800-53-AU-2(d)5616 ······-·NIST-800-53-AU-2(d)
5617 ······-·NIST-800-53-CM-6(a)5617 ······-·NIST-800-53-CM-6(a)
5618 ······-·audit_rules_etc_group_open_by_handle_at5618 ······-·audit_rules_etc_group_open_by_handle_at
Offset 5739, 16 lines modifiedOffset 5739, 16 lines modified
5739 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group5739 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group
5740 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5740 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5741 ··········create:·true5741 ··········create:·true
5742 ··········mode:·o-rwx5742 ··········mode:·o-rwx
5743 ··········state:·present5743 ··········state:·present
5744 ········when:·syscalls_found·|·length·==·05744 ········when:·syscalls_found·|·length·==·0
5745 ······when:5745 ······when:
5746 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5747 ······-·'"audit"·in·ansible_facts.packages'5746 ······-·'"audit"·in·ansible_facts.packages'
 5747 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5748 ······-·audit_arch·==·"b64"5748 ······-·audit_arch·==·"b64"
5749 ······tags:5749 ······tags:
5750 ······-·NIST-800-53-AC-2(4)5750 ······-·NIST-800-53-AC-2(4)
5751 ······-·NIST-800-53-AC-6(9)5751 ······-·NIST-800-53-AC-6(9)
5752 ······-·NIST-800-53-AU-12(c)5752 ······-·NIST-800-53-AU-12(c)
5753 ······-·NIST-800-53-AU-2(d)5753 ······-·NIST-800-53-AU-2(d)
5754 ······-·NIST-800-53-CM-6(a)5754 ······-·NIST-800-53-CM-6(a)
Offset 5776, 16 lines modifiedOffset 5776, 16 lines modified
5776 ······-·reboot_required5776 ······-·reboot_required
5777 ······-·restrict_strategy5777 ······-·restrict_strategy
  
5778 ····-·name:·Set·architecture·for·audit·openat·tasks5778 ····-·name:·Set·architecture·for·audit·openat·tasks
5779 ······set_fact:5779 ······set_fact:
5780 ········audit_arch:·b645780 ········audit_arch:·b64
5781 ······when:5781 ······when:
5782 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5783 ······-·'"audit"·in·ansible_facts.packages'5782 ······-·'"audit"·in·ansible_facts.packages'
 5783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5784 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5784 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5785 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5785 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5786 ······tags:5786 ······tags:
5787 ······-·NIST-800-53-AC-2(4)5787 ······-·NIST-800-53-AC-2(4)
5788 ······-·NIST-800-53-AC-6(9)5788 ······-·NIST-800-53-AC-6(9)
5789 ······-·NIST-800-53-AU-12(c)5789 ······-·NIST-800-53-AU-12(c)
5790 ······-·NIST-800-53-AU-2(d)5790 ······-·NIST-800-53-AU-2(d)
Offset 5914, 16 lines modifiedOffset 5914, 16 lines modified
5914 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group5914 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group
Max diff block lines reached; 250199/255595 bytes (97.89%) of diff not shown.
162 KB
./usr/share/scap-security-guide/ansible/fedora-playbook-pci-dss.yml
Ordering differences only
    
Offset 4622, 16 lines modifiedOffset 4622, 16 lines modified
  
4622 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4622 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4623 ······find:4623 ······find:
4624 ········paths:·/etc/audit/rules.d/4624 ········paths:·/etc/audit/rules.d/
4625 ········patterns:·'*.rules'4625 ········patterns:·'*.rules'
4626 ······register:·find_rules_d4626 ······register:·find_rules_d
4627 ······when:4627 ······when:
4628 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4629 ······-·'"audit"·in·ansible_facts.packages'4628 ······-·'"audit"·in·ansible_facts.packages'
 4629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4630 ······tags:4630 ······tags:
4631 ······-·CJIS-5.4.1.14631 ······-·CJIS-5.4.1.1
4632 ······-·NIST-800-171-3.3.14632 ······-·NIST-800-171-3.3.1
4633 ······-·NIST-800-171-3.4.34633 ······-·NIST-800-171-3.4.3
4634 ······-·NIST-800-53-AC-6(9)4634 ······-·NIST-800-53-AC-6(9)
4635 ······-·NIST-800-53-CM-6(a)4635 ······-·NIST-800-53-CM-6(a)
4636 ······-·PCI-DSS-Req-10.5.24636 ······-·PCI-DSS-Req-10.5.2
Offset 4646, 16 lines modifiedOffset 4646, 16 lines modified
4646 ······lineinfile:4646 ······lineinfile:
4647 ········path:·'{{·item·}}'4647 ········path:·'{{·item·}}'
4648 ········regexp:·^\s*(?:-e)\s+.*$4648 ········regexp:·^\s*(?:-e)\s+.*$
4649 ········state:·absent4649 ········state:·absent
4650 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4650 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4651 ········}}'4651 ········}}'
4652 ······when:4652 ······when:
4653 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4654 ······-·'"audit"·in·ansible_facts.packages'4653 ······-·'"audit"·in·ansible_facts.packages'
 4654 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4655 ······tags:4655 ······tags:
4656 ······-·CJIS-5.4.1.14656 ······-·CJIS-5.4.1.1
4657 ······-·NIST-800-171-3.3.14657 ······-·NIST-800-171-3.3.1
4658 ······-·NIST-800-171-3.4.34658 ······-·NIST-800-171-3.4.3
4659 ······-·NIST-800-53-AC-6(9)4659 ······-·NIST-800-53-AC-6(9)
4660 ······-·NIST-800-53-CM-6(a)4660 ······-·NIST-800-53-CM-6(a)
4661 ······-·PCI-DSS-Req-10.5.24661 ······-·PCI-DSS-Req-10.5.2
Offset 4672, 16 lines modifiedOffset 4672, 16 lines modified
4672 ········create:·true4672 ········create:·true
4673 ········line:·-e·24673 ········line:·-e·2
4674 ········mode:·o-rwx4674 ········mode:·o-rwx
4675 ······loop:4675 ······loop:
4676 ······-·/etc/audit/audit.rules4676 ······-·/etc/audit/audit.rules
4677 ······-·/etc/audit/rules.d/immutable.rules4677 ······-·/etc/audit/rules.d/immutable.rules
4678 ······when:4678 ······when:
4679 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4680 ······-·'"audit"·in·ansible_facts.packages'4679 ······-·'"audit"·in·ansible_facts.packages'
 4680 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4681 ······tags:4681 ······tags:
4682 ······-·CJIS-5.4.1.14682 ······-·CJIS-5.4.1.1
4683 ······-·NIST-800-171-3.3.14683 ······-·NIST-800-171-3.3.1
4684 ······-·NIST-800-171-3.4.34684 ······-·NIST-800-171-3.4.3
4685 ······-·NIST-800-53-AC-6(9)4685 ······-·NIST-800-53-AC-6(9)
4686 ······-·NIST-800-53-CM-6(a)4686 ······-·NIST-800-53-CM-6(a)
4687 ······-·PCI-DSS-Req-10.5.24687 ······-·PCI-DSS-Req-10.5.2
Offset 4713, 16 lines modifiedOffset 4713, 16 lines modified
4713 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4713 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4714 ······find:4714 ······find:
4715 ········paths:·/etc/audit/rules.d4715 ········paths:·/etc/audit/rules.d
4716 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4716 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4717 ········patterns:·'*.rules'4717 ········patterns:·'*.rules'
4718 ······register:·find_existing_watch_rules_d4718 ······register:·find_existing_watch_rules_d
4719 ······when:4719 ······when:
4720 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4721 ······-·'"audit"·in·ansible_facts.packages'4720 ······-·'"audit"·in·ansible_facts.packages'
 4721 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4722 ······tags:4722 ······tags:
4723 ······-·CJIS-5.4.1.14723 ······-·CJIS-5.4.1.1
4724 ······-·NIST-800-171-3.1.84724 ······-·NIST-800-171-3.1.8
4725 ······-·NIST-800-53-AU-12(c)4725 ······-·NIST-800-53-AU-12(c)
4726 ······-·NIST-800-53-AU-2(d)4726 ······-·NIST-800-53-AU-2(d)
4727 ······-·NIST-800-53-CM-6(a)4727 ······-·NIST-800-53-CM-6(a)
4728 ······-·PCI-DSS-Req-10.5.54728 ······-·PCI-DSS-Req-10.5.5
Offset 4736, 16 lines modifiedOffset 4736, 16 lines modified
4736 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4736 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4737 ······find:4737 ······find:
4738 ········paths:·/etc/audit/rules.d4738 ········paths:·/etc/audit/rules.d
4739 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4739 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4740 ········patterns:·'*.rules'4740 ········patterns:·'*.rules'
4741 ······register:·find_watch_key4741 ······register:·find_watch_key
4742 ······when:4742 ······when:
4743 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4744 ······-·'"audit"·in·ansible_facts.packages'4743 ······-·'"audit"·in·ansible_facts.packages'
 4744 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4745 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4745 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4746 ········==·04746 ········==·0
4747 ······tags:4747 ······tags:
4748 ······-·CJIS-5.4.1.14748 ······-·CJIS-5.4.1.1
4749 ······-·NIST-800-171-3.1.84749 ······-·NIST-800-171-3.1.8
4750 ······-·NIST-800-53-AU-12(c)4750 ······-·NIST-800-53-AU-12(c)
4751 ······-·NIST-800-53-AU-2(d)4751 ······-·NIST-800-53-AU-2(d)
Offset 4759, 16 lines modifiedOffset 4759, 16 lines modified
4759 ······-·restrict_strategy4759 ······-·restrict_strategy
  
4760 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4760 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4761 ······set_fact:4761 ······set_fact:
4762 ········all_files:4762 ········all_files:
4763 ········-·/etc/audit/rules.d/MAC-policy.rules4763 ········-·/etc/audit/rules.d/MAC-policy.rules
4764 ······when:4764 ······when:
4765 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4766 ······-·'"audit"·in·ansible_facts.packages'4765 ······-·'"audit"·in·ansible_facts.packages'
 4766 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4767 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4767 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4768 ········is·defined·and·find_existing_watch_rules_d.matched·==·04768 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4769 ······tags:4769 ······tags:
4770 ······-·CJIS-5.4.1.14770 ······-·CJIS-5.4.1.1
4771 ······-·NIST-800-171-3.1.84771 ······-·NIST-800-171-3.1.8
4772 ······-·NIST-800-53-AU-12(c)4772 ······-·NIST-800-53-AU-12(c)
4773 ······-·NIST-800-53-AU-2(d)4773 ······-·NIST-800-53-AU-2(d)
Offset 4782, 16 lines modifiedOffset 4782, 16 lines modified
4782 ······-·restrict_strategy4782 ······-·restrict_strategy
  
4783 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4783 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4784 ······set_fact:4784 ······set_fact:
4785 ········all_files:4785 ········all_files:
4786 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4786 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4787 ······when:4787 ······when:
4788 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4789 ······-·'"audit"·in·ansible_facts.packages'4788 ······-·'"audit"·in·ansible_facts.packages'
 4789 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4790 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4790 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4791 ········is·defined·and·find_existing_watch_rules_d.matched·==·04791 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4792 ······tags:4792 ······tags:
4793 ······-·CJIS-5.4.1.14793 ······-·CJIS-5.4.1.1
4794 ······-·NIST-800-171-3.1.84794 ······-·NIST-800-171-3.1.8
4795 ······-·NIST-800-53-AU-12(c)4795 ······-·NIST-800-53-AU-12(c)
4796 ······-·NIST-800-53-AU-2(d)4796 ······-·NIST-800-53-AU-2(d)
Offset 4807, 16 lines modifiedOffset 4807, 16 lines modified
4807 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4807 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 160695/165730 bytes (96.96%) of diff not shown.
106 KB
./usr/share/scap-security-guide/ansible/fedora-playbook-standard.yml
Ordering differences only
    
Offset 1570, 16 lines modifiedOffset 1570, 16 lines modified
  
1570 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1570 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1571 ······find:1571 ······find:
1572 ········paths:·/etc/audit/rules.d/1572 ········paths:·/etc/audit/rules.d/
1573 ········patterns:·'*.rules'1573 ········patterns:·'*.rules'
1574 ······register:·find_rules_d1574 ······register:·find_rules_d
1575 ······when:1575 ······when:
1576 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1577 ······-·'"audit"·in·ansible_facts.packages'1576 ······-·'"audit"·in·ansible_facts.packages'
 1577 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1578 ······tags:1578 ······tags:
1579 ······-·CJIS-5.4.1.11579 ······-·CJIS-5.4.1.1
1580 ······-·NIST-800-171-3.3.11580 ······-·NIST-800-171-3.3.1
1581 ······-·NIST-800-171-3.4.31581 ······-·NIST-800-171-3.4.3
1582 ······-·NIST-800-53-AC-6(9)1582 ······-·NIST-800-53-AC-6(9)
1583 ······-·NIST-800-53-CM-6(a)1583 ······-·NIST-800-53-CM-6(a)
1584 ······-·PCI-DSS-Req-10.5.21584 ······-·PCI-DSS-Req-10.5.2
Offset 1594, 16 lines modifiedOffset 1594, 16 lines modified
1594 ······lineinfile:1594 ······lineinfile:
1595 ········path:·'{{·item·}}'1595 ········path:·'{{·item·}}'
1596 ········regexp:·^\s*(?:-e)\s+.*$1596 ········regexp:·^\s*(?:-e)\s+.*$
1597 ········state:·absent1597 ········state:·absent
1598 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1598 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1599 ········}}'1599 ········}}'
1600 ······when:1600 ······when:
1601 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1602 ······-·'"audit"·in·ansible_facts.packages'1601 ······-·'"audit"·in·ansible_facts.packages'
 1602 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1603 ······tags:1603 ······tags:
1604 ······-·CJIS-5.4.1.11604 ······-·CJIS-5.4.1.1
1605 ······-·NIST-800-171-3.3.11605 ······-·NIST-800-171-3.3.1
1606 ······-·NIST-800-171-3.4.31606 ······-·NIST-800-171-3.4.3
1607 ······-·NIST-800-53-AC-6(9)1607 ······-·NIST-800-53-AC-6(9)
1608 ······-·NIST-800-53-CM-6(a)1608 ······-·NIST-800-53-CM-6(a)
1609 ······-·PCI-DSS-Req-10.5.21609 ······-·PCI-DSS-Req-10.5.2
Offset 1620, 16 lines modifiedOffset 1620, 16 lines modified
1620 ········create:·true1620 ········create:·true
1621 ········line:·-e·21621 ········line:·-e·2
1622 ········mode:·o-rwx1622 ········mode:·o-rwx
1623 ······loop:1623 ······loop:
1624 ······-·/etc/audit/audit.rules1624 ······-·/etc/audit/audit.rules
1625 ······-·/etc/audit/rules.d/immutable.rules1625 ······-·/etc/audit/rules.d/immutable.rules
1626 ······when:1626 ······when:
1627 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1628 ······-·'"audit"·in·ansible_facts.packages'1627 ······-·'"audit"·in·ansible_facts.packages'
 1628 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1629 ······tags:1629 ······tags:
1630 ······-·CJIS-5.4.1.11630 ······-·CJIS-5.4.1.1
1631 ······-·NIST-800-171-3.3.11631 ······-·NIST-800-171-3.3.1
1632 ······-·NIST-800-171-3.4.31632 ······-·NIST-800-171-3.4.3
1633 ······-·NIST-800-53-AC-6(9)1633 ······-·NIST-800-53-AC-6(9)
1634 ······-·NIST-800-53-CM-6(a)1634 ······-·NIST-800-53-CM-6(a)
1635 ······-·PCI-DSS-Req-10.5.21635 ······-·PCI-DSS-Req-10.5.2
Offset 1661, 16 lines modifiedOffset 1661, 16 lines modified
1661 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1661 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1662 ······find:1662 ······find:
1663 ········paths:·/etc/audit/rules.d1663 ········paths:·/etc/audit/rules.d
1664 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1664 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1665 ········patterns:·'*.rules'1665 ········patterns:·'*.rules'
1666 ······register:·find_existing_watch_rules_d1666 ······register:·find_existing_watch_rules_d
1667 ······when:1667 ······when:
1668 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1669 ······-·'"audit"·in·ansible_facts.packages'1668 ······-·'"audit"·in·ansible_facts.packages'
 1669 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1670 ······tags:1670 ······tags:
1671 ······-·CJIS-5.4.1.11671 ······-·CJIS-5.4.1.1
1672 ······-·NIST-800-171-3.1.81672 ······-·NIST-800-171-3.1.8
1673 ······-·NIST-800-53-AU-12(c)1673 ······-·NIST-800-53-AU-12(c)
1674 ······-·NIST-800-53-AU-2(d)1674 ······-·NIST-800-53-AU-2(d)
1675 ······-·NIST-800-53-CM-6(a)1675 ······-·NIST-800-53-CM-6(a)
1676 ······-·PCI-DSS-Req-10.5.51676 ······-·PCI-DSS-Req-10.5.5
Offset 1684, 16 lines modifiedOffset 1684, 16 lines modified
1684 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1684 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1685 ······find:1685 ······find:
1686 ········paths:·/etc/audit/rules.d1686 ········paths:·/etc/audit/rules.d
1687 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1687 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1688 ········patterns:·'*.rules'1688 ········patterns:·'*.rules'
1689 ······register:·find_watch_key1689 ······register:·find_watch_key
1690 ······when:1690 ······when:
1691 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1692 ······-·'"audit"·in·ansible_facts.packages'1691 ······-·'"audit"·in·ansible_facts.packages'
 1692 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1693 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1693 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1694 ········==·01694 ········==·0
1695 ······tags:1695 ······tags:
1696 ······-·CJIS-5.4.1.11696 ······-·CJIS-5.4.1.1
1697 ······-·NIST-800-171-3.1.81697 ······-·NIST-800-171-3.1.8
1698 ······-·NIST-800-53-AU-12(c)1698 ······-·NIST-800-53-AU-12(c)
1699 ······-·NIST-800-53-AU-2(d)1699 ······-·NIST-800-53-AU-2(d)
Offset 1707, 16 lines modifiedOffset 1707, 16 lines modified
1707 ······-·restrict_strategy1707 ······-·restrict_strategy
  
1708 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1708 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1709 ······set_fact:1709 ······set_fact:
1710 ········all_files:1710 ········all_files:
1711 ········-·/etc/audit/rules.d/MAC-policy.rules1711 ········-·/etc/audit/rules.d/MAC-policy.rules
1712 ······when:1712 ······when:
1713 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1714 ······-·'"audit"·in·ansible_facts.packages'1713 ······-·'"audit"·in·ansible_facts.packages'
 1714 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1715 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1715 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1716 ········is·defined·and·find_existing_watch_rules_d.matched·==·01716 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1717 ······tags:1717 ······tags:
1718 ······-·CJIS-5.4.1.11718 ······-·CJIS-5.4.1.1
1719 ······-·NIST-800-171-3.1.81719 ······-·NIST-800-171-3.1.8
1720 ······-·NIST-800-53-AU-12(c)1720 ······-·NIST-800-53-AU-12(c)
1721 ······-·NIST-800-53-AU-2(d)1721 ······-·NIST-800-53-AU-2(d)
Offset 1730, 16 lines modifiedOffset 1730, 16 lines modified
1730 ······-·restrict_strategy1730 ······-·restrict_strategy
  
1731 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1731 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1732 ······set_fact:1732 ······set_fact:
1733 ········all_files:1733 ········all_files:
1734 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1734 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1735 ······when:1735 ······when:
1736 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1737 ······-·'"audit"·in·ansible_facts.packages'1736 ······-·'"audit"·in·ansible_facts.packages'
 1737 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1738 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1738 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1739 ········is·defined·and·find_existing_watch_rules_d.matched·==·01739 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1740 ······tags:1740 ······tags:
1741 ······-·CJIS-5.4.1.11741 ······-·CJIS-5.4.1.1
1742 ······-·NIST-800-171-3.1.81742 ······-·NIST-800-171-3.1.8
1743 ······-·NIST-800-53-AU-12(c)1743 ······-·NIST-800-53-AU-12(c)
1744 ······-·NIST-800-53-AU-2(d)1744 ······-·NIST-800-53-AU-2(d)
Offset 1755, 16 lines modifiedOffset 1755, 16 lines modified
1755 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1755 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 103613/108648 bytes (95.37%) of diff not shown.
908 B
./usr/share/scap-security-guide/ansible/ol7-playbook-anssi_nt28_enhanced.yml
Ordering differences only
    
Offset 5306, 16 lines modifiedOffset 5306, 16 lines modified
5306 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5306 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5307 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5307 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5308 ··········create:·true5308 ··········create:·true
5309 ··········mode:·o-rwx5309 ··········mode:·o-rwx
5310 ··········state:·present5310 ··········state:·present
5311 ········when:·syscalls_found·|·length·==·05311 ········when:·syscalls_found·|·length·==·0
5312 ······when:5312 ······when:
5313 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5314 ······-·'"audit"·in·ansible_facts.packages'5313 ······-·'"audit"·in·ansible_facts.packages'
 5314 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5315 ······tags:5315 ······tags:
5316 ······-·DISA-STIG-OL07-00-0306905316 ······-·DISA-STIG-OL07-00-030690
5317 ······-·NIST-800-171-3.1.75317 ······-·NIST-800-171-3.1.7
5318 ······-·NIST-800-53-AC-6(9)5318 ······-·NIST-800-53-AC-6(9)
5319 ······-·NIST-800-53-AU-12(c)5319 ······-·NIST-800-53-AU-12(c)
5320 ······-·NIST-800-53-AU-2(d)5320 ······-·NIST-800-53-AU-2(d)
5321 ······-·NIST-800-53-CM-6(a)5321 ······-·NIST-800-53-CM-6(a)
900 B
./usr/share/scap-security-guide/ansible/ol7-playbook-anssi_nt28_high.yml
Ordering differences only
    
Offset 5459, 16 lines modifiedOffset 5459, 16 lines modified
5459 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5459 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5460 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5460 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5461 ··········create:·true5461 ··········create:·true
5462 ··········mode:·o-rwx5462 ··········mode:·o-rwx
5463 ··········state:·present5463 ··········state:·present
5464 ········when:·syscalls_found·|·length·==·05464 ········when:·syscalls_found·|·length·==·0
5465 ······when:5465 ······when:
5466 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5467 ······-·'"audit"·in·ansible_facts.packages'5466 ······-·'"audit"·in·ansible_facts.packages'
 5467 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5468 ······tags:5468 ······tags:
5469 ······-·DISA-STIG-OL07-00-0306905469 ······-·DISA-STIG-OL07-00-030690
5470 ······-·NIST-800-171-3.1.75470 ······-·NIST-800-171-3.1.7
5471 ······-·NIST-800-53-AC-6(9)5471 ······-·NIST-800-53-AC-6(9)
5472 ······-·NIST-800-53-AU-12(c)5472 ······-·NIST-800-53-AU-12(c)
5473 ······-·NIST-800-53-AU-2(d)5473 ······-·NIST-800-53-AU-2(d)
5474 ······-·NIST-800-53-CM-6(a)5474 ······-·NIST-800-53-CM-6(a)
916 B
./usr/share/scap-security-guide/ansible/ol7-playbook-anssi_nt28_intermediary.yml
Ordering differences only
    
Offset 5034, 16 lines modifiedOffset 5034, 16 lines modified
5034 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5034 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5035 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5035 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5036 ··········create:·true5036 ··········create:·true
5037 ··········mode:·o-rwx5037 ··········mode:·o-rwx
5038 ··········state:·present5038 ··········state:·present
5039 ········when:·syscalls_found·|·length·==·05039 ········when:·syscalls_found·|·length·==·0
5040 ······when:5040 ······when:
5041 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5042 ······-·'"audit"·in·ansible_facts.packages'5041 ······-·'"audit"·in·ansible_facts.packages'
 5042 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5043 ······tags:5043 ······tags:
5044 ······-·DISA-STIG-OL07-00-0306905044 ······-·DISA-STIG-OL07-00-030690
5045 ······-·NIST-800-171-3.1.75045 ······-·NIST-800-171-3.1.7
5046 ······-·NIST-800-53-AC-6(9)5046 ······-·NIST-800-53-AC-6(9)
5047 ······-·NIST-800-53-AU-12(c)5047 ······-·NIST-800-53-AU-12(c)
5048 ······-·NIST-800-53-AU-2(d)5048 ······-·NIST-800-53-AU-2(d)
5049 ······-·NIST-800-53-CM-6(a)5049 ······-·NIST-800-53-CM-6(a)
107 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-cjis.yml
Ordering differences only
    
Offset 2552, 16 lines modifiedOffset 2552, 16 lines modified
  
2552 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension2552 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
2553 ······find:2553 ······find:
2554 ········paths:·/etc/audit/rules.d/2554 ········paths:·/etc/audit/rules.d/
2555 ········patterns:·'*.rules'2555 ········patterns:·'*.rules'
2556 ······register:·find_rules_d2556 ······register:·find_rules_d
2557 ······when:2557 ······when:
2558 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2559 ······-·'"audit"·in·ansible_facts.packages'2558 ······-·'"audit"·in·ansible_facts.packages'
 2559 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2560 ······tags:2560 ······tags:
2561 ······-·CJIS-5.4.1.12561 ······-·CJIS-5.4.1.1
2562 ······-·NIST-800-171-3.3.12562 ······-·NIST-800-171-3.3.1
2563 ······-·NIST-800-171-3.4.32563 ······-·NIST-800-171-3.4.3
2564 ······-·NIST-800-53-AC-6(9)2564 ······-·NIST-800-53-AC-6(9)
2565 ······-·NIST-800-53-CM-6(a)2565 ······-·NIST-800-53-CM-6(a)
2566 ······-·PCI-DSS-Req-10.5.22566 ······-·PCI-DSS-Req-10.5.2
Offset 2576, 16 lines modifiedOffset 2576, 16 lines modified
2576 ······lineinfile:2576 ······lineinfile:
2577 ········path:·'{{·item·}}'2577 ········path:·'{{·item·}}'
2578 ········regexp:·^\s*(?:-e)\s+.*$2578 ········regexp:·^\s*(?:-e)\s+.*$
2579 ········state:·absent2579 ········state:·absent
2580 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']2580 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
2581 ········}}'2581 ········}}'
2582 ······when:2582 ······when:
2583 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2584 ······-·'"audit"·in·ansible_facts.packages'2583 ······-·'"audit"·in·ansible_facts.packages'
 2584 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2585 ······tags:2585 ······tags:
2586 ······-·CJIS-5.4.1.12586 ······-·CJIS-5.4.1.1
2587 ······-·NIST-800-171-3.3.12587 ······-·NIST-800-171-3.3.1
2588 ······-·NIST-800-171-3.4.32588 ······-·NIST-800-171-3.4.3
2589 ······-·NIST-800-53-AC-6(9)2589 ······-·NIST-800-53-AC-6(9)
2590 ······-·NIST-800-53-CM-6(a)2590 ······-·NIST-800-53-CM-6(a)
2591 ······-·PCI-DSS-Req-10.5.22591 ······-·PCI-DSS-Req-10.5.2
Offset 2602, 16 lines modifiedOffset 2602, 16 lines modified
2602 ········create:·true2602 ········create:·true
2603 ········line:·-e·22603 ········line:·-e·2
2604 ········mode:·o-rwx2604 ········mode:·o-rwx
2605 ······loop:2605 ······loop:
2606 ······-·/etc/audit/audit.rules2606 ······-·/etc/audit/audit.rules
2607 ······-·/etc/audit/rules.d/immutable.rules2607 ······-·/etc/audit/rules.d/immutable.rules
2608 ······when:2608 ······when:
2609 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2610 ······-·'"audit"·in·ansible_facts.packages'2609 ······-·'"audit"·in·ansible_facts.packages'
 2610 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2611 ······tags:2611 ······tags:
2612 ······-·CJIS-5.4.1.12612 ······-·CJIS-5.4.1.1
2613 ······-·NIST-800-171-3.3.12613 ······-·NIST-800-171-3.3.1
2614 ······-·NIST-800-171-3.4.32614 ······-·NIST-800-171-3.4.3
2615 ······-·NIST-800-53-AC-6(9)2615 ······-·NIST-800-53-AC-6(9)
2616 ······-·NIST-800-53-CM-6(a)2616 ······-·NIST-800-53-CM-6(a)
2617 ······-·PCI-DSS-Req-10.5.22617 ······-·PCI-DSS-Req-10.5.2
Offset 2643, 16 lines modifiedOffset 2643, 16 lines modified
2643 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/2643 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
2644 ······find:2644 ······find:
2645 ········paths:·/etc/audit/rules.d2645 ········paths:·/etc/audit/rules.d
2646 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+2646 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
2647 ········patterns:·'*.rules'2647 ········patterns:·'*.rules'
2648 ······register:·find_existing_watch_rules_d2648 ······register:·find_existing_watch_rules_d
2649 ······when:2649 ······when:
2650 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2651 ······-·'"audit"·in·ansible_facts.packages'2650 ······-·'"audit"·in·ansible_facts.packages'
 2651 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2652 ······tags:2652 ······tags:
2653 ······-·CJIS-5.4.1.12653 ······-·CJIS-5.4.1.1
2654 ······-·NIST-800-171-3.1.82654 ······-·NIST-800-171-3.1.8
2655 ······-·NIST-800-53-AU-12(c)2655 ······-·NIST-800-53-AU-12(c)
2656 ······-·NIST-800-53-AU-2(d)2656 ······-·NIST-800-53-AU-2(d)
2657 ······-·NIST-800-53-CM-6(a)2657 ······-·NIST-800-53-CM-6(a)
2658 ······-·PCI-DSS-Req-10.5.52658 ······-·PCI-DSS-Req-10.5.5
Offset 2666, 16 lines modifiedOffset 2666, 16 lines modified
2666 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy2666 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
2667 ······find:2667 ······find:
2668 ········paths:·/etc/audit/rules.d2668 ········paths:·/etc/audit/rules.d
2669 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$2669 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
2670 ········patterns:·'*.rules'2670 ········patterns:·'*.rules'
2671 ······register:·find_watch_key2671 ······register:·find_watch_key
2672 ······when:2672 ······when:
2673 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2674 ······-·'"audit"·in·ansible_facts.packages'2673 ······-·'"audit"·in·ansible_facts.packages'
 2674 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2675 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched2675 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
2676 ········==·02676 ········==·0
2677 ······tags:2677 ······tags:
2678 ······-·CJIS-5.4.1.12678 ······-·CJIS-5.4.1.1
2679 ······-·NIST-800-171-3.1.82679 ······-·NIST-800-171-3.1.8
2680 ······-·NIST-800-53-AU-12(c)2680 ······-·NIST-800-53-AU-12(c)
2681 ······-·NIST-800-53-AU-2(d)2681 ······-·NIST-800-53-AU-2(d)
Offset 2689, 16 lines modifiedOffset 2689, 16 lines modified
2689 ······-·restrict_strategy2689 ······-·restrict_strategy
  
2690 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule2690 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
2691 ······set_fact:2691 ······set_fact:
2692 ········all_files:2692 ········all_files:
2693 ········-·/etc/audit/rules.d/MAC-policy.rules2693 ········-·/etc/audit/rules.d/MAC-policy.rules
2694 ······when:2694 ······when:
2695 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2696 ······-·'"audit"·in·ansible_facts.packages'2695 ······-·'"audit"·in·ansible_facts.packages'
 2696 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2697 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched2697 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
2698 ········is·defined·and·find_existing_watch_rules_d.matched·==·02698 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
2699 ······tags:2699 ······tags:
2700 ······-·CJIS-5.4.1.12700 ······-·CJIS-5.4.1.1
2701 ······-·NIST-800-171-3.1.82701 ······-·NIST-800-171-3.1.8
2702 ······-·NIST-800-53-AU-12(c)2702 ······-·NIST-800-53-AU-12(c)
2703 ······-·NIST-800-53-AU-2(d)2703 ······-·NIST-800-53-AU-2(d)
Offset 2712, 16 lines modifiedOffset 2712, 16 lines modified
2712 ······-·restrict_strategy2712 ······-·restrict_strategy
  
2713 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule2713 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
2714 ······set_fact:2714 ······set_fact:
2715 ········all_files:2715 ········all_files:
2716 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'2716 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
2717 ······when:2717 ······when:
2718 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2719 ······-·'"audit"·in·ansible_facts.packages'2718 ······-·'"audit"·in·ansible_facts.packages'
 2719 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2720 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched2720 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
2721 ········is·defined·and·find_existing_watch_rules_d.matched·==·02721 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
2722 ······tags:2722 ······tags:
2723 ······-·CJIS-5.4.1.12723 ······-·CJIS-5.4.1.1
2724 ······-·NIST-800-171-3.1.82724 ······-·NIST-800-171-3.1.8
2725 ······-·NIST-800-53-AU-12(c)2725 ······-·NIST-800-53-AU-12(c)
2726 ······-·NIST-800-53-AU-2(d)2726 ······-·NIST-800-53-AU-2(d)
Offset 2737, 16 lines modifiedOffset 2737, 16 lines modified
2737 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/2737 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 103937/108972 bytes (95.38%) of diff not shown.
785 B
./usr/share/scap-security-guide/ansible/ol7-playbook-cui.yml
Ordering differences only
    
Offset 4498, 16 lines modifiedOffset 4498, 16 lines modified
4498 ······lineinfile:4498 ······lineinfile:
4499 ········dest:·/etc/audit/auditd.conf4499 ········dest:·/etc/audit/auditd.conf
4500 ········regexp:·^\s*flush\s*=\s*.*$4500 ········regexp:·^\s*flush\s*=\s*.*$
4501 ········line:·flush·=·{{·var_auditd_flush·}}4501 ········line:·flush·=·{{·var_auditd_flush·}}
4502 ········state:·present4502 ········state:·present
4503 ········create:·true4503 ········create:·true
4504 ······when:4504 ······when:
4505 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4506 ······-·'"audit"·in·ansible_facts.packages'4505 ······-·'"audit"·in·ansible_facts.packages'
 4506 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4507 ······tags:4507 ······tags:
4508 ······-·NIST-800-171-3.3.14508 ······-·NIST-800-171-3.3.1
4509 ······-·NIST-800-53-AU-114509 ······-·NIST-800-53-AU-11
4510 ······-·NIST-800-53-CM-6(a)4510 ······-·NIST-800-53-CM-6(a)
4511 ······-·auditd_data_retention_flush4511 ······-·auditd_data_retention_flush
4512 ······-·low_complexity4512 ······-·low_complexity
4513 ······-·low_disruption4513 ······-·low_disruption
74.8 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-e8.yml
Ordering differences only
    
Offset 905, 16 lines modifiedOffset 905, 16 lines modified
905 ······-·no_reboot_needed905 ······-·no_reboot_needed
906 ······-·restrict_strategy906 ······-·restrict_strategy
  
907 ····-·name:·Set·architecture·for·audit·tasks907 ····-·name:·Set·architecture·for·audit·tasks
908 ······set_fact:908 ······set_fact:
909 ········audit_arch:·b64909 ········audit_arch:·b64
910 ······when:910 ······when:
911 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
912 ······-·'"audit"·in·ansible_facts.packages'911 ······-·'"audit"·in·ansible_facts.packages'
 912 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
913 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture913 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
914 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"914 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
915 ······tags:915 ······tags:
916 ······-·CJIS-5.4.1.1916 ······-·CJIS-5.4.1.1
917 ······-·NIST-800-171-3.1.7917 ······-·NIST-800-171-3.1.7
918 ······-·NIST-800-53-AC-6(9)918 ······-·NIST-800-53-AC-6(9)
919 ······-·NIST-800-53-AU-12(c)919 ······-·NIST-800-53-AU-12(c)
Offset 1047, 16 lines modifiedOffset 1047, 16 lines modified
1047 ··········path:·'{{·audit_file·}}'1047 ··········path:·'{{·audit_file·}}'
1048 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1048 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1049 ··········create:·true1049 ··········create:·true
1050 ··········mode:·o-rwx1050 ··········mode:·o-rwx
1051 ··········state:·present1051 ··········state:·present
1052 ········when:·syscalls_found·|·length·==·01052 ········when:·syscalls_found·|·length·==·0
1053 ······when:1053 ······when:
1054 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1055 ······-·'"audit"·in·ansible_facts.packages'1054 ······-·'"audit"·in·ansible_facts.packages'
 1055 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1056 ······tags:1056 ······tags:
1057 ······-·CJIS-5.4.1.11057 ······-·CJIS-5.4.1.1
1058 ······-·NIST-800-171-3.1.71058 ······-·NIST-800-171-3.1.7
1059 ······-·NIST-800-53-AC-6(9)1059 ······-·NIST-800-53-AC-6(9)
1060 ······-·NIST-800-53-AU-12(c)1060 ······-·NIST-800-53-AU-12(c)
1061 ······-·NIST-800-53-AU-2(d)1061 ······-·NIST-800-53-AU-2(d)
1062 ······-·NIST-800-53-CM-6(a)1062 ······-·NIST-800-53-CM-6(a)
Offset 1187, 16 lines modifiedOffset 1187, 16 lines modified
1187 ··········path:·'{{·audit_file·}}'1187 ··········path:·'{{·audit_file·}}'
1188 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1188 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1189 ··········create:·true1189 ··········create:·true
1190 ··········mode:·o-rwx1190 ··········mode:·o-rwx
1191 ··········state:·present1191 ··········state:·present
1192 ········when:·syscalls_found·|·length·==·01192 ········when:·syscalls_found·|·length·==·0
1193 ······when:1193 ······when:
1194 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1195 ······-·'"audit"·in·ansible_facts.packages'1194 ······-·'"audit"·in·ansible_facts.packages'
 1195 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1196 ······-·audit_arch·==·"b64"1196 ······-·audit_arch·==·"b64"
1197 ······tags:1197 ······tags:
1198 ······-·CJIS-5.4.1.11198 ······-·CJIS-5.4.1.1
1199 ······-·NIST-800-171-3.1.71199 ······-·NIST-800-171-3.1.7
1200 ······-·NIST-800-53-AC-6(9)1200 ······-·NIST-800-53-AC-6(9)
1201 ······-·NIST-800-53-AU-12(c)1201 ······-·NIST-800-53-AU-12(c)
1202 ······-·NIST-800-53-AU-2(d)1202 ······-·NIST-800-53-AU-2(d)
Offset 1212, 16 lines modifiedOffset 1212, 16 lines modified
1212 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/1212 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
1213 ······find:1213 ······find:
1214 ········paths:·/etc/audit/rules.d1214 ········paths:·/etc/audit/rules.d
1215 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+1215 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
1216 ········patterns:·'*.rules'1216 ········patterns:·'*.rules'
1217 ······register:·find_existing_watch_rules_d1217 ······register:·find_existing_watch_rules_d
1218 ······when:1218 ······when:
1219 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1220 ······-·'"audit"·in·ansible_facts.packages'1219 ······-·'"audit"·in·ansible_facts.packages'
 1220 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1221 ······tags:1221 ······tags:
1222 ······-·CJIS-5.4.1.11222 ······-·CJIS-5.4.1.1
1223 ······-·NIST-800-171-3.1.71223 ······-·NIST-800-171-3.1.7
1224 ······-·NIST-800-53-AC-6(9)1224 ······-·NIST-800-53-AC-6(9)
1225 ······-·NIST-800-53-AU-12(c)1225 ······-·NIST-800-53-AU-12(c)
1226 ······-·NIST-800-53-AU-2(d)1226 ······-·NIST-800-53-AU-2(d)
1227 ······-·NIST-800-53-CM-6(a)1227 ······-·NIST-800-53-CM-6(a)
Offset 1236, 16 lines modifiedOffset 1236, 16 lines modified
1236 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification1236 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
1237 ······find:1237 ······find:
1238 ········paths:·/etc/audit/rules.d1238 ········paths:·/etc/audit/rules.d
1239 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$1239 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
1240 ········patterns:·'*.rules'1240 ········patterns:·'*.rules'
1241 ······register:·find_watch_key1241 ······register:·find_watch_key
1242 ······when:1242 ······when:
1243 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1244 ······-·'"audit"·in·ansible_facts.packages'1243 ······-·'"audit"·in·ansible_facts.packages'
 1244 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1245 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1245 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1246 ········==·01246 ········==·0
1247 ······tags:1247 ······tags:
1248 ······-·CJIS-5.4.1.11248 ······-·CJIS-5.4.1.1
1249 ······-·NIST-800-171-3.1.71249 ······-·NIST-800-171-3.1.7
1250 ······-·NIST-800-53-AC-6(9)1250 ······-·NIST-800-53-AC-6(9)
1251 ······-·NIST-800-53-AU-12(c)1251 ······-·NIST-800-53-AU-12(c)
Offset 1261, 16 lines modifiedOffset 1261, 16 lines modified
  
1261 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the1261 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
1262 ········recipient·for·the·rule1262 ········recipient·for·the·rule
1263 ······set_fact:1263 ······set_fact:
1264 ········all_files:1264 ········all_files:
1265 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules1265 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
1266 ······when:1266 ······when:
1267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1268 ······-·'"audit"·in·ansible_facts.packages'1267 ······-·'"audit"·in·ansible_facts.packages'
 1268 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1269 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1269 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1270 ········is·defined·and·find_existing_watch_rules_d.matched·==·01270 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1271 ······tags:1271 ······tags:
1272 ······-·CJIS-5.4.1.11272 ······-·CJIS-5.4.1.1
1273 ······-·NIST-800-171-3.1.71273 ······-·NIST-800-171-3.1.7
1274 ······-·NIST-800-53-AC-6(9)1274 ······-·NIST-800-53-AC-6(9)
1275 ······-·NIST-800-53-AU-12(c)1275 ······-·NIST-800-53-AU-12(c)
Offset 1285, 16 lines modifiedOffset 1285, 16 lines modified
1285 ······-·restrict_strategy1285 ······-·restrict_strategy
  
1286 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1286 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1287 ······set_fact:1287 ······set_fact:
1288 ········all_files:1288 ········all_files:
1289 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1289 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1290 ······when:1290 ······when:
1291 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1292 ······-·'"audit"·in·ansible_facts.packages'1291 ······-·'"audit"·in·ansible_facts.packages'
 1292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1293 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1293 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1294 ········is·defined·and·find_existing_watch_rules_d.matched·==·01294 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1295 ······tags:1295 ······tags:
1296 ······-·CJIS-5.4.1.11296 ······-·CJIS-5.4.1.1
1297 ······-·NIST-800-171-3.1.71297 ······-·NIST-800-171-3.1.7
1298 ······-·NIST-800-53-AC-6(9)1298 ······-·NIST-800-53-AC-6(9)
1299 ······-·NIST-800-53-AU-12(c)1299 ······-·NIST-800-53-AU-12(c)
Offset 1311, 16 lines modifiedOffset 1311, 16 lines modified
1311 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/1311 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 71056/76454 bytes (92.94%) of diff not shown.
192 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-hipaa.yml
Ordering differences only
    
Offset 1193, 16 lines modifiedOffset 1193, 16 lines modified
  
1193 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1193 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1194 ······find:1194 ······find:
1195 ········paths:·/etc/audit/rules.d/1195 ········paths:·/etc/audit/rules.d/
1196 ········patterns:·'*.rules'1196 ········patterns:·'*.rules'
1197 ······register:·find_rules_d1197 ······register:·find_rules_d
1198 ······when:1198 ······when:
1199 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1200 ······-·'"audit"·in·ansible_facts.packages'1199 ······-·'"audit"·in·ansible_facts.packages'
 1200 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1201 ······tags:1201 ······tags:
1202 ······-·CJIS-5.4.1.11202 ······-·CJIS-5.4.1.1
1203 ······-·NIST-800-171-3.3.11203 ······-·NIST-800-171-3.3.1
1204 ······-·NIST-800-171-3.4.31204 ······-·NIST-800-171-3.4.3
1205 ······-·NIST-800-53-AC-6(9)1205 ······-·NIST-800-53-AC-6(9)
1206 ······-·NIST-800-53-CM-6(a)1206 ······-·NIST-800-53-CM-6(a)
1207 ······-·PCI-DSS-Req-10.5.21207 ······-·PCI-DSS-Req-10.5.2
Offset 1217, 16 lines modifiedOffset 1217, 16 lines modified
1217 ······lineinfile:1217 ······lineinfile:
1218 ········path:·'{{·item·}}'1218 ········path:·'{{·item·}}'
1219 ········regexp:·^\s*(?:-e)\s+.*$1219 ········regexp:·^\s*(?:-e)\s+.*$
1220 ········state:·absent1220 ········state:·absent
1221 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1221 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1222 ········}}'1222 ········}}'
1223 ······when:1223 ······when:
1224 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1225 ······-·'"audit"·in·ansible_facts.packages'1224 ······-·'"audit"·in·ansible_facts.packages'
 1225 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1226 ······tags:1226 ······tags:
1227 ······-·CJIS-5.4.1.11227 ······-·CJIS-5.4.1.1
1228 ······-·NIST-800-171-3.3.11228 ······-·NIST-800-171-3.3.1
1229 ······-·NIST-800-171-3.4.31229 ······-·NIST-800-171-3.4.3
1230 ······-·NIST-800-53-AC-6(9)1230 ······-·NIST-800-53-AC-6(9)
1231 ······-·NIST-800-53-CM-6(a)1231 ······-·NIST-800-53-CM-6(a)
1232 ······-·PCI-DSS-Req-10.5.21232 ······-·PCI-DSS-Req-10.5.2
Offset 1243, 16 lines modifiedOffset 1243, 16 lines modified
1243 ········create:·true1243 ········create:·true
1244 ········line:·-e·21244 ········line:·-e·2
1245 ········mode:·o-rwx1245 ········mode:·o-rwx
1246 ······loop:1246 ······loop:
1247 ······-·/etc/audit/audit.rules1247 ······-·/etc/audit/audit.rules
1248 ······-·/etc/audit/rules.d/immutable.rules1248 ······-·/etc/audit/rules.d/immutable.rules
1249 ······when:1249 ······when:
1250 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1251 ······-·'"audit"·in·ansible_facts.packages'1250 ······-·'"audit"·in·ansible_facts.packages'
 1251 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1252 ······tags:1252 ······tags:
1253 ······-·CJIS-5.4.1.11253 ······-·CJIS-5.4.1.1
1254 ······-·NIST-800-171-3.3.11254 ······-·NIST-800-171-3.3.1
1255 ······-·NIST-800-171-3.4.31255 ······-·NIST-800-171-3.4.3
1256 ······-·NIST-800-53-AC-6(9)1256 ······-·NIST-800-53-AC-6(9)
1257 ······-·NIST-800-53-CM-6(a)1257 ······-·NIST-800-53-CM-6(a)
1258 ······-·PCI-DSS-Req-10.5.21258 ······-·PCI-DSS-Req-10.5.2
Offset 1284, 16 lines modifiedOffset 1284, 16 lines modified
1284 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1284 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1285 ······find:1285 ······find:
1286 ········paths:·/etc/audit/rules.d1286 ········paths:·/etc/audit/rules.d
1287 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1287 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1288 ········patterns:·'*.rules'1288 ········patterns:·'*.rules'
1289 ······register:·find_existing_watch_rules_d1289 ······register:·find_existing_watch_rules_d
1290 ······when:1290 ······when:
1291 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1292 ······-·'"audit"·in·ansible_facts.packages'1291 ······-·'"audit"·in·ansible_facts.packages'
 1292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1293 ······tags:1293 ······tags:
1294 ······-·CJIS-5.4.1.11294 ······-·CJIS-5.4.1.1
1295 ······-·NIST-800-171-3.1.81295 ······-·NIST-800-171-3.1.8
1296 ······-·NIST-800-53-AU-12(c)1296 ······-·NIST-800-53-AU-12(c)
1297 ······-·NIST-800-53-AU-2(d)1297 ······-·NIST-800-53-AU-2(d)
1298 ······-·NIST-800-53-CM-6(a)1298 ······-·NIST-800-53-CM-6(a)
1299 ······-·PCI-DSS-Req-10.5.51299 ······-·PCI-DSS-Req-10.5.5
Offset 1307, 16 lines modifiedOffset 1307, 16 lines modified
1307 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1307 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1308 ······find:1308 ······find:
1309 ········paths:·/etc/audit/rules.d1309 ········paths:·/etc/audit/rules.d
1310 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1310 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1311 ········patterns:·'*.rules'1311 ········patterns:·'*.rules'
1312 ······register:·find_watch_key1312 ······register:·find_watch_key
1313 ······when:1313 ······when:
1314 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1315 ······-·'"audit"·in·ansible_facts.packages'1314 ······-·'"audit"·in·ansible_facts.packages'
 1315 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1316 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1316 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1317 ········==·01317 ········==·0
1318 ······tags:1318 ······tags:
1319 ······-·CJIS-5.4.1.11319 ······-·CJIS-5.4.1.1
1320 ······-·NIST-800-171-3.1.81320 ······-·NIST-800-171-3.1.8
1321 ······-·NIST-800-53-AU-12(c)1321 ······-·NIST-800-53-AU-12(c)
1322 ······-·NIST-800-53-AU-2(d)1322 ······-·NIST-800-53-AU-2(d)
Offset 1330, 16 lines modifiedOffset 1330, 16 lines modified
1330 ······-·restrict_strategy1330 ······-·restrict_strategy
  
1331 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1331 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1332 ······set_fact:1332 ······set_fact:
1333 ········all_files:1333 ········all_files:
1334 ········-·/etc/audit/rules.d/MAC-policy.rules1334 ········-·/etc/audit/rules.d/MAC-policy.rules
1335 ······when:1335 ······when:
1336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1337 ······-·'"audit"·in·ansible_facts.packages'1336 ······-·'"audit"·in·ansible_facts.packages'
 1337 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1338 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1338 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1339 ········is·defined·and·find_existing_watch_rules_d.matched·==·01339 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1340 ······tags:1340 ······tags:
1341 ······-·CJIS-5.4.1.11341 ······-·CJIS-5.4.1.1
1342 ······-·NIST-800-171-3.1.81342 ······-·NIST-800-171-3.1.8
1343 ······-·NIST-800-53-AU-12(c)1343 ······-·NIST-800-53-AU-12(c)
1344 ······-·NIST-800-53-AU-2(d)1344 ······-·NIST-800-53-AU-2(d)
Offset 1353, 16 lines modifiedOffset 1353, 16 lines modified
1353 ······-·restrict_strategy1353 ······-·restrict_strategy
  
1354 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1354 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1355 ······set_fact:1355 ······set_fact:
1356 ········all_files:1356 ········all_files:
1357 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1357 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1358 ······when:1358 ······when:
1359 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1360 ······-·'"audit"·in·ansible_facts.packages'1359 ······-·'"audit"·in·ansible_facts.packages'
 1360 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1361 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1361 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1362 ········is·defined·and·find_existing_watch_rules_d.matched·==·01362 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1363 ······tags:1363 ······tags:
1364 ······-·CJIS-5.4.1.11364 ······-·CJIS-5.4.1.1
1365 ······-·NIST-800-171-3.1.81365 ······-·NIST-800-171-3.1.8
1366 ······-·NIST-800-53-AU-12(c)1366 ······-·NIST-800-53-AU-12(c)
1367 ······-·NIST-800-53-AU-2(d)1367 ······-·NIST-800-53-AU-2(d)
Offset 1378, 16 lines modifiedOffset 1378, 16 lines modified
1378 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1378 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 191368/196403 bytes (97.44%) of diff not shown.
199 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-ncp.yml
Ordering differences only
    
Offset 9673, 16 lines modifiedOffset 9673, 16 lines modified
  
9673 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension9673 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
9674 ······find:9674 ······find:
9675 ········paths:·/etc/audit/rules.d/9675 ········paths:·/etc/audit/rules.d/
9676 ········patterns:·'*.rules'9676 ········patterns:·'*.rules'
9677 ······register:·find_rules_d9677 ······register:·find_rules_d
9678 ······when:9678 ······when:
9679 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9680 ······-·'"audit"·in·ansible_facts.packages'9679 ······-·'"audit"·in·ansible_facts.packages'
 9680 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9681 ······tags:9681 ······tags:
9682 ······-·CJIS-5.4.1.19682 ······-·CJIS-5.4.1.1
9683 ······-·NIST-800-171-3.3.19683 ······-·NIST-800-171-3.3.1
9684 ······-·NIST-800-171-3.4.39684 ······-·NIST-800-171-3.4.3
9685 ······-·NIST-800-53-AC-6(9)9685 ······-·NIST-800-53-AC-6(9)
9686 ······-·NIST-800-53-CM-6(a)9686 ······-·NIST-800-53-CM-6(a)
9687 ······-·PCI-DSS-Req-10.5.29687 ······-·PCI-DSS-Req-10.5.2
Offset 9697, 16 lines modifiedOffset 9697, 16 lines modified
9697 ······lineinfile:9697 ······lineinfile:
9698 ········path:·'{{·item·}}'9698 ········path:·'{{·item·}}'
9699 ········regexp:·^\s*(?:-e)\s+.*$9699 ········regexp:·^\s*(?:-e)\s+.*$
9700 ········state:·absent9700 ········state:·absent
9701 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']9701 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
9702 ········}}'9702 ········}}'
9703 ······when:9703 ······when:
9704 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9705 ······-·'"audit"·in·ansible_facts.packages'9704 ······-·'"audit"·in·ansible_facts.packages'
 9705 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9706 ······tags:9706 ······tags:
9707 ······-·CJIS-5.4.1.19707 ······-·CJIS-5.4.1.1
9708 ······-·NIST-800-171-3.3.19708 ······-·NIST-800-171-3.3.1
9709 ······-·NIST-800-171-3.4.39709 ······-·NIST-800-171-3.4.3
9710 ······-·NIST-800-53-AC-6(9)9710 ······-·NIST-800-53-AC-6(9)
9711 ······-·NIST-800-53-CM-6(a)9711 ······-·NIST-800-53-CM-6(a)
9712 ······-·PCI-DSS-Req-10.5.29712 ······-·PCI-DSS-Req-10.5.2
Offset 9723, 16 lines modifiedOffset 9723, 16 lines modified
9723 ········create:·true9723 ········create:·true
9724 ········line:·-e·29724 ········line:·-e·2
9725 ········mode:·o-rwx9725 ········mode:·o-rwx
9726 ······loop:9726 ······loop:
9727 ······-·/etc/audit/audit.rules9727 ······-·/etc/audit/audit.rules
9728 ······-·/etc/audit/rules.d/immutable.rules9728 ······-·/etc/audit/rules.d/immutable.rules
9729 ······when:9729 ······when:
9730 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9731 ······-·'"audit"·in·ansible_facts.packages'9730 ······-·'"audit"·in·ansible_facts.packages'
 9731 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9732 ······tags:9732 ······tags:
9733 ······-·CJIS-5.4.1.19733 ······-·CJIS-5.4.1.1
9734 ······-·NIST-800-171-3.3.19734 ······-·NIST-800-171-3.3.1
9735 ······-·NIST-800-171-3.4.39735 ······-·NIST-800-171-3.4.3
9736 ······-·NIST-800-53-AC-6(9)9736 ······-·NIST-800-53-AC-6(9)
9737 ······-·NIST-800-53-CM-6(a)9737 ······-·NIST-800-53-CM-6(a)
9738 ······-·PCI-DSS-Req-10.5.29738 ······-·PCI-DSS-Req-10.5.2
Offset 9764, 16 lines modifiedOffset 9764, 16 lines modified
9764 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/9764 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
9765 ······find:9765 ······find:
9766 ········paths:·/etc/audit/rules.d9766 ········paths:·/etc/audit/rules.d
9767 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+9767 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
9768 ········patterns:·'*.rules'9768 ········patterns:·'*.rules'
9769 ······register:·find_existing_watch_rules_d9769 ······register:·find_existing_watch_rules_d
9770 ······when:9770 ······when:
9771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9772 ······-·'"audit"·in·ansible_facts.packages'9771 ······-·'"audit"·in·ansible_facts.packages'
 9772 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9773 ······tags:9773 ······tags:
9774 ······-·CJIS-5.4.1.19774 ······-·CJIS-5.4.1.1
9775 ······-·NIST-800-171-3.1.89775 ······-·NIST-800-171-3.1.8
9776 ······-·NIST-800-53-AU-12(c)9776 ······-·NIST-800-53-AU-12(c)
9777 ······-·NIST-800-53-AU-2(d)9777 ······-·NIST-800-53-AU-2(d)
9778 ······-·NIST-800-53-CM-6(a)9778 ······-·NIST-800-53-CM-6(a)
9779 ······-·PCI-DSS-Req-10.5.59779 ······-·PCI-DSS-Req-10.5.5
Offset 9787, 16 lines modifiedOffset 9787, 16 lines modified
9787 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy9787 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
9788 ······find:9788 ······find:
9789 ········paths:·/etc/audit/rules.d9789 ········paths:·/etc/audit/rules.d
9790 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$9790 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
9791 ········patterns:·'*.rules'9791 ········patterns:·'*.rules'
9792 ······register:·find_watch_key9792 ······register:·find_watch_key
9793 ······when:9793 ······when:
9794 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9795 ······-·'"audit"·in·ansible_facts.packages'9794 ······-·'"audit"·in·ansible_facts.packages'
 9795 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9796 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9796 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9797 ········==·09797 ········==·0
9798 ······tags:9798 ······tags:
9799 ······-·CJIS-5.4.1.19799 ······-·CJIS-5.4.1.1
9800 ······-·NIST-800-171-3.1.89800 ······-·NIST-800-171-3.1.8
9801 ······-·NIST-800-53-AU-12(c)9801 ······-·NIST-800-53-AU-12(c)
9802 ······-·NIST-800-53-AU-2(d)9802 ······-·NIST-800-53-AU-2(d)
Offset 9810, 16 lines modifiedOffset 9810, 16 lines modified
9810 ······-·restrict_strategy9810 ······-·restrict_strategy
  
9811 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule9811 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
9812 ······set_fact:9812 ······set_fact:
9813 ········all_files:9813 ········all_files:
9814 ········-·/etc/audit/rules.d/MAC-policy.rules9814 ········-·/etc/audit/rules.d/MAC-policy.rules
9815 ······when:9815 ······when:
9816 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9817 ······-·'"audit"·in·ansible_facts.packages'9816 ······-·'"audit"·in·ansible_facts.packages'
 9817 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9818 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9818 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9819 ········is·defined·and·find_existing_watch_rules_d.matched·==·09819 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
9820 ······tags:9820 ······tags:
9821 ······-·CJIS-5.4.1.19821 ······-·CJIS-5.4.1.1
9822 ······-·NIST-800-171-3.1.89822 ······-·NIST-800-171-3.1.8
9823 ······-·NIST-800-53-AU-12(c)9823 ······-·NIST-800-53-AU-12(c)
9824 ······-·NIST-800-53-AU-2(d)9824 ······-·NIST-800-53-AU-2(d)
Offset 9833, 16 lines modifiedOffset 9833, 16 lines modified
9833 ······-·restrict_strategy9833 ······-·restrict_strategy
  
9834 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule9834 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
9835 ······set_fact:9835 ······set_fact:
9836 ········all_files:9836 ········all_files:
9837 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9837 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9838 ······when:9838 ······when:
9839 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9840 ······-·'"audit"·in·ansible_facts.packages'9839 ······-·'"audit"·in·ansible_facts.packages'
 9840 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9841 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched9841 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
9842 ········is·defined·and·find_existing_watch_rules_d.matched·==·09842 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
9843 ······tags:9843 ······tags:
9844 ······-·CJIS-5.4.1.19844 ······-·CJIS-5.4.1.1
9845 ······-·NIST-800-171-3.1.89845 ······-·NIST-800-171-3.1.8
9846 ······-·NIST-800-53-AU-12(c)9846 ······-·NIST-800-53-AU-12(c)
9847 ······-·NIST-800-53-AU-2(d)9847 ······-·NIST-800-53-AU-2(d)
Offset 9858, 16 lines modifiedOffset 9858, 16 lines modified
9858 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/9858 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 199070/204105 bytes (97.53%) of diff not shown.
787 B
./usr/share/scap-security-guide/ansible/ol7-playbook-ospp.yml
Ordering differences only
    
Offset 4491, 16 lines modifiedOffset 4491, 16 lines modified
4491 ······lineinfile:4491 ······lineinfile:
4492 ········dest:·/etc/audit/auditd.conf4492 ········dest:·/etc/audit/auditd.conf
4493 ········regexp:·^\s*flush\s*=\s*.*$4493 ········regexp:·^\s*flush\s*=\s*.*$
4494 ········line:·flush·=·{{·var_auditd_flush·}}4494 ········line:·flush·=·{{·var_auditd_flush·}}
4495 ········state:·present4495 ········state:·present
4496 ········create:·true4496 ········create:·true
4497 ······when:4497 ······when:
4498 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4499 ······-·'"audit"·in·ansible_facts.packages'4498 ······-·'"audit"·in·ansible_facts.packages'
 4499 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4500 ······tags:4500 ······tags:
4501 ······-·NIST-800-171-3.3.14501 ······-·NIST-800-171-3.3.1
4502 ······-·NIST-800-53-AU-114502 ······-·NIST-800-53-AU-11
4503 ······-·NIST-800-53-CM-6(a)4503 ······-·NIST-800-53-CM-6(a)
4504 ······-·auditd_data_retention_flush4504 ······-·auditd_data_retention_flush
4505 ······-·low_complexity4505 ······-·low_complexity
4506 ······-·low_disruption4506 ······-·low_disruption
109 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-pci-dss.yml
Ordering differences only
    
Offset 4439, 16 lines modifiedOffset 4439, 16 lines modified
  
4439 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4439 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4440 ······find:4440 ······find:
4441 ········paths:·/etc/audit/rules.d/4441 ········paths:·/etc/audit/rules.d/
4442 ········patterns:·'*.rules'4442 ········patterns:·'*.rules'
4443 ······register:·find_rules_d4443 ······register:·find_rules_d
4444 ······when:4444 ······when:
4445 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4446 ······-·'"audit"·in·ansible_facts.packages'4445 ······-·'"audit"·in·ansible_facts.packages'
 4446 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4447 ······tags:4447 ······tags:
4448 ······-·CJIS-5.4.1.14448 ······-·CJIS-5.4.1.1
4449 ······-·NIST-800-171-3.3.14449 ······-·NIST-800-171-3.3.1
4450 ······-·NIST-800-171-3.4.34450 ······-·NIST-800-171-3.4.3
4451 ······-·NIST-800-53-AC-6(9)4451 ······-·NIST-800-53-AC-6(9)
4452 ······-·NIST-800-53-CM-6(a)4452 ······-·NIST-800-53-CM-6(a)
4453 ······-·PCI-DSS-Req-10.5.24453 ······-·PCI-DSS-Req-10.5.2
Offset 4463, 16 lines modifiedOffset 4463, 16 lines modified
4463 ······lineinfile:4463 ······lineinfile:
4464 ········path:·'{{·item·}}'4464 ········path:·'{{·item·}}'
4465 ········regexp:·^\s*(?:-e)\s+.*$4465 ········regexp:·^\s*(?:-e)\s+.*$
4466 ········state:·absent4466 ········state:·absent
4467 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4467 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4468 ········}}'4468 ········}}'
4469 ······when:4469 ······when:
4470 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4471 ······-·'"audit"·in·ansible_facts.packages'4470 ······-·'"audit"·in·ansible_facts.packages'
 4471 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4472 ······tags:4472 ······tags:
4473 ······-·CJIS-5.4.1.14473 ······-·CJIS-5.4.1.1
4474 ······-·NIST-800-171-3.3.14474 ······-·NIST-800-171-3.3.1
4475 ······-·NIST-800-171-3.4.34475 ······-·NIST-800-171-3.4.3
4476 ······-·NIST-800-53-AC-6(9)4476 ······-·NIST-800-53-AC-6(9)
4477 ······-·NIST-800-53-CM-6(a)4477 ······-·NIST-800-53-CM-6(a)
4478 ······-·PCI-DSS-Req-10.5.24478 ······-·PCI-DSS-Req-10.5.2
Offset 4489, 16 lines modifiedOffset 4489, 16 lines modified
4489 ········create:·true4489 ········create:·true
4490 ········line:·-e·24490 ········line:·-e·2
4491 ········mode:·o-rwx4491 ········mode:·o-rwx
4492 ······loop:4492 ······loop:
4493 ······-·/etc/audit/audit.rules4493 ······-·/etc/audit/audit.rules
4494 ······-·/etc/audit/rules.d/immutable.rules4494 ······-·/etc/audit/rules.d/immutable.rules
4495 ······when:4495 ······when:
4496 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4497 ······-·'"audit"·in·ansible_facts.packages'4496 ······-·'"audit"·in·ansible_facts.packages'
 4497 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4498 ······tags:4498 ······tags:
4499 ······-·CJIS-5.4.1.14499 ······-·CJIS-5.4.1.1
4500 ······-·NIST-800-171-3.3.14500 ······-·NIST-800-171-3.3.1
4501 ······-·NIST-800-171-3.4.34501 ······-·NIST-800-171-3.4.3
4502 ······-·NIST-800-53-AC-6(9)4502 ······-·NIST-800-53-AC-6(9)
4503 ······-·NIST-800-53-CM-6(a)4503 ······-·NIST-800-53-CM-6(a)
4504 ······-·PCI-DSS-Req-10.5.24504 ······-·PCI-DSS-Req-10.5.2
Offset 4530, 16 lines modifiedOffset 4530, 16 lines modified
4530 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4530 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4531 ······find:4531 ······find:
4532 ········paths:·/etc/audit/rules.d4532 ········paths:·/etc/audit/rules.d
4533 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4533 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4534 ········patterns:·'*.rules'4534 ········patterns:·'*.rules'
4535 ······register:·find_existing_watch_rules_d4535 ······register:·find_existing_watch_rules_d
4536 ······when:4536 ······when:
4537 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4538 ······-·'"audit"·in·ansible_facts.packages'4537 ······-·'"audit"·in·ansible_facts.packages'
 4538 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4539 ······tags:4539 ······tags:
4540 ······-·CJIS-5.4.1.14540 ······-·CJIS-5.4.1.1
4541 ······-·NIST-800-171-3.1.84541 ······-·NIST-800-171-3.1.8
4542 ······-·NIST-800-53-AU-12(c)4542 ······-·NIST-800-53-AU-12(c)
4543 ······-·NIST-800-53-AU-2(d)4543 ······-·NIST-800-53-AU-2(d)
4544 ······-·NIST-800-53-CM-6(a)4544 ······-·NIST-800-53-CM-6(a)
4545 ······-·PCI-DSS-Req-10.5.54545 ······-·PCI-DSS-Req-10.5.5
Offset 4553, 16 lines modifiedOffset 4553, 16 lines modified
4553 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4553 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4554 ······find:4554 ······find:
4555 ········paths:·/etc/audit/rules.d4555 ········paths:·/etc/audit/rules.d
4556 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4556 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4557 ········patterns:·'*.rules'4557 ········patterns:·'*.rules'
4558 ······register:·find_watch_key4558 ······register:·find_watch_key
4559 ······when:4559 ······when:
4560 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4561 ······-·'"audit"·in·ansible_facts.packages'4560 ······-·'"audit"·in·ansible_facts.packages'
 4561 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4562 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4562 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4563 ········==·04563 ········==·0
4564 ······tags:4564 ······tags:
4565 ······-·CJIS-5.4.1.14565 ······-·CJIS-5.4.1.1
4566 ······-·NIST-800-171-3.1.84566 ······-·NIST-800-171-3.1.8
4567 ······-·NIST-800-53-AU-12(c)4567 ······-·NIST-800-53-AU-12(c)
4568 ······-·NIST-800-53-AU-2(d)4568 ······-·NIST-800-53-AU-2(d)
Offset 4576, 16 lines modifiedOffset 4576, 16 lines modified
4576 ······-·restrict_strategy4576 ······-·restrict_strategy
  
4577 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4577 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4578 ······set_fact:4578 ······set_fact:
4579 ········all_files:4579 ········all_files:
4580 ········-·/etc/audit/rules.d/MAC-policy.rules4580 ········-·/etc/audit/rules.d/MAC-policy.rules
4581 ······when:4581 ······when:
4582 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4583 ······-·'"audit"·in·ansible_facts.packages'4582 ······-·'"audit"·in·ansible_facts.packages'
 4583 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4584 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4584 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4585 ········is·defined·and·find_existing_watch_rules_d.matched·==·04585 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4586 ······tags:4586 ······tags:
4587 ······-·CJIS-5.4.1.14587 ······-·CJIS-5.4.1.1
4588 ······-·NIST-800-171-3.1.84588 ······-·NIST-800-171-3.1.8
4589 ······-·NIST-800-53-AU-12(c)4589 ······-·NIST-800-53-AU-12(c)
4590 ······-·NIST-800-53-AU-2(d)4590 ······-·NIST-800-53-AU-2(d)
Offset 4599, 16 lines modifiedOffset 4599, 16 lines modified
4599 ······-·restrict_strategy4599 ······-·restrict_strategy
  
4600 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4600 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4601 ······set_fact:4601 ······set_fact:
4602 ········all_files:4602 ········all_files:
4603 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4603 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4604 ······when:4604 ······when:
4605 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4606 ······-·'"audit"·in·ansible_facts.packages'4605 ······-·'"audit"·in·ansible_facts.packages'
 4606 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4607 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4607 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4608 ········is·defined·and·find_existing_watch_rules_d.matched·==·04608 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4609 ······tags:4609 ······tags:
4610 ······-·CJIS-5.4.1.14610 ······-·CJIS-5.4.1.1
4611 ······-·NIST-800-171-3.1.84611 ······-·NIST-800-171-3.1.8
4612 ······-·NIST-800-53-AU-12(c)4612 ······-·NIST-800-53-AU-12(c)
4613 ······-·NIST-800-53-AU-2(d)4613 ······-·NIST-800-53-AU-2(d)
Offset 4624, 16 lines modifiedOffset 4624, 16 lines modified
4624 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4624 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 106665/111700 bytes (95.49%) of diff not shown.
98.7 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-standard.yml
Ordering differences only
    
Offset 535, 16 lines modifiedOffset 535, 16 lines modified
535 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/535 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
536 ······find:536 ······find:
537 ········paths:·/etc/audit/rules.d537 ········paths:·/etc/audit/rules.d
538 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+538 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
539 ········patterns:·'*.rules'539 ········patterns:·'*.rules'
540 ······register:·find_existing_watch_rules_d540 ······register:·find_existing_watch_rules_d
541 ······when:541 ······when:
542 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
543 ······-·'"audit"·in·ansible_facts.packages'542 ······-·'"audit"·in·ansible_facts.packages'
 543 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
544 ······tags:544 ······tags:
545 ······-·CJIS-5.4.1.1545 ······-·CJIS-5.4.1.1
546 ······-·NIST-800-171-3.1.8546 ······-·NIST-800-171-3.1.8
547 ······-·NIST-800-53-AU-12(c)547 ······-·NIST-800-53-AU-12(c)
548 ······-·NIST-800-53-AU-2(d)548 ······-·NIST-800-53-AU-2(d)
549 ······-·NIST-800-53-CM-6(a)549 ······-·NIST-800-53-CM-6(a)
550 ······-·PCI-DSS-Req-10.5.5550 ······-·PCI-DSS-Req-10.5.5
Offset 558, 16 lines modifiedOffset 558, 16 lines modified
558 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy558 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
559 ······find:559 ······find:
560 ········paths:·/etc/audit/rules.d560 ········paths:·/etc/audit/rules.d
561 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$561 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
562 ········patterns:·'*.rules'562 ········patterns:·'*.rules'
563 ······register:·find_watch_key563 ······register:·find_watch_key
564 ······when:564 ······when:
565 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
566 ······-·'"audit"·in·ansible_facts.packages'565 ······-·'"audit"·in·ansible_facts.packages'
 566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
567 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched567 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
568 ········==·0568 ········==·0
569 ······tags:569 ······tags:
570 ······-·CJIS-5.4.1.1570 ······-·CJIS-5.4.1.1
571 ······-·NIST-800-171-3.1.8571 ······-·NIST-800-171-3.1.8
572 ······-·NIST-800-53-AU-12(c)572 ······-·NIST-800-53-AU-12(c)
573 ······-·NIST-800-53-AU-2(d)573 ······-·NIST-800-53-AU-2(d)
Offset 581, 16 lines modifiedOffset 581, 16 lines modified
581 ······-·restrict_strategy581 ······-·restrict_strategy
  
582 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule582 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
583 ······set_fact:583 ······set_fact:
584 ········all_files:584 ········all_files:
585 ········-·/etc/audit/rules.d/MAC-policy.rules585 ········-·/etc/audit/rules.d/MAC-policy.rules
586 ······when:586 ······when:
587 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
588 ······-·'"audit"·in·ansible_facts.packages'587 ······-·'"audit"·in·ansible_facts.packages'
 588 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
589 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched589 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
590 ········is·defined·and·find_existing_watch_rules_d.matched·==·0590 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
591 ······tags:591 ······tags:
592 ······-·CJIS-5.4.1.1592 ······-·CJIS-5.4.1.1
593 ······-·NIST-800-171-3.1.8593 ······-·NIST-800-171-3.1.8
594 ······-·NIST-800-53-AU-12(c)594 ······-·NIST-800-53-AU-12(c)
595 ······-·NIST-800-53-AU-2(d)595 ······-·NIST-800-53-AU-2(d)
Offset 604, 16 lines modifiedOffset 604, 16 lines modified
604 ······-·restrict_strategy604 ······-·restrict_strategy
  
605 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule605 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
606 ······set_fact:606 ······set_fact:
607 ········all_files:607 ········all_files:
608 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'608 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
609 ······when:609 ······when:
610 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
611 ······-·'"audit"·in·ansible_facts.packages'610 ······-·'"audit"·in·ansible_facts.packages'
 611 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
612 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched612 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
613 ········is·defined·and·find_existing_watch_rules_d.matched·==·0613 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
614 ······tags:614 ······tags:
615 ······-·CJIS-5.4.1.1615 ······-·CJIS-5.4.1.1
616 ······-·NIST-800-171-3.1.8616 ······-·NIST-800-171-3.1.8
617 ······-·NIST-800-53-AU-12(c)617 ······-·NIST-800-53-AU-12(c)
618 ······-·NIST-800-53-AU-2(d)618 ······-·NIST-800-53-AU-2(d)
Offset 629, 16 lines modifiedOffset 629, 16 lines modified
629 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/629 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
630 ······lineinfile:630 ······lineinfile:
631 ········path:·'{{·all_files[0]·}}'631 ········path:·'{{·all_files[0]·}}'
632 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy632 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
633 ········create:·true633 ········create:·true
634 ········mode:·'0640'634 ········mode:·'0640'
635 ······when:635 ······when:
636 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
637 ······-·'"audit"·in·ansible_facts.packages'636 ······-·'"audit"·in·ansible_facts.packages'
 637 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
638 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched638 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
639 ········==·0639 ········==·0
640 ······tags:640 ······tags:
641 ······-·CJIS-5.4.1.1641 ······-·CJIS-5.4.1.1
642 ······-·NIST-800-171-3.1.8642 ······-·NIST-800-171-3.1.8
643 ······-·NIST-800-53-AU-12(c)643 ······-·NIST-800-53-AU-12(c)
644 ······-·NIST-800-53-AU-2(d)644 ······-·NIST-800-53-AU-2(d)
Offset 654, 16 lines modifiedOffset 654, 16 lines modified
654 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules654 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
655 ······find:655 ······find:
656 ········paths:·/etc/audit/656 ········paths:·/etc/audit/
657 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+657 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
658 ········patterns:·audit.rules658 ········patterns:·audit.rules
659 ······register:·find_existing_watch_audit_rules659 ······register:·find_existing_watch_audit_rules
660 ······when:660 ······when:
661 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
662 ······-·'"audit"·in·ansible_facts.packages'661 ······-·'"audit"·in·ansible_facts.packages'
 662 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
663 ······tags:663 ······tags:
664 ······-·CJIS-5.4.1.1664 ······-·CJIS-5.4.1.1
665 ······-·NIST-800-171-3.1.8665 ······-·NIST-800-171-3.1.8
666 ······-·NIST-800-53-AU-12(c)666 ······-·NIST-800-53-AU-12(c)
667 ······-·NIST-800-53-AU-2(d)667 ······-·NIST-800-53-AU-2(d)
668 ······-·NIST-800-53-CM-6(a)668 ······-·NIST-800-53-CM-6(a)
669 ······-·PCI-DSS-Req-10.5.5669 ······-·PCI-DSS-Req-10.5.5
Offset 678, 16 lines modifiedOffset 678, 16 lines modified
678 ······lineinfile:678 ······lineinfile:
679 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy679 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
680 ········state:·present680 ········state:·present
681 ········dest:·/etc/audit/audit.rules681 ········dest:·/etc/audit/audit.rules
682 ········create:·true682 ········create:·true
683 ········mode:·'0640'683 ········mode:·'0640'
684 ······when:684 ······when:
685 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
686 ······-·'"audit"·in·ansible_facts.packages'685 ······-·'"audit"·in·ansible_facts.packages'
 686 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
687 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched687 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
688 ········==·0688 ········==·0
689 ······tags:689 ······tags:
690 ······-·CJIS-5.4.1.1690 ······-·CJIS-5.4.1.1
691 ······-·NIST-800-171-3.1.8691 ······-·NIST-800-171-3.1.8
692 ······-·NIST-800-53-AU-12(c)692 ······-·NIST-800-53-AU-12(c)
693 ······-·NIST-800-53-AU-2(d)693 ······-·NIST-800-53-AU-2(d)
Offset 720, 16 lines modifiedOffset 720, 16 lines modified
720 ······-·reboot_required720 ······-·reboot_required
Max diff block lines reached; 95737/100953 bytes (94.83%) of diff not shown.
151 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-stig.yml
Ordering differences only
    
Offset 8951, 16 lines modifiedOffset 8951, 16 lines modified
8951 ······-·reboot_required8951 ······-·reboot_required
8952 ······-·restrict_strategy8952 ······-·restrict_strategy
  
8953 ····-·name:·Set·architecture·for·audit·mount·tasks8953 ····-·name:·Set·architecture·for·audit·mount·tasks
8954 ······set_fact:8954 ······set_fact:
8955 ········audit_arch:·b648955 ········audit_arch:·b64
8956 ······when:8956 ······when:
8957 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8958 ······-·'"audit"·in·ansible_facts.packages'8957 ······-·'"audit"·in·ansible_facts.packages'
 8958 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8959 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8959 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8960 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8960 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8961 ······tags:8961 ······tags:
8962 ······-·CJIS-5.4.1.18962 ······-·CJIS-5.4.1.1
8963 ······-·DISA-STIG-OL07-00-0307408963 ······-·DISA-STIG-OL07-00-030740
8964 ······-·NIST-800-171-3.1.78964 ······-·NIST-800-171-3.1.7
8965 ······-·NIST-800-53-AC-6(9)8965 ······-·NIST-800-53-AC-6(9)
Offset 9092, 16 lines modifiedOffset 9092, 16 lines modified
9092 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009092 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9093 ············-F·auid!=unset·-F·key=perm_mod9093 ············-F·auid!=unset·-F·key=perm_mod
9094 ··········create:·true9094 ··········create:·true
9095 ··········mode:·o-rwx9095 ··········mode:·o-rwx
9096 ··········state:·present9096 ··········state:·present
9097 ········when:·syscalls_found·|·length·==·09097 ········when:·syscalls_found·|·length·==·0
9098 ······when:9098 ······when:
9099 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9100 ······-·'"audit"·in·ansible_facts.packages'9099 ······-·'"audit"·in·ansible_facts.packages'
 9100 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9101 ······tags:9101 ······tags:
9102 ······-·CJIS-5.4.1.19102 ······-·CJIS-5.4.1.1
9103 ······-·DISA-STIG-OL07-00-0307409103 ······-·DISA-STIG-OL07-00-030740
9104 ······-·NIST-800-171-3.1.79104 ······-·NIST-800-171-3.1.7
9105 ······-·NIST-800-53-AC-6(9)9105 ······-·NIST-800-53-AC-6(9)
9106 ······-·NIST-800-53-AU-12(c)9106 ······-·NIST-800-53-AU-12(c)
9107 ······-·NIST-800-53-AU-2(d)9107 ······-·NIST-800-53-AU-2(d)
Offset 9231, 16 lines modifiedOffset 9231, 16 lines modified
9231 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009231 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9232 ············-F·auid!=unset·-F·key=perm_mod9232 ············-F·auid!=unset·-F·key=perm_mod
9233 ··········create:·true9233 ··········create:·true
9234 ··········mode:·o-rwx9234 ··········mode:·o-rwx
9235 ··········state:·present9235 ··········state:·present
9236 ········when:·syscalls_found·|·length·==·09236 ········when:·syscalls_found·|·length·==·0
9237 ······when:9237 ······when:
9238 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9239 ······-·'"audit"·in·ansible_facts.packages'9238 ······-·'"audit"·in·ansible_facts.packages'
 9239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9240 ······-·audit_arch·==·"b64"9240 ······-·audit_arch·==·"b64"
9241 ······tags:9241 ······tags:
9242 ······-·CJIS-5.4.1.19242 ······-·CJIS-5.4.1.1
9243 ······-·DISA-STIG-OL07-00-0307409243 ······-·DISA-STIG-OL07-00-030740
9244 ······-·NIST-800-171-3.1.79244 ······-·NIST-800-171-3.1.7
9245 ······-·NIST-800-53-AC-6(9)9245 ······-·NIST-800-53-AC-6(9)
9246 ······-·NIST-800-53-AU-12(c)9246 ······-·NIST-800-53-AU-12(c)
Offset 9272, 16 lines modifiedOffset 9272, 16 lines modified
9272 ······-·medium_severity9272 ······-·medium_severity
9273 ······-·no_reboot_needed9273 ······-·no_reboot_needed
9274 ······-·restrict_strategy9274 ······-·restrict_strategy
  
9275 ····-·name:·Service·facts9275 ····-·name:·Service·facts
9276 ······service_facts:·null9276 ······service_facts:·null
9277 ······when:9277 ······when:
9278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9279 ······-·'"audit"·in·ansible_facts.packages'9278 ······-·'"audit"·in·ansible_facts.packages'
 9279 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9280 ······tags:9280 ······tags:
9281 ······-·DISA-STIG-OL07-00-0303609281 ······-·DISA-STIG-OL07-00-030360
9282 ······-·NIST-800-53-AC-6(9)9282 ······-·NIST-800-53-AC-6(9)
9283 ······-·NIST-800-53-AU-12(3)9283 ······-·NIST-800-53-AU-12(3)
9284 ······-·NIST-800-53-AU-7(a)9284 ······-·NIST-800-53-AU-7(a)
9285 ······-·NIST-800-53-AU-7(b)9285 ······-·NIST-800-53-AU-7(b)
9286 ······-·NIST-800-53-AU-8(b)9286 ······-·NIST-800-53-AU-8(b)
Offset 9293, 16 lines modifiedOffset 9293, 16 lines modified
9293 ······-·no_reboot_needed9293 ······-·no_reboot_needed
9294 ······-·restrict_strategy9294 ······-·restrict_strategy
  
9295 ····-·name:·Check·the·rules·script·being·used9295 ····-·name:·Check·the·rules·script·being·used
9296 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service9296 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service
9297 ······register:·check_rules_scripts_result9297 ······register:·check_rules_scripts_result
9298 ······when:9298 ······when:
9299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9300 ······-·'"audit"·in·ansible_facts.packages'9299 ······-·'"audit"·in·ansible_facts.packages'
 9300 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9301 ······tags:9301 ······tags:
9302 ······-·DISA-STIG-OL07-00-0303609302 ······-·DISA-STIG-OL07-00-030360
9303 ······-·NIST-800-53-AC-6(9)9303 ······-·NIST-800-53-AC-6(9)
9304 ······-·NIST-800-53-AU-12(3)9304 ······-·NIST-800-53-AU-12(3)
9305 ······-·NIST-800-53-AU-7(a)9305 ······-·NIST-800-53-AU-7(a)
9306 ······-·NIST-800-53-AU-7(b)9306 ······-·NIST-800-53-AU-7(b)
9307 ······-·NIST-800-53-AU-8(b)9307 ······-·NIST-800-53-AU-8(b)
Offset 9318, 16 lines modifiedOffset 9318, 16 lines modified
9318 ······set_fact:9318 ······set_fact:
9319 ········suid_audit_rules:9319 ········suid_audit_rules:
9320 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9320 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9321 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9321 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9322 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9322 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9323 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9323 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9324 ······when:9324 ······when:
9325 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9326 ······-·'"audit"·in·ansible_facts.packages'9325 ······-·'"audit"·in·ansible_facts.packages'
 9326 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9327 ······tags:9327 ······tags:
9328 ······-·DISA-STIG-OL07-00-0303609328 ······-·DISA-STIG-OL07-00-030360
9329 ······-·NIST-800-53-AC-6(9)9329 ······-·NIST-800-53-AC-6(9)
9330 ······-·NIST-800-53-AU-12(3)9330 ······-·NIST-800-53-AU-12(3)
9331 ······-·NIST-800-53-AU-7(a)9331 ······-·NIST-800-53-AU-7(a)
9332 ······-·NIST-800-53-AU-7(b)9332 ······-·NIST-800-53-AU-7(b)
9333 ······-·NIST-800-53-AU-8(b)9333 ······-·NIST-800-53-AU-8(b)
Offset 9341, 16 lines modifiedOffset 9341, 16 lines modified
  
9341 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions9341 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions
9342 ······lineinfile:9342 ······lineinfile:
9343 ········path:·/etc/audit/rules.d/privileged.rules9343 ········path:·/etc/audit/rules.d/privileged.rules
9344 ········line:·'{{··item··}}'9344 ········line:·'{{··item··}}'
9345 ········create:·true9345 ········create:·true
9346 ······when:9346 ······when:
9347 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9348 ······-·'"audit"·in·ansible_facts.packages'9347 ······-·'"audit"·in·ansible_facts.packages'
 9348 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9349 ······-·'"auditd.service"·in·ansible_facts.services'9349 ······-·'"auditd.service"·in·ansible_facts.services'
9350 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'9350 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'
9351 ······register:·augenrules_audit_rules_privilege_function_update_result9351 ······register:·augenrules_audit_rules_privilege_function_update_result
9352 ······with_items:·'{{·suid_audit_rules·}}'9352 ······with_items:·'{{·suid_audit_rules·}}'
9353 ······tags:9353 ······tags:
9354 ······-·DISA-STIG-OL07-00-0303609354 ······-·DISA-STIG-OL07-00-030360
9355 ······-·NIST-800-53-AC-6(9)9355 ······-·NIST-800-53-AC-6(9)
Offset 9368, 16 lines modifiedOffset 9368, 16 lines modified
  
Max diff block lines reached; 148930/154099 bytes (96.65%) of diff not shown.
151 KB
./usr/share/scap-security-guide/ansible/ol7-playbook-stig_gui.yml
Ordering differences only
    
Offset 8956, 16 lines modifiedOffset 8956, 16 lines modified
8956 ······-·reboot_required8956 ······-·reboot_required
8957 ······-·restrict_strategy8957 ······-·restrict_strategy
  
8958 ····-·name:·Set·architecture·for·audit·mount·tasks8958 ····-·name:·Set·architecture·for·audit·mount·tasks
8959 ······set_fact:8959 ······set_fact:
8960 ········audit_arch:·b648960 ········audit_arch:·b64
8961 ······when:8961 ······when:
8962 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8963 ······-·'"audit"·in·ansible_facts.packages'8962 ······-·'"audit"·in·ansible_facts.packages'
 8963 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8964 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8964 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8965 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8965 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8966 ······tags:8966 ······tags:
8967 ······-·CJIS-5.4.1.18967 ······-·CJIS-5.4.1.1
8968 ······-·DISA-STIG-OL07-00-0307408968 ······-·DISA-STIG-OL07-00-030740
8969 ······-·NIST-800-171-3.1.78969 ······-·NIST-800-171-3.1.7
8970 ······-·NIST-800-53-AC-6(9)8970 ······-·NIST-800-53-AC-6(9)
Offset 9097, 16 lines modifiedOffset 9097, 16 lines modified
9097 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009097 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9098 ············-F·auid!=unset·-F·key=perm_mod9098 ············-F·auid!=unset·-F·key=perm_mod
9099 ··········create:·true9099 ··········create:·true
9100 ··········mode:·o-rwx9100 ··········mode:·o-rwx
9101 ··········state:·present9101 ··········state:·present
9102 ········when:·syscalls_found·|·length·==·09102 ········when:·syscalls_found·|·length·==·0
9103 ······when:9103 ······when:
9104 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9105 ······-·'"audit"·in·ansible_facts.packages'9104 ······-·'"audit"·in·ansible_facts.packages'
 9105 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9106 ······tags:9106 ······tags:
9107 ······-·CJIS-5.4.1.19107 ······-·CJIS-5.4.1.1
9108 ······-·DISA-STIG-OL07-00-0307409108 ······-·DISA-STIG-OL07-00-030740
9109 ······-·NIST-800-171-3.1.79109 ······-·NIST-800-171-3.1.7
9110 ······-·NIST-800-53-AC-6(9)9110 ······-·NIST-800-53-AC-6(9)
9111 ······-·NIST-800-53-AU-12(c)9111 ······-·NIST-800-53-AU-12(c)
9112 ······-·NIST-800-53-AU-2(d)9112 ······-·NIST-800-53-AU-2(d)
Offset 9236, 16 lines modifiedOffset 9236, 16 lines modified
9236 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009236 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9237 ············-F·auid!=unset·-F·key=perm_mod9237 ············-F·auid!=unset·-F·key=perm_mod
9238 ··········create:·true9238 ··········create:·true
9239 ··········mode:·o-rwx9239 ··········mode:·o-rwx
9240 ··········state:·present9240 ··········state:·present
9241 ········when:·syscalls_found·|·length·==·09241 ········when:·syscalls_found·|·length·==·0
9242 ······when:9242 ······when:
9243 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9244 ······-·'"audit"·in·ansible_facts.packages'9243 ······-·'"audit"·in·ansible_facts.packages'
 9244 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9245 ······-·audit_arch·==·"b64"9245 ······-·audit_arch·==·"b64"
9246 ······tags:9246 ······tags:
9247 ······-·CJIS-5.4.1.19247 ······-·CJIS-5.4.1.1
9248 ······-·DISA-STIG-OL07-00-0307409248 ······-·DISA-STIG-OL07-00-030740
9249 ······-·NIST-800-171-3.1.79249 ······-·NIST-800-171-3.1.7
9250 ······-·NIST-800-53-AC-6(9)9250 ······-·NIST-800-53-AC-6(9)
9251 ······-·NIST-800-53-AU-12(c)9251 ······-·NIST-800-53-AU-12(c)
Offset 9277, 16 lines modifiedOffset 9277, 16 lines modified
9277 ······-·medium_severity9277 ······-·medium_severity
9278 ······-·no_reboot_needed9278 ······-·no_reboot_needed
9279 ······-·restrict_strategy9279 ······-·restrict_strategy
  
9280 ····-·name:·Service·facts9280 ····-·name:·Service·facts
9281 ······service_facts:·null9281 ······service_facts:·null
9282 ······when:9282 ······when:
9283 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9284 ······-·'"audit"·in·ansible_facts.packages'9283 ······-·'"audit"·in·ansible_facts.packages'
 9284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9285 ······tags:9285 ······tags:
9286 ······-·DISA-STIG-OL07-00-0303609286 ······-·DISA-STIG-OL07-00-030360
9287 ······-·NIST-800-53-AC-6(9)9287 ······-·NIST-800-53-AC-6(9)
9288 ······-·NIST-800-53-AU-12(3)9288 ······-·NIST-800-53-AU-12(3)
9289 ······-·NIST-800-53-AU-7(a)9289 ······-·NIST-800-53-AU-7(a)
9290 ······-·NIST-800-53-AU-7(b)9290 ······-·NIST-800-53-AU-7(b)
9291 ······-·NIST-800-53-AU-8(b)9291 ······-·NIST-800-53-AU-8(b)
Offset 9298, 16 lines modifiedOffset 9298, 16 lines modified
9298 ······-·no_reboot_needed9298 ······-·no_reboot_needed
9299 ······-·restrict_strategy9299 ······-·restrict_strategy
  
9300 ····-·name:·Check·the·rules·script·being·used9300 ····-·name:·Check·the·rules·script·being·used
9301 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service9301 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service
9302 ······register:·check_rules_scripts_result9302 ······register:·check_rules_scripts_result
9303 ······when:9303 ······when:
9304 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9305 ······-·'"audit"·in·ansible_facts.packages'9304 ······-·'"audit"·in·ansible_facts.packages'
 9305 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9306 ······tags:9306 ······tags:
9307 ······-·DISA-STIG-OL07-00-0303609307 ······-·DISA-STIG-OL07-00-030360
9308 ······-·NIST-800-53-AC-6(9)9308 ······-·NIST-800-53-AC-6(9)
9309 ······-·NIST-800-53-AU-12(3)9309 ······-·NIST-800-53-AU-12(3)
9310 ······-·NIST-800-53-AU-7(a)9310 ······-·NIST-800-53-AU-7(a)
9311 ······-·NIST-800-53-AU-7(b)9311 ······-·NIST-800-53-AU-7(b)
9312 ······-·NIST-800-53-AU-8(b)9312 ······-·NIST-800-53-AU-8(b)
Offset 9323, 16 lines modifiedOffset 9323, 16 lines modified
9323 ······set_fact:9323 ······set_fact:
9324 ········suid_audit_rules:9324 ········suid_audit_rules:
9325 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9325 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9326 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9326 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9327 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9327 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9328 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9328 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9329 ······when:9329 ······when:
9330 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9331 ······-·'"audit"·in·ansible_facts.packages'9330 ······-·'"audit"·in·ansible_facts.packages'
 9331 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9332 ······tags:9332 ······tags:
9333 ······-·DISA-STIG-OL07-00-0303609333 ······-·DISA-STIG-OL07-00-030360
9334 ······-·NIST-800-53-AC-6(9)9334 ······-·NIST-800-53-AC-6(9)
9335 ······-·NIST-800-53-AU-12(3)9335 ······-·NIST-800-53-AU-12(3)
9336 ······-·NIST-800-53-AU-7(a)9336 ······-·NIST-800-53-AU-7(a)
9337 ······-·NIST-800-53-AU-7(b)9337 ······-·NIST-800-53-AU-7(b)
9338 ······-·NIST-800-53-AU-8(b)9338 ······-·NIST-800-53-AU-8(b)
Offset 9346, 16 lines modifiedOffset 9346, 16 lines modified
  
9346 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions9346 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions
9347 ······lineinfile:9347 ······lineinfile:
9348 ········path:·/etc/audit/rules.d/privileged.rules9348 ········path:·/etc/audit/rules.d/privileged.rules
9349 ········line:·'{{··item··}}'9349 ········line:·'{{··item··}}'
9350 ········create:·true9350 ········create:·true
9351 ······when:9351 ······when:
9352 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9353 ······-·'"audit"·in·ansible_facts.packages'9352 ······-·'"audit"·in·ansible_facts.packages'
 9353 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9354 ······-·'"auditd.service"·in·ansible_facts.services'9354 ······-·'"auditd.service"·in·ansible_facts.services'
9355 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'9355 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'
9356 ······register:·augenrules_audit_rules_privilege_function_update_result9356 ······register:·augenrules_audit_rules_privilege_function_update_result
9357 ······with_items:·'{{·suid_audit_rules·}}'9357 ······with_items:·'{{·suid_audit_rules·}}'
9358 ······tags:9358 ······tags:
9359 ······-·DISA-STIG-OL07-00-0303609359 ······-·DISA-STIG-OL07-00-030360
9360 ······-·NIST-800-53-AC-6(9)9360 ······-·NIST-800-53-AC-6(9)
Offset 9373, 16 lines modifiedOffset 9373, 16 lines modified
  
Max diff block lines reached; 148932/154101 bytes (96.65%) of diff not shown.
908 B
./usr/share/scap-security-guide/ansible/ol8-playbook-anssi_bp28_enhanced.yml
Ordering differences only
    
Offset 5459, 16 lines modifiedOffset 5459, 16 lines modified
5459 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5459 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5460 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5460 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5461 ··········create:·true5461 ··········create:·true
5462 ··········mode:·o-rwx5462 ··········mode:·o-rwx
5463 ··········state:·present5463 ··········state:·present
5464 ········when:·syscalls_found·|·length·==·05464 ········when:·syscalls_found·|·length·==·0
5465 ······when:5465 ······when:
5466 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5467 ······-·'"audit"·in·ansible_facts.packages'5466 ······-·'"audit"·in·ansible_facts.packages'
 5467 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5468 ······tags:5468 ······tags:
5469 ······-·DISA-STIG-OL08-00-0305505469 ······-·DISA-STIG-OL08-00-030550
5470 ······-·NIST-800-171-3.1.75470 ······-·NIST-800-171-3.1.7
5471 ······-·NIST-800-53-AC-6(9)5471 ······-·NIST-800-53-AC-6(9)
5472 ······-·NIST-800-53-AU-12(c)5472 ······-·NIST-800-53-AU-12(c)
5473 ······-·NIST-800-53-AU-2(d)5473 ······-·NIST-800-53-AU-2(d)
5474 ······-·NIST-800-53-CM-6(a)5474 ······-·NIST-800-53-CM-6(a)
900 B
./usr/share/scap-security-guide/ansible/ol8-playbook-anssi_bp28_high.yml
Ordering differences only
    
Offset 5607, 16 lines modifiedOffset 5607, 16 lines modified
5607 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5607 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5608 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5608 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5609 ··········create:·true5609 ··········create:·true
5610 ··········mode:·o-rwx5610 ··········mode:·o-rwx
5611 ··········state:·present5611 ··········state:·present
5612 ········when:·syscalls_found·|·length·==·05612 ········when:·syscalls_found·|·length·==·0
5613 ······when:5613 ······when:
5614 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5615 ······-·'"audit"·in·ansible_facts.packages'5614 ······-·'"audit"·in·ansible_facts.packages'
 5615 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5616 ······tags:5616 ······tags:
5617 ······-·DISA-STIG-OL08-00-0305505617 ······-·DISA-STIG-OL08-00-030550
5618 ······-·NIST-800-171-3.1.75618 ······-·NIST-800-171-3.1.7
5619 ······-·NIST-800-53-AC-6(9)5619 ······-·NIST-800-53-AC-6(9)
5620 ······-·NIST-800-53-AU-12(c)5620 ······-·NIST-800-53-AU-12(c)
5621 ······-·NIST-800-53-AU-2(d)5621 ······-·NIST-800-53-AU-2(d)
5622 ······-·NIST-800-53-CM-6(a)5622 ······-·NIST-800-53-CM-6(a)
916 B
./usr/share/scap-security-guide/ansible/ol8-playbook-anssi_bp28_intermediary.yml
Ordering differences only
    
Offset 5184, 16 lines modifiedOffset 5184, 16 lines modified
5184 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5184 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5185 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5185 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5186 ··········create:·true5186 ··········create:·true
5187 ··········mode:·o-rwx5187 ··········mode:·o-rwx
5188 ··········state:·present5188 ··········state:·present
5189 ········when:·syscalls_found·|·length·==·05189 ········when:·syscalls_found·|·length·==·0
5190 ······when:5190 ······when:
5191 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5192 ······-·'"audit"·in·ansible_facts.packages'5191 ······-·'"audit"·in·ansible_facts.packages'
 5192 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5193 ······tags:5193 ······tags:
5194 ······-·DISA-STIG-OL08-00-0305505194 ······-·DISA-STIG-OL08-00-030550
5195 ······-·NIST-800-171-3.1.75195 ······-·NIST-800-171-3.1.7
5196 ······-·NIST-800-53-AC-6(9)5196 ······-·NIST-800-53-AC-6(9)
5197 ······-·NIST-800-53-AU-12(c)5197 ······-·NIST-800-53-AU-12(c)
5198 ······-·NIST-800-53-AU-2(d)5198 ······-·NIST-800-53-AU-2(d)
5199 ······-·NIST-800-53-CM-6(a)5199 ······-·NIST-800-53-CM-6(a)
109 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-cjis.yml
Ordering differences only
    
Offset 2492, 16 lines modifiedOffset 2492, 16 lines modified
  
2492 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension2492 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
2493 ······find:2493 ······find:
2494 ········paths:·/etc/audit/rules.d/2494 ········paths:·/etc/audit/rules.d/
2495 ········patterns:·'*.rules'2495 ········patterns:·'*.rules'
2496 ······register:·find_rules_d2496 ······register:·find_rules_d
2497 ······when:2497 ······when:
2498 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2499 ······-·'"audit"·in·ansible_facts.packages'2498 ······-·'"audit"·in·ansible_facts.packages'
 2499 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2500 ······tags:2500 ······tags:
2501 ······-·CJIS-5.4.1.12501 ······-·CJIS-5.4.1.1
2502 ······-·DISA-STIG-OL08-00-0301212502 ······-·DISA-STIG-OL08-00-030121
2503 ······-·NIST-800-171-3.3.12503 ······-·NIST-800-171-3.3.1
2504 ······-·NIST-800-171-3.4.32504 ······-·NIST-800-171-3.4.3
2505 ······-·NIST-800-53-AC-6(9)2505 ······-·NIST-800-53-AC-6(9)
2506 ······-·NIST-800-53-CM-6(a)2506 ······-·NIST-800-53-CM-6(a)
Offset 2517, 16 lines modifiedOffset 2517, 16 lines modified
2517 ······lineinfile:2517 ······lineinfile:
2518 ········path:·'{{·item·}}'2518 ········path:·'{{·item·}}'
2519 ········regexp:·^\s*(?:-e)\s+.*$2519 ········regexp:·^\s*(?:-e)\s+.*$
2520 ········state:·absent2520 ········state:·absent
2521 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']2521 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
2522 ········}}'2522 ········}}'
2523 ······when:2523 ······when:
2524 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2525 ······-·'"audit"·in·ansible_facts.packages'2524 ······-·'"audit"·in·ansible_facts.packages'
 2525 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2526 ······tags:2526 ······tags:
2527 ······-·CJIS-5.4.1.12527 ······-·CJIS-5.4.1.1
2528 ······-·DISA-STIG-OL08-00-0301212528 ······-·DISA-STIG-OL08-00-030121
2529 ······-·NIST-800-171-3.3.12529 ······-·NIST-800-171-3.3.1
2530 ······-·NIST-800-171-3.4.32530 ······-·NIST-800-171-3.4.3
2531 ······-·NIST-800-53-AC-6(9)2531 ······-·NIST-800-53-AC-6(9)
2532 ······-·NIST-800-53-CM-6(a)2532 ······-·NIST-800-53-CM-6(a)
Offset 2544, 16 lines modifiedOffset 2544, 16 lines modified
2544 ········create:·true2544 ········create:·true
2545 ········line:·-e·22545 ········line:·-e·2
2546 ········mode:·o-rwx2546 ········mode:·o-rwx
2547 ······loop:2547 ······loop:
2548 ······-·/etc/audit/audit.rules2548 ······-·/etc/audit/audit.rules
2549 ······-·/etc/audit/rules.d/immutable.rules2549 ······-·/etc/audit/rules.d/immutable.rules
2550 ······when:2550 ······when:
2551 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2552 ······-·'"audit"·in·ansible_facts.packages'2551 ······-·'"audit"·in·ansible_facts.packages'
 2552 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2553 ······tags:2553 ······tags:
2554 ······-·CJIS-5.4.1.12554 ······-·CJIS-5.4.1.1
2555 ······-·DISA-STIG-OL08-00-0301212555 ······-·DISA-STIG-OL08-00-030121
2556 ······-·NIST-800-171-3.3.12556 ······-·NIST-800-171-3.3.1
2557 ······-·NIST-800-171-3.4.32557 ······-·NIST-800-171-3.4.3
2558 ······-·NIST-800-53-AC-6(9)2558 ······-·NIST-800-53-AC-6(9)
2559 ······-·NIST-800-53-CM-6(a)2559 ······-·NIST-800-53-CM-6(a)
Offset 2586, 16 lines modifiedOffset 2586, 16 lines modified
2586 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/2586 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
2587 ······find:2587 ······find:
2588 ········paths:·/etc/audit/rules.d2588 ········paths:·/etc/audit/rules.d
2589 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+2589 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
2590 ········patterns:·'*.rules'2590 ········patterns:·'*.rules'
2591 ······register:·find_existing_watch_rules_d2591 ······register:·find_existing_watch_rules_d
2592 ······when:2592 ······when:
2593 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2594 ······-·'"audit"·in·ansible_facts.packages'2593 ······-·'"audit"·in·ansible_facts.packages'
 2594 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2595 ······tags:2595 ······tags:
2596 ······-·CJIS-5.4.1.12596 ······-·CJIS-5.4.1.1
2597 ······-·NIST-800-171-3.1.82597 ······-·NIST-800-171-3.1.8
2598 ······-·NIST-800-53-AU-12(c)2598 ······-·NIST-800-53-AU-12(c)
2599 ······-·NIST-800-53-AU-2(d)2599 ······-·NIST-800-53-AU-2(d)
2600 ······-·NIST-800-53-CM-6(a)2600 ······-·NIST-800-53-CM-6(a)
2601 ······-·PCI-DSS-Req-10.5.52601 ······-·PCI-DSS-Req-10.5.5
Offset 2609, 16 lines modifiedOffset 2609, 16 lines modified
2609 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy2609 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
2610 ······find:2610 ······find:
2611 ········paths:·/etc/audit/rules.d2611 ········paths:·/etc/audit/rules.d
2612 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$2612 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
2613 ········patterns:·'*.rules'2613 ········patterns:·'*.rules'
2614 ······register:·find_watch_key2614 ······register:·find_watch_key
2615 ······when:2615 ······when:
2616 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2617 ······-·'"audit"·in·ansible_facts.packages'2616 ······-·'"audit"·in·ansible_facts.packages'
 2617 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2618 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched2618 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
2619 ········==·02619 ········==·0
2620 ······tags:2620 ······tags:
2621 ······-·CJIS-5.4.1.12621 ······-·CJIS-5.4.1.1
2622 ······-·NIST-800-171-3.1.82622 ······-·NIST-800-171-3.1.8
2623 ······-·NIST-800-53-AU-12(c)2623 ······-·NIST-800-53-AU-12(c)
2624 ······-·NIST-800-53-AU-2(d)2624 ······-·NIST-800-53-AU-2(d)
Offset 2632, 16 lines modifiedOffset 2632, 16 lines modified
2632 ······-·restrict_strategy2632 ······-·restrict_strategy
  
2633 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule2633 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
2634 ······set_fact:2634 ······set_fact:
2635 ········all_files:2635 ········all_files:
2636 ········-·/etc/audit/rules.d/MAC-policy.rules2636 ········-·/etc/audit/rules.d/MAC-policy.rules
2637 ······when:2637 ······when:
2638 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2639 ······-·'"audit"·in·ansible_facts.packages'2638 ······-·'"audit"·in·ansible_facts.packages'
 2639 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2640 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched2640 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
2641 ········is·defined·and·find_existing_watch_rules_d.matched·==·02641 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
2642 ······tags:2642 ······tags:
2643 ······-·CJIS-5.4.1.12643 ······-·CJIS-5.4.1.1
2644 ······-·NIST-800-171-3.1.82644 ······-·NIST-800-171-3.1.8
2645 ······-·NIST-800-53-AU-12(c)2645 ······-·NIST-800-53-AU-12(c)
2646 ······-·NIST-800-53-AU-2(d)2646 ······-·NIST-800-53-AU-2(d)
Offset 2655, 16 lines modifiedOffset 2655, 16 lines modified
2655 ······-·restrict_strategy2655 ······-·restrict_strategy
  
2656 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule2656 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
2657 ······set_fact:2657 ······set_fact:
2658 ········all_files:2658 ········all_files:
2659 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'2659 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
2660 ······when:2660 ······when:
2661 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2662 ······-·'"audit"·in·ansible_facts.packages'2661 ······-·'"audit"·in·ansible_facts.packages'
 2662 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2663 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched2663 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
2664 ········is·defined·and·find_existing_watch_rules_d.matched·==·02664 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
2665 ······tags:2665 ······tags:
2666 ······-·CJIS-5.4.1.12666 ······-·CJIS-5.4.1.1
2667 ······-·NIST-800-171-3.1.82667 ······-·NIST-800-171-3.1.8
2668 ······-·NIST-800-53-AU-12(c)2668 ······-·NIST-800-53-AU-12(c)
2669 ······-·NIST-800-53-AU-2(d)2669 ······-·NIST-800-53-AU-2(d)
Offset 2680, 16 lines modifiedOffset 2680, 16 lines modified
2680 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/2680 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 106224/111277 bytes (95.46%) of diff not shown.
3.85 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-cui.yml
Ordering differences only
    
Offset 4761, 16 lines modifiedOffset 4761, 16 lines modified
4761 ······lineinfile:4761 ······lineinfile:
4762 ········dest:·/etc/audit/auditd.conf4762 ········dest:·/etc/audit/auditd.conf
4763 ········regexp:·^\s*flush\s*=\s*.*$4763 ········regexp:·^\s*flush\s*=\s*.*$
4764 ········line:·flush·=·{{·var_auditd_flush·}}4764 ········line:·flush·=·{{·var_auditd_flush·}}
4765 ········state:·present4765 ········state:·present
4766 ········create:·true4766 ········create:·true
4767 ······when:4767 ······when:
4768 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4769 ······-·'"audit"·in·ansible_facts.packages'4768 ······-·'"audit"·in·ansible_facts.packages'
 4769 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4770 ······tags:4770 ······tags:
4771 ······-·NIST-800-171-3.3.14771 ······-·NIST-800-171-3.3.1
4772 ······-·NIST-800-53-AU-114772 ······-·NIST-800-53-AU-11
4773 ······-·NIST-800-53-CM-6(a)4773 ······-·NIST-800-53-CM-6(a)
4774 ······-·auditd_data_retention_flush4774 ······-·auditd_data_retention_flush
4775 ······-·low_complexity4775 ······-·low_complexity
4776 ······-·low_disruption4776 ······-·low_disruption
Offset 4816, 16 lines modifiedOffset 4816, 16 lines modified
4816 ········lineinfile:4816 ········lineinfile:
4817 ··········path:·/etc/audit/auditd.conf4817 ··········path:·/etc/audit/auditd.conf
4818 ··········create:·true4818 ··········create:·true
4819 ··········regexp:·(?i)^\s*freq\s*=\s*4819 ··········regexp:·(?i)^\s*freq\s*=\s*
4820 ··········line:·freq·=·504820 ··········line:·freq·=·50
4821 ··········state:·present4821 ··········state:·present
4822 ······when:4822 ······when:
4823 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4824 ······-·'"audit"·in·ansible_facts.packages'4823 ······-·'"audit"·in·ansible_facts.packages'
 4824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4825 ······tags:4825 ······tags:
4826 ······-·NIST-800-53-CM-64826 ······-·NIST-800-53-CM-6
4827 ······-·auditd_freq4827 ······-·auditd_freq
4828 ······-·low_complexity4828 ······-·low_complexity
4829 ······-·low_disruption4829 ······-·low_disruption
4830 ······-·medium_severity4830 ······-·medium_severity
4831 ······-·no_reboot_needed4831 ······-·no_reboot_needed
Offset 4870, 16 lines modifiedOffset 4870, 16 lines modified
4870 ········lineinfile:4870 ········lineinfile:
4871 ··········path:·/etc/audit/auditd.conf4871 ··········path:·/etc/audit/auditd.conf
4872 ··········create:·true4872 ··········create:·true
4873 ··········regexp:·(?i)^\s*local_events\s*=\s*4873 ··········regexp:·(?i)^\s*local_events\s*=\s*
4874 ··········line:·local_events·=·yes4874 ··········line:·local_events·=·yes
4875 ··········state:·present4875 ··········state:·present
4876 ······when:4876 ······when:
4877 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4878 ······-·'"audit"·in·ansible_facts.packages'4877 ······-·'"audit"·in·ansible_facts.packages'
 4878 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4879 ······tags:4879 ······tags:
4880 ······-·DISA-STIG-OL08-00-0300614880 ······-·DISA-STIG-OL08-00-030061
4881 ······-·NIST-800-53-CM-64881 ······-·NIST-800-53-CM-6
4882 ······-·auditd_local_events4882 ······-·auditd_local_events
4883 ······-·low_complexity4883 ······-·low_complexity
4884 ······-·low_disruption4884 ······-·low_disruption
4885 ······-·medium_severity4885 ······-·medium_severity
Offset 4926, 16 lines modifiedOffset 4926, 16 lines modified
4926 ········lineinfile:4926 ········lineinfile:
4927 ··········path:·/etc/audit/auditd.conf4927 ··········path:·/etc/audit/auditd.conf
4928 ··········create:·true4928 ··········create:·true
4929 ··········regexp:·(?i)^\s*log_format\s*=\s*4929 ··········regexp:·(?i)^\s*log_format\s*=\s*
4930 ··········line:·log_format·=·ENRICHED4930 ··········line:·log_format·=·ENRICHED
4931 ··········state:·present4931 ··········state:·present
4932 ······when:4932 ······when:
4933 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4934 ······-·'"audit"·in·ansible_facts.packages'4933 ······-·'"audit"·in·ansible_facts.packages'
 4934 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4935 ······tags:4935 ······tags:
4936 ······-·DISA-STIG-OL08-00-0300634936 ······-·DISA-STIG-OL08-00-030063
4937 ······-·NIST-800-53-AU-34937 ······-·NIST-800-53-AU-3
4938 ······-·NIST-800-53-CM-64938 ······-·NIST-800-53-CM-6
4939 ······-·auditd_log_format4939 ······-·auditd_log_format
4940 ······-·low_complexity4940 ······-·low_complexity
4941 ······-·low_disruption4941 ······-·low_disruption
Offset 4983, 16 lines modifiedOffset 4983, 16 lines modified
4983 ········lineinfile:4983 ········lineinfile:
4984 ··········path:·/etc/audit/auditd.conf4984 ··········path:·/etc/audit/auditd.conf
4985 ··········create:·true4985 ··········create:·true
4986 ··········regexp:·(?i)^\s*name_format\s*=\s*4986 ··········regexp:·(?i)^\s*name_format\s*=\s*
4987 ··········line:·name_format·=·hostname4987 ··········line:·name_format·=·hostname
4988 ··········state:·present4988 ··········state:·present
4989 ······when:4989 ······when:
4990 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4991 ······-·'"audit"·in·ansible_facts.packages'4990 ······-·'"audit"·in·ansible_facts.packages'
 4991 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4992 ······tags:4992 ······tags:
4993 ······-·DISA-STIG-OL08-00-0300624993 ······-·DISA-STIG-OL08-00-030062
4994 ······-·NIST-800-53-AU-34994 ······-·NIST-800-53-AU-3
4995 ······-·NIST-800-53-CM-64995 ······-·NIST-800-53-CM-6
4996 ······-·auditd_name_format4996 ······-·auditd_name_format
4997 ······-·low_complexity4997 ······-·low_complexity
4998 ······-·low_disruption4998 ······-·low_disruption
Offset 5038, 16 lines modifiedOffset 5038, 16 lines modified
5038 ········lineinfile:5038 ········lineinfile:
5039 ··········path:·/etc/audit/auditd.conf5039 ··········path:·/etc/audit/auditd.conf
5040 ··········create:·true5040 ··········create:·true
5041 ··········regexp:·(?i)^\s*write_logs\s*=\s*5041 ··········regexp:·(?i)^\s*write_logs\s*=\s*
5042 ··········line:·write_logs·=·yes5042 ··········line:·write_logs·=·yes
5043 ··········state:·present5043 ··········state:·present
5044 ······when:5044 ······when:
5045 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5046 ······-·'"audit"·in·ansible_facts.packages'5045 ······-·'"audit"·in·ansible_facts.packages'
 5046 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5047 ······tags:5047 ······tags:
5048 ······-·NIST-800-53-CM-65048 ······-·NIST-800-53-CM-6
5049 ······-·auditd_write_logs5049 ······-·auditd_write_logs
5050 ······-·low_complexity5050 ······-·low_complexity
5051 ······-·low_disruption5051 ······-·low_disruption
5052 ······-·medium_severity5052 ······-·medium_severity
5053 ······-·no_reboot_needed5053 ······-·no_reboot_needed
74.8 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-e8.yml
Ordering differences only
    
Offset 980, 16 lines modifiedOffset 980, 16 lines modified
980 ······-·no_reboot_needed980 ······-·no_reboot_needed
981 ······-·restrict_strategy981 ······-·restrict_strategy
  
982 ····-·name:·Set·architecture·for·audit·tasks982 ····-·name:·Set·architecture·for·audit·tasks
983 ······set_fact:983 ······set_fact:
984 ········audit_arch:·b64984 ········audit_arch:·b64
985 ······when:985 ······when:
986 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
987 ······-·'"audit"·in·ansible_facts.packages'986 ······-·'"audit"·in·ansible_facts.packages'
 987 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
988 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture988 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
989 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"989 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
990 ······tags:990 ······tags:
991 ······-·CJIS-5.4.1.1991 ······-·CJIS-5.4.1.1
992 ······-·NIST-800-171-3.1.7992 ······-·NIST-800-171-3.1.7
993 ······-·NIST-800-53-AC-6(9)993 ······-·NIST-800-53-AC-6(9)
994 ······-·NIST-800-53-AU-12(c)994 ······-·NIST-800-53-AU-12(c)
Offset 1122, 16 lines modifiedOffset 1122, 16 lines modified
1122 ··········path:·'{{·audit_file·}}'1122 ··········path:·'{{·audit_file·}}'
1123 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1123 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1124 ··········create:·true1124 ··········create:·true
1125 ··········mode:·o-rwx1125 ··········mode:·o-rwx
1126 ··········state:·present1126 ··········state:·present
1127 ········when:·syscalls_found·|·length·==·01127 ········when:·syscalls_found·|·length·==·0
1128 ······when:1128 ······when:
1129 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1130 ······-·'"audit"·in·ansible_facts.packages'1129 ······-·'"audit"·in·ansible_facts.packages'
 1130 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1131 ······tags:1131 ······tags:
1132 ······-·CJIS-5.4.1.11132 ······-·CJIS-5.4.1.1
1133 ······-·NIST-800-171-3.1.71133 ······-·NIST-800-171-3.1.7
1134 ······-·NIST-800-53-AC-6(9)1134 ······-·NIST-800-53-AC-6(9)
1135 ······-·NIST-800-53-AU-12(c)1135 ······-·NIST-800-53-AU-12(c)
1136 ······-·NIST-800-53-AU-2(d)1136 ······-·NIST-800-53-AU-2(d)
1137 ······-·NIST-800-53-CM-6(a)1137 ······-·NIST-800-53-CM-6(a)
Offset 1262, 16 lines modifiedOffset 1262, 16 lines modified
1262 ··········path:·'{{·audit_file·}}'1262 ··········path:·'{{·audit_file·}}'
1263 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1263 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1264 ··········create:·true1264 ··········create:·true
1265 ··········mode:·o-rwx1265 ··········mode:·o-rwx
1266 ··········state:·present1266 ··········state:·present
1267 ········when:·syscalls_found·|·length·==·01267 ········when:·syscalls_found·|·length·==·0
1268 ······when:1268 ······when:
1269 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1270 ······-·'"audit"·in·ansible_facts.packages'1269 ······-·'"audit"·in·ansible_facts.packages'
 1270 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1271 ······-·audit_arch·==·"b64"1271 ······-·audit_arch·==·"b64"
1272 ······tags:1272 ······tags:
1273 ······-·CJIS-5.4.1.11273 ······-·CJIS-5.4.1.1
1274 ······-·NIST-800-171-3.1.71274 ······-·NIST-800-171-3.1.7
1275 ······-·NIST-800-53-AC-6(9)1275 ······-·NIST-800-53-AC-6(9)
1276 ······-·NIST-800-53-AU-12(c)1276 ······-·NIST-800-53-AU-12(c)
1277 ······-·NIST-800-53-AU-2(d)1277 ······-·NIST-800-53-AU-2(d)
Offset 1287, 16 lines modifiedOffset 1287, 16 lines modified
1287 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/1287 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
1288 ······find:1288 ······find:
1289 ········paths:·/etc/audit/rules.d1289 ········paths:·/etc/audit/rules.d
1290 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+1290 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
1291 ········patterns:·'*.rules'1291 ········patterns:·'*.rules'
1292 ······register:·find_existing_watch_rules_d1292 ······register:·find_existing_watch_rules_d
1293 ······when:1293 ······when:
1294 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1295 ······-·'"audit"·in·ansible_facts.packages'1294 ······-·'"audit"·in·ansible_facts.packages'
 1295 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1296 ······tags:1296 ······tags:
1297 ······-·CJIS-5.4.1.11297 ······-·CJIS-5.4.1.1
1298 ······-·NIST-800-171-3.1.71298 ······-·NIST-800-171-3.1.7
1299 ······-·NIST-800-53-AC-6(9)1299 ······-·NIST-800-53-AC-6(9)
1300 ······-·NIST-800-53-AU-12(c)1300 ······-·NIST-800-53-AU-12(c)
1301 ······-·NIST-800-53-AU-2(d)1301 ······-·NIST-800-53-AU-2(d)
1302 ······-·NIST-800-53-CM-6(a)1302 ······-·NIST-800-53-CM-6(a)
Offset 1311, 16 lines modifiedOffset 1311, 16 lines modified
1311 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification1311 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
1312 ······find:1312 ······find:
1313 ········paths:·/etc/audit/rules.d1313 ········paths:·/etc/audit/rules.d
1314 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$1314 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
1315 ········patterns:·'*.rules'1315 ········patterns:·'*.rules'
1316 ······register:·find_watch_key1316 ······register:·find_watch_key
1317 ······when:1317 ······when:
1318 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1319 ······-·'"audit"·in·ansible_facts.packages'1318 ······-·'"audit"·in·ansible_facts.packages'
 1319 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1320 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1320 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1321 ········==·01321 ········==·0
1322 ······tags:1322 ······tags:
1323 ······-·CJIS-5.4.1.11323 ······-·CJIS-5.4.1.1
1324 ······-·NIST-800-171-3.1.71324 ······-·NIST-800-171-3.1.7
1325 ······-·NIST-800-53-AC-6(9)1325 ······-·NIST-800-53-AC-6(9)
1326 ······-·NIST-800-53-AU-12(c)1326 ······-·NIST-800-53-AU-12(c)
Offset 1336, 16 lines modifiedOffset 1336, 16 lines modified
  
1336 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the1336 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
1337 ········recipient·for·the·rule1337 ········recipient·for·the·rule
1338 ······set_fact:1338 ······set_fact:
1339 ········all_files:1339 ········all_files:
1340 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules1340 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
1341 ······when:1341 ······when:
1342 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1343 ······-·'"audit"·in·ansible_facts.packages'1342 ······-·'"audit"·in·ansible_facts.packages'
 1343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1344 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1344 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1345 ········is·defined·and·find_existing_watch_rules_d.matched·==·01345 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1346 ······tags:1346 ······tags:
1347 ······-·CJIS-5.4.1.11347 ······-·CJIS-5.4.1.1
1348 ······-·NIST-800-171-3.1.71348 ······-·NIST-800-171-3.1.7
1349 ······-·NIST-800-53-AC-6(9)1349 ······-·NIST-800-53-AC-6(9)
1350 ······-·NIST-800-53-AU-12(c)1350 ······-·NIST-800-53-AU-12(c)
Offset 1360, 16 lines modifiedOffset 1360, 16 lines modified
1360 ······-·restrict_strategy1360 ······-·restrict_strategy
  
1361 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1361 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1362 ······set_fact:1362 ······set_fact:
1363 ········all_files:1363 ········all_files:
1364 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1364 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1365 ······when:1365 ······when:
1366 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1367 ······-·'"audit"·in·ansible_facts.packages'1366 ······-·'"audit"·in·ansible_facts.packages'
 1367 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1368 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1368 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1369 ········is·defined·and·find_existing_watch_rules_d.matched·==·01369 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1370 ······tags:1370 ······tags:
1371 ······-·CJIS-5.4.1.11371 ······-·CJIS-5.4.1.1
1372 ······-·NIST-800-171-3.1.71372 ······-·NIST-800-171-3.1.7
1373 ······-·NIST-800-53-AC-6(9)1373 ······-·NIST-800-53-AC-6(9)
1374 ······-·NIST-800-53-AU-12(c)1374 ······-·NIST-800-53-AU-12(c)
Offset 1386, 16 lines modifiedOffset 1386, 16 lines modified
1386 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/1386 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 71016/76414 bytes (92.94%) of diff not shown.
195 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-hipaa.yml
Ordering differences only
    
Offset 1185, 16 lines modifiedOffset 1185, 16 lines modified
  
1185 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1185 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1186 ······find:1186 ······find:
1187 ········paths:·/etc/audit/rules.d/1187 ········paths:·/etc/audit/rules.d/
1188 ········patterns:·'*.rules'1188 ········patterns:·'*.rules'
1189 ······register:·find_rules_d1189 ······register:·find_rules_d
1190 ······when:1190 ······when:
1191 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1192 ······-·'"audit"·in·ansible_facts.packages'1191 ······-·'"audit"·in·ansible_facts.packages'
 1192 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1193 ······tags:1193 ······tags:
1194 ······-·CJIS-5.4.1.11194 ······-·CJIS-5.4.1.1
1195 ······-·DISA-STIG-OL08-00-0301211195 ······-·DISA-STIG-OL08-00-030121
1196 ······-·NIST-800-171-3.3.11196 ······-·NIST-800-171-3.3.1
1197 ······-·NIST-800-171-3.4.31197 ······-·NIST-800-171-3.4.3
1198 ······-·NIST-800-53-AC-6(9)1198 ······-·NIST-800-53-AC-6(9)
1199 ······-·NIST-800-53-CM-6(a)1199 ······-·NIST-800-53-CM-6(a)
Offset 1210, 16 lines modifiedOffset 1210, 16 lines modified
1210 ······lineinfile:1210 ······lineinfile:
1211 ········path:·'{{·item·}}'1211 ········path:·'{{·item·}}'
1212 ········regexp:·^\s*(?:-e)\s+.*$1212 ········regexp:·^\s*(?:-e)\s+.*$
1213 ········state:·absent1213 ········state:·absent
1214 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1214 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1215 ········}}'1215 ········}}'
1216 ······when:1216 ······when:
1217 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1218 ······-·'"audit"·in·ansible_facts.packages'1217 ······-·'"audit"·in·ansible_facts.packages'
 1218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1219 ······tags:1219 ······tags:
1220 ······-·CJIS-5.4.1.11220 ······-·CJIS-5.4.1.1
1221 ······-·DISA-STIG-OL08-00-0301211221 ······-·DISA-STIG-OL08-00-030121
1222 ······-·NIST-800-171-3.3.11222 ······-·NIST-800-171-3.3.1
1223 ······-·NIST-800-171-3.4.31223 ······-·NIST-800-171-3.4.3
1224 ······-·NIST-800-53-AC-6(9)1224 ······-·NIST-800-53-AC-6(9)
1225 ······-·NIST-800-53-CM-6(a)1225 ······-·NIST-800-53-CM-6(a)
Offset 1237, 16 lines modifiedOffset 1237, 16 lines modified
1237 ········create:·true1237 ········create:·true
1238 ········line:·-e·21238 ········line:·-e·2
1239 ········mode:·o-rwx1239 ········mode:·o-rwx
1240 ······loop:1240 ······loop:
1241 ······-·/etc/audit/audit.rules1241 ······-·/etc/audit/audit.rules
1242 ······-·/etc/audit/rules.d/immutable.rules1242 ······-·/etc/audit/rules.d/immutable.rules
1243 ······when:1243 ······when:
1244 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1245 ······-·'"audit"·in·ansible_facts.packages'1244 ······-·'"audit"·in·ansible_facts.packages'
 1245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1246 ······tags:1246 ······tags:
1247 ······-·CJIS-5.4.1.11247 ······-·CJIS-5.4.1.1
1248 ······-·DISA-STIG-OL08-00-0301211248 ······-·DISA-STIG-OL08-00-030121
1249 ······-·NIST-800-171-3.3.11249 ······-·NIST-800-171-3.3.1
1250 ······-·NIST-800-171-3.4.31250 ······-·NIST-800-171-3.4.3
1251 ······-·NIST-800-53-AC-6(9)1251 ······-·NIST-800-53-AC-6(9)
1252 ······-·NIST-800-53-CM-6(a)1252 ······-·NIST-800-53-CM-6(a)
Offset 1279, 16 lines modifiedOffset 1279, 16 lines modified
1279 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1279 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1280 ······find:1280 ······find:
1281 ········paths:·/etc/audit/rules.d1281 ········paths:·/etc/audit/rules.d
1282 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1282 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1283 ········patterns:·'*.rules'1283 ········patterns:·'*.rules'
1284 ······register:·find_existing_watch_rules_d1284 ······register:·find_existing_watch_rules_d
1285 ······when:1285 ······when:
1286 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1287 ······-·'"audit"·in·ansible_facts.packages'1286 ······-·'"audit"·in·ansible_facts.packages'
 1287 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1288 ······tags:1288 ······tags:
1289 ······-·CJIS-5.4.1.11289 ······-·CJIS-5.4.1.1
1290 ······-·NIST-800-171-3.1.81290 ······-·NIST-800-171-3.1.8
1291 ······-·NIST-800-53-AU-12(c)1291 ······-·NIST-800-53-AU-12(c)
1292 ······-·NIST-800-53-AU-2(d)1292 ······-·NIST-800-53-AU-2(d)
1293 ······-·NIST-800-53-CM-6(a)1293 ······-·NIST-800-53-CM-6(a)
1294 ······-·PCI-DSS-Req-10.5.51294 ······-·PCI-DSS-Req-10.5.5
Offset 1302, 16 lines modifiedOffset 1302, 16 lines modified
1302 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1302 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1303 ······find:1303 ······find:
1304 ········paths:·/etc/audit/rules.d1304 ········paths:·/etc/audit/rules.d
1305 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1305 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1306 ········patterns:·'*.rules'1306 ········patterns:·'*.rules'
1307 ······register:·find_watch_key1307 ······register:·find_watch_key
1308 ······when:1308 ······when:
1309 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1310 ······-·'"audit"·in·ansible_facts.packages'1309 ······-·'"audit"·in·ansible_facts.packages'
 1310 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1311 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1311 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1312 ········==·01312 ········==·0
1313 ······tags:1313 ······tags:
1314 ······-·CJIS-5.4.1.11314 ······-·CJIS-5.4.1.1
1315 ······-·NIST-800-171-3.1.81315 ······-·NIST-800-171-3.1.8
1316 ······-·NIST-800-53-AU-12(c)1316 ······-·NIST-800-53-AU-12(c)
1317 ······-·NIST-800-53-AU-2(d)1317 ······-·NIST-800-53-AU-2(d)
Offset 1325, 16 lines modifiedOffset 1325, 16 lines modified
1325 ······-·restrict_strategy1325 ······-·restrict_strategy
  
1326 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1326 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1327 ······set_fact:1327 ······set_fact:
1328 ········all_files:1328 ········all_files:
1329 ········-·/etc/audit/rules.d/MAC-policy.rules1329 ········-·/etc/audit/rules.d/MAC-policy.rules
1330 ······when:1330 ······when:
1331 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1332 ······-·'"audit"·in·ansible_facts.packages'1331 ······-·'"audit"·in·ansible_facts.packages'
 1332 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1333 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1333 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1334 ········is·defined·and·find_existing_watch_rules_d.matched·==·01334 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1335 ······tags:1335 ······tags:
1336 ······-·CJIS-5.4.1.11336 ······-·CJIS-5.4.1.1
1337 ······-·NIST-800-171-3.1.81337 ······-·NIST-800-171-3.1.8
1338 ······-·NIST-800-53-AU-12(c)1338 ······-·NIST-800-53-AU-12(c)
1339 ······-·NIST-800-53-AU-2(d)1339 ······-·NIST-800-53-AU-2(d)
Offset 1348, 16 lines modifiedOffset 1348, 16 lines modified
1348 ······-·restrict_strategy1348 ······-·restrict_strategy
  
1349 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1349 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1350 ······set_fact:1350 ······set_fact:
1351 ········all_files:1351 ········all_files:
1352 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1352 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1353 ······when:1353 ······when:
1354 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1355 ······-·'"audit"·in·ansible_facts.packages'1354 ······-·'"audit"·in·ansible_facts.packages'
 1355 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1356 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1356 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1357 ········is·defined·and·find_existing_watch_rules_d.matched·==·01357 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1358 ······tags:1358 ······tags:
1359 ······-·CJIS-5.4.1.11359 ······-·CJIS-5.4.1.1
1360 ······-·NIST-800-171-3.1.81360 ······-·NIST-800-171-3.1.8
1361 ······-·NIST-800-53-AU-12(c)1361 ······-·NIST-800-53-AU-12(c)
1362 ······-·NIST-800-53-AU-2(d)1362 ······-·NIST-800-53-AU-2(d)
Offset 1373, 16 lines modifiedOffset 1373, 16 lines modified
1373 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1373 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 194971/200024 bytes (97.47%) of diff not shown.
3.86 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-ospp.yml
Ordering differences only
    
Offset 4754, 16 lines modifiedOffset 4754, 16 lines modified
4754 ······lineinfile:4754 ······lineinfile:
4755 ········dest:·/etc/audit/auditd.conf4755 ········dest:·/etc/audit/auditd.conf
4756 ········regexp:·^\s*flush\s*=\s*.*$4756 ········regexp:·^\s*flush\s*=\s*.*$
4757 ········line:·flush·=·{{·var_auditd_flush·}}4757 ········line:·flush·=·{{·var_auditd_flush·}}
4758 ········state:·present4758 ········state:·present
4759 ········create:·true4759 ········create:·true
4760 ······when:4760 ······when:
4761 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4762 ······-·'"audit"·in·ansible_facts.packages'4761 ······-·'"audit"·in·ansible_facts.packages'
 4762 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4763 ······tags:4763 ······tags:
4764 ······-·NIST-800-171-3.3.14764 ······-·NIST-800-171-3.3.1
4765 ······-·NIST-800-53-AU-114765 ······-·NIST-800-53-AU-11
4766 ······-·NIST-800-53-CM-6(a)4766 ······-·NIST-800-53-CM-6(a)
4767 ······-·auditd_data_retention_flush4767 ······-·auditd_data_retention_flush
4768 ······-·low_complexity4768 ······-·low_complexity
4769 ······-·low_disruption4769 ······-·low_disruption
Offset 4809, 16 lines modifiedOffset 4809, 16 lines modified
4809 ········lineinfile:4809 ········lineinfile:
4810 ··········path:·/etc/audit/auditd.conf4810 ··········path:·/etc/audit/auditd.conf
4811 ··········create:·true4811 ··········create:·true
4812 ··········regexp:·(?i)^\s*freq\s*=\s*4812 ··········regexp:·(?i)^\s*freq\s*=\s*
4813 ··········line:·freq·=·504813 ··········line:·freq·=·50
4814 ··········state:·present4814 ··········state:·present
4815 ······when:4815 ······when:
4816 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4817 ······-·'"audit"·in·ansible_facts.packages'4816 ······-·'"audit"·in·ansible_facts.packages'
 4817 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4818 ······tags:4818 ······tags:
4819 ······-·NIST-800-53-CM-64819 ······-·NIST-800-53-CM-6
4820 ······-·auditd_freq4820 ······-·auditd_freq
4821 ······-·low_complexity4821 ······-·low_complexity
4822 ······-·low_disruption4822 ······-·low_disruption
4823 ······-·medium_severity4823 ······-·medium_severity
4824 ······-·no_reboot_needed4824 ······-·no_reboot_needed
Offset 4863, 16 lines modifiedOffset 4863, 16 lines modified
4863 ········lineinfile:4863 ········lineinfile:
4864 ··········path:·/etc/audit/auditd.conf4864 ··········path:·/etc/audit/auditd.conf
4865 ··········create:·true4865 ··········create:·true
4866 ··········regexp:·(?i)^\s*local_events\s*=\s*4866 ··········regexp:·(?i)^\s*local_events\s*=\s*
4867 ··········line:·local_events·=·yes4867 ··········line:·local_events·=·yes
4868 ··········state:·present4868 ··········state:·present
4869 ······when:4869 ······when:
4870 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4871 ······-·'"audit"·in·ansible_facts.packages'4870 ······-·'"audit"·in·ansible_facts.packages'
 4871 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4872 ······tags:4872 ······tags:
4873 ······-·DISA-STIG-OL08-00-0300614873 ······-·DISA-STIG-OL08-00-030061
4874 ······-·NIST-800-53-CM-64874 ······-·NIST-800-53-CM-6
4875 ······-·auditd_local_events4875 ······-·auditd_local_events
4876 ······-·low_complexity4876 ······-·low_complexity
4877 ······-·low_disruption4877 ······-·low_disruption
4878 ······-·medium_severity4878 ······-·medium_severity
Offset 4919, 16 lines modifiedOffset 4919, 16 lines modified
4919 ········lineinfile:4919 ········lineinfile:
4920 ··········path:·/etc/audit/auditd.conf4920 ··········path:·/etc/audit/auditd.conf
4921 ··········create:·true4921 ··········create:·true
4922 ··········regexp:·(?i)^\s*log_format\s*=\s*4922 ··········regexp:·(?i)^\s*log_format\s*=\s*
4923 ··········line:·log_format·=·ENRICHED4923 ··········line:·log_format·=·ENRICHED
4924 ··········state:·present4924 ··········state:·present
4925 ······when:4925 ······when:
4926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4927 ······-·'"audit"·in·ansible_facts.packages'4926 ······-·'"audit"·in·ansible_facts.packages'
 4927 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4928 ······tags:4928 ······tags:
4929 ······-·DISA-STIG-OL08-00-0300634929 ······-·DISA-STIG-OL08-00-030063
4930 ······-·NIST-800-53-AU-34930 ······-·NIST-800-53-AU-3
4931 ······-·NIST-800-53-CM-64931 ······-·NIST-800-53-CM-6
4932 ······-·auditd_log_format4932 ······-·auditd_log_format
4933 ······-·low_complexity4933 ······-·low_complexity
4934 ······-·low_disruption4934 ······-·low_disruption
Offset 4976, 16 lines modifiedOffset 4976, 16 lines modified
4976 ········lineinfile:4976 ········lineinfile:
4977 ··········path:·/etc/audit/auditd.conf4977 ··········path:·/etc/audit/auditd.conf
4978 ··········create:·true4978 ··········create:·true
4979 ··········regexp:·(?i)^\s*name_format\s*=\s*4979 ··········regexp:·(?i)^\s*name_format\s*=\s*
4980 ··········line:·name_format·=·hostname4980 ··········line:·name_format·=·hostname
4981 ··········state:·present4981 ··········state:·present
4982 ······when:4982 ······when:
4983 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4984 ······-·'"audit"·in·ansible_facts.packages'4983 ······-·'"audit"·in·ansible_facts.packages'
 4984 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4985 ······tags:4985 ······tags:
4986 ······-·DISA-STIG-OL08-00-0300624986 ······-·DISA-STIG-OL08-00-030062
4987 ······-·NIST-800-53-AU-34987 ······-·NIST-800-53-AU-3
4988 ······-·NIST-800-53-CM-64988 ······-·NIST-800-53-CM-6
4989 ······-·auditd_name_format4989 ······-·auditd_name_format
4990 ······-·low_complexity4990 ······-·low_complexity
4991 ······-·low_disruption4991 ······-·low_disruption
Offset 5031, 16 lines modifiedOffset 5031, 16 lines modified
5031 ········lineinfile:5031 ········lineinfile:
5032 ··········path:·/etc/audit/auditd.conf5032 ··········path:·/etc/audit/auditd.conf
5033 ··········create:·true5033 ··········create:·true
5034 ··········regexp:·(?i)^\s*write_logs\s*=\s*5034 ··········regexp:·(?i)^\s*write_logs\s*=\s*
5035 ··········line:·write_logs·=·yes5035 ··········line:·write_logs·=·yes
5036 ··········state:·present5036 ··········state:·present
5037 ······when:5037 ······when:
5038 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5039 ······-·'"audit"·in·ansible_facts.packages'5038 ······-·'"audit"·in·ansible_facts.packages'
 5039 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5040 ······tags:5040 ······tags:
5041 ······-·NIST-800-53-CM-65041 ······-·NIST-800-53-CM-6
5042 ······-·auditd_write_logs5042 ······-·auditd_write_logs
5043 ······-·low_complexity5043 ······-·low_complexity
5044 ······-·low_disruption5044 ······-·low_disruption
5045 ······-·medium_severity5045 ······-·medium_severity
5046 ······-·no_reboot_needed5046 ······-·no_reboot_needed
171 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-pci-dss.yml
Ordering differences only
    
Offset 4699, 16 lines modifiedOffset 4699, 16 lines modified
  
4699 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4699 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4700 ······find:4700 ······find:
4701 ········paths:·/etc/audit/rules.d/4701 ········paths:·/etc/audit/rules.d/
4702 ········patterns:·'*.rules'4702 ········patterns:·'*.rules'
4703 ······register:·find_rules_d4703 ······register:·find_rules_d
4704 ······when:4704 ······when:
4705 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4706 ······-·'"audit"·in·ansible_facts.packages'4705 ······-·'"audit"·in·ansible_facts.packages'
 4706 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4707 ······tags:4707 ······tags:
4708 ······-·CJIS-5.4.1.14708 ······-·CJIS-5.4.1.1
4709 ······-·DISA-STIG-OL08-00-0301214709 ······-·DISA-STIG-OL08-00-030121
4710 ······-·NIST-800-171-3.3.14710 ······-·NIST-800-171-3.3.1
4711 ······-·NIST-800-171-3.4.34711 ······-·NIST-800-171-3.4.3
4712 ······-·NIST-800-53-AC-6(9)4712 ······-·NIST-800-53-AC-6(9)
4713 ······-·NIST-800-53-CM-6(a)4713 ······-·NIST-800-53-CM-6(a)
Offset 4724, 16 lines modifiedOffset 4724, 16 lines modified
4724 ······lineinfile:4724 ······lineinfile:
4725 ········path:·'{{·item·}}'4725 ········path:·'{{·item·}}'
4726 ········regexp:·^\s*(?:-e)\s+.*$4726 ········regexp:·^\s*(?:-e)\s+.*$
4727 ········state:·absent4727 ········state:·absent
4728 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4728 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4729 ········}}'4729 ········}}'
4730 ······when:4730 ······when:
4731 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4732 ······-·'"audit"·in·ansible_facts.packages'4731 ······-·'"audit"·in·ansible_facts.packages'
 4732 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4733 ······tags:4733 ······tags:
4734 ······-·CJIS-5.4.1.14734 ······-·CJIS-5.4.1.1
4735 ······-·DISA-STIG-OL08-00-0301214735 ······-·DISA-STIG-OL08-00-030121
4736 ······-·NIST-800-171-3.3.14736 ······-·NIST-800-171-3.3.1
4737 ······-·NIST-800-171-3.4.34737 ······-·NIST-800-171-3.4.3
4738 ······-·NIST-800-53-AC-6(9)4738 ······-·NIST-800-53-AC-6(9)
4739 ······-·NIST-800-53-CM-6(a)4739 ······-·NIST-800-53-CM-6(a)
Offset 4751, 16 lines modifiedOffset 4751, 16 lines modified
4751 ········create:·true4751 ········create:·true
4752 ········line:·-e·24752 ········line:·-e·2
4753 ········mode:·o-rwx4753 ········mode:·o-rwx
4754 ······loop:4754 ······loop:
4755 ······-·/etc/audit/audit.rules4755 ······-·/etc/audit/audit.rules
4756 ······-·/etc/audit/rules.d/immutable.rules4756 ······-·/etc/audit/rules.d/immutable.rules
4757 ······when:4757 ······when:
4758 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4759 ······-·'"audit"·in·ansible_facts.packages'4758 ······-·'"audit"·in·ansible_facts.packages'
 4759 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4760 ······tags:4760 ······tags:
4761 ······-·CJIS-5.4.1.14761 ······-·CJIS-5.4.1.1
4762 ······-·DISA-STIG-OL08-00-0301214762 ······-·DISA-STIG-OL08-00-030121
4763 ······-·NIST-800-171-3.3.14763 ······-·NIST-800-171-3.3.1
4764 ······-·NIST-800-171-3.4.34764 ······-·NIST-800-171-3.4.3
4765 ······-·NIST-800-53-AC-6(9)4765 ······-·NIST-800-53-AC-6(9)
4766 ······-·NIST-800-53-CM-6(a)4766 ······-·NIST-800-53-CM-6(a)
Offset 4793, 16 lines modifiedOffset 4793, 16 lines modified
4793 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4793 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4794 ······find:4794 ······find:
4795 ········paths:·/etc/audit/rules.d4795 ········paths:·/etc/audit/rules.d
4796 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4796 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4797 ········patterns:·'*.rules'4797 ········patterns:·'*.rules'
4798 ······register:·find_existing_watch_rules_d4798 ······register:·find_existing_watch_rules_d
4799 ······when:4799 ······when:
4800 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4801 ······-·'"audit"·in·ansible_facts.packages'4800 ······-·'"audit"·in·ansible_facts.packages'
 4801 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4802 ······tags:4802 ······tags:
4803 ······-·CJIS-5.4.1.14803 ······-·CJIS-5.4.1.1
4804 ······-·NIST-800-171-3.1.84804 ······-·NIST-800-171-3.1.8
4805 ······-·NIST-800-53-AU-12(c)4805 ······-·NIST-800-53-AU-12(c)
4806 ······-·NIST-800-53-AU-2(d)4806 ······-·NIST-800-53-AU-2(d)
4807 ······-·NIST-800-53-CM-6(a)4807 ······-·NIST-800-53-CM-6(a)
4808 ······-·PCI-DSS-Req-10.5.54808 ······-·PCI-DSS-Req-10.5.5
Offset 4816, 16 lines modifiedOffset 4816, 16 lines modified
4816 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4816 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4817 ······find:4817 ······find:
4818 ········paths:·/etc/audit/rules.d4818 ········paths:·/etc/audit/rules.d
4819 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4819 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4820 ········patterns:·'*.rules'4820 ········patterns:·'*.rules'
4821 ······register:·find_watch_key4821 ······register:·find_watch_key
4822 ······when:4822 ······when:
4823 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4824 ······-·'"audit"·in·ansible_facts.packages'4823 ······-·'"audit"·in·ansible_facts.packages'
 4824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4825 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4825 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4826 ········==·04826 ········==·0
4827 ······tags:4827 ······tags:
4828 ······-·CJIS-5.4.1.14828 ······-·CJIS-5.4.1.1
4829 ······-·NIST-800-171-3.1.84829 ······-·NIST-800-171-3.1.8
4830 ······-·NIST-800-53-AU-12(c)4830 ······-·NIST-800-53-AU-12(c)
4831 ······-·NIST-800-53-AU-2(d)4831 ······-·NIST-800-53-AU-2(d)
Offset 4839, 16 lines modifiedOffset 4839, 16 lines modified
4839 ······-·restrict_strategy4839 ······-·restrict_strategy
  
4840 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4840 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4841 ······set_fact:4841 ······set_fact:
4842 ········all_files:4842 ········all_files:
4843 ········-·/etc/audit/rules.d/MAC-policy.rules4843 ········-·/etc/audit/rules.d/MAC-policy.rules
4844 ······when:4844 ······when:
4845 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4846 ······-·'"audit"·in·ansible_facts.packages'4845 ······-·'"audit"·in·ansible_facts.packages'
 4846 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4847 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4847 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4848 ········is·defined·and·find_existing_watch_rules_d.matched·==·04848 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4849 ······tags:4849 ······tags:
4850 ······-·CJIS-5.4.1.14850 ······-·CJIS-5.4.1.1
4851 ······-·NIST-800-171-3.1.84851 ······-·NIST-800-171-3.1.8
4852 ······-·NIST-800-53-AU-12(c)4852 ······-·NIST-800-53-AU-12(c)
4853 ······-·NIST-800-53-AU-2(d)4853 ······-·NIST-800-53-AU-2(d)
Offset 4862, 16 lines modifiedOffset 4862, 16 lines modified
4862 ······-·restrict_strategy4862 ······-·restrict_strategy
  
4863 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4863 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4864 ······set_fact:4864 ······set_fact:
4865 ········all_files:4865 ········all_files:
4866 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4866 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4867 ······when:4867 ······when:
4868 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4869 ······-·'"audit"·in·ansible_facts.packages'4868 ······-·'"audit"·in·ansible_facts.packages'
 4869 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4870 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4870 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4871 ········is·defined·and·find_existing_watch_rules_d.matched·==·04871 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4872 ······tags:4872 ······tags:
4873 ······-·CJIS-5.4.1.14873 ······-·CJIS-5.4.1.1
4874 ······-·NIST-800-171-3.1.84874 ······-·NIST-800-171-3.1.8
4875 ······-·NIST-800-53-AU-12(c)4875 ······-·NIST-800-53-AU-12(c)
4876 ······-·NIST-800-53-AU-2(d)4876 ······-·NIST-800-53-AU-2(d)
Offset 4887, 16 lines modifiedOffset 4887, 16 lines modified
4887 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4887 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 170169/175222 bytes (97.12%) of diff not shown.
98.5 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-standard.yml
Ordering differences only
    
Offset 708, 16 lines modifiedOffset 708, 16 lines modified
708 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/708 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
709 ······find:709 ······find:
710 ········paths:·/etc/audit/rules.d710 ········paths:·/etc/audit/rules.d
711 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+711 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
712 ········patterns:·'*.rules'712 ········patterns:·'*.rules'
713 ······register:·find_existing_watch_rules_d713 ······register:·find_existing_watch_rules_d
714 ······when:714 ······when:
715 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
716 ······-·'"audit"·in·ansible_facts.packages'715 ······-·'"audit"·in·ansible_facts.packages'
 716 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
717 ······tags:717 ······tags:
718 ······-·CJIS-5.4.1.1718 ······-·CJIS-5.4.1.1
719 ······-·NIST-800-171-3.1.8719 ······-·NIST-800-171-3.1.8
720 ······-·NIST-800-53-AU-12(c)720 ······-·NIST-800-53-AU-12(c)
721 ······-·NIST-800-53-AU-2(d)721 ······-·NIST-800-53-AU-2(d)
722 ······-·NIST-800-53-CM-6(a)722 ······-·NIST-800-53-CM-6(a)
723 ······-·PCI-DSS-Req-10.5.5723 ······-·PCI-DSS-Req-10.5.5
Offset 731, 16 lines modifiedOffset 731, 16 lines modified
731 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy731 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
732 ······find:732 ······find:
733 ········paths:·/etc/audit/rules.d733 ········paths:·/etc/audit/rules.d
734 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$734 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
735 ········patterns:·'*.rules'735 ········patterns:·'*.rules'
736 ······register:·find_watch_key736 ······register:·find_watch_key
737 ······when:737 ······when:
738 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
739 ······-·'"audit"·in·ansible_facts.packages'738 ······-·'"audit"·in·ansible_facts.packages'
 739 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
740 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched740 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
741 ········==·0741 ········==·0
742 ······tags:742 ······tags:
743 ······-·CJIS-5.4.1.1743 ······-·CJIS-5.4.1.1
744 ······-·NIST-800-171-3.1.8744 ······-·NIST-800-171-3.1.8
745 ······-·NIST-800-53-AU-12(c)745 ······-·NIST-800-53-AU-12(c)
746 ······-·NIST-800-53-AU-2(d)746 ······-·NIST-800-53-AU-2(d)
Offset 754, 16 lines modifiedOffset 754, 16 lines modified
754 ······-·restrict_strategy754 ······-·restrict_strategy
  
755 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule755 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
756 ······set_fact:756 ······set_fact:
757 ········all_files:757 ········all_files:
758 ········-·/etc/audit/rules.d/MAC-policy.rules758 ········-·/etc/audit/rules.d/MAC-policy.rules
759 ······when:759 ······when:
760 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
761 ······-·'"audit"·in·ansible_facts.packages'760 ······-·'"audit"·in·ansible_facts.packages'
 761 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
762 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched762 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
763 ········is·defined·and·find_existing_watch_rules_d.matched·==·0763 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
764 ······tags:764 ······tags:
765 ······-·CJIS-5.4.1.1765 ······-·CJIS-5.4.1.1
766 ······-·NIST-800-171-3.1.8766 ······-·NIST-800-171-3.1.8
767 ······-·NIST-800-53-AU-12(c)767 ······-·NIST-800-53-AU-12(c)
768 ······-·NIST-800-53-AU-2(d)768 ······-·NIST-800-53-AU-2(d)
Offset 777, 16 lines modifiedOffset 777, 16 lines modified
777 ······-·restrict_strategy777 ······-·restrict_strategy
  
778 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule778 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
779 ······set_fact:779 ······set_fact:
780 ········all_files:780 ········all_files:
781 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'781 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
782 ······when:782 ······when:
783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
784 ······-·'"audit"·in·ansible_facts.packages'783 ······-·'"audit"·in·ansible_facts.packages'
 784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
785 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched785 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
786 ········is·defined·and·find_existing_watch_rules_d.matched·==·0786 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
787 ······tags:787 ······tags:
788 ······-·CJIS-5.4.1.1788 ······-·CJIS-5.4.1.1
789 ······-·NIST-800-171-3.1.8789 ······-·NIST-800-171-3.1.8
790 ······-·NIST-800-53-AU-12(c)790 ······-·NIST-800-53-AU-12(c)
791 ······-·NIST-800-53-AU-2(d)791 ······-·NIST-800-53-AU-2(d)
Offset 802, 16 lines modifiedOffset 802, 16 lines modified
802 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/802 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
803 ······lineinfile:803 ······lineinfile:
804 ········path:·'{{·all_files[0]·}}'804 ········path:·'{{·all_files[0]·}}'
805 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy805 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
806 ········create:·true806 ········create:·true
807 ········mode:·'0640'807 ········mode:·'0640'
808 ······when:808 ······when:
809 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
810 ······-·'"audit"·in·ansible_facts.packages'809 ······-·'"audit"·in·ansible_facts.packages'
 810 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
811 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched811 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
812 ········==·0812 ········==·0
813 ······tags:813 ······tags:
814 ······-·CJIS-5.4.1.1814 ······-·CJIS-5.4.1.1
815 ······-·NIST-800-171-3.1.8815 ······-·NIST-800-171-3.1.8
816 ······-·NIST-800-53-AU-12(c)816 ······-·NIST-800-53-AU-12(c)
817 ······-·NIST-800-53-AU-2(d)817 ······-·NIST-800-53-AU-2(d)
Offset 827, 16 lines modifiedOffset 827, 16 lines modified
827 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules827 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
828 ······find:828 ······find:
829 ········paths:·/etc/audit/829 ········paths:·/etc/audit/
830 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+830 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
831 ········patterns:·audit.rules831 ········patterns:·audit.rules
832 ······register:·find_existing_watch_audit_rules832 ······register:·find_existing_watch_audit_rules
833 ······when:833 ······when:
834 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
835 ······-·'"audit"·in·ansible_facts.packages'834 ······-·'"audit"·in·ansible_facts.packages'
 835 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
836 ······tags:836 ······tags:
837 ······-·CJIS-5.4.1.1837 ······-·CJIS-5.4.1.1
838 ······-·NIST-800-171-3.1.8838 ······-·NIST-800-171-3.1.8
839 ······-·NIST-800-53-AU-12(c)839 ······-·NIST-800-53-AU-12(c)
840 ······-·NIST-800-53-AU-2(d)840 ······-·NIST-800-53-AU-2(d)
841 ······-·NIST-800-53-CM-6(a)841 ······-·NIST-800-53-CM-6(a)
842 ······-·PCI-DSS-Req-10.5.5842 ······-·PCI-DSS-Req-10.5.5
Offset 851, 16 lines modifiedOffset 851, 16 lines modified
851 ······lineinfile:851 ······lineinfile:
852 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy852 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
853 ········state:·present853 ········state:·present
854 ········dest:·/etc/audit/audit.rules854 ········dest:·/etc/audit/audit.rules
855 ········create:·true855 ········create:·true
856 ········mode:·'0640'856 ········mode:·'0640'
857 ······when:857 ······when:
858 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
859 ······-·'"audit"·in·ansible_facts.packages'858 ······-·'"audit"·in·ansible_facts.packages'
 859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
860 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched860 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
861 ········==·0861 ········==·0
862 ······tags:862 ······tags:
863 ······-·CJIS-5.4.1.1863 ······-·CJIS-5.4.1.1
864 ······-·NIST-800-171-3.1.8864 ······-·NIST-800-171-3.1.8
865 ······-·NIST-800-53-AU-12(c)865 ······-·NIST-800-53-AU-12(c)
866 ······-·NIST-800-53-AU-2(d)866 ······-·NIST-800-53-AU-2(d)
Offset 893, 16 lines modifiedOffset 893, 16 lines modified
893 ······-·reboot_required893 ······-·reboot_required
Max diff block lines reached; 95475/100691 bytes (94.82%) of diff not shown.
145 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-stig.yml
Ordering differences only
    
Offset 12670, 16 lines modifiedOffset 12670, 16 lines modified
  
12670 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12670 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12671 ······find:12671 ······find:
12672 ········paths:·/etc/audit/rules.d/12672 ········paths:·/etc/audit/rules.d/
12673 ········patterns:·'*.rules'12673 ········patterns:·'*.rules'
12674 ······register:·find_rules_d12674 ······register:·find_rules_d
12675 ······when:12675 ······when:
12676 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12677 ······-·'"audit"·in·ansible_facts.packages'12676 ······-·'"audit"·in·ansible_facts.packages'
 12677 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12678 ······tags:12678 ······tags:
12679 ······-·CJIS-5.4.1.112679 ······-·CJIS-5.4.1.1
12680 ······-·DISA-STIG-OL08-00-03012112680 ······-·DISA-STIG-OL08-00-030121
12681 ······-·NIST-800-171-3.3.112681 ······-·NIST-800-171-3.3.1
12682 ······-·NIST-800-171-3.4.312682 ······-·NIST-800-171-3.4.3
12683 ······-·NIST-800-53-AC-6(9)12683 ······-·NIST-800-53-AC-6(9)
12684 ······-·NIST-800-53-CM-6(a)12684 ······-·NIST-800-53-CM-6(a)
Offset 12695, 16 lines modifiedOffset 12695, 16 lines modified
12695 ······lineinfile:12695 ······lineinfile:
12696 ········path:·'{{·item·}}'12696 ········path:·'{{·item·}}'
12697 ········regexp:·^\s*(?:-e)\s+.*$12697 ········regexp:·^\s*(?:-e)\s+.*$
12698 ········state:·absent12698 ········state:·absent
12699 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12699 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12700 ········}}'12700 ········}}'
12701 ······when:12701 ······when:
12702 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12703 ······-·'"audit"·in·ansible_facts.packages'12702 ······-·'"audit"·in·ansible_facts.packages'
 12703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12704 ······tags:12704 ······tags:
12705 ······-·CJIS-5.4.1.112705 ······-·CJIS-5.4.1.1
12706 ······-·DISA-STIG-OL08-00-03012112706 ······-·DISA-STIG-OL08-00-030121
12707 ······-·NIST-800-171-3.3.112707 ······-·NIST-800-171-3.3.1
12708 ······-·NIST-800-171-3.4.312708 ······-·NIST-800-171-3.4.3
12709 ······-·NIST-800-53-AC-6(9)12709 ······-·NIST-800-53-AC-6(9)
12710 ······-·NIST-800-53-CM-6(a)12710 ······-·NIST-800-53-CM-6(a)
Offset 12722, 16 lines modifiedOffset 12722, 16 lines modified
12722 ········create:·true12722 ········create:·true
12723 ········line:·-e·212723 ········line:·-e·2
12724 ········mode:·o-rwx12724 ········mode:·o-rwx
12725 ······loop:12725 ······loop:
12726 ······-·/etc/audit/audit.rules12726 ······-·/etc/audit/audit.rules
12727 ······-·/etc/audit/rules.d/immutable.rules12727 ······-·/etc/audit/rules.d/immutable.rules
12728 ······when:12728 ······when:
12729 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12730 ······-·'"audit"·in·ansible_facts.packages'12729 ······-·'"audit"·in·ansible_facts.packages'
 12730 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12731 ······tags:12731 ······tags:
12732 ······-·CJIS-5.4.1.112732 ······-·CJIS-5.4.1.1
12733 ······-·DISA-STIG-OL08-00-03012112733 ······-·DISA-STIG-OL08-00-030121
12734 ······-·NIST-800-171-3.3.112734 ······-·NIST-800-171-3.3.1
12735 ······-·NIST-800-171-3.4.312735 ······-·NIST-800-171-3.4.3
12736 ······-·NIST-800-53-AC-6(9)12736 ······-·NIST-800-53-AC-6(9)
12737 ······-·NIST-800-53-CM-6(a)12737 ······-·NIST-800-53-CM-6(a)
Offset 12763, 16 lines modifiedOffset 12763, 16 lines modified
12763 ······-·reboot_required12763 ······-·reboot_required
12764 ······-·restrict_strategy12764 ······-·restrict_strategy
  
12765 ····-·name:·Set·architecture·for·audit·mount·tasks12765 ····-·name:·Set·architecture·for·audit·mount·tasks
12766 ······set_fact:12766 ······set_fact:
12767 ········audit_arch:·b6412767 ········audit_arch:·b64
12768 ······when:12768 ······when:
12769 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12770 ······-·'"audit"·in·ansible_facts.packages'12769 ······-·'"audit"·in·ansible_facts.packages'
 12770 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12771 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture12771 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
12772 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"12772 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
12773 ······tags:12773 ······tags:
12774 ······-·CJIS-5.4.1.112774 ······-·CJIS-5.4.1.1
12775 ······-·DISA-STIG-OL08-00-03030212775 ······-·DISA-STIG-OL08-00-030302
12776 ······-·NIST-800-171-3.1.712776 ······-·NIST-800-171-3.1.7
12777 ······-·NIST-800-53-AC-6(9)12777 ······-·NIST-800-53-AC-6(9)
Offset 12904, 16 lines modifiedOffset 12904, 16 lines modified
12904 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012904 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12905 ············-F·auid!=unset·-F·key=perm_mod12905 ············-F·auid!=unset·-F·key=perm_mod
12906 ··········create:·true12906 ··········create:·true
12907 ··········mode:·o-rwx12907 ··········mode:·o-rwx
12908 ··········state:·present12908 ··········state:·present
12909 ········when:·syscalls_found·|·length·==·012909 ········when:·syscalls_found·|·length·==·0
12910 ······when:12910 ······when:
12911 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12912 ······-·'"audit"·in·ansible_facts.packages'12911 ······-·'"audit"·in·ansible_facts.packages'
 12912 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12913 ······tags:12913 ······tags:
12914 ······-·CJIS-5.4.1.112914 ······-·CJIS-5.4.1.1
12915 ······-·DISA-STIG-OL08-00-03030212915 ······-·DISA-STIG-OL08-00-030302
12916 ······-·NIST-800-171-3.1.712916 ······-·NIST-800-171-3.1.7
12917 ······-·NIST-800-53-AC-6(9)12917 ······-·NIST-800-53-AC-6(9)
12918 ······-·NIST-800-53-AU-12(c)12918 ······-·NIST-800-53-AU-12(c)
12919 ······-·NIST-800-53-AU-2(d)12919 ······-·NIST-800-53-AU-2(d)
Offset 13043, 16 lines modifiedOffset 13043, 16 lines modified
13043 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013043 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13044 ············-F·auid!=unset·-F·key=perm_mod13044 ············-F·auid!=unset·-F·key=perm_mod
13045 ··········create:·true13045 ··········create:·true
13046 ··········mode:·o-rwx13046 ··········mode:·o-rwx
13047 ··········state:·present13047 ··········state:·present
13048 ········when:·syscalls_found·|·length·==·013048 ········when:·syscalls_found·|·length·==·0
13049 ······when:13049 ······when:
13050 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13051 ······-·'"audit"·in·ansible_facts.packages'13050 ······-·'"audit"·in·ansible_facts.packages'
 13051 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13052 ······-·audit_arch·==·"b64"13052 ······-·audit_arch·==·"b64"
13053 ······tags:13053 ······tags:
13054 ······-·CJIS-5.4.1.113054 ······-·CJIS-5.4.1.1
13055 ······-·DISA-STIG-OL08-00-03030213055 ······-·DISA-STIG-OL08-00-030302
13056 ······-·NIST-800-171-3.1.713056 ······-·NIST-800-171-3.1.7
13057 ······-·NIST-800-53-AC-6(9)13057 ······-·NIST-800-53-AC-6(9)
13058 ······-·NIST-800-53-AU-12(c)13058 ······-·NIST-800-53-AU-12(c)
Offset 13082, 16 lines modifiedOffset 13082, 16 lines modified
13082 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13082 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13083 ······find:13083 ······find:
13084 ········paths:·/etc/audit/rules.d13084 ········paths:·/etc/audit/rules.d
13085 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13085 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13086 ········patterns:·'*.rules'13086 ········patterns:·'*.rules'
13087 ······register:·find_existing_watch_rules_d13087 ······register:·find_existing_watch_rules_d
13088 ······when:13088 ······when:
13089 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13090 ······-·'"audit"·in·ansible_facts.packages'13089 ······-·'"audit"·in·ansible_facts.packages'
 13090 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13091 ······tags:13091 ······tags:
13092 ······-·DISA-STIG-OL08-00-03017113092 ······-·DISA-STIG-OL08-00-030171
13093 ······-·audit_rules_sudoers13093 ······-·audit_rules_sudoers
13094 ······-·low_complexity13094 ······-·low_complexity
13095 ······-·low_disruption13095 ······-·low_disruption
13096 ······-·medium_severity13096 ······-·medium_severity
13097 ······-·no_reboot_needed13097 ······-·no_reboot_needed
Offset 13100, 16 lines modifiedOffset 13100, 16 lines modified
13100 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13100 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
Max diff block lines reached; 143731/148655 bytes (96.69%) of diff not shown.
145 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-stig_gui.yml
Ordering differences only
    
Offset 12675, 16 lines modifiedOffset 12675, 16 lines modified
  
12675 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12675 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12676 ······find:12676 ······find:
12677 ········paths:·/etc/audit/rules.d/12677 ········paths:·/etc/audit/rules.d/
12678 ········patterns:·'*.rules'12678 ········patterns:·'*.rules'
12679 ······register:·find_rules_d12679 ······register:·find_rules_d
12680 ······when:12680 ······when:
12681 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12682 ······-·'"audit"·in·ansible_facts.packages'12681 ······-·'"audit"·in·ansible_facts.packages'
 12682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12683 ······tags:12683 ······tags:
12684 ······-·CJIS-5.4.1.112684 ······-·CJIS-5.4.1.1
12685 ······-·DISA-STIG-OL08-00-03012112685 ······-·DISA-STIG-OL08-00-030121
12686 ······-·NIST-800-171-3.3.112686 ······-·NIST-800-171-3.3.1
12687 ······-·NIST-800-171-3.4.312687 ······-·NIST-800-171-3.4.3
12688 ······-·NIST-800-53-AC-6(9)12688 ······-·NIST-800-53-AC-6(9)
12689 ······-·NIST-800-53-CM-6(a)12689 ······-·NIST-800-53-CM-6(a)
Offset 12700, 16 lines modifiedOffset 12700, 16 lines modified
12700 ······lineinfile:12700 ······lineinfile:
12701 ········path:·'{{·item·}}'12701 ········path:·'{{·item·}}'
12702 ········regexp:·^\s*(?:-e)\s+.*$12702 ········regexp:·^\s*(?:-e)\s+.*$
12703 ········state:·absent12703 ········state:·absent
12704 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12704 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12705 ········}}'12705 ········}}'
12706 ······when:12706 ······when:
12707 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12708 ······-·'"audit"·in·ansible_facts.packages'12707 ······-·'"audit"·in·ansible_facts.packages'
 12708 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12709 ······tags:12709 ······tags:
12710 ······-·CJIS-5.4.1.112710 ······-·CJIS-5.4.1.1
12711 ······-·DISA-STIG-OL08-00-03012112711 ······-·DISA-STIG-OL08-00-030121
12712 ······-·NIST-800-171-3.3.112712 ······-·NIST-800-171-3.3.1
12713 ······-·NIST-800-171-3.4.312713 ······-·NIST-800-171-3.4.3
12714 ······-·NIST-800-53-AC-6(9)12714 ······-·NIST-800-53-AC-6(9)
12715 ······-·NIST-800-53-CM-6(a)12715 ······-·NIST-800-53-CM-6(a)
Offset 12727, 16 lines modifiedOffset 12727, 16 lines modified
12727 ········create:·true12727 ········create:·true
12728 ········line:·-e·212728 ········line:·-e·2
12729 ········mode:·o-rwx12729 ········mode:·o-rwx
12730 ······loop:12730 ······loop:
12731 ······-·/etc/audit/audit.rules12731 ······-·/etc/audit/audit.rules
12732 ······-·/etc/audit/rules.d/immutable.rules12732 ······-·/etc/audit/rules.d/immutable.rules
12733 ······when:12733 ······when:
12734 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12735 ······-·'"audit"·in·ansible_facts.packages'12734 ······-·'"audit"·in·ansible_facts.packages'
 12735 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12736 ······tags:12736 ······tags:
12737 ······-·CJIS-5.4.1.112737 ······-·CJIS-5.4.1.1
12738 ······-·DISA-STIG-OL08-00-03012112738 ······-·DISA-STIG-OL08-00-030121
12739 ······-·NIST-800-171-3.3.112739 ······-·NIST-800-171-3.3.1
12740 ······-·NIST-800-171-3.4.312740 ······-·NIST-800-171-3.4.3
12741 ······-·NIST-800-53-AC-6(9)12741 ······-·NIST-800-53-AC-6(9)
12742 ······-·NIST-800-53-CM-6(a)12742 ······-·NIST-800-53-CM-6(a)
Offset 12768, 16 lines modifiedOffset 12768, 16 lines modified
12768 ······-·reboot_required12768 ······-·reboot_required
12769 ······-·restrict_strategy12769 ······-·restrict_strategy
  
12770 ····-·name:·Set·architecture·for·audit·mount·tasks12770 ····-·name:·Set·architecture·for·audit·mount·tasks
12771 ······set_fact:12771 ······set_fact:
12772 ········audit_arch:·b6412772 ········audit_arch:·b64
12773 ······when:12773 ······when:
12774 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12775 ······-·'"audit"·in·ansible_facts.packages'12774 ······-·'"audit"·in·ansible_facts.packages'
 12775 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12776 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture12776 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
12777 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"12777 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
12778 ······tags:12778 ······tags:
12779 ······-·CJIS-5.4.1.112779 ······-·CJIS-5.4.1.1
12780 ······-·DISA-STIG-OL08-00-03030212780 ······-·DISA-STIG-OL08-00-030302
12781 ······-·NIST-800-171-3.1.712781 ······-·NIST-800-171-3.1.7
12782 ······-·NIST-800-53-AC-6(9)12782 ······-·NIST-800-53-AC-6(9)
Offset 12909, 16 lines modifiedOffset 12909, 16 lines modified
12909 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012909 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12910 ············-F·auid!=unset·-F·key=perm_mod12910 ············-F·auid!=unset·-F·key=perm_mod
12911 ··········create:·true12911 ··········create:·true
12912 ··········mode:·o-rwx12912 ··········mode:·o-rwx
12913 ··········state:·present12913 ··········state:·present
12914 ········when:·syscalls_found·|·length·==·012914 ········when:·syscalls_found·|·length·==·0
12915 ······when:12915 ······when:
12916 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12917 ······-·'"audit"·in·ansible_facts.packages'12916 ······-·'"audit"·in·ansible_facts.packages'
 12917 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12918 ······tags:12918 ······tags:
12919 ······-·CJIS-5.4.1.112919 ······-·CJIS-5.4.1.1
12920 ······-·DISA-STIG-OL08-00-03030212920 ······-·DISA-STIG-OL08-00-030302
12921 ······-·NIST-800-171-3.1.712921 ······-·NIST-800-171-3.1.7
12922 ······-·NIST-800-53-AC-6(9)12922 ······-·NIST-800-53-AC-6(9)
12923 ······-·NIST-800-53-AU-12(c)12923 ······-·NIST-800-53-AU-12(c)
12924 ······-·NIST-800-53-AU-2(d)12924 ······-·NIST-800-53-AU-2(d)
Offset 13048, 16 lines modifiedOffset 13048, 16 lines modified
13048 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013048 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13049 ············-F·auid!=unset·-F·key=perm_mod13049 ············-F·auid!=unset·-F·key=perm_mod
13050 ··········create:·true13050 ··········create:·true
13051 ··········mode:·o-rwx13051 ··········mode:·o-rwx
13052 ··········state:·present13052 ··········state:·present
13053 ········when:·syscalls_found·|·length·==·013053 ········when:·syscalls_found·|·length·==·0
13054 ······when:13054 ······when:
13055 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13056 ······-·'"audit"·in·ansible_facts.packages'13055 ······-·'"audit"·in·ansible_facts.packages'
 13056 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13057 ······-·audit_arch·==·"b64"13057 ······-·audit_arch·==·"b64"
13058 ······tags:13058 ······tags:
13059 ······-·CJIS-5.4.1.113059 ······-·CJIS-5.4.1.1
13060 ······-·DISA-STIG-OL08-00-03030213060 ······-·DISA-STIG-OL08-00-030302
13061 ······-·NIST-800-171-3.1.713061 ······-·NIST-800-171-3.1.7
13062 ······-·NIST-800-53-AC-6(9)13062 ······-·NIST-800-53-AC-6(9)
13063 ······-·NIST-800-53-AU-12(c)13063 ······-·NIST-800-53-AU-12(c)
Offset 13087, 16 lines modifiedOffset 13087, 16 lines modified
13087 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13087 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13088 ······find:13088 ······find:
13089 ········paths:·/etc/audit/rules.d13089 ········paths:·/etc/audit/rules.d
13090 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13090 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13091 ········patterns:·'*.rules'13091 ········patterns:·'*.rules'
13092 ······register:·find_existing_watch_rules_d13092 ······register:·find_existing_watch_rules_d
13093 ······when:13093 ······when:
13094 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
13095 ······-·'"audit"·in·ansible_facts.packages'13094 ······-·'"audit"·in·ansible_facts.packages'
 13095 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13096 ······tags:13096 ······tags:
13097 ······-·DISA-STIG-OL08-00-03017113097 ······-·DISA-STIG-OL08-00-030171
13098 ······-·audit_rules_sudoers13098 ······-·audit_rules_sudoers
13099 ······-·low_complexity13099 ······-·low_complexity
13100 ······-·low_disruption13100 ······-·low_disruption
13101 ······-·medium_severity13101 ······-·medium_severity
13102 ······-·no_reboot_needed13102 ······-·no_reboot_needed
Offset 13105, 16 lines modifiedOffset 13105, 16 lines modified
13105 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13105 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
Max diff block lines reached; 143731/148655 bytes (96.69%) of diff not shown.
844 B
./usr/share/scap-security-guide/ansible/ol9-playbook-stig.yml
Ordering differences only
    
Offset 32428, 16 lines modifiedOffset 32428, 16 lines modified
32428 ········lineinfile:32428 ········lineinfile:
32429 ··········path:·/etc/postfix/main.cf32429 ··········path:·/etc/postfix/main.cf
32430 ··········create:·true32430 ··········create:·true
32431 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*32431 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
32432 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject32432 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
32433 ··········state:·present32433 ··········state:·present
32434 ······when:32434 ······when:
32435 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
32436 ······-·'"postfix"·in·ansible_facts.packages'32435 ······-·'"postfix"·in·ansible_facts.packages'
 32436 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
32437 ······tags:32437 ······tags:
32438 ······-·low_complexity32438 ······-·low_complexity
32439 ······-·low_disruption32439 ······-·low_disruption
32440 ······-·medium_severity32440 ······-·medium_severity
32441 ······-·no_reboot_needed32441 ······-·no_reboot_needed
32442 ······-·postfix_prevent_unrestricted_relay32442 ······-·postfix_prevent_unrestricted_relay
32443 ······-·restrict_strategy32443 ······-·restrict_strategy
852 B
./usr/share/scap-security-guide/ansible/ol9-playbook-stig_gui.yml
Ordering differences only
    
Offset 32433, 16 lines modifiedOffset 32433, 16 lines modified
32433 ········lineinfile:32433 ········lineinfile:
32434 ··········path:·/etc/postfix/main.cf32434 ··········path:·/etc/postfix/main.cf
32435 ··········create:·true32435 ··········create:·true
32436 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*32436 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
32437 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject32437 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
32438 ··········state:·present32438 ··········state:·present
32439 ······when:32439 ······when:
32440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
32441 ······-·'"postfix"·in·ansible_facts.packages'32440 ······-·'"postfix"·in·ansible_facts.packages'
 32441 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
32442 ······tags:32442 ······tags:
32443 ······-·low_complexity32443 ······-·low_complexity
32444 ······-·low_disruption32444 ······-·low_disruption
32445 ······-·medium_severity32445 ······-·medium_severity
32446 ······-·no_reboot_needed32446 ······-·no_reboot_needed
32447 ······-·postfix_prevent_unrestricted_relay32447 ······-·postfix_prevent_unrestricted_relay
32448 ······-·restrict_strategy32448 ······-·restrict_strategy
8.03 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis.yml
Ordering differences only
    
Offset 19209, 16 lines modifiedOffset 19209, 16 lines modified
19209 ······-·no_reboot_needed19209 ······-·no_reboot_needed
  
19210 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg19210 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
19211 ······stat:19211 ······stat:
19212 ········path:·/boot/efi/EFI/redhat/grub.cfg19212 ········path:·/boot/efi/EFI/redhat/grub.cfg
19213 ······register:·file_exists19213 ······register:·file_exists
19214 ······when:19214 ······when:
19215 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19216 ······-·'"grub2-common"·in·ansible_facts.packages'19215 ······-·'"grub2-common"·in·ansible_facts.packages'
 19216 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19217 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19217 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19218 ······tags:19218 ······tags:
19219 ······-·CCE-83430-919219 ······-·CCE-83430-9
19220 ······-·CJIS-5.5.2.219220 ······-·CJIS-5.5.2.2
19221 ······-·NIST-800-171-3.4.519221 ······-·NIST-800-171-3.4.5
19222 ······-·NIST-800-53-AC-6(1)19222 ······-·NIST-800-53-AC-6(1)
19223 ······-·NIST-800-53-CM-6(a)19223 ······-·NIST-800-53-CM-6(a)
Offset 19231, 16 lines modifiedOffset 19231, 16 lines modified
19231 ······-·no_reboot_needed19231 ······-·no_reboot_needed
  
19232 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg19232 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
19233 ······file:19233 ······file:
19234 ········path:·/boot/efi/EFI/redhat/grub.cfg19234 ········path:·/boot/efi/EFI/redhat/grub.cfg
19235 ········group:·'0'19235 ········group:·'0'
19236 ······when:19236 ······when:
19237 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19238 ······-·'"grub2-common"·in·ansible_facts.packages'19237 ······-·'"grub2-common"·in·ansible_facts.packages'
 19238 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists19240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
19241 ······tags:19241 ······tags:
19242 ······-·CCE-83430-919242 ······-·CCE-83430-9
19243 ······-·CJIS-5.5.2.219243 ······-·CJIS-5.5.2.2
19244 ······-·NIST-800-171-3.4.519244 ······-·NIST-800-171-3.4.5
19245 ······-·NIST-800-53-AC-6(1)19245 ······-·NIST-800-53-AC-6(1)
Offset 19272, 16 lines modifiedOffset 19272, 16 lines modified
19272 ······-·no_reboot_needed19272 ······-·no_reboot_needed
  
19273 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg19273 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
19274 ······stat:19274 ······stat:
19275 ········path:·/boot/efi/EFI/redhat/user.cfg19275 ········path:·/boot/efi/EFI/redhat/user.cfg
19276 ······register:·file_exists19276 ······register:·file_exists
19277 ······when:19277 ······when:
19278 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19279 ······-·'"grub2-common"·in·ansible_facts.packages'19278 ······-·'"grub2-common"·in·ansible_facts.packages'
 19279 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19281 ······tags:19281 ······tags:
19282 ······-·CCE-86011-419282 ······-·CCE-86011-4
19283 ······-·CJIS-5.5.2.219283 ······-·CJIS-5.5.2.2
19284 ······-·NIST-800-171-3.4.519284 ······-·NIST-800-171-3.4.5
19285 ······-·NIST-800-53-AC-6(1)19285 ······-·NIST-800-53-AC-6(1)
19286 ······-·NIST-800-53-CM-6(a)19286 ······-·NIST-800-53-CM-6(a)
Offset 19294, 16 lines modifiedOffset 19294, 16 lines modified
19294 ······-·no_reboot_needed19294 ······-·no_reboot_needed
  
19295 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg19295 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
19296 ······file:19296 ······file:
19297 ········path:·/boot/efi/EFI/redhat/user.cfg19297 ········path:·/boot/efi/EFI/redhat/user.cfg
19298 ········group:·'0'19298 ········group:·'0'
19299 ······when:19299 ······when:
19300 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19301 ······-·'"grub2-common"·in·ansible_facts.packages'19300 ······-·'"grub2-common"·in·ansible_facts.packages'
 19301 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19302 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19302 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19303 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists19303 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
19304 ······tags:19304 ······tags:
19305 ······-·CCE-86011-419305 ······-·CCE-86011-4
19306 ······-·CJIS-5.5.2.219306 ······-·CJIS-5.5.2.2
19307 ······-·NIST-800-171-3.4.519307 ······-·NIST-800-171-3.4.5
19308 ······-·NIST-800-53-AC-6(1)19308 ······-·NIST-800-53-AC-6(1)
Offset 19335, 16 lines modifiedOffset 19335, 16 lines modified
19335 ······-·no_reboot_needed19335 ······-·no_reboot_needed
  
19336 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg19336 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
19337 ······stat:19337 ······stat:
19338 ········path:·/boot/efi/EFI/redhat/grub.cfg19338 ········path:·/boot/efi/EFI/redhat/grub.cfg
19339 ······register:·file_exists19339 ······register:·file_exists
19340 ······when:19340 ······when:
19341 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19342 ······-·'"grub2-common"·in·ansible_facts.packages'19341 ······-·'"grub2-common"·in·ansible_facts.packages'
 19342 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19344 ······tags:19344 ······tags:
19345 ······-·CCE-83429-119345 ······-·CCE-83429-1
19346 ······-·CJIS-5.5.2.219346 ······-·CJIS-5.5.2.2
19347 ······-·NIST-800-171-3.4.519347 ······-·NIST-800-171-3.4.5
19348 ······-·NIST-800-53-AC-6(1)19348 ······-·NIST-800-53-AC-6(1)
19349 ······-·NIST-800-53-CM-6(a)19349 ······-·NIST-800-53-CM-6(a)
Offset 19357, 16 lines modifiedOffset 19357, 16 lines modified
19357 ······-·no_reboot_needed19357 ······-·no_reboot_needed
  
19358 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg19358 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
19359 ······file:19359 ······file:
19360 ········path:·/boot/efi/EFI/redhat/grub.cfg19360 ········path:·/boot/efi/EFI/redhat/grub.cfg
19361 ········owner:·'0'19361 ········owner:·'0'
19362 ······when:19362 ······when:
19363 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19364 ······-·'"grub2-common"·in·ansible_facts.packages'19363 ······-·'"grub2-common"·in·ansible_facts.packages'
 19364 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19365 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19365 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19366 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists19366 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
19367 ······tags:19367 ······tags:
19368 ······-·CCE-83429-119368 ······-·CCE-83429-1
19369 ······-·CJIS-5.5.2.219369 ······-·CJIS-5.5.2.2
19370 ······-·NIST-800-171-3.4.519370 ······-·NIST-800-171-3.4.5
19371 ······-·NIST-800-53-AC-6(1)19371 ······-·NIST-800-53-AC-6(1)
Offset 19398, 16 lines modifiedOffset 19398, 16 lines modified
19398 ······-·no_reboot_needed19398 ······-·no_reboot_needed
  
19399 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg19399 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
19400 ······stat:19400 ······stat:
19401 ········path:·/boot/efi/EFI/redhat/user.cfg19401 ········path:·/boot/efi/EFI/redhat/user.cfg
19402 ······register:·file_exists19402 ······register:·file_exists
19403 ······when:19403 ······when:
19404 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19405 ······-·'"grub2-common"·in·ansible_facts.packages'19404 ······-·'"grub2-common"·in·ansible_facts.packages'
 19405 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19406 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19406 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19407 ······tags:19407 ······tags:
19408 ······-·CCE-86019-719408 ······-·CCE-86019-7
19409 ······-·CJIS-5.5.2.219409 ······-·CJIS-5.5.2.2
19410 ······-·NIST-800-171-3.4.519410 ······-·NIST-800-171-3.4.5
19411 ······-·NIST-800-53-AC-6(1)19411 ······-·NIST-800-53-AC-6(1)
19412 ······-·NIST-800-53-CM-6(a)19412 ······-·NIST-800-53-CM-6(a)
Offset 19420, 16 lines modifiedOffset 19420, 16 lines modified
19420 ······-·no_reboot_needed19420 ······-·no_reboot_needed
Max diff block lines reached; 3375/8076 bytes (41.79%) of diff not shown.
8.03 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 3252, 16 lines modifiedOffset 3252, 16 lines modified
3252 ······-·no_reboot_needed3252 ······-·no_reboot_needed
  
3253 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg3253 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
3254 ······stat:3254 ······stat:
3255 ········path:·/boot/efi/EFI/redhat/grub.cfg3255 ········path:·/boot/efi/EFI/redhat/grub.cfg
3256 ······register:·file_exists3256 ······register:·file_exists
3257 ······when:3257 ······when:
3258 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3259 ······-·'"grub2-common"·in·ansible_facts.packages'3258 ······-·'"grub2-common"·in·ansible_facts.packages'
 3259 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3260 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3260 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3261 ······tags:3261 ······tags:
3262 ······-·CCE-83430-93262 ······-·CCE-83430-9
3263 ······-·CJIS-5.5.2.23263 ······-·CJIS-5.5.2.2
3264 ······-·NIST-800-171-3.4.53264 ······-·NIST-800-171-3.4.5
3265 ······-·NIST-800-53-AC-6(1)3265 ······-·NIST-800-53-AC-6(1)
3266 ······-·NIST-800-53-CM-6(a)3266 ······-·NIST-800-53-CM-6(a)
Offset 3274, 16 lines modifiedOffset 3274, 16 lines modified
3274 ······-·no_reboot_needed3274 ······-·no_reboot_needed
  
3275 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg3275 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
3276 ······file:3276 ······file:
3277 ········path:·/boot/efi/EFI/redhat/grub.cfg3277 ········path:·/boot/efi/EFI/redhat/grub.cfg
3278 ········group:·'0'3278 ········group:·'0'
3279 ······when:3279 ······when:
3280 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3281 ······-·'"grub2-common"·in·ansible_facts.packages'3280 ······-·'"grub2-common"·in·ansible_facts.packages'
 3281 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3282 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3282 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3283 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3283 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3284 ······tags:3284 ······tags:
3285 ······-·CCE-83430-93285 ······-·CCE-83430-9
3286 ······-·CJIS-5.5.2.23286 ······-·CJIS-5.5.2.2
3287 ······-·NIST-800-171-3.4.53287 ······-·NIST-800-171-3.4.5
3288 ······-·NIST-800-53-AC-6(1)3288 ······-·NIST-800-53-AC-6(1)
Offset 3315, 16 lines modifiedOffset 3315, 16 lines modified
3315 ······-·no_reboot_needed3315 ······-·no_reboot_needed
  
3316 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg3316 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
3317 ······stat:3317 ······stat:
3318 ········path:·/boot/efi/EFI/redhat/user.cfg3318 ········path:·/boot/efi/EFI/redhat/user.cfg
3319 ······register:·file_exists3319 ······register:·file_exists
3320 ······when:3320 ······when:
3321 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3322 ······-·'"grub2-common"·in·ansible_facts.packages'3321 ······-·'"grub2-common"·in·ansible_facts.packages'
 3322 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3324 ······tags:3324 ······tags:
3325 ······-·CCE-86011-43325 ······-·CCE-86011-4
3326 ······-·CJIS-5.5.2.23326 ······-·CJIS-5.5.2.2
3327 ······-·NIST-800-171-3.4.53327 ······-·NIST-800-171-3.4.5
3328 ······-·NIST-800-53-AC-6(1)3328 ······-·NIST-800-53-AC-6(1)
3329 ······-·NIST-800-53-CM-6(a)3329 ······-·NIST-800-53-CM-6(a)
Offset 3337, 16 lines modifiedOffset 3337, 16 lines modified
3337 ······-·no_reboot_needed3337 ······-·no_reboot_needed
  
3338 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg3338 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
3339 ······file:3339 ······file:
3340 ········path:·/boot/efi/EFI/redhat/user.cfg3340 ········path:·/boot/efi/EFI/redhat/user.cfg
3341 ········group:·'0'3341 ········group:·'0'
3342 ······when:3342 ······when:
3343 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3344 ······-·'"grub2-common"·in·ansible_facts.packages'3343 ······-·'"grub2-common"·in·ansible_facts.packages'
 3344 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3345 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3345 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3346 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3346 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3347 ······tags:3347 ······tags:
3348 ······-·CCE-86011-43348 ······-·CCE-86011-4
3349 ······-·CJIS-5.5.2.23349 ······-·CJIS-5.5.2.2
3350 ······-·NIST-800-171-3.4.53350 ······-·NIST-800-171-3.4.5
3351 ······-·NIST-800-53-AC-6(1)3351 ······-·NIST-800-53-AC-6(1)
Offset 3378, 16 lines modifiedOffset 3378, 16 lines modified
3378 ······-·no_reboot_needed3378 ······-·no_reboot_needed
  
3379 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg3379 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
3380 ······stat:3380 ······stat:
3381 ········path:·/boot/efi/EFI/redhat/grub.cfg3381 ········path:·/boot/efi/EFI/redhat/grub.cfg
3382 ······register:·file_exists3382 ······register:·file_exists
3383 ······when:3383 ······when:
3384 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3385 ······-·'"grub2-common"·in·ansible_facts.packages'3384 ······-·'"grub2-common"·in·ansible_facts.packages'
 3385 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3386 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3386 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3387 ······tags:3387 ······tags:
3388 ······-·CCE-83429-13388 ······-·CCE-83429-1
3389 ······-·CJIS-5.5.2.23389 ······-·CJIS-5.5.2.2
3390 ······-·NIST-800-171-3.4.53390 ······-·NIST-800-171-3.4.5
3391 ······-·NIST-800-53-AC-6(1)3391 ······-·NIST-800-53-AC-6(1)
3392 ······-·NIST-800-53-CM-6(a)3392 ······-·NIST-800-53-CM-6(a)
Offset 3400, 16 lines modifiedOffset 3400, 16 lines modified
3400 ······-·no_reboot_needed3400 ······-·no_reboot_needed
  
3401 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg3401 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
3402 ······file:3402 ······file:
3403 ········path:·/boot/efi/EFI/redhat/grub.cfg3403 ········path:·/boot/efi/EFI/redhat/grub.cfg
3404 ········owner:·'0'3404 ········owner:·'0'
3405 ······when:3405 ······when:
3406 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3407 ······-·'"grub2-common"·in·ansible_facts.packages'3406 ······-·'"grub2-common"·in·ansible_facts.packages'
 3407 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3409 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3409 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3410 ······tags:3410 ······tags:
3411 ······-·CCE-83429-13411 ······-·CCE-83429-1
3412 ······-·CJIS-5.5.2.23412 ······-·CJIS-5.5.2.2
3413 ······-·NIST-800-171-3.4.53413 ······-·NIST-800-171-3.4.5
3414 ······-·NIST-800-53-AC-6(1)3414 ······-·NIST-800-53-AC-6(1)
Offset 3441, 16 lines modifiedOffset 3441, 16 lines modified
3441 ······-·no_reboot_needed3441 ······-·no_reboot_needed
  
3442 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg3442 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
3443 ······stat:3443 ······stat:
3444 ········path:·/boot/efi/EFI/redhat/user.cfg3444 ········path:·/boot/efi/EFI/redhat/user.cfg
3445 ······register:·file_exists3445 ······register:·file_exists
3446 ······when:3446 ······when:
3447 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3448 ······-·'"grub2-common"·in·ansible_facts.packages'3447 ······-·'"grub2-common"·in·ansible_facts.packages'
 3448 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3449 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3449 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3450 ······tags:3450 ······tags:
3451 ······-·CCE-86019-73451 ······-·CCE-86019-7
3452 ······-·CJIS-5.5.2.23452 ······-·CJIS-5.5.2.2
3453 ······-·NIST-800-171-3.4.53453 ······-·NIST-800-171-3.4.5
3454 ······-·NIST-800-53-AC-6(1)3454 ······-·NIST-800-53-AC-6(1)
3455 ······-·NIST-800-53-CM-6(a)3455 ······-·NIST-800-53-CM-6(a)
Offset 3463, 16 lines modifiedOffset 3463, 16 lines modified
3463 ······-·no_reboot_needed3463 ······-·no_reboot_needed
Max diff block lines reached; 3367/8052 bytes (41.82%) of diff not shown.
8.04 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 3252, 16 lines modifiedOffset 3252, 16 lines modified
3252 ······-·no_reboot_needed3252 ······-·no_reboot_needed
  
3253 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg3253 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
3254 ······stat:3254 ······stat:
3255 ········path:·/boot/efi/EFI/redhat/grub.cfg3255 ········path:·/boot/efi/EFI/redhat/grub.cfg
3256 ······register:·file_exists3256 ······register:·file_exists
3257 ······when:3257 ······when:
3258 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3259 ······-·'"grub2-common"·in·ansible_facts.packages'3258 ······-·'"grub2-common"·in·ansible_facts.packages'
 3259 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3260 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3260 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3261 ······tags:3261 ······tags:
3262 ······-·CCE-83430-93262 ······-·CCE-83430-9
3263 ······-·CJIS-5.5.2.23263 ······-·CJIS-5.5.2.2
3264 ······-·NIST-800-171-3.4.53264 ······-·NIST-800-171-3.4.5
3265 ······-·NIST-800-53-AC-6(1)3265 ······-·NIST-800-53-AC-6(1)
3266 ······-·NIST-800-53-CM-6(a)3266 ······-·NIST-800-53-CM-6(a)
Offset 3274, 16 lines modifiedOffset 3274, 16 lines modified
3274 ······-·no_reboot_needed3274 ······-·no_reboot_needed
  
3275 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg3275 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
3276 ······file:3276 ······file:
3277 ········path:·/boot/efi/EFI/redhat/grub.cfg3277 ········path:·/boot/efi/EFI/redhat/grub.cfg
3278 ········group:·'0'3278 ········group:·'0'
3279 ······when:3279 ······when:
3280 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3281 ······-·'"grub2-common"·in·ansible_facts.packages'3280 ······-·'"grub2-common"·in·ansible_facts.packages'
 3281 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3282 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3282 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3283 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3283 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3284 ······tags:3284 ······tags:
3285 ······-·CCE-83430-93285 ······-·CCE-83430-9
3286 ······-·CJIS-5.5.2.23286 ······-·CJIS-5.5.2.2
3287 ······-·NIST-800-171-3.4.53287 ······-·NIST-800-171-3.4.5
3288 ······-·NIST-800-53-AC-6(1)3288 ······-·NIST-800-53-AC-6(1)
Offset 3315, 16 lines modifiedOffset 3315, 16 lines modified
3315 ······-·no_reboot_needed3315 ······-·no_reboot_needed
  
3316 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg3316 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
3317 ······stat:3317 ······stat:
3318 ········path:·/boot/efi/EFI/redhat/user.cfg3318 ········path:·/boot/efi/EFI/redhat/user.cfg
3319 ······register:·file_exists3319 ······register:·file_exists
3320 ······when:3320 ······when:
3321 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3322 ······-·'"grub2-common"·in·ansible_facts.packages'3321 ······-·'"grub2-common"·in·ansible_facts.packages'
 3322 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3324 ······tags:3324 ······tags:
3325 ······-·CCE-86011-43325 ······-·CCE-86011-4
3326 ······-·CJIS-5.5.2.23326 ······-·CJIS-5.5.2.2
3327 ······-·NIST-800-171-3.4.53327 ······-·NIST-800-171-3.4.5
3328 ······-·NIST-800-53-AC-6(1)3328 ······-·NIST-800-53-AC-6(1)
3329 ······-·NIST-800-53-CM-6(a)3329 ······-·NIST-800-53-CM-6(a)
Offset 3337, 16 lines modifiedOffset 3337, 16 lines modified
3337 ······-·no_reboot_needed3337 ······-·no_reboot_needed
  
3338 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg3338 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
3339 ······file:3339 ······file:
3340 ········path:·/boot/efi/EFI/redhat/user.cfg3340 ········path:·/boot/efi/EFI/redhat/user.cfg
3341 ········group:·'0'3341 ········group:·'0'
3342 ······when:3342 ······when:
3343 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3344 ······-·'"grub2-common"·in·ansible_facts.packages'3343 ······-·'"grub2-common"·in·ansible_facts.packages'
 3344 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3345 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3345 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3346 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3346 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3347 ······tags:3347 ······tags:
3348 ······-·CCE-86011-43348 ······-·CCE-86011-4
3349 ······-·CJIS-5.5.2.23349 ······-·CJIS-5.5.2.2
3350 ······-·NIST-800-171-3.4.53350 ······-·NIST-800-171-3.4.5
3351 ······-·NIST-800-53-AC-6(1)3351 ······-·NIST-800-53-AC-6(1)
Offset 3378, 16 lines modifiedOffset 3378, 16 lines modified
3378 ······-·no_reboot_needed3378 ······-·no_reboot_needed
  
3379 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg3379 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
3380 ······stat:3380 ······stat:
3381 ········path:·/boot/efi/EFI/redhat/grub.cfg3381 ········path:·/boot/efi/EFI/redhat/grub.cfg
3382 ······register:·file_exists3382 ······register:·file_exists
3383 ······when:3383 ······when:
3384 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3385 ······-·'"grub2-common"·in·ansible_facts.packages'3384 ······-·'"grub2-common"·in·ansible_facts.packages'
 3385 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3386 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3386 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3387 ······tags:3387 ······tags:
3388 ······-·CCE-83429-13388 ······-·CCE-83429-1
3389 ······-·CJIS-5.5.2.23389 ······-·CJIS-5.5.2.2
3390 ······-·NIST-800-171-3.4.53390 ······-·NIST-800-171-3.4.5
3391 ······-·NIST-800-53-AC-6(1)3391 ······-·NIST-800-53-AC-6(1)
3392 ······-·NIST-800-53-CM-6(a)3392 ······-·NIST-800-53-CM-6(a)
Offset 3400, 16 lines modifiedOffset 3400, 16 lines modified
3400 ······-·no_reboot_needed3400 ······-·no_reboot_needed
  
3401 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg3401 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
3402 ······file:3402 ······file:
3403 ········path:·/boot/efi/EFI/redhat/grub.cfg3403 ········path:·/boot/efi/EFI/redhat/grub.cfg
3404 ········owner:·'0'3404 ········owner:·'0'
3405 ······when:3405 ······when:
3406 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3407 ······-·'"grub2-common"·in·ansible_facts.packages'3406 ······-·'"grub2-common"·in·ansible_facts.packages'
 3407 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3409 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3409 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3410 ······tags:3410 ······tags:
3411 ······-·CCE-83429-13411 ······-·CCE-83429-1
3412 ······-·CJIS-5.5.2.23412 ······-·CJIS-5.5.2.2
3413 ······-·NIST-800-171-3.4.53413 ······-·NIST-800-171-3.4.5
3414 ······-·NIST-800-53-AC-6(1)3414 ······-·NIST-800-53-AC-6(1)
Offset 3441, 16 lines modifiedOffset 3441, 16 lines modified
3441 ······-·no_reboot_needed3441 ······-·no_reboot_needed
  
3442 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg3442 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
3443 ······stat:3443 ······stat:
3444 ········path:·/boot/efi/EFI/redhat/user.cfg3444 ········path:·/boot/efi/EFI/redhat/user.cfg
3445 ······register:·file_exists3445 ······register:·file_exists
3446 ······when:3446 ······when:
3447 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3448 ······-·'"grub2-common"·in·ansible_facts.packages'3447 ······-·'"grub2-common"·in·ansible_facts.packages'
 3448 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3449 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3449 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3450 ······tags:3450 ······tags:
3451 ······-·CCE-86019-73451 ······-·CCE-86019-7
3452 ······-·CJIS-5.5.2.23452 ······-·CJIS-5.5.2.2
3453 ······-·NIST-800-171-3.4.53453 ······-·NIST-800-171-3.4.5
3454 ······-·NIST-800-53-AC-6(1)3454 ······-·NIST-800-53-AC-6(1)
3455 ······-·NIST-800-53-CM-6(a)3455 ······-·NIST-800-53-CM-6(a)
Offset 3463, 16 lines modifiedOffset 3463, 16 lines modified
3463 ······-·no_reboot_needed3463 ······-·no_reboot_needed
Max diff block lines reached; 3367/8052 bytes (41.82%) of diff not shown.
8.06 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 19209, 16 lines modifiedOffset 19209, 16 lines modified
19209 ······-·no_reboot_needed19209 ······-·no_reboot_needed
  
19210 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg19210 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
19211 ······stat:19211 ······stat:
19212 ········path:·/boot/efi/EFI/redhat/grub.cfg19212 ········path:·/boot/efi/EFI/redhat/grub.cfg
19213 ······register:·file_exists19213 ······register:·file_exists
19214 ······when:19214 ······when:
19215 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19216 ······-·'"grub2-common"·in·ansible_facts.packages'19215 ······-·'"grub2-common"·in·ansible_facts.packages'
 19216 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19217 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19217 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19218 ······tags:19218 ······tags:
19219 ······-·CCE-83430-919219 ······-·CCE-83430-9
19220 ······-·CJIS-5.5.2.219220 ······-·CJIS-5.5.2.2
19221 ······-·NIST-800-171-3.4.519221 ······-·NIST-800-171-3.4.5
19222 ······-·NIST-800-53-AC-6(1)19222 ······-·NIST-800-53-AC-6(1)
19223 ······-·NIST-800-53-CM-6(a)19223 ······-·NIST-800-53-CM-6(a)
Offset 19231, 16 lines modifiedOffset 19231, 16 lines modified
19231 ······-·no_reboot_needed19231 ······-·no_reboot_needed
  
19232 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg19232 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
19233 ······file:19233 ······file:
19234 ········path:·/boot/efi/EFI/redhat/grub.cfg19234 ········path:·/boot/efi/EFI/redhat/grub.cfg
19235 ········group:·'0'19235 ········group:·'0'
19236 ······when:19236 ······when:
19237 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19238 ······-·'"grub2-common"·in·ansible_facts.packages'19237 ······-·'"grub2-common"·in·ansible_facts.packages'
 19238 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists19240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
19241 ······tags:19241 ······tags:
19242 ······-·CCE-83430-919242 ······-·CCE-83430-9
19243 ······-·CJIS-5.5.2.219243 ······-·CJIS-5.5.2.2
19244 ······-·NIST-800-171-3.4.519244 ······-·NIST-800-171-3.4.5
19245 ······-·NIST-800-53-AC-6(1)19245 ······-·NIST-800-53-AC-6(1)
Offset 19272, 16 lines modifiedOffset 19272, 16 lines modified
19272 ······-·no_reboot_needed19272 ······-·no_reboot_needed
  
19273 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg19273 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
19274 ······stat:19274 ······stat:
19275 ········path:·/boot/efi/EFI/redhat/user.cfg19275 ········path:·/boot/efi/EFI/redhat/user.cfg
19276 ······register:·file_exists19276 ······register:·file_exists
19277 ······when:19277 ······when:
19278 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19279 ······-·'"grub2-common"·in·ansible_facts.packages'19278 ······-·'"grub2-common"·in·ansible_facts.packages'
 19279 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19281 ······tags:19281 ······tags:
19282 ······-·CCE-86011-419282 ······-·CCE-86011-4
19283 ······-·CJIS-5.5.2.219283 ······-·CJIS-5.5.2.2
19284 ······-·NIST-800-171-3.4.519284 ······-·NIST-800-171-3.4.5
19285 ······-·NIST-800-53-AC-6(1)19285 ······-·NIST-800-53-AC-6(1)
19286 ······-·NIST-800-53-CM-6(a)19286 ······-·NIST-800-53-CM-6(a)
Offset 19294, 16 lines modifiedOffset 19294, 16 lines modified
19294 ······-·no_reboot_needed19294 ······-·no_reboot_needed
  
19295 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg19295 ····-·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
19296 ······file:19296 ······file:
19297 ········path:·/boot/efi/EFI/redhat/user.cfg19297 ········path:·/boot/efi/EFI/redhat/user.cfg
19298 ········group:·'0'19298 ········group:·'0'
19299 ······when:19299 ······when:
19300 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19301 ······-·'"grub2-common"·in·ansible_facts.packages'19300 ······-·'"grub2-common"·in·ansible_facts.packages'
 19301 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19302 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19302 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19303 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists19303 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
19304 ······tags:19304 ······tags:
19305 ······-·CCE-86011-419305 ······-·CCE-86011-4
19306 ······-·CJIS-5.5.2.219306 ······-·CJIS-5.5.2.2
19307 ······-·NIST-800-171-3.4.519307 ······-·NIST-800-171-3.4.5
19308 ······-·NIST-800-53-AC-6(1)19308 ······-·NIST-800-53-AC-6(1)
Offset 19335, 16 lines modifiedOffset 19335, 16 lines modified
19335 ······-·no_reboot_needed19335 ······-·no_reboot_needed
  
19336 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg19336 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
19337 ······stat:19337 ······stat:
19338 ········path:·/boot/efi/EFI/redhat/grub.cfg19338 ········path:·/boot/efi/EFI/redhat/grub.cfg
19339 ······register:·file_exists19339 ······register:·file_exists
19340 ······when:19340 ······when:
19341 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19342 ······-·'"grub2-common"·in·ansible_facts.packages'19341 ······-·'"grub2-common"·in·ansible_facts.packages'
 19342 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19344 ······tags:19344 ······tags:
19345 ······-·CCE-83429-119345 ······-·CCE-83429-1
19346 ······-·CJIS-5.5.2.219346 ······-·CJIS-5.5.2.2
19347 ······-·NIST-800-171-3.4.519347 ······-·NIST-800-171-3.4.5
19348 ······-·NIST-800-53-AC-6(1)19348 ······-·NIST-800-53-AC-6(1)
19349 ······-·NIST-800-53-CM-6(a)19349 ······-·NIST-800-53-CM-6(a)
Offset 19357, 16 lines modifiedOffset 19357, 16 lines modified
19357 ······-·no_reboot_needed19357 ······-·no_reboot_needed
  
19358 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg19358 ····-·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
19359 ······file:19359 ······file:
19360 ········path:·/boot/efi/EFI/redhat/grub.cfg19360 ········path:·/boot/efi/EFI/redhat/grub.cfg
19361 ········owner:·'0'19361 ········owner:·'0'
19362 ······when:19362 ······when:
19363 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19364 ······-·'"grub2-common"·in·ansible_facts.packages'19363 ······-·'"grub2-common"·in·ansible_facts.packages'
 19364 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19365 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19365 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19366 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists19366 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
19367 ······tags:19367 ······tags:
19368 ······-·CCE-83429-119368 ······-·CCE-83429-1
19369 ······-·CJIS-5.5.2.219369 ······-·CJIS-5.5.2.2
19370 ······-·NIST-800-171-3.4.519370 ······-·NIST-800-171-3.4.5
19371 ······-·NIST-800-53-AC-6(1)19371 ······-·NIST-800-53-AC-6(1)
Offset 19398, 16 lines modifiedOffset 19398, 16 lines modified
19398 ······-·no_reboot_needed19398 ······-·no_reboot_needed
  
19399 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg19399 ····-·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
19400 ······stat:19400 ······stat:
19401 ········path:·/boot/efi/EFI/redhat/user.cfg19401 ········path:·/boot/efi/EFI/redhat/user.cfg
19402 ······register:·file_exists19402 ······register:·file_exists
19403 ······when:19403 ······when:
19404 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
19405 ······-·'"grub2-common"·in·ansible_facts.packages'19404 ······-·'"grub2-common"·in·ansible_facts.packages'
 19405 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
19406 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]19406 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
19407 ······tags:19407 ······tags:
19408 ······-·CCE-86019-719408 ······-·CCE-86019-7
19409 ······-·CJIS-5.5.2.219409 ······-·CJIS-5.5.2.2
19410 ······-·NIST-800-171-3.4.519410 ······-·NIST-800-171-3.4.5
19411 ······-·NIST-800-53-AC-6(1)19411 ······-·NIST-800-53-AC-6(1)
19412 ······-·NIST-800-53-CM-6(a)19412 ······-·NIST-800-53-CM-6(a)
Offset 19420, 16 lines modifiedOffset 19420, 16 lines modified
19420 ······-·no_reboot_needed19420 ······-·no_reboot_needed
Max diff block lines reached; 3375/8076 bytes (41.79%) of diff not shown.
784 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-stig.yml
Ordering differences only
    
Offset 29197, 16 lines modifiedOffset 29197, 16 lines modified
29197 ········lineinfile:29197 ········lineinfile:
29198 ··········path:·/etc/postfix/main.cf29198 ··········path:·/etc/postfix/main.cf
29199 ··········create:·true29199 ··········create:·true
29200 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*29200 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
29201 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject29201 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
29202 ··········state:·present29202 ··········state:·present
29203 ······when:29203 ······when:
29204 ······-·'"postfix"·in·ansible_facts.packages' 
29205 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]29204 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 29205 ······-·'"postfix"·in·ansible_facts.packages'
29206 ······tags:29206 ······tags:
29207 ······-·CCE-80512-729207 ······-·CCE-80512-7
29208 ······-·DISA-STIG-RHEL-07-04068029208 ······-·DISA-STIG-RHEL-07-040680
29209 ······-·low_complexity29209 ······-·low_complexity
29210 ······-·low_disruption29210 ······-·low_disruption
29211 ······-·medium_severity29211 ······-·medium_severity
29212 ······-·no_reboot_needed29212 ······-·no_reboot_needed
792 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-stig_gui.yml
Ordering differences only
    
Offset 29202, 16 lines modifiedOffset 29202, 16 lines modified
29202 ········lineinfile:29202 ········lineinfile:
29203 ··········path:·/etc/postfix/main.cf29203 ··········path:·/etc/postfix/main.cf
29204 ··········create:·true29204 ··········create:·true
29205 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*29205 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
29206 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject29206 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
29207 ··········state:·present29207 ··········state:·present
29208 ······when:29208 ······when:
29209 ······-·'"postfix"·in·ansible_facts.packages' 
29210 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]29209 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 29210 ······-·'"postfix"·in·ansible_facts.packages'
29211 ······tags:29211 ······tags:
29212 ······-·CCE-80512-729212 ······-·CCE-80512-7
29213 ······-·DISA-STIG-RHEL-07-04068029213 ······-·DISA-STIG-RHEL-07-040680
29214 ······-·low_complexity29214 ······-·low_complexity
29215 ······-·low_disruption29215 ······-·low_disruption
29216 ······-·medium_severity29216 ······-·medium_severity
29217 ······-·no_reboot_needed29217 ······-·no_reboot_needed
15.8 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis.yml
Ordering differences only
    
Offset 22273, 16 lines modifiedOffset 22273, 16 lines modified
22273 ······-·no_reboot_needed22273 ······-·no_reboot_needed
  
22274 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22274 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22275 ······stat:22275 ······stat:
22276 ········path:·/boot/grub2/grub.cfg22276 ········path:·/boot/grub2/grub.cfg
22277 ······register:·file_exists22277 ······register:·file_exists
22278 ······when:22278 ······when:
22279 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22280 ······-·'"grub2-common"·in·ansible_facts.packages'22279 ······-·'"grub2-common"·in·ansible_facts.packages'
 22280 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22281 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22281 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22282 ······tags:22282 ······tags:
22283 ······-·CCE-80800-622283 ······-·CCE-80800-6
22284 ······-·CJIS-5.5.2.222284 ······-·CJIS-5.5.2.2
22285 ······-·NIST-800-171-3.4.522285 ······-·NIST-800-171-3.4.5
22286 ······-·NIST-800-53-AC-6(1)22286 ······-·NIST-800-53-AC-6(1)
22287 ······-·NIST-800-53-CM-6(a)22287 ······-·NIST-800-53-CM-6(a)
Offset 22295, 16 lines modifiedOffset 22295, 16 lines modified
22295 ······-·no_reboot_needed22295 ······-·no_reboot_needed
  
22296 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22296 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22297 ······file:22297 ······file:
22298 ········path:·/boot/grub2/grub.cfg22298 ········path:·/boot/grub2/grub.cfg
22299 ········group:·'0'22299 ········group:·'0'
22300 ······when:22300 ······when:
22301 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22302 ······-·'"grub2-common"·in·ansible_facts.packages'22301 ······-·'"grub2-common"·in·ansible_facts.packages'
 22302 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22303 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22303 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22304 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22304 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22305 ······tags:22305 ······tags:
22306 ······-·CCE-80800-622306 ······-·CCE-80800-6
22307 ······-·CJIS-5.5.2.222307 ······-·CJIS-5.5.2.2
22308 ······-·NIST-800-171-3.4.522308 ······-·NIST-800-171-3.4.5
22309 ······-·NIST-800-53-AC-6(1)22309 ······-·NIST-800-53-AC-6(1)
Offset 22336, 16 lines modifiedOffset 22336, 16 lines modified
22336 ······-·no_reboot_needed22336 ······-·no_reboot_needed
  
22337 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22337 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22338 ······stat:22338 ······stat:
22339 ········path:·/boot/grub2/user.cfg22339 ········path:·/boot/grub2/user.cfg
22340 ······register:·file_exists22340 ······register:·file_exists
22341 ······when:22341 ······when:
22342 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22343 ······-·'"grub2-common"·in·ansible_facts.packages'22342 ······-·'"grub2-common"·in·ansible_facts.packages'
 22343 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22345 ······tags:22345 ······tags:
22346 ······-·CCE-86009-822346 ······-·CCE-86009-8
22347 ······-·CJIS-5.5.2.222347 ······-·CJIS-5.5.2.2
22348 ······-·NIST-800-171-3.4.522348 ······-·NIST-800-171-3.4.5
22349 ······-·NIST-800-53-AC-6(1)22349 ······-·NIST-800-53-AC-6(1)
22350 ······-·NIST-800-53-CM-6(a)22350 ······-·NIST-800-53-CM-6(a)
Offset 22358, 16 lines modifiedOffset 22358, 16 lines modified
22358 ······-·no_reboot_needed22358 ······-·no_reboot_needed
  
22359 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg22359 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
22360 ······file:22360 ······file:
22361 ········path:·/boot/grub2/user.cfg22361 ········path:·/boot/grub2/user.cfg
22362 ········group:·'0'22362 ········group:·'0'
22363 ······when:22363 ······when:
22364 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22365 ······-·'"grub2-common"·in·ansible_facts.packages'22364 ······-·'"grub2-common"·in·ansible_facts.packages'
 22365 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22366 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22366 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22367 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22367 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22368 ······tags:22368 ······tags:
22369 ······-·CCE-86009-822369 ······-·CCE-86009-8
22370 ······-·CJIS-5.5.2.222370 ······-·CJIS-5.5.2.2
22371 ······-·NIST-800-171-3.4.522371 ······-·NIST-800-171-3.4.5
22372 ······-·NIST-800-53-AC-6(1)22372 ······-·NIST-800-53-AC-6(1)
Offset 22399, 16 lines modifiedOffset 22399, 16 lines modified
22399 ······-·no_reboot_needed22399 ······-·no_reboot_needed
  
22400 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22400 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22401 ······stat:22401 ······stat:
22402 ········path:·/boot/grub2/grub.cfg22402 ········path:·/boot/grub2/grub.cfg
22403 ······register:·file_exists22403 ······register:·file_exists
22404 ······when:22404 ······when:
22405 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22406 ······-·'"grub2-common"·in·ansible_facts.packages'22405 ······-·'"grub2-common"·in·ansible_facts.packages'
 22406 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22408 ······tags:22408 ······tags:
22409 ······-·CCE-80805-522409 ······-·CCE-80805-5
22410 ······-·CJIS-5.5.2.222410 ······-·CJIS-5.5.2.2
22411 ······-·NIST-800-171-3.4.522411 ······-·NIST-800-171-3.4.5
22412 ······-·NIST-800-53-AC-6(1)22412 ······-·NIST-800-53-AC-6(1)
22413 ······-·NIST-800-53-CM-6(a)22413 ······-·NIST-800-53-CM-6(a)
Offset 22421, 16 lines modifiedOffset 22421, 16 lines modified
22421 ······-·no_reboot_needed22421 ······-·no_reboot_needed
  
22422 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22422 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22423 ······file:22423 ······file:
22424 ········path:·/boot/grub2/grub.cfg22424 ········path:·/boot/grub2/grub.cfg
22425 ········owner:·'0'22425 ········owner:·'0'
22426 ······when:22426 ······when:
22427 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22428 ······-·'"grub2-common"·in·ansible_facts.packages'22427 ······-·'"grub2-common"·in·ansible_facts.packages'
 22428 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22429 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22429 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22430 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22430 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22431 ······tags:22431 ······tags:
22432 ······-·CCE-80805-522432 ······-·CCE-80805-5
22433 ······-·CJIS-5.5.2.222433 ······-·CJIS-5.5.2.2
22434 ······-·NIST-800-171-3.4.522434 ······-·NIST-800-171-3.4.5
22435 ······-·NIST-800-53-AC-6(1)22435 ······-·NIST-800-53-AC-6(1)
Offset 22462, 16 lines modifiedOffset 22462, 16 lines modified
22462 ······-·no_reboot_needed22462 ······-·no_reboot_needed
  
22463 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22463 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22464 ······stat:22464 ······stat:
22465 ········path:·/boot/grub2/user.cfg22465 ········path:·/boot/grub2/user.cfg
22466 ······register:·file_exists22466 ······register:·file_exists
22467 ······when:22467 ······when:
22468 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22469 ······-·'"grub2-common"·in·ansible_facts.packages'22468 ······-·'"grub2-common"·in·ansible_facts.packages'
 22469 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22470 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22470 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22471 ······tags:22471 ······tags:
22472 ······-·CCE-86015-522472 ······-·CCE-86015-5
22473 ······-·CJIS-5.5.2.222473 ······-·CJIS-5.5.2.2
22474 ······-·NIST-800-171-3.4.522474 ······-·NIST-800-171-3.4.5
22475 ······-·NIST-800-53-AC-6(1)22475 ······-·NIST-800-53-AC-6(1)
22476 ······-·NIST-800-53-CM-6(a)22476 ······-·NIST-800-53-CM-6(a)
Offset 22484, 16 lines modifiedOffset 22484, 16 lines modified
22484 ······-·no_reboot_needed22484 ······-·no_reboot_needed
Max diff block lines reached; 11403/16034 bytes (71.12%) of diff not shown.
15.8 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5473, 16 lines modifiedOffset 5473, 16 lines modified
5473 ······-·no_reboot_needed5473 ······-·no_reboot_needed
  
5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5475 ······stat:5475 ······stat:
5476 ········path:·/boot/grub2/grub.cfg5476 ········path:·/boot/grub2/grub.cfg
5477 ······register:·file_exists5477 ······register:·file_exists
5478 ······when:5478 ······when:
5479 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5480 ······-·'"grub2-common"·in·ansible_facts.packages'5479 ······-·'"grub2-common"·in·ansible_facts.packages'
 5480 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5482 ······tags:5482 ······tags:
5483 ······-·CCE-80800-65483 ······-·CCE-80800-6
5484 ······-·CJIS-5.5.2.25484 ······-·CJIS-5.5.2.2
5485 ······-·NIST-800-171-3.4.55485 ······-·NIST-800-171-3.4.5
5486 ······-·NIST-800-53-AC-6(1)5486 ······-·NIST-800-53-AC-6(1)
5487 ······-·NIST-800-53-CM-6(a)5487 ······-·NIST-800-53-CM-6(a)
Offset 5495, 16 lines modifiedOffset 5495, 16 lines modified
5495 ······-·no_reboot_needed5495 ······-·no_reboot_needed
  
5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5497 ······file:5497 ······file:
5498 ········path:·/boot/grub2/grub.cfg5498 ········path:·/boot/grub2/grub.cfg
5499 ········group:·'0'5499 ········group:·'0'
5500 ······when:5500 ······when:
5501 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5502 ······-·'"grub2-common"·in·ansible_facts.packages'5501 ······-·'"grub2-common"·in·ansible_facts.packages'
 5502 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5505 ······tags:5505 ······tags:
5506 ······-·CCE-80800-65506 ······-·CCE-80800-6
5507 ······-·CJIS-5.5.2.25507 ······-·CJIS-5.5.2.2
5508 ······-·NIST-800-171-3.4.55508 ······-·NIST-800-171-3.4.5
5509 ······-·NIST-800-53-AC-6(1)5509 ······-·NIST-800-53-AC-6(1)
Offset 5536, 16 lines modifiedOffset 5536, 16 lines modified
5536 ······-·no_reboot_needed5536 ······-·no_reboot_needed
  
5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5538 ······stat:5538 ······stat:
5539 ········path:·/boot/grub2/user.cfg5539 ········path:·/boot/grub2/user.cfg
5540 ······register:·file_exists5540 ······register:·file_exists
5541 ······when:5541 ······when:
5542 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5543 ······-·'"grub2-common"·in·ansible_facts.packages'5542 ······-·'"grub2-common"·in·ansible_facts.packages'
 5543 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5545 ······tags:5545 ······tags:
5546 ······-·CCE-86009-85546 ······-·CCE-86009-8
5547 ······-·CJIS-5.5.2.25547 ······-·CJIS-5.5.2.2
5548 ······-·NIST-800-171-3.4.55548 ······-·NIST-800-171-3.4.5
5549 ······-·NIST-800-53-AC-6(1)5549 ······-·NIST-800-53-AC-6(1)
5550 ······-·NIST-800-53-CM-6(a)5550 ······-·NIST-800-53-CM-6(a)
Offset 5558, 16 lines modifiedOffset 5558, 16 lines modified
5558 ······-·no_reboot_needed5558 ······-·no_reboot_needed
  
5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5560 ······file:5560 ······file:
5561 ········path:·/boot/grub2/user.cfg5561 ········path:·/boot/grub2/user.cfg
5562 ········group:·'0'5562 ········group:·'0'
5563 ······when:5563 ······when:
5564 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5565 ······-·'"grub2-common"·in·ansible_facts.packages'5564 ······-·'"grub2-common"·in·ansible_facts.packages'
 5565 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5568 ······tags:5568 ······tags:
5569 ······-·CCE-86009-85569 ······-·CCE-86009-8
5570 ······-·CJIS-5.5.2.25570 ······-·CJIS-5.5.2.2
5571 ······-·NIST-800-171-3.4.55571 ······-·NIST-800-171-3.4.5
5572 ······-·NIST-800-53-AC-6(1)5572 ······-·NIST-800-53-AC-6(1)
Offset 5599, 16 lines modifiedOffset 5599, 16 lines modified
5599 ······-·no_reboot_needed5599 ······-·no_reboot_needed
  
5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5601 ······stat:5601 ······stat:
5602 ········path:·/boot/grub2/grub.cfg5602 ········path:·/boot/grub2/grub.cfg
5603 ······register:·file_exists5603 ······register:·file_exists
5604 ······when:5604 ······when:
5605 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5606 ······-·'"grub2-common"·in·ansible_facts.packages'5605 ······-·'"grub2-common"·in·ansible_facts.packages'
 5606 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5608 ······tags:5608 ······tags:
5609 ······-·CCE-80805-55609 ······-·CCE-80805-5
5610 ······-·CJIS-5.5.2.25610 ······-·CJIS-5.5.2.2
5611 ······-·NIST-800-171-3.4.55611 ······-·NIST-800-171-3.4.5
5612 ······-·NIST-800-53-AC-6(1)5612 ······-·NIST-800-53-AC-6(1)
5613 ······-·NIST-800-53-CM-6(a)5613 ······-·NIST-800-53-CM-6(a)
Offset 5621, 16 lines modifiedOffset 5621, 16 lines modified
5621 ······-·no_reboot_needed5621 ······-·no_reboot_needed
  
5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5623 ······file:5623 ······file:
5624 ········path:·/boot/grub2/grub.cfg5624 ········path:·/boot/grub2/grub.cfg
5625 ········owner:·'0'5625 ········owner:·'0'
5626 ······when:5626 ······when:
5627 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5628 ······-·'"grub2-common"·in·ansible_facts.packages'5627 ······-·'"grub2-common"·in·ansible_facts.packages'
 5628 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5631 ······tags:5631 ······tags:
5632 ······-·CCE-80805-55632 ······-·CCE-80805-5
5633 ······-·CJIS-5.5.2.25633 ······-·CJIS-5.5.2.2
5634 ······-·NIST-800-171-3.4.55634 ······-·NIST-800-171-3.4.5
5635 ······-·NIST-800-53-AC-6(1)5635 ······-·NIST-800-53-AC-6(1)
Offset 5662, 16 lines modifiedOffset 5662, 16 lines modified
5662 ······-·no_reboot_needed5662 ······-·no_reboot_needed
  
5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5664 ······stat:5664 ······stat:
5665 ········path:·/boot/grub2/user.cfg5665 ········path:·/boot/grub2/user.cfg
5666 ······register:·file_exists5666 ······register:·file_exists
5667 ······when:5667 ······when:
5668 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5669 ······-·'"grub2-common"·in·ansible_facts.packages'5668 ······-·'"grub2-common"·in·ansible_facts.packages'
 5669 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5671 ······tags:5671 ······tags:
5672 ······-·CCE-86015-55672 ······-·CCE-86015-5
5673 ······-·CJIS-5.5.2.25673 ······-·CJIS-5.5.2.2
5674 ······-·NIST-800-171-3.4.55674 ······-·NIST-800-171-3.4.5
5675 ······-·NIST-800-53-AC-6(1)5675 ······-·NIST-800-53-AC-6(1)
5676 ······-·NIST-800-53-CM-6(a)5676 ······-·NIST-800-53-CM-6(a)
Offset 5684, 16 lines modifiedOffset 5684, 16 lines modified
5684 ······-·no_reboot_needed5684 ······-·no_reboot_needed
Max diff block lines reached; 11371/15986 bytes (71.13%) of diff not shown.
15.8 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5473, 16 lines modifiedOffset 5473, 16 lines modified
5473 ······-·no_reboot_needed5473 ······-·no_reboot_needed
  
5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5475 ······stat:5475 ······stat:
5476 ········path:·/boot/grub2/grub.cfg5476 ········path:·/boot/grub2/grub.cfg
5477 ······register:·file_exists5477 ······register:·file_exists
5478 ······when:5478 ······when:
5479 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5480 ······-·'"grub2-common"·in·ansible_facts.packages'5479 ······-·'"grub2-common"·in·ansible_facts.packages'
 5480 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5482 ······tags:5482 ······tags:
5483 ······-·CCE-80800-65483 ······-·CCE-80800-6
5484 ······-·CJIS-5.5.2.25484 ······-·CJIS-5.5.2.2
5485 ······-·NIST-800-171-3.4.55485 ······-·NIST-800-171-3.4.5
5486 ······-·NIST-800-53-AC-6(1)5486 ······-·NIST-800-53-AC-6(1)
5487 ······-·NIST-800-53-CM-6(a)5487 ······-·NIST-800-53-CM-6(a)
Offset 5495, 16 lines modifiedOffset 5495, 16 lines modified
5495 ······-·no_reboot_needed5495 ······-·no_reboot_needed
  
5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5497 ······file:5497 ······file:
5498 ········path:·/boot/grub2/grub.cfg5498 ········path:·/boot/grub2/grub.cfg
5499 ········group:·'0'5499 ········group:·'0'
5500 ······when:5500 ······when:
5501 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5502 ······-·'"grub2-common"·in·ansible_facts.packages'5501 ······-·'"grub2-common"·in·ansible_facts.packages'
 5502 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5505 ······tags:5505 ······tags:
5506 ······-·CCE-80800-65506 ······-·CCE-80800-6
5507 ······-·CJIS-5.5.2.25507 ······-·CJIS-5.5.2.2
5508 ······-·NIST-800-171-3.4.55508 ······-·NIST-800-171-3.4.5
5509 ······-·NIST-800-53-AC-6(1)5509 ······-·NIST-800-53-AC-6(1)
Offset 5536, 16 lines modifiedOffset 5536, 16 lines modified
5536 ······-·no_reboot_needed5536 ······-·no_reboot_needed
  
5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5538 ······stat:5538 ······stat:
5539 ········path:·/boot/grub2/user.cfg5539 ········path:·/boot/grub2/user.cfg
5540 ······register:·file_exists5540 ······register:·file_exists
5541 ······when:5541 ······when:
5542 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5543 ······-·'"grub2-common"·in·ansible_facts.packages'5542 ······-·'"grub2-common"·in·ansible_facts.packages'
 5543 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5545 ······tags:5545 ······tags:
5546 ······-·CCE-86009-85546 ······-·CCE-86009-8
5547 ······-·CJIS-5.5.2.25547 ······-·CJIS-5.5.2.2
5548 ······-·NIST-800-171-3.4.55548 ······-·NIST-800-171-3.4.5
5549 ······-·NIST-800-53-AC-6(1)5549 ······-·NIST-800-53-AC-6(1)
5550 ······-·NIST-800-53-CM-6(a)5550 ······-·NIST-800-53-CM-6(a)
Offset 5558, 16 lines modifiedOffset 5558, 16 lines modified
5558 ······-·no_reboot_needed5558 ······-·no_reboot_needed
  
5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5560 ······file:5560 ······file:
5561 ········path:·/boot/grub2/user.cfg5561 ········path:·/boot/grub2/user.cfg
5562 ········group:·'0'5562 ········group:·'0'
5563 ······when:5563 ······when:
5564 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5565 ······-·'"grub2-common"·in·ansible_facts.packages'5564 ······-·'"grub2-common"·in·ansible_facts.packages'
 5565 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5568 ······tags:5568 ······tags:
5569 ······-·CCE-86009-85569 ······-·CCE-86009-8
5570 ······-·CJIS-5.5.2.25570 ······-·CJIS-5.5.2.2
5571 ······-·NIST-800-171-3.4.55571 ······-·NIST-800-171-3.4.5
5572 ······-·NIST-800-53-AC-6(1)5572 ······-·NIST-800-53-AC-6(1)
Offset 5599, 16 lines modifiedOffset 5599, 16 lines modified
5599 ······-·no_reboot_needed5599 ······-·no_reboot_needed
  
5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5601 ······stat:5601 ······stat:
5602 ········path:·/boot/grub2/grub.cfg5602 ········path:·/boot/grub2/grub.cfg
5603 ······register:·file_exists5603 ······register:·file_exists
5604 ······when:5604 ······when:
5605 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5606 ······-·'"grub2-common"·in·ansible_facts.packages'5605 ······-·'"grub2-common"·in·ansible_facts.packages'
 5606 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5608 ······tags:5608 ······tags:
5609 ······-·CCE-80805-55609 ······-·CCE-80805-5
5610 ······-·CJIS-5.5.2.25610 ······-·CJIS-5.5.2.2
5611 ······-·NIST-800-171-3.4.55611 ······-·NIST-800-171-3.4.5
5612 ······-·NIST-800-53-AC-6(1)5612 ······-·NIST-800-53-AC-6(1)
5613 ······-·NIST-800-53-CM-6(a)5613 ······-·NIST-800-53-CM-6(a)
Offset 5621, 16 lines modifiedOffset 5621, 16 lines modified
5621 ······-·no_reboot_needed5621 ······-·no_reboot_needed
  
5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5623 ······file:5623 ······file:
5624 ········path:·/boot/grub2/grub.cfg5624 ········path:·/boot/grub2/grub.cfg
5625 ········owner:·'0'5625 ········owner:·'0'
5626 ······when:5626 ······when:
5627 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5628 ······-·'"grub2-common"·in·ansible_facts.packages'5627 ······-·'"grub2-common"·in·ansible_facts.packages'
 5628 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5631 ······tags:5631 ······tags:
5632 ······-·CCE-80805-55632 ······-·CCE-80805-5
5633 ······-·CJIS-5.5.2.25633 ······-·CJIS-5.5.2.2
5634 ······-·NIST-800-171-3.4.55634 ······-·NIST-800-171-3.4.5
5635 ······-·NIST-800-53-AC-6(1)5635 ······-·NIST-800-53-AC-6(1)
Offset 5662, 16 lines modifiedOffset 5662, 16 lines modified
5662 ······-·no_reboot_needed5662 ······-·no_reboot_needed
  
5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5664 ······stat:5664 ······stat:
5665 ········path:·/boot/grub2/user.cfg5665 ········path:·/boot/grub2/user.cfg
5666 ······register:·file_exists5666 ······register:·file_exists
5667 ······when:5667 ······when:
5668 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5669 ······-·'"grub2-common"·in·ansible_facts.packages'5668 ······-·'"grub2-common"·in·ansible_facts.packages'
 5669 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5671 ······tags:5671 ······tags:
5672 ······-·CCE-86015-55672 ······-·CCE-86015-5
5673 ······-·CJIS-5.5.2.25673 ······-·CJIS-5.5.2.2
5674 ······-·NIST-800-171-3.4.55674 ······-·NIST-800-171-3.4.5
5675 ······-·NIST-800-53-AC-6(1)5675 ······-·NIST-800-53-AC-6(1)
5676 ······-·NIST-800-53-CM-6(a)5676 ······-·NIST-800-53-CM-6(a)
Offset 5684, 16 lines modifiedOffset 5684, 16 lines modified
5684 ······-·no_reboot_needed5684 ······-·no_reboot_needed
Max diff block lines reached; 11371/15986 bytes (71.13%) of diff not shown.
15.8 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 22273, 16 lines modifiedOffset 22273, 16 lines modified
22273 ······-·no_reboot_needed22273 ······-·no_reboot_needed
  
22274 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22274 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22275 ······stat:22275 ······stat:
22276 ········path:·/boot/grub2/grub.cfg22276 ········path:·/boot/grub2/grub.cfg
22277 ······register:·file_exists22277 ······register:·file_exists
22278 ······when:22278 ······when:
22279 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22280 ······-·'"grub2-common"·in·ansible_facts.packages'22279 ······-·'"grub2-common"·in·ansible_facts.packages'
 22280 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22281 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22281 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22282 ······tags:22282 ······tags:
22283 ······-·CCE-80800-622283 ······-·CCE-80800-6
22284 ······-·CJIS-5.5.2.222284 ······-·CJIS-5.5.2.2
22285 ······-·NIST-800-171-3.4.522285 ······-·NIST-800-171-3.4.5
22286 ······-·NIST-800-53-AC-6(1)22286 ······-·NIST-800-53-AC-6(1)
22287 ······-·NIST-800-53-CM-6(a)22287 ······-·NIST-800-53-CM-6(a)
Offset 22295, 16 lines modifiedOffset 22295, 16 lines modified
22295 ······-·no_reboot_needed22295 ······-·no_reboot_needed
  
22296 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22296 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22297 ······file:22297 ······file:
22298 ········path:·/boot/grub2/grub.cfg22298 ········path:·/boot/grub2/grub.cfg
22299 ········group:·'0'22299 ········group:·'0'
22300 ······when:22300 ······when:
22301 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22302 ······-·'"grub2-common"·in·ansible_facts.packages'22301 ······-·'"grub2-common"·in·ansible_facts.packages'
 22302 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22303 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22303 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22304 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22304 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22305 ······tags:22305 ······tags:
22306 ······-·CCE-80800-622306 ······-·CCE-80800-6
22307 ······-·CJIS-5.5.2.222307 ······-·CJIS-5.5.2.2
22308 ······-·NIST-800-171-3.4.522308 ······-·NIST-800-171-3.4.5
22309 ······-·NIST-800-53-AC-6(1)22309 ······-·NIST-800-53-AC-6(1)
Offset 22336, 16 lines modifiedOffset 22336, 16 lines modified
22336 ······-·no_reboot_needed22336 ······-·no_reboot_needed
  
22337 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22337 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22338 ······stat:22338 ······stat:
22339 ········path:·/boot/grub2/user.cfg22339 ········path:·/boot/grub2/user.cfg
22340 ······register:·file_exists22340 ······register:·file_exists
22341 ······when:22341 ······when:
22342 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22343 ······-·'"grub2-common"·in·ansible_facts.packages'22342 ······-·'"grub2-common"·in·ansible_facts.packages'
 22343 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22345 ······tags:22345 ······tags:
22346 ······-·CCE-86009-822346 ······-·CCE-86009-8
22347 ······-·CJIS-5.5.2.222347 ······-·CJIS-5.5.2.2
22348 ······-·NIST-800-171-3.4.522348 ······-·NIST-800-171-3.4.5
22349 ······-·NIST-800-53-AC-6(1)22349 ······-·NIST-800-53-AC-6(1)
22350 ······-·NIST-800-53-CM-6(a)22350 ······-·NIST-800-53-CM-6(a)
Offset 22358, 16 lines modifiedOffset 22358, 16 lines modified
22358 ······-·no_reboot_needed22358 ······-·no_reboot_needed
  
22359 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg22359 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
22360 ······file:22360 ······file:
22361 ········path:·/boot/grub2/user.cfg22361 ········path:·/boot/grub2/user.cfg
22362 ········group:·'0'22362 ········group:·'0'
22363 ······when:22363 ······when:
22364 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22365 ······-·'"grub2-common"·in·ansible_facts.packages'22364 ······-·'"grub2-common"·in·ansible_facts.packages'
 22365 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22366 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22366 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22367 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22367 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22368 ······tags:22368 ······tags:
22369 ······-·CCE-86009-822369 ······-·CCE-86009-8
22370 ······-·CJIS-5.5.2.222370 ······-·CJIS-5.5.2.2
22371 ······-·NIST-800-171-3.4.522371 ······-·NIST-800-171-3.4.5
22372 ······-·NIST-800-53-AC-6(1)22372 ······-·NIST-800-53-AC-6(1)
Offset 22399, 16 lines modifiedOffset 22399, 16 lines modified
22399 ······-·no_reboot_needed22399 ······-·no_reboot_needed
  
22400 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22400 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22401 ······stat:22401 ······stat:
22402 ········path:·/boot/grub2/grub.cfg22402 ········path:·/boot/grub2/grub.cfg
22403 ······register:·file_exists22403 ······register:·file_exists
22404 ······when:22404 ······when:
22405 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22406 ······-·'"grub2-common"·in·ansible_facts.packages'22405 ······-·'"grub2-common"·in·ansible_facts.packages'
 22406 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22408 ······tags:22408 ······tags:
22409 ······-·CCE-80805-522409 ······-·CCE-80805-5
22410 ······-·CJIS-5.5.2.222410 ······-·CJIS-5.5.2.2
22411 ······-·NIST-800-171-3.4.522411 ······-·NIST-800-171-3.4.5
22412 ······-·NIST-800-53-AC-6(1)22412 ······-·NIST-800-53-AC-6(1)
22413 ······-·NIST-800-53-CM-6(a)22413 ······-·NIST-800-53-CM-6(a)
Offset 22421, 16 lines modifiedOffset 22421, 16 lines modified
22421 ······-·no_reboot_needed22421 ······-·no_reboot_needed
  
22422 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22422 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22423 ······file:22423 ······file:
22424 ········path:·/boot/grub2/grub.cfg22424 ········path:·/boot/grub2/grub.cfg
22425 ········owner:·'0'22425 ········owner:·'0'
22426 ······when:22426 ······when:
22427 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22428 ······-·'"grub2-common"·in·ansible_facts.packages'22427 ······-·'"grub2-common"·in·ansible_facts.packages'
 22428 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22429 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22429 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22430 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22430 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22431 ······tags:22431 ······tags:
22432 ······-·CCE-80805-522432 ······-·CCE-80805-5
22433 ······-·CJIS-5.5.2.222433 ······-·CJIS-5.5.2.2
22434 ······-·NIST-800-171-3.4.522434 ······-·NIST-800-171-3.4.5
22435 ······-·NIST-800-53-AC-6(1)22435 ······-·NIST-800-53-AC-6(1)
Offset 22462, 16 lines modifiedOffset 22462, 16 lines modified
22462 ······-·no_reboot_needed22462 ······-·no_reboot_needed
  
22463 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22463 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22464 ······stat:22464 ······stat:
22465 ········path:·/boot/grub2/user.cfg22465 ········path:·/boot/grub2/user.cfg
22466 ······register:·file_exists22466 ······register:·file_exists
22467 ······when:22467 ······when:
22468 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22469 ······-·'"grub2-common"·in·ansible_facts.packages'22468 ······-·'"grub2-common"·in·ansible_facts.packages'
 22469 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22470 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22470 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22471 ······tags:22471 ······tags:
22472 ······-·CCE-86015-522472 ······-·CCE-86015-5
22473 ······-·CJIS-5.5.2.222473 ······-·CJIS-5.5.2.2
22474 ······-·NIST-800-171-3.4.522474 ······-·NIST-800-171-3.4.5
22475 ······-·NIST-800-53-AC-6(1)22475 ······-·NIST-800-53-AC-6(1)
22476 ······-·NIST-800-53-CM-6(a)22476 ······-·NIST-800-53-CM-6(a)
Offset 22484, 16 lines modifiedOffset 22484, 16 lines modified
22484 ······-·no_reboot_needed22484 ······-·no_reboot_needed
Max diff block lines reached; 11403/16034 bytes (71.12%) of diff not shown.
2.71 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cjis.yml
Ordering differences only
    
Offset 13831, 16 lines modifiedOffset 13831, 16 lines modified
13831 ······-·no_reboot_needed13831 ······-·no_reboot_needed
  
13832 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg13832 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
13833 ······stat:13833 ······stat:
13834 ········path:·/boot/grub2/grub.cfg13834 ········path:·/boot/grub2/grub.cfg
13835 ······register:·file_exists13835 ······register:·file_exists
13836 ······when:13836 ······when:
13837 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13838 ······-·'"grub2-common"·in·ansible_facts.packages'13837 ······-·'"grub2-common"·in·ansible_facts.packages'
 13838 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13839 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13839 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13840 ······tags:13840 ······tags:
13841 ······-·CCE-80800-613841 ······-·CCE-80800-6
13842 ······-·CJIS-5.5.2.213842 ······-·CJIS-5.5.2.2
13843 ······-·NIST-800-171-3.4.513843 ······-·NIST-800-171-3.4.5
13844 ······-·NIST-800-53-AC-6(1)13844 ······-·NIST-800-53-AC-6(1)
13845 ······-·NIST-800-53-CM-6(a)13845 ······-·NIST-800-53-CM-6(a)
Offset 13853, 16 lines modifiedOffset 13853, 16 lines modified
13853 ······-·no_reboot_needed13853 ······-·no_reboot_needed
  
13854 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg13854 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
13855 ······file:13855 ······file:
13856 ········path:·/boot/grub2/grub.cfg13856 ········path:·/boot/grub2/grub.cfg
13857 ········group:·'0'13857 ········group:·'0'
13858 ······when:13858 ······when:
13859 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13860 ······-·'"grub2-common"·in·ansible_facts.packages'13859 ······-·'"grub2-common"·in·ansible_facts.packages'
 13860 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13861 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13861 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13862 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists13862 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
13863 ······tags:13863 ······tags:
13864 ······-·CCE-80800-613864 ······-·CCE-80800-6
13865 ······-·CJIS-5.5.2.213865 ······-·CJIS-5.5.2.2
13866 ······-·NIST-800-171-3.4.513866 ······-·NIST-800-171-3.4.5
13867 ······-·NIST-800-53-AC-6(1)13867 ······-·NIST-800-53-AC-6(1)
Offset 13894, 16 lines modifiedOffset 13894, 16 lines modified
13894 ······-·no_reboot_needed13894 ······-·no_reboot_needed
  
13895 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg13895 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
13896 ······stat:13896 ······stat:
13897 ········path:·/boot/grub2/grub.cfg13897 ········path:·/boot/grub2/grub.cfg
13898 ······register:·file_exists13898 ······register:·file_exists
13899 ······when:13899 ······when:
13900 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13901 ······-·'"grub2-common"·in·ansible_facts.packages'13900 ······-·'"grub2-common"·in·ansible_facts.packages'
 13901 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13902 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13902 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13903 ······tags:13903 ······tags:
13904 ······-·CCE-80805-513904 ······-·CCE-80805-5
13905 ······-·CJIS-5.5.2.213905 ······-·CJIS-5.5.2.2
13906 ······-·NIST-800-171-3.4.513906 ······-·NIST-800-171-3.4.5
13907 ······-·NIST-800-53-AC-6(1)13907 ······-·NIST-800-53-AC-6(1)
13908 ······-·NIST-800-53-CM-6(a)13908 ······-·NIST-800-53-CM-6(a)
Offset 13916, 16 lines modifiedOffset 13916, 16 lines modified
13916 ······-·no_reboot_needed13916 ······-·no_reboot_needed
  
13917 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg13917 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
13918 ······file:13918 ······file:
13919 ········path:·/boot/grub2/grub.cfg13919 ········path:·/boot/grub2/grub.cfg
13920 ········owner:·'0'13920 ········owner:·'0'
13921 ······when:13921 ······when:
13922 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13923 ······-·'"grub2-common"·in·ansible_facts.packages'13922 ······-·'"grub2-common"·in·ansible_facts.packages'
 13923 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13924 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13924 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13925 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists13925 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
13926 ······tags:13926 ······tags:
13927 ······-·CCE-80805-513927 ······-·CCE-80805-5
13928 ······-·CJIS-5.5.2.213928 ······-·CJIS-5.5.2.2
13929 ······-·NIST-800-171-3.4.513929 ······-·NIST-800-171-3.4.5
13930 ······-·NIST-800-53-AC-6(1)13930 ······-·NIST-800-53-AC-6(1)
2.71 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-hipaa.yml
Ordering differences only
    
Offset 22603, 16 lines modifiedOffset 22603, 16 lines modified
22603 ······-·no_reboot_needed22603 ······-·no_reboot_needed
  
22604 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22604 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22605 ······stat:22605 ······stat:
22606 ········path:·/boot/grub2/grub.cfg22606 ········path:·/boot/grub2/grub.cfg
22607 ······register:·file_exists22607 ······register:·file_exists
22608 ······when:22608 ······when:
22609 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22610 ······-·'"grub2-common"·in·ansible_facts.packages'22609 ······-·'"grub2-common"·in·ansible_facts.packages'
 22610 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22611 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22611 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22612 ······tags:22612 ······tags:
22613 ······-·CCE-80800-622613 ······-·CCE-80800-6
22614 ······-·CJIS-5.5.2.222614 ······-·CJIS-5.5.2.2
22615 ······-·NIST-800-171-3.4.522615 ······-·NIST-800-171-3.4.5
22616 ······-·NIST-800-53-AC-6(1)22616 ······-·NIST-800-53-AC-6(1)
22617 ······-·NIST-800-53-CM-6(a)22617 ······-·NIST-800-53-CM-6(a)
Offset 22625, 16 lines modifiedOffset 22625, 16 lines modified
22625 ······-·no_reboot_needed22625 ······-·no_reboot_needed
  
22626 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22626 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22627 ······file:22627 ······file:
22628 ········path:·/boot/grub2/grub.cfg22628 ········path:·/boot/grub2/grub.cfg
22629 ········group:·'0'22629 ········group:·'0'
22630 ······when:22630 ······when:
22631 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22632 ······-·'"grub2-common"·in·ansible_facts.packages'22631 ······-·'"grub2-common"·in·ansible_facts.packages'
 22632 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22633 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22633 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22634 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22634 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22635 ······tags:22635 ······tags:
22636 ······-·CCE-80800-622636 ······-·CCE-80800-6
22637 ······-·CJIS-5.5.2.222637 ······-·CJIS-5.5.2.2
22638 ······-·NIST-800-171-3.4.522638 ······-·NIST-800-171-3.4.5
22639 ······-·NIST-800-53-AC-6(1)22639 ······-·NIST-800-53-AC-6(1)
Offset 22666, 16 lines modifiedOffset 22666, 16 lines modified
22666 ······-·no_reboot_needed22666 ······-·no_reboot_needed
  
22667 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22667 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22668 ······stat:22668 ······stat:
22669 ········path:·/boot/grub2/grub.cfg22669 ········path:·/boot/grub2/grub.cfg
22670 ······register:·file_exists22670 ······register:·file_exists
22671 ······when:22671 ······when:
22672 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22673 ······-·'"grub2-common"·in·ansible_facts.packages'22672 ······-·'"grub2-common"·in·ansible_facts.packages'
 22673 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22674 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22674 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22675 ······tags:22675 ······tags:
22676 ······-·CCE-80805-522676 ······-·CCE-80805-5
22677 ······-·CJIS-5.5.2.222677 ······-·CJIS-5.5.2.2
22678 ······-·NIST-800-171-3.4.522678 ······-·NIST-800-171-3.4.5
22679 ······-·NIST-800-53-AC-6(1)22679 ······-·NIST-800-53-AC-6(1)
22680 ······-·NIST-800-53-CM-6(a)22680 ······-·NIST-800-53-CM-6(a)
Offset 22688, 16 lines modifiedOffset 22688, 16 lines modified
22688 ······-·no_reboot_needed22688 ······-·no_reboot_needed
  
22689 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22689 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22690 ······file:22690 ······file:
22691 ········path:·/boot/grub2/grub.cfg22691 ········path:·/boot/grub2/grub.cfg
22692 ········owner:·'0'22692 ········owner:·'0'
22693 ······when:22693 ······when:
22694 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22695 ······-·'"grub2-common"·in·ansible_facts.packages'22694 ······-·'"grub2-common"·in·ansible_facts.packages'
 22695 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22696 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22696 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22697 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22697 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22698 ······tags:22698 ······tags:
22699 ······-·CCE-80805-522699 ······-·CCE-80805-5
22700 ······-·CJIS-5.5.2.222700 ······-·CJIS-5.5.2.2
22701 ······-·NIST-800-171-3.4.522701 ······-·NIST-800-171-3.4.5
22702 ······-·NIST-800-53-AC-6(1)22702 ······-·NIST-800-53-AC-6(1)
2.71 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-pci-dss.yml
Ordering differences only
    
Offset 23406, 16 lines modifiedOffset 23406, 16 lines modified
23406 ······-·no_reboot_needed23406 ······-·no_reboot_needed
  
23407 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg23407 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
23408 ······stat:23408 ······stat:
23409 ········path:·/boot/grub2/grub.cfg23409 ········path:·/boot/grub2/grub.cfg
23410 ······register:·file_exists23410 ······register:·file_exists
23411 ······when:23411 ······when:
23412 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23413 ······-·'"grub2-common"·in·ansible_facts.packages'23412 ······-·'"grub2-common"·in·ansible_facts.packages'
 23413 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23414 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23414 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23415 ······tags:23415 ······tags:
23416 ······-·CCE-80800-623416 ······-·CCE-80800-6
23417 ······-·CJIS-5.5.2.223417 ······-·CJIS-5.5.2.2
23418 ······-·NIST-800-171-3.4.523418 ······-·NIST-800-171-3.4.5
23419 ······-·NIST-800-53-AC-6(1)23419 ······-·NIST-800-53-AC-6(1)
23420 ······-·NIST-800-53-CM-6(a)23420 ······-·NIST-800-53-CM-6(a)
Offset 23428, 16 lines modifiedOffset 23428, 16 lines modified
23428 ······-·no_reboot_needed23428 ······-·no_reboot_needed
  
23429 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg23429 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
23430 ······file:23430 ······file:
23431 ········path:·/boot/grub2/grub.cfg23431 ········path:·/boot/grub2/grub.cfg
23432 ········group:·'0'23432 ········group:·'0'
23433 ······when:23433 ······when:
23434 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23435 ······-·'"grub2-common"·in·ansible_facts.packages'23434 ······-·'"grub2-common"·in·ansible_facts.packages'
 23435 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23436 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23436 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23437 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists23437 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
23438 ······tags:23438 ······tags:
23439 ······-·CCE-80800-623439 ······-·CCE-80800-6
23440 ······-·CJIS-5.5.2.223440 ······-·CJIS-5.5.2.2
23441 ······-·NIST-800-171-3.4.523441 ······-·NIST-800-171-3.4.5
23442 ······-·NIST-800-53-AC-6(1)23442 ······-·NIST-800-53-AC-6(1)
Offset 23469, 16 lines modifiedOffset 23469, 16 lines modified
23469 ······-·no_reboot_needed23469 ······-·no_reboot_needed
  
23470 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg23470 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
23471 ······stat:23471 ······stat:
23472 ········path:·/boot/grub2/grub.cfg23472 ········path:·/boot/grub2/grub.cfg
23473 ······register:·file_exists23473 ······register:·file_exists
23474 ······when:23474 ······when:
23475 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23476 ······-·'"grub2-common"·in·ansible_facts.packages'23475 ······-·'"grub2-common"·in·ansible_facts.packages'
 23476 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23477 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23477 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23478 ······tags:23478 ······tags:
23479 ······-·CCE-80805-523479 ······-·CCE-80805-5
23480 ······-·CJIS-5.5.2.223480 ······-·CJIS-5.5.2.2
23481 ······-·NIST-800-171-3.4.523481 ······-·NIST-800-171-3.4.5
23482 ······-·NIST-800-53-AC-6(1)23482 ······-·NIST-800-53-AC-6(1)
23483 ······-·NIST-800-53-CM-6(a)23483 ······-·NIST-800-53-CM-6(a)
Offset 23491, 16 lines modifiedOffset 23491, 16 lines modified
23491 ······-·no_reboot_needed23491 ······-·no_reboot_needed
  
23492 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg23492 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
23493 ······file:23493 ······file:
23494 ········path:·/boot/grub2/grub.cfg23494 ········path:·/boot/grub2/grub.cfg
23495 ········owner:·'0'23495 ········owner:·'0'
23496 ······when:23496 ······when:
23497 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23498 ······-·'"grub2-common"·in·ansible_facts.packages'23497 ······-·'"grub2-common"·in·ansible_facts.packages'
 23498 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23499 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23499 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23500 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists23500 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
23501 ······tags:23501 ······tags:
23502 ······-·CCE-80805-523502 ······-·CCE-80805-5
23503 ······-·CJIS-5.5.2.223503 ······-·CJIS-5.5.2.2
23504 ······-·NIST-800-171-3.4.523504 ······-·NIST-800-171-3.4.5
23505 ······-·NIST-800-53-AC-6(1)23505 ······-·NIST-800-53-AC-6(1)
4.03 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-rht-ccp.yml
Ordering differences only
    
Offset 3276, 16 lines modifiedOffset 3276, 16 lines modified
3276 ······-·no_reboot_needed3276 ······-·no_reboot_needed
  
3277 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3277 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3278 ······stat:3278 ······stat:
3279 ········path:·/boot/grub2/grub.cfg3279 ········path:·/boot/grub2/grub.cfg
3280 ······register:·file_exists3280 ······register:·file_exists
3281 ······when:3281 ······when:
3282 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3283 ······-·'"grub2-common"·in·ansible_facts.packages'3282 ······-·'"grub2-common"·in·ansible_facts.packages'
 3283 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3285 ······tags:3285 ······tags:
3286 ······-·CCE-80800-63286 ······-·CCE-80800-6
3287 ······-·CJIS-5.5.2.23287 ······-·CJIS-5.5.2.2
3288 ······-·NIST-800-171-3.4.53288 ······-·NIST-800-171-3.4.5
3289 ······-·NIST-800-53-AC-6(1)3289 ······-·NIST-800-53-AC-6(1)
3290 ······-·NIST-800-53-CM-6(a)3290 ······-·NIST-800-53-CM-6(a)
Offset 3298, 16 lines modifiedOffset 3298, 16 lines modified
3298 ······-·no_reboot_needed3298 ······-·no_reboot_needed
  
3299 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3299 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3300 ······file:3300 ······file:
3301 ········path:·/boot/grub2/grub.cfg3301 ········path:·/boot/grub2/grub.cfg
3302 ········group:·'0'3302 ········group:·'0'
3303 ······when:3303 ······when:
3304 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3305 ······-·'"grub2-common"·in·ansible_facts.packages'3304 ······-·'"grub2-common"·in·ansible_facts.packages'
 3305 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3306 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3306 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3307 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3307 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3308 ······tags:3308 ······tags:
3309 ······-·CCE-80800-63309 ······-·CCE-80800-6
3310 ······-·CJIS-5.5.2.23310 ······-·CJIS-5.5.2.2
3311 ······-·NIST-800-171-3.4.53311 ······-·NIST-800-171-3.4.5
3312 ······-·NIST-800-53-AC-6(1)3312 ······-·NIST-800-53-AC-6(1)
Offset 3339, 16 lines modifiedOffset 3339, 16 lines modified
3339 ······-·no_reboot_needed3339 ······-·no_reboot_needed
  
3340 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3340 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3341 ······stat:3341 ······stat:
3342 ········path:·/boot/grub2/grub.cfg3342 ········path:·/boot/grub2/grub.cfg
3343 ······register:·file_exists3343 ······register:·file_exists
3344 ······when:3344 ······when:
3345 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3346 ······-·'"grub2-common"·in·ansible_facts.packages'3345 ······-·'"grub2-common"·in·ansible_facts.packages'
 3346 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3347 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3347 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3348 ······tags:3348 ······tags:
3349 ······-·CCE-80805-53349 ······-·CCE-80805-5
3350 ······-·CJIS-5.5.2.23350 ······-·CJIS-5.5.2.2
3351 ······-·NIST-800-171-3.4.53351 ······-·NIST-800-171-3.4.5
3352 ······-·NIST-800-53-AC-6(1)3352 ······-·NIST-800-53-AC-6(1)
3353 ······-·NIST-800-53-CM-6(a)3353 ······-·NIST-800-53-CM-6(a)
Offset 3361, 16 lines modifiedOffset 3361, 16 lines modified
3361 ······-·no_reboot_needed3361 ······-·no_reboot_needed
  
3362 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3362 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3363 ······file:3363 ······file:
3364 ········path:·/boot/grub2/grub.cfg3364 ········path:·/boot/grub2/grub.cfg
3365 ········owner:·'0'3365 ········owner:·'0'
3366 ······when:3366 ······when:
3367 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3368 ······-·'"grub2-common"·in·ansible_facts.packages'3367 ······-·'"grub2-common"·in·ansible_facts.packages'
 3368 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3369 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3369 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3370 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3370 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3371 ······tags:3371 ······tags:
3372 ······-·CCE-80805-53372 ······-·CCE-80805-5
3373 ······-·CJIS-5.5.2.23373 ······-·CJIS-5.5.2.2
3374 ······-·NIST-800-171-3.4.53374 ······-·NIST-800-171-3.4.5
3375 ······-·NIST-800-53-AC-6(1)3375 ······-·NIST-800-53-AC-6(1)
Offset 3400, 16 lines modifiedOffset 3400, 16 lines modified
3400 ······-·no_reboot_needed3400 ······-·no_reboot_needed
  
3401 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3401 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3402 ······stat:3402 ······stat:
3403 ········path:·/boot/grub2/grub.cfg3403 ········path:·/boot/grub2/grub.cfg
3404 ······register:·file_exists3404 ······register:·file_exists
3405 ······when:3405 ······when:
3406 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3407 ······-·'"grub2-common"·in·ansible_facts.packages'3406 ······-·'"grub2-common"·in·ansible_facts.packages'
 3407 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3409 ······tags:3409 ······tags:
3410 ······-·CCE-80814-73410 ······-·CCE-80814-7
3411 ······-·NIST-800-171-3.4.53411 ······-·NIST-800-171-3.4.5
3412 ······-·NIST-800-53-AC-6(1)3412 ······-·NIST-800-53-AC-6(1)
3413 ······-·NIST-800-53-CM-6(a)3413 ······-·NIST-800-53-CM-6(a)
3414 ······-·configure_strategy3414 ······-·configure_strategy
Offset 3420, 16 lines modifiedOffset 3420, 16 lines modified
3420 ······-·no_reboot_needed3420 ······-·no_reboot_needed
  
3421 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg3421 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
3422 ······file:3422 ······file:
3423 ········path:·/boot/grub2/grub.cfg3423 ········path:·/boot/grub2/grub.cfg
3424 ········mode:·u-xs,g-xwrs,o-xwrt3424 ········mode:·u-xs,g-xwrs,o-xwrt
3425 ······when:3425 ······when:
3426 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3427 ······-·'"grub2-common"·in·ansible_facts.packages'3426 ······-·'"grub2-common"·in·ansible_facts.packages'
 3427 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3428 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3428 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3429 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3429 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3430 ······tags:3430 ······tags:
3431 ······-·CCE-80814-73431 ······-·CCE-80814-7
3432 ······-·NIST-800-171-3.4.53432 ······-·NIST-800-171-3.4.5
3433 ······-·NIST-800-53-AC-6(1)3433 ······-·NIST-800-53-AC-6(1)
3434 ······-·NIST-800-53-CM-6(a)3434 ······-·NIST-800-53-CM-6(a)
784 B
./usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml
Ordering differences only
    
Offset 38420, 16 lines modifiedOffset 38420, 16 lines modified
38420 ········lineinfile:38420 ········lineinfile:
38421 ··········path:·/etc/postfix/main.cf38421 ··········path:·/etc/postfix/main.cf
38422 ··········create:·true38422 ··········create:·true
38423 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*38423 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
38424 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject38424 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
38425 ··········state:·present38425 ··········state:·present
38426 ······when:38426 ······when:
38427 ······-·'"postfix"·in·ansible_facts.packages' 
38428 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38427 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 38428 ······-·'"postfix"·in·ansible_facts.packages'
38429 ······tags:38429 ······tags:
38430 ······-·CCE-84054-638430 ······-·CCE-84054-6
38431 ······-·DISA-STIG-RHEL-08-04029038431 ······-·DISA-STIG-RHEL-08-040290
38432 ······-·low_complexity38432 ······-·low_complexity
38433 ······-·low_disruption38433 ······-·low_disruption
38434 ······-·medium_severity38434 ······-·medium_severity
38435 ······-·no_reboot_needed38435 ······-·no_reboot_needed
792 B
./usr/share/scap-security-guide/ansible/rhel8-playbook-stig_gui.yml
Ordering differences only
    
Offset 38410, 16 lines modifiedOffset 38410, 16 lines modified
38410 ········lineinfile:38410 ········lineinfile:
38411 ··········path:·/etc/postfix/main.cf38411 ··········path:·/etc/postfix/main.cf
38412 ··········create:·true38412 ··········create:·true
38413 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*38413 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
38414 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject38414 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
38415 ··········state:·present38415 ··········state:·present
38416 ······when:38416 ······when:
38417 ······-·'"postfix"·in·ansible_facts.packages' 
38418 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38417 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 38418 ······-·'"postfix"·in·ansible_facts.packages'
38419 ······tags:38419 ······tags:
38420 ······-·CCE-84054-638420 ······-·CCE-84054-6
38421 ······-·DISA-STIG-RHEL-08-04029038421 ······-·DISA-STIG-RHEL-08-040290
38422 ······-·low_complexity38422 ······-·low_complexity
38423 ······-·low_disruption38423 ······-·low_disruption
38424 ······-·medium_severity38424 ······-·medium_severity
38425 ······-·no_reboot_needed38425 ······-·no_reboot_needed
5.29 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis.yml
Ordering differences only
    
Offset 22191, 16 lines modifiedOffset 22191, 16 lines modified
22191 ······-·no_reboot_needed22191 ······-·no_reboot_needed
  
22192 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22192 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22193 ······stat:22193 ······stat:
22194 ········path:·/boot/grub2/user.cfg22194 ········path:·/boot/grub2/user.cfg
22195 ······register:·file_exists22195 ······register:·file_exists
22196 ······when:22196 ······when:
22197 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22198 ······-·'"grub2-common"·in·ansible_facts.packages'22197 ······-·'"grub2-common"·in·ansible_facts.packages'
 22198 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22199 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22199 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22200 ······tags:22200 ······tags:
22201 ······-·CCE-86013-022201 ······-·CCE-86013-0
22202 ······-·CJIS-5.5.2.222202 ······-·CJIS-5.5.2.2
22203 ······-·NIST-800-171-3.4.522203 ······-·NIST-800-171-3.4.5
22204 ······-·NIST-800-53-AC-6(1)22204 ······-·NIST-800-53-AC-6(1)
22205 ······-·NIST-800-53-CM-6(a)22205 ······-·NIST-800-53-CM-6(a)
Offset 22213, 16 lines modifiedOffset 22213, 16 lines modified
22213 ······-·no_reboot_needed22213 ······-·no_reboot_needed
  
22214 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg22214 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
22215 ······file:22215 ······file:
22216 ········path:·/boot/grub2/user.cfg22216 ········path:·/boot/grub2/user.cfg
22217 ········group:·'0'22217 ········group:·'0'
22218 ······when:22218 ······when:
22219 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22220 ······-·'"grub2-common"·in·ansible_facts.packages'22219 ······-·'"grub2-common"·in·ansible_facts.packages'
 22220 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22222 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22222 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22223 ······tags:22223 ······tags:
22224 ······-·CCE-86013-022224 ······-·CCE-86013-0
22225 ······-·CJIS-5.5.2.222225 ······-·CJIS-5.5.2.2
22226 ······-·NIST-800-171-3.4.522226 ······-·NIST-800-171-3.4.5
22227 ······-·NIST-800-53-AC-6(1)22227 ······-·NIST-800-53-AC-6(1)
Offset 22254, 16 lines modifiedOffset 22254, 16 lines modified
22254 ······-·no_reboot_needed22254 ······-·no_reboot_needed
  
22255 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22255 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22256 ······stat:22256 ······stat:
22257 ········path:·/boot/grub2/user.cfg22257 ········path:·/boot/grub2/user.cfg
22258 ······register:·file_exists22258 ······register:·file_exists
22259 ······when:22259 ······when:
22260 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22261 ······-·'"grub2-common"·in·ansible_facts.packages'22260 ······-·'"grub2-common"·in·ansible_facts.packages'
 22261 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22262 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22262 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22263 ······tags:22263 ······tags:
22264 ······-·CCE-86022-122264 ······-·CCE-86022-1
22265 ······-·CJIS-5.5.2.222265 ······-·CJIS-5.5.2.2
22266 ······-·NIST-800-171-3.4.522266 ······-·NIST-800-171-3.4.5
22267 ······-·NIST-800-53-AC-6(1)22267 ······-·NIST-800-53-AC-6(1)
22268 ······-·NIST-800-53-CM-6(a)22268 ······-·NIST-800-53-CM-6(a)
Offset 22276, 16 lines modifiedOffset 22276, 16 lines modified
22276 ······-·no_reboot_needed22276 ······-·no_reboot_needed
  
22277 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg22277 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
22278 ······file:22278 ······file:
22279 ········path:·/boot/grub2/user.cfg22279 ········path:·/boot/grub2/user.cfg
22280 ········owner:·'0'22280 ········owner:·'0'
22281 ······when:22281 ······when:
22282 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22283 ······-·'"grub2-common"·in·ansible_facts.packages'22282 ······-·'"grub2-common"·in·ansible_facts.packages'
 22283 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22285 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22285 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22286 ······tags:22286 ······tags:
22287 ······-·CCE-86022-122287 ······-·CCE-86022-1
22288 ······-·CJIS-5.5.2.222288 ······-·CJIS-5.5.2.2
22289 ······-·NIST-800-171-3.4.522289 ······-·NIST-800-171-3.4.5
22290 ······-·NIST-800-53-AC-6(1)22290 ······-·NIST-800-53-AC-6(1)
Offset 22315, 16 lines modifiedOffset 22315, 16 lines modified
22315 ······-·no_reboot_needed22315 ······-·no_reboot_needed
  
22316 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22316 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22317 ······stat:22317 ······stat:
22318 ········path:·/boot/grub2/grub.cfg22318 ········path:·/boot/grub2/grub.cfg
22319 ······register:·file_exists22319 ······register:·file_exists
22320 ······when:22320 ······when:
22321 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22322 ······-·'"grub2-common"·in·ansible_facts.packages'22321 ······-·'"grub2-common"·in·ansible_facts.packages'
 22322 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22324 ······tags:22324 ······tags:
22325 ······-·CCE-85925-622325 ······-·CCE-85925-6
22326 ······-·NIST-800-171-3.4.522326 ······-·NIST-800-171-3.4.5
22327 ······-·NIST-800-53-AC-6(1)22327 ······-·NIST-800-53-AC-6(1)
22328 ······-·NIST-800-53-CM-6(a)22328 ······-·NIST-800-53-CM-6(a)
22329 ······-·configure_strategy22329 ······-·configure_strategy
Offset 22335, 16 lines modifiedOffset 22335, 16 lines modified
22335 ······-·no_reboot_needed22335 ······-·no_reboot_needed
  
22336 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg22336 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
22337 ······file:22337 ······file:
22338 ········path:·/boot/grub2/grub.cfg22338 ········path:·/boot/grub2/grub.cfg
22339 ········mode:·u-s,g-xwrs,o-xwrt22339 ········mode:·u-s,g-xwrs,o-xwrt
22340 ······when:22340 ······when:
22341 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22342 ······-·'"grub2-common"·in·ansible_facts.packages'22341 ······-·'"grub2-common"·in·ansible_facts.packages'
 22342 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22344 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22344 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22345 ······tags:22345 ······tags:
22346 ······-·CCE-85925-622346 ······-·CCE-85925-6
22347 ······-·NIST-800-171-3.4.522347 ······-·NIST-800-171-3.4.5
22348 ······-·NIST-800-53-AC-6(1)22348 ······-·NIST-800-53-AC-6(1)
22349 ······-·NIST-800-53-CM-6(a)22349 ······-·NIST-800-53-CM-6(a)
Offset 22372, 16 lines modifiedOffset 22372, 16 lines modified
22372 ······-·no_reboot_needed22372 ······-·no_reboot_needed
  
22373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22374 ······stat:22374 ······stat:
22375 ········path:·/boot/grub2/user.cfg22375 ········path:·/boot/grub2/user.cfg
22376 ······register:·file_exists22376 ······register:·file_exists
22377 ······when:22377 ······when:
22378 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22379 ······-·'"grub2-common"·in·ansible_facts.packages'22378 ······-·'"grub2-common"·in·ansible_facts.packages'
 22379 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22381 ······tags:22381 ······tags:
22382 ······-·CCE-86029-622382 ······-·CCE-86029-6
22383 ······-·NIST-800-171-3.4.522383 ······-·NIST-800-171-3.4.5
22384 ······-·NIST-800-53-AC-6(1)22384 ······-·NIST-800-53-AC-6(1)
22385 ······-·NIST-800-53-CM-6(a)22385 ······-·NIST-800-53-CM-6(a)
22386 ······-·configure_strategy22386 ······-·configure_strategy
Offset 22392, 16 lines modifiedOffset 22392, 16 lines modified
22392 ······-·no_reboot_needed22392 ······-·no_reboot_needed
Max diff block lines reached; 648/5270 bytes (12.30%) of diff not shown.
5.3 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5572, 16 lines modifiedOffset 5572, 16 lines modified
5572 ······-·no_reboot_needed5572 ······-·no_reboot_needed
  
5573 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5573 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5574 ······stat:5574 ······stat:
5575 ········path:·/boot/grub2/user.cfg5575 ········path:·/boot/grub2/user.cfg
5576 ······register:·file_exists5576 ······register:·file_exists
5577 ······when:5577 ······when:
5578 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5579 ······-·'"grub2-common"·in·ansible_facts.packages'5578 ······-·'"grub2-common"·in·ansible_facts.packages'
 5579 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5580 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5580 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5581 ······tags:5581 ······tags:
5582 ······-·CCE-86013-05582 ······-·CCE-86013-0
5583 ······-·CJIS-5.5.2.25583 ······-·CJIS-5.5.2.2
5584 ······-·NIST-800-171-3.4.55584 ······-·NIST-800-171-3.4.5
5585 ······-·NIST-800-53-AC-6(1)5585 ······-·NIST-800-53-AC-6(1)
5586 ······-·NIST-800-53-CM-6(a)5586 ······-·NIST-800-53-CM-6(a)
Offset 5594, 16 lines modifiedOffset 5594, 16 lines modified
5594 ······-·no_reboot_needed5594 ······-·no_reboot_needed
  
5595 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5595 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5596 ······file:5596 ······file:
5597 ········path:·/boot/grub2/user.cfg5597 ········path:·/boot/grub2/user.cfg
5598 ········group:·'0'5598 ········group:·'0'
5599 ······when:5599 ······when:
5600 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5601 ······-·'"grub2-common"·in·ansible_facts.packages'5600 ······-·'"grub2-common"·in·ansible_facts.packages'
 5601 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5602 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5602 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5603 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5603 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5604 ······tags:5604 ······tags:
5605 ······-·CCE-86013-05605 ······-·CCE-86013-0
5606 ······-·CJIS-5.5.2.25606 ······-·CJIS-5.5.2.2
5607 ······-·NIST-800-171-3.4.55607 ······-·NIST-800-171-3.4.5
5608 ······-·NIST-800-53-AC-6(1)5608 ······-·NIST-800-53-AC-6(1)
Offset 5635, 16 lines modifiedOffset 5635, 16 lines modified
5635 ······-·no_reboot_needed5635 ······-·no_reboot_needed
  
5636 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5636 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5637 ······stat:5637 ······stat:
5638 ········path:·/boot/grub2/user.cfg5638 ········path:·/boot/grub2/user.cfg
5639 ······register:·file_exists5639 ······register:·file_exists
5640 ······when:5640 ······when:
5641 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5642 ······-·'"grub2-common"·in·ansible_facts.packages'5641 ······-·'"grub2-common"·in·ansible_facts.packages'
 5642 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5643 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5643 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5644 ······tags:5644 ······tags:
5645 ······-·CCE-86022-15645 ······-·CCE-86022-1
5646 ······-·CJIS-5.5.2.25646 ······-·CJIS-5.5.2.2
5647 ······-·NIST-800-171-3.4.55647 ······-·NIST-800-171-3.4.5
5648 ······-·NIST-800-53-AC-6(1)5648 ······-·NIST-800-53-AC-6(1)
5649 ······-·NIST-800-53-CM-6(a)5649 ······-·NIST-800-53-CM-6(a)
Offset 5657, 16 lines modifiedOffset 5657, 16 lines modified
5657 ······-·no_reboot_needed5657 ······-·no_reboot_needed
  
5658 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg5658 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
5659 ······file:5659 ······file:
5660 ········path:·/boot/grub2/user.cfg5660 ········path:·/boot/grub2/user.cfg
5661 ········owner:·'0'5661 ········owner:·'0'
5662 ······when:5662 ······when:
5663 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5664 ······-·'"grub2-common"·in·ansible_facts.packages'5663 ······-·'"grub2-common"·in·ansible_facts.packages'
 5664 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5665 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5665 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5666 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5666 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5667 ······tags:5667 ······tags:
5668 ······-·CCE-86022-15668 ······-·CCE-86022-1
5669 ······-·CJIS-5.5.2.25669 ······-·CJIS-5.5.2.2
5670 ······-·NIST-800-171-3.4.55670 ······-·NIST-800-171-3.4.5
5671 ······-·NIST-800-53-AC-6(1)5671 ······-·NIST-800-53-AC-6(1)
Offset 5696, 16 lines modifiedOffset 5696, 16 lines modified
5696 ······-·no_reboot_needed5696 ······-·no_reboot_needed
  
5697 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5697 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5698 ······stat:5698 ······stat:
5699 ········path:·/boot/grub2/grub.cfg5699 ········path:·/boot/grub2/grub.cfg
5700 ······register:·file_exists5700 ······register:·file_exists
5701 ······when:5701 ······when:
5702 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5703 ······-·'"grub2-common"·in·ansible_facts.packages'5702 ······-·'"grub2-common"·in·ansible_facts.packages'
 5703 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5704 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5704 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5705 ······tags:5705 ······tags:
5706 ······-·CCE-85925-65706 ······-·CCE-85925-6
5707 ······-·NIST-800-171-3.4.55707 ······-·NIST-800-171-3.4.5
5708 ······-·NIST-800-53-AC-6(1)5708 ······-·NIST-800-53-AC-6(1)
5709 ······-·NIST-800-53-CM-6(a)5709 ······-·NIST-800-53-CM-6(a)
5710 ······-·configure_strategy5710 ······-·configure_strategy
Offset 5716, 16 lines modifiedOffset 5716, 16 lines modified
5716 ······-·no_reboot_needed5716 ······-·no_reboot_needed
  
5717 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5717 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5718 ······file:5718 ······file:
5719 ········path:·/boot/grub2/grub.cfg5719 ········path:·/boot/grub2/grub.cfg
5720 ········mode:·u-s,g-xwrs,o-xwrt5720 ········mode:·u-s,g-xwrs,o-xwrt
5721 ······when:5721 ······when:
5722 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5723 ······-·'"grub2-common"·in·ansible_facts.packages'5722 ······-·'"grub2-common"·in·ansible_facts.packages'
 5723 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5724 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5724 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5725 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5725 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5726 ······tags:5726 ······tags:
5727 ······-·CCE-85925-65727 ······-·CCE-85925-6
5728 ······-·NIST-800-171-3.4.55728 ······-·NIST-800-171-3.4.5
5729 ······-·NIST-800-53-AC-6(1)5729 ······-·NIST-800-53-AC-6(1)
5730 ······-·NIST-800-53-CM-6(a)5730 ······-·NIST-800-53-CM-6(a)
Offset 5753, 16 lines modifiedOffset 5753, 16 lines modified
5753 ······-·no_reboot_needed5753 ······-·no_reboot_needed
  
5754 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5754 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5755 ······stat:5755 ······stat:
5756 ········path:·/boot/grub2/user.cfg5756 ········path:·/boot/grub2/user.cfg
5757 ······register:·file_exists5757 ······register:·file_exists
5758 ······when:5758 ······when:
5759 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5760 ······-·'"grub2-common"·in·ansible_facts.packages'5759 ······-·'"grub2-common"·in·ansible_facts.packages'
 5760 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5761 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5761 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5762 ······tags:5762 ······tags:
5763 ······-·CCE-86029-65763 ······-·CCE-86029-6
5764 ······-·NIST-800-171-3.4.55764 ······-·NIST-800-171-3.4.5
5765 ······-·NIST-800-53-AC-6(1)5765 ······-·NIST-800-53-AC-6(1)
5766 ······-·NIST-800-53-CM-6(a)5766 ······-·NIST-800-53-CM-6(a)
5767 ······-·configure_strategy5767 ······-·configure_strategy
Offset 5773, 16 lines modifiedOffset 5773, 16 lines modified
5773 ······-·no_reboot_needed5773 ······-·no_reboot_needed
Max diff block lines reached; 648/5254 bytes (12.33%) of diff not shown.
5.31 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5572, 16 lines modifiedOffset 5572, 16 lines modified
5572 ······-·no_reboot_needed5572 ······-·no_reboot_needed
  
5573 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5573 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5574 ······stat:5574 ······stat:
5575 ········path:·/boot/grub2/user.cfg5575 ········path:·/boot/grub2/user.cfg
5576 ······register:·file_exists5576 ······register:·file_exists
5577 ······when:5577 ······when:
5578 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5579 ······-·'"grub2-common"·in·ansible_facts.packages'5578 ······-·'"grub2-common"·in·ansible_facts.packages'
 5579 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5580 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5580 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5581 ······tags:5581 ······tags:
5582 ······-·CCE-86013-05582 ······-·CCE-86013-0
5583 ······-·CJIS-5.5.2.25583 ······-·CJIS-5.5.2.2
5584 ······-·NIST-800-171-3.4.55584 ······-·NIST-800-171-3.4.5
5585 ······-·NIST-800-53-AC-6(1)5585 ······-·NIST-800-53-AC-6(1)
5586 ······-·NIST-800-53-CM-6(a)5586 ······-·NIST-800-53-CM-6(a)
Offset 5594, 16 lines modifiedOffset 5594, 16 lines modified
5594 ······-·no_reboot_needed5594 ······-·no_reboot_needed
  
5595 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5595 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5596 ······file:5596 ······file:
5597 ········path:·/boot/grub2/user.cfg5597 ········path:·/boot/grub2/user.cfg
5598 ········group:·'0'5598 ········group:·'0'
5599 ······when:5599 ······when:
5600 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5601 ······-·'"grub2-common"·in·ansible_facts.packages'5600 ······-·'"grub2-common"·in·ansible_facts.packages'
 5601 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5602 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5602 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5603 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5603 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5604 ······tags:5604 ······tags:
5605 ······-·CCE-86013-05605 ······-·CCE-86013-0
5606 ······-·CJIS-5.5.2.25606 ······-·CJIS-5.5.2.2
5607 ······-·NIST-800-171-3.4.55607 ······-·NIST-800-171-3.4.5
5608 ······-·NIST-800-53-AC-6(1)5608 ······-·NIST-800-53-AC-6(1)
Offset 5635, 16 lines modifiedOffset 5635, 16 lines modified
5635 ······-·no_reboot_needed5635 ······-·no_reboot_needed
  
5636 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5636 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5637 ······stat:5637 ······stat:
5638 ········path:·/boot/grub2/user.cfg5638 ········path:·/boot/grub2/user.cfg
5639 ······register:·file_exists5639 ······register:·file_exists
5640 ······when:5640 ······when:
5641 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5642 ······-·'"grub2-common"·in·ansible_facts.packages'5641 ······-·'"grub2-common"·in·ansible_facts.packages'
 5642 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5643 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5643 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5644 ······tags:5644 ······tags:
5645 ······-·CCE-86022-15645 ······-·CCE-86022-1
5646 ······-·CJIS-5.5.2.25646 ······-·CJIS-5.5.2.2
5647 ······-·NIST-800-171-3.4.55647 ······-·NIST-800-171-3.4.5
5648 ······-·NIST-800-53-AC-6(1)5648 ······-·NIST-800-53-AC-6(1)
5649 ······-·NIST-800-53-CM-6(a)5649 ······-·NIST-800-53-CM-6(a)
Offset 5657, 16 lines modifiedOffset 5657, 16 lines modified
5657 ······-·no_reboot_needed5657 ······-·no_reboot_needed
  
5658 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg5658 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
5659 ······file:5659 ······file:
5660 ········path:·/boot/grub2/user.cfg5660 ········path:·/boot/grub2/user.cfg
5661 ········owner:·'0'5661 ········owner:·'0'
5662 ······when:5662 ······when:
5663 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5664 ······-·'"grub2-common"·in·ansible_facts.packages'5663 ······-·'"grub2-common"·in·ansible_facts.packages'
 5664 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5665 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5665 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5666 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5666 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5667 ······tags:5667 ······tags:
5668 ······-·CCE-86022-15668 ······-·CCE-86022-1
5669 ······-·CJIS-5.5.2.25669 ······-·CJIS-5.5.2.2
5670 ······-·NIST-800-171-3.4.55670 ······-·NIST-800-171-3.4.5
5671 ······-·NIST-800-53-AC-6(1)5671 ······-·NIST-800-53-AC-6(1)
Offset 5696, 16 lines modifiedOffset 5696, 16 lines modified
5696 ······-·no_reboot_needed5696 ······-·no_reboot_needed
  
5697 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5697 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5698 ······stat:5698 ······stat:
5699 ········path:·/boot/grub2/grub.cfg5699 ········path:·/boot/grub2/grub.cfg
5700 ······register:·file_exists5700 ······register:·file_exists
5701 ······when:5701 ······when:
5702 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5703 ······-·'"grub2-common"·in·ansible_facts.packages'5702 ······-·'"grub2-common"·in·ansible_facts.packages'
 5703 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5704 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5704 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5705 ······tags:5705 ······tags:
5706 ······-·CCE-85925-65706 ······-·CCE-85925-6
5707 ······-·NIST-800-171-3.4.55707 ······-·NIST-800-171-3.4.5
5708 ······-·NIST-800-53-AC-6(1)5708 ······-·NIST-800-53-AC-6(1)
5709 ······-·NIST-800-53-CM-6(a)5709 ······-·NIST-800-53-CM-6(a)
5710 ······-·configure_strategy5710 ······-·configure_strategy
Offset 5716, 16 lines modifiedOffset 5716, 16 lines modified
5716 ······-·no_reboot_needed5716 ······-·no_reboot_needed
  
5717 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5717 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5718 ······file:5718 ······file:
5719 ········path:·/boot/grub2/grub.cfg5719 ········path:·/boot/grub2/grub.cfg
5720 ········mode:·u-s,g-xwrs,o-xwrt5720 ········mode:·u-s,g-xwrs,o-xwrt
5721 ······when:5721 ······when:
5722 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5723 ······-·'"grub2-common"·in·ansible_facts.packages'5722 ······-·'"grub2-common"·in·ansible_facts.packages'
 5723 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5724 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5724 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5725 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5725 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5726 ······tags:5726 ······tags:
5727 ······-·CCE-85925-65727 ······-·CCE-85925-6
5728 ······-·NIST-800-171-3.4.55728 ······-·NIST-800-171-3.4.5
5729 ······-·NIST-800-53-AC-6(1)5729 ······-·NIST-800-53-AC-6(1)
5730 ······-·NIST-800-53-CM-6(a)5730 ······-·NIST-800-53-CM-6(a)
Offset 5753, 16 lines modifiedOffset 5753, 16 lines modified
5753 ······-·no_reboot_needed5753 ······-·no_reboot_needed
  
5754 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5754 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5755 ······stat:5755 ······stat:
5756 ········path:·/boot/grub2/user.cfg5756 ········path:·/boot/grub2/user.cfg
5757 ······register:·file_exists5757 ······register:·file_exists
5758 ······when:5758 ······when:
5759 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5760 ······-·'"grub2-common"·in·ansible_facts.packages'5759 ······-·'"grub2-common"·in·ansible_facts.packages'
 5760 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5761 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5761 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5762 ······tags:5762 ······tags:
5763 ······-·CCE-86029-65763 ······-·CCE-86029-6
5764 ······-·NIST-800-171-3.4.55764 ······-·NIST-800-171-3.4.5
5765 ······-·NIST-800-53-AC-6(1)5765 ······-·NIST-800-53-AC-6(1)
5766 ······-·NIST-800-53-CM-6(a)5766 ······-·NIST-800-53-CM-6(a)
5767 ······-·configure_strategy5767 ······-·configure_strategy
Offset 5773, 16 lines modifiedOffset 5773, 16 lines modified
5773 ······-·no_reboot_needed5773 ······-·no_reboot_needed
Max diff block lines reached; 648/5254 bytes (12.33%) of diff not shown.
5.32 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 22191, 16 lines modifiedOffset 22191, 16 lines modified
22191 ······-·no_reboot_needed22191 ······-·no_reboot_needed
  
22192 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22192 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22193 ······stat:22193 ······stat:
22194 ········path:·/boot/grub2/user.cfg22194 ········path:·/boot/grub2/user.cfg
22195 ······register:·file_exists22195 ······register:·file_exists
22196 ······when:22196 ······when:
22197 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22198 ······-·'"grub2-common"·in·ansible_facts.packages'22197 ······-·'"grub2-common"·in·ansible_facts.packages'
 22198 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22199 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22199 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22200 ······tags:22200 ······tags:
22201 ······-·CCE-86013-022201 ······-·CCE-86013-0
22202 ······-·CJIS-5.5.2.222202 ······-·CJIS-5.5.2.2
22203 ······-·NIST-800-171-3.4.522203 ······-·NIST-800-171-3.4.5
22204 ······-·NIST-800-53-AC-6(1)22204 ······-·NIST-800-53-AC-6(1)
22205 ······-·NIST-800-53-CM-6(a)22205 ······-·NIST-800-53-CM-6(a)
Offset 22213, 16 lines modifiedOffset 22213, 16 lines modified
22213 ······-·no_reboot_needed22213 ······-·no_reboot_needed
  
22214 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg22214 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
22215 ······file:22215 ······file:
22216 ········path:·/boot/grub2/user.cfg22216 ········path:·/boot/grub2/user.cfg
22217 ········group:·'0'22217 ········group:·'0'
22218 ······when:22218 ······when:
22219 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22220 ······-·'"grub2-common"·in·ansible_facts.packages'22219 ······-·'"grub2-common"·in·ansible_facts.packages'
 22220 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22222 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22222 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22223 ······tags:22223 ······tags:
22224 ······-·CCE-86013-022224 ······-·CCE-86013-0
22225 ······-·CJIS-5.5.2.222225 ······-·CJIS-5.5.2.2
22226 ······-·NIST-800-171-3.4.522226 ······-·NIST-800-171-3.4.5
22227 ······-·NIST-800-53-AC-6(1)22227 ······-·NIST-800-53-AC-6(1)
Offset 22254, 16 lines modifiedOffset 22254, 16 lines modified
22254 ······-·no_reboot_needed22254 ······-·no_reboot_needed
  
22255 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22255 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22256 ······stat:22256 ······stat:
22257 ········path:·/boot/grub2/user.cfg22257 ········path:·/boot/grub2/user.cfg
22258 ······register:·file_exists22258 ······register:·file_exists
22259 ······when:22259 ······when:
22260 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22261 ······-·'"grub2-common"·in·ansible_facts.packages'22260 ······-·'"grub2-common"·in·ansible_facts.packages'
 22261 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22262 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22262 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22263 ······tags:22263 ······tags:
22264 ······-·CCE-86022-122264 ······-·CCE-86022-1
22265 ······-·CJIS-5.5.2.222265 ······-·CJIS-5.5.2.2
22266 ······-·NIST-800-171-3.4.522266 ······-·NIST-800-171-3.4.5
22267 ······-·NIST-800-53-AC-6(1)22267 ······-·NIST-800-53-AC-6(1)
22268 ······-·NIST-800-53-CM-6(a)22268 ······-·NIST-800-53-CM-6(a)
Offset 22276, 16 lines modifiedOffset 22276, 16 lines modified
22276 ······-·no_reboot_needed22276 ······-·no_reboot_needed
  
22277 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg22277 ····-·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
22278 ······file:22278 ······file:
22279 ········path:·/boot/grub2/user.cfg22279 ········path:·/boot/grub2/user.cfg
22280 ········owner:·'0'22280 ········owner:·'0'
22281 ······when:22281 ······when:
22282 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22283 ······-·'"grub2-common"·in·ansible_facts.packages'22282 ······-·'"grub2-common"·in·ansible_facts.packages'
 22283 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22285 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22285 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22286 ······tags:22286 ······tags:
22287 ······-·CCE-86022-122287 ······-·CCE-86022-1
22288 ······-·CJIS-5.5.2.222288 ······-·CJIS-5.5.2.2
22289 ······-·NIST-800-171-3.4.522289 ······-·NIST-800-171-3.4.5
22290 ······-·NIST-800-53-AC-6(1)22290 ······-·NIST-800-53-AC-6(1)
Offset 22315, 16 lines modifiedOffset 22315, 16 lines modified
22315 ······-·no_reboot_needed22315 ······-·no_reboot_needed
  
22316 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22316 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22317 ······stat:22317 ······stat:
22318 ········path:·/boot/grub2/grub.cfg22318 ········path:·/boot/grub2/grub.cfg
22319 ······register:·file_exists22319 ······register:·file_exists
22320 ······when:22320 ······when:
22321 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22322 ······-·'"grub2-common"·in·ansible_facts.packages'22321 ······-·'"grub2-common"·in·ansible_facts.packages'
 22322 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22324 ······tags:22324 ······tags:
22325 ······-·CCE-85925-622325 ······-·CCE-85925-6
22326 ······-·NIST-800-171-3.4.522326 ······-·NIST-800-171-3.4.5
22327 ······-·NIST-800-53-AC-6(1)22327 ······-·NIST-800-53-AC-6(1)
22328 ······-·NIST-800-53-CM-6(a)22328 ······-·NIST-800-53-CM-6(a)
22329 ······-·configure_strategy22329 ······-·configure_strategy
Offset 22335, 16 lines modifiedOffset 22335, 16 lines modified
22335 ······-·no_reboot_needed22335 ······-·no_reboot_needed
  
22336 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg22336 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
22337 ······file:22337 ······file:
22338 ········path:·/boot/grub2/grub.cfg22338 ········path:·/boot/grub2/grub.cfg
22339 ········mode:·u-s,g-xwrs,o-xwrt22339 ········mode:·u-s,g-xwrs,o-xwrt
22340 ······when:22340 ······when:
22341 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22342 ······-·'"grub2-common"·in·ansible_facts.packages'22341 ······-·'"grub2-common"·in·ansible_facts.packages'
 22342 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22343 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22344 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22344 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22345 ······tags:22345 ······tags:
22346 ······-·CCE-85925-622346 ······-·CCE-85925-6
22347 ······-·NIST-800-171-3.4.522347 ······-·NIST-800-171-3.4.5
22348 ······-·NIST-800-53-AC-6(1)22348 ······-·NIST-800-53-AC-6(1)
22349 ······-·NIST-800-53-CM-6(a)22349 ······-·NIST-800-53-CM-6(a)
Offset 22372, 16 lines modifiedOffset 22372, 16 lines modified
22372 ······-·no_reboot_needed22372 ······-·no_reboot_needed
  
22373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22374 ······stat:22374 ······stat:
22375 ········path:·/boot/grub2/user.cfg22375 ········path:·/boot/grub2/user.cfg
22376 ······register:·file_exists22376 ······register:·file_exists
22377 ······when:22377 ······when:
22378 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22379 ······-·'"grub2-common"·in·ansible_facts.packages'22378 ······-·'"grub2-common"·in·ansible_facts.packages'
 22379 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
22380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22381 ······tags:22381 ······tags:
22382 ······-·CCE-86029-622382 ······-·CCE-86029-6
22383 ······-·NIST-800-171-3.4.522383 ······-·NIST-800-171-3.4.5
22384 ······-·NIST-800-53-AC-6(1)22384 ······-·NIST-800-53-AC-6(1)
22385 ······-·NIST-800-53-CM-6(a)22385 ······-·NIST-800-53-CM-6(a)
22386 ······-·configure_strategy22386 ······-·configure_strategy
Offset 22392, 16 lines modifiedOffset 22392, 16 lines modified
22392 ······-·no_reboot_needed22392 ······-·no_reboot_needed
Max diff block lines reached; 648/5270 bytes (12.30%) of diff not shown.
794 B
./usr/share/scap-security-guide/ansible/rhel9-playbook-stig.yml
Ordering differences only
    
Offset 44633, 16 lines modifiedOffset 44633, 16 lines modified
44633 ········lineinfile:44633 ········lineinfile:
44634 ··········path:·/etc/postfix/main.cf44634 ··········path:·/etc/postfix/main.cf
44635 ··········create:·true44635 ··········create:·true
44636 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*44636 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
44637 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject44637 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
44638 ··········state:·present44638 ··········state:·present
44639 ······when:44639 ······when:
44640 ······-·'"postfix"·in·ansible_facts.packages' 
44641 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44640 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 44641 ······-·'"postfix"·in·ansible_facts.packages'
44642 ······tags:44642 ······tags:
44643 ······-·CCE-87232-544643 ······-·CCE-87232-5
44644 ······-·low_complexity44644 ······-·low_complexity
44645 ······-·low_disruption44645 ······-·low_disruption
44646 ······-·medium_severity44646 ······-·medium_severity
44647 ······-·no_reboot_needed44647 ······-·no_reboot_needed
44648 ······-·postfix_prevent_unrestricted_relay44648 ······-·postfix_prevent_unrestricted_relay
802 B
./usr/share/scap-security-guide/ansible/rhel9-playbook-stig_gui.yml
Ordering differences only
    
Offset 44605, 16 lines modifiedOffset 44605, 16 lines modified
44605 ········lineinfile:44605 ········lineinfile:
44606 ··········path:·/etc/postfix/main.cf44606 ··········path:·/etc/postfix/main.cf
44607 ··········create:·true44607 ··········create:·true
44608 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*44608 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
44609 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject44609 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
44610 ··········state:·present44610 ··········state:·present
44611 ······when:44611 ······when:
44612 ······-·'"postfix"·in·ansible_facts.packages' 
44613 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44612 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 44613 ······-·'"postfix"·in·ansible_facts.packages'
44614 ······tags:44614 ······tags:
44615 ······-·CCE-87232-544615 ······-·CCE-87232-5
44616 ······-·low_complexity44616 ······-·low_complexity
44617 ······-·low_disruption44617 ······-·low_disruption
44618 ······-·medium_severity44618 ······-·medium_severity
44619 ······-·no_reboot_needed44619 ······-·no_reboot_needed
44620 ······-·postfix_prevent_unrestricted_relay44620 ······-·postfix_prevent_unrestricted_relay
2.64 KB
./usr/share/scap-security-guide/ansible/rhv4-playbook-pci-dss.yml
Ordering differences only
    
Offset 20637, 16 lines modifiedOffset 20637, 16 lines modified
20637 ······-·no_reboot_needed20637 ······-·no_reboot_needed
  
20638 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg20638 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
20639 ······stat:20639 ······stat:
20640 ········path:·/boot/grub2/grub.cfg20640 ········path:·/boot/grub2/grub.cfg
20641 ······register:·file_exists20641 ······register:·file_exists
20642 ······when:20642 ······when:
20643 ······-·'"grub2-common"·in·ansible_facts.packages' 
20644 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'20643 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 20644 ······-·'"grub2-common"·in·ansible_facts.packages'
20645 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]20645 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
20646 ······tags:20646 ······tags:
20647 ······-·CJIS-5.5.2.220647 ······-·CJIS-5.5.2.2
20648 ······-·NIST-800-171-3.4.520648 ······-·NIST-800-171-3.4.5
20649 ······-·NIST-800-53-AC-6(1)20649 ······-·NIST-800-53-AC-6(1)
20650 ······-·NIST-800-53-CM-6(a)20650 ······-·NIST-800-53-CM-6(a)
20651 ······-·PCI-DSS-Req-7.120651 ······-·PCI-DSS-Req-7.1
Offset 20658, 16 lines modifiedOffset 20658, 16 lines modified
20658 ······-·no_reboot_needed20658 ······-·no_reboot_needed
  
20659 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg20659 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
20660 ······file:20660 ······file:
20661 ········path:·/boot/grub2/grub.cfg20661 ········path:·/boot/grub2/grub.cfg
20662 ········group:·'0'20662 ········group:·'0'
20663 ······when:20663 ······when:
20664 ······-·'"grub2-common"·in·ansible_facts.packages' 
20665 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'20664 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 20665 ······-·'"grub2-common"·in·ansible_facts.packages'
20666 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]20666 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
20667 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists20667 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
20668 ······tags:20668 ······tags:
20669 ······-·CJIS-5.5.2.220669 ······-·CJIS-5.5.2.2
20670 ······-·NIST-800-171-3.4.520670 ······-·NIST-800-171-3.4.5
20671 ······-·NIST-800-53-AC-6(1)20671 ······-·NIST-800-53-AC-6(1)
20672 ······-·NIST-800-53-CM-6(a)20672 ······-·NIST-800-53-CM-6(a)
Offset 20697, 16 lines modifiedOffset 20697, 16 lines modified
20697 ······-·no_reboot_needed20697 ······-·no_reboot_needed
  
20698 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg20698 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
20699 ······stat:20699 ······stat:
20700 ········path:·/boot/grub2/grub.cfg20700 ········path:·/boot/grub2/grub.cfg
20701 ······register:·file_exists20701 ······register:·file_exists
20702 ······when:20702 ······when:
20703 ······-·'"grub2-common"·in·ansible_facts.packages' 
20704 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'20703 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 20704 ······-·'"grub2-common"·in·ansible_facts.packages'
20705 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]20705 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
20706 ······tags:20706 ······tags:
20707 ······-·CJIS-5.5.2.220707 ······-·CJIS-5.5.2.2
20708 ······-·NIST-800-171-3.4.520708 ······-·NIST-800-171-3.4.5
20709 ······-·NIST-800-53-AC-6(1)20709 ······-·NIST-800-53-AC-6(1)
20710 ······-·NIST-800-53-CM-6(a)20710 ······-·NIST-800-53-CM-6(a)
20711 ······-·PCI-DSS-Req-7.120711 ······-·PCI-DSS-Req-7.1
Offset 20718, 16 lines modifiedOffset 20718, 16 lines modified
20718 ······-·no_reboot_needed20718 ······-·no_reboot_needed
  
20719 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg20719 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
20720 ······file:20720 ······file:
20721 ········path:·/boot/grub2/grub.cfg20721 ········path:·/boot/grub2/grub.cfg
20722 ········owner:·'0'20722 ········owner:·'0'
20723 ······when:20723 ······when:
20724 ······-·'"grub2-common"·in·ansible_facts.packages' 
20725 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'20724 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 20725 ······-·'"grub2-common"·in·ansible_facts.packages'
20726 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]20726 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
20727 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists20727 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
20728 ······tags:20728 ······tags:
20729 ······-·CJIS-5.5.2.220729 ······-·CJIS-5.5.2.2
20730 ······-·NIST-800-171-3.4.520730 ······-·NIST-800-171-3.4.5
20731 ······-·NIST-800-53-AC-6(1)20731 ······-·NIST-800-53-AC-6(1)
20732 ······-·NIST-800-53-CM-6(a)20732 ······-·NIST-800-53-CM-6(a)
3.94 KB
./usr/share/scap-security-guide/ansible/rhv4-playbook-rhvh-stig.yml
Ordering differences only
    
Offset 27918, 16 lines modifiedOffset 27918, 16 lines modified
27918 ······-·no_reboot_needed27918 ······-·no_reboot_needed
  
27919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg27919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
27920 ······stat:27920 ······stat:
27921 ········path:·/boot/grub2/grub.cfg27921 ········path:·/boot/grub2/grub.cfg
27922 ······register:·file_exists27922 ······register:·file_exists
27923 ······when:27923 ······when:
27924 ······-·'"grub2-common"·in·ansible_facts.packages' 
27925 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27924 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27925 ······-·'"grub2-common"·in·ansible_facts.packages'
27926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27927 ······tags:27927 ······tags:
27928 ······-·CJIS-5.5.2.227928 ······-·CJIS-5.5.2.2
27929 ······-·NIST-800-171-3.4.527929 ······-·NIST-800-171-3.4.5
27930 ······-·NIST-800-53-AC-6(1)27930 ······-·NIST-800-53-AC-6(1)
27931 ······-·NIST-800-53-CM-6(a)27931 ······-·NIST-800-53-CM-6(a)
27932 ······-·PCI-DSS-Req-7.127932 ······-·PCI-DSS-Req-7.1
Offset 27939, 16 lines modifiedOffset 27939, 16 lines modified
27939 ······-·no_reboot_needed27939 ······-·no_reboot_needed
  
27940 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg27940 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
27941 ······file:27941 ······file:
27942 ········path:·/boot/grub2/grub.cfg27942 ········path:·/boot/grub2/grub.cfg
27943 ········group:·'0'27943 ········group:·'0'
27944 ······when:27944 ······when:
27945 ······-·'"grub2-common"·in·ansible_facts.packages' 
27946 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27945 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27946 ······-·'"grub2-common"·in·ansible_facts.packages'
27947 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27947 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27948 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists27948 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
27949 ······tags:27949 ······tags:
27950 ······-·CJIS-5.5.2.227950 ······-·CJIS-5.5.2.2
27951 ······-·NIST-800-171-3.4.527951 ······-·NIST-800-171-3.4.5
27952 ······-·NIST-800-53-AC-6(1)27952 ······-·NIST-800-53-AC-6(1)
27953 ······-·NIST-800-53-CM-6(a)27953 ······-·NIST-800-53-CM-6(a)
Offset 27978, 16 lines modifiedOffset 27978, 16 lines modified
27978 ······-·no_reboot_needed27978 ······-·no_reboot_needed
  
27979 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg27979 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
27980 ······stat:27980 ······stat:
27981 ········path:·/boot/grub2/grub.cfg27981 ········path:·/boot/grub2/grub.cfg
27982 ······register:·file_exists27982 ······register:·file_exists
27983 ······when:27983 ······when:
27984 ······-·'"grub2-common"·in·ansible_facts.packages' 
27985 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27984 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27985 ······-·'"grub2-common"·in·ansible_facts.packages'
27986 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27986 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27987 ······tags:27987 ······tags:
27988 ······-·CJIS-5.5.2.227988 ······-·CJIS-5.5.2.2
27989 ······-·NIST-800-171-3.4.527989 ······-·NIST-800-171-3.4.5
27990 ······-·NIST-800-53-AC-6(1)27990 ······-·NIST-800-53-AC-6(1)
27991 ······-·NIST-800-53-CM-6(a)27991 ······-·NIST-800-53-CM-6(a)
27992 ······-·PCI-DSS-Req-7.127992 ······-·PCI-DSS-Req-7.1
Offset 27999, 16 lines modifiedOffset 27999, 16 lines modified
27999 ······-·no_reboot_needed27999 ······-·no_reboot_needed
  
28000 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg28000 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
28001 ······file:28001 ······file:
28002 ········path:·/boot/grub2/grub.cfg28002 ········path:·/boot/grub2/grub.cfg
28003 ········owner:·'0'28003 ········owner:·'0'
28004 ······when:28004 ······when:
28005 ······-·'"grub2-common"·in·ansible_facts.packages' 
28006 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'28005 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 28006 ······-·'"grub2-common"·in·ansible_facts.packages'
28007 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28007 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28008 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists28008 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
28009 ······tags:28009 ······tags:
28010 ······-·CJIS-5.5.2.228010 ······-·CJIS-5.5.2.2
28011 ······-·NIST-800-171-3.4.528011 ······-·NIST-800-171-3.4.5
28012 ······-·NIST-800-53-AC-6(1)28012 ······-·NIST-800-53-AC-6(1)
28013 ······-·NIST-800-53-CM-6(a)28013 ······-·NIST-800-53-CM-6(a)
Offset 28036, 16 lines modifiedOffset 28036, 16 lines modified
28036 ······-·no_reboot_needed28036 ······-·no_reboot_needed
  
28037 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg28037 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
28038 ······stat:28038 ······stat:
28039 ········path:·/boot/grub2/grub.cfg28039 ········path:·/boot/grub2/grub.cfg
28040 ······register:·file_exists28040 ······register:·file_exists
28041 ······when:28041 ······when:
28042 ······-·'"grub2-common"·in·ansible_facts.packages' 
28043 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'28042 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 28043 ······-·'"grub2-common"·in·ansible_facts.packages'
28044 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28044 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28045 ······tags:28045 ······tags:
28046 ······-·NIST-800-171-3.4.528046 ······-·NIST-800-171-3.4.5
28047 ······-·NIST-800-53-AC-6(1)28047 ······-·NIST-800-53-AC-6(1)
28048 ······-·NIST-800-53-CM-6(a)28048 ······-·NIST-800-53-CM-6(a)
28049 ······-·configure_strategy28049 ······-·configure_strategy
28050 ······-·file_permissions_grub2_cfg28050 ······-·file_permissions_grub2_cfg
Offset 28055, 16 lines modifiedOffset 28055, 16 lines modified
28055 ······-·no_reboot_needed28055 ······-·no_reboot_needed
  
28056 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg28056 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
28057 ······file:28057 ······file:
28058 ········path:·/boot/grub2/grub.cfg28058 ········path:·/boot/grub2/grub.cfg
28059 ········mode:·u-xs,g-xwrs,o-xwrt28059 ········mode:·u-xs,g-xwrs,o-xwrt
28060 ······when:28060 ······when:
28061 ······-·'"grub2-common"·in·ansible_facts.packages' 
28062 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'28061 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 28062 ······-·'"grub2-common"·in·ansible_facts.packages'
28063 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28063 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28064 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists28064 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
28065 ······tags:28065 ······tags:
28066 ······-·NIST-800-171-3.4.528066 ······-·NIST-800-171-3.4.5
28067 ······-·NIST-800-53-AC-6(1)28067 ······-·NIST-800-53-AC-6(1)
28068 ······-·NIST-800-53-CM-6(a)28068 ······-·NIST-800-53-CM-6(a)
28069 ······-·configure_strategy28069 ······-·configure_strategy
3.99 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis.yml
Ordering differences only
    
Offset 18652, 16 lines modifiedOffset 18652, 16 lines modified
18652 ······-·no_reboot_needed18652 ······-·no_reboot_needed
  
18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18654 ······stat:18654 ······stat:
18655 ········path:·/boot/grub2/grub.cfg18655 ········path:·/boot/grub2/grub.cfg
18656 ······register:·file_exists18656 ······register:·file_exists
18657 ······when:18657 ······when:
18658 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18659 ······-·'"grub2"·in·ansible_facts.packages'18658 ······-·'"grub2"·in·ansible_facts.packages'
 18659 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18661 ······tags:18661 ······tags:
18662 ······-·CCE-85849-818662 ······-·CCE-85849-8
18663 ······-·CJIS-5.5.2.218663 ······-·CJIS-5.5.2.2
18664 ······-·NIST-800-171-3.4.518664 ······-·NIST-800-171-3.4.5
18665 ······-·NIST-800-53-AC-6(1)18665 ······-·NIST-800-53-AC-6(1)
18666 ······-·NIST-800-53-CM-6(a)18666 ······-·NIST-800-53-CM-6(a)
Offset 18674, 16 lines modifiedOffset 18674, 16 lines modified
18674 ······-·no_reboot_needed18674 ······-·no_reboot_needed
  
18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
18676 ······file:18676 ······file:
18677 ········path:·/boot/grub2/grub.cfg18677 ········path:·/boot/grub2/grub.cfg
18678 ········group:·'0'18678 ········group:·'0'
18679 ······when:18679 ······when:
18680 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18681 ······-·'"grub2"·in·ansible_facts.packages'18680 ······-·'"grub2"·in·ansible_facts.packages'
 18681 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18684 ······tags:18684 ······tags:
18685 ······-·CCE-85849-818685 ······-·CCE-85849-8
18686 ······-·CJIS-5.5.2.218686 ······-·CJIS-5.5.2.2
18687 ······-·NIST-800-171-3.4.518687 ······-·NIST-800-171-3.4.5
18688 ······-·NIST-800-53-AC-6(1)18688 ······-·NIST-800-53-AC-6(1)
Offset 18715, 16 lines modifiedOffset 18715, 16 lines modified
18715 ······-·no_reboot_needed18715 ······-·no_reboot_needed
  
18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18717 ······stat:18717 ······stat:
18718 ········path:·/boot/grub2/grub.cfg18718 ········path:·/boot/grub2/grub.cfg
18719 ······register:·file_exists18719 ······register:·file_exists
18720 ······when:18720 ······when:
18721 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18722 ······-·'"grub2"·in·ansible_facts.packages'18721 ······-·'"grub2"·in·ansible_facts.packages'
 18722 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18724 ······tags:18724 ······tags:
18725 ······-·CCE-85848-018725 ······-·CCE-85848-0
18726 ······-·CJIS-5.5.2.218726 ······-·CJIS-5.5.2.2
18727 ······-·NIST-800-171-3.4.518727 ······-·NIST-800-171-3.4.5
18728 ······-·NIST-800-53-AC-6(1)18728 ······-·NIST-800-53-AC-6(1)
18729 ······-·NIST-800-53-CM-6(a)18729 ······-·NIST-800-53-CM-6(a)
Offset 18737, 16 lines modifiedOffset 18737, 16 lines modified
18737 ······-·no_reboot_needed18737 ······-·no_reboot_needed
  
18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
18739 ······file:18739 ······file:
18740 ········path:·/boot/grub2/grub.cfg18740 ········path:·/boot/grub2/grub.cfg
18741 ········owner:·'0'18741 ········owner:·'0'
18742 ······when:18742 ······when:
18743 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18744 ······-·'"grub2"·in·ansible_facts.packages'18743 ······-·'"grub2"·in·ansible_facts.packages'
 18744 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18747 ······tags:18747 ······tags:
18748 ······-·CCE-85848-018748 ······-·CCE-85848-0
18749 ······-·CJIS-5.5.2.218749 ······-·CJIS-5.5.2.2
18750 ······-·NIST-800-171-3.4.518750 ······-·NIST-800-171-3.4.5
18751 ······-·NIST-800-53-AC-6(1)18751 ······-·NIST-800-53-AC-6(1)
Offset 18776, 16 lines modifiedOffset 18776, 16 lines modified
18776 ······-·no_reboot_needed18776 ······-·no_reboot_needed
  
18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18778 ······stat:18778 ······stat:
18779 ········path:·/boot/grub2/grub.cfg18779 ········path:·/boot/grub2/grub.cfg
18780 ······register:·file_exists18780 ······register:·file_exists
18781 ······when:18781 ······when:
18782 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18783 ······-·'"grub2"·in·ansible_facts.packages'18782 ······-·'"grub2"·in·ansible_facts.packages'
 18783 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18785 ······tags:18785 ······tags:
18786 ······-·CCE-91426-718786 ······-·CCE-91426-7
18787 ······-·NIST-800-171-3.4.518787 ······-·NIST-800-171-3.4.5
18788 ······-·NIST-800-53-AC-6(1)18788 ······-·NIST-800-53-AC-6(1)
18789 ······-·NIST-800-53-CM-6(a)18789 ······-·NIST-800-53-CM-6(a)
18790 ······-·configure_strategy18790 ······-·configure_strategy
Offset 18796, 16 lines modifiedOffset 18796, 16 lines modified
18796 ······-·no_reboot_needed18796 ······-·no_reboot_needed
  
18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
18798 ······file:18798 ······file:
18799 ········path:·/boot/grub2/grub.cfg18799 ········path:·/boot/grub2/grub.cfg
18800 ········mode:·u-xs,g-xwrs,o-xwrt18800 ········mode:·u-xs,g-xwrs,o-xwrt
18801 ······when:18801 ······when:
18802 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18803 ······-·'"grub2"·in·ansible_facts.packages'18802 ······-·'"grub2"·in·ansible_facts.packages'
 18803 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18806 ······tags:18806 ······tags:
18807 ······-·CCE-91426-718807 ······-·CCE-91426-7
18808 ······-·NIST-800-171-3.4.518808 ······-·NIST-800-171-3.4.5
18809 ······-·NIST-800-53-AC-6(1)18809 ······-·NIST-800-53-AC-6(1)
18810 ······-·NIST-800-53-CM-6(a)18810 ······-·NIST-800-53-CM-6(a)
4.0 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 2794, 16 lines modifiedOffset 2794, 16 lines modified
2794 ······-·no_reboot_needed2794 ······-·no_reboot_needed
  
2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2796 ······stat:2796 ······stat:
2797 ········path:·/boot/grub2/grub.cfg2797 ········path:·/boot/grub2/grub.cfg
2798 ······register:·file_exists2798 ······register:·file_exists
2799 ······when:2799 ······when:
2800 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2801 ······-·'"grub2"·in·ansible_facts.packages'2800 ······-·'"grub2"·in·ansible_facts.packages'
 2801 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2803 ······tags:2803 ······tags:
2804 ······-·CCE-85849-82804 ······-·CCE-85849-8
2805 ······-·CJIS-5.5.2.22805 ······-·CJIS-5.5.2.2
2806 ······-·NIST-800-171-3.4.52806 ······-·NIST-800-171-3.4.5
2807 ······-·NIST-800-53-AC-6(1)2807 ······-·NIST-800-53-AC-6(1)
2808 ······-·NIST-800-53-CM-6(a)2808 ······-·NIST-800-53-CM-6(a)
Offset 2816, 16 lines modifiedOffset 2816, 16 lines modified
2816 ······-·no_reboot_needed2816 ······-·no_reboot_needed
  
2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2818 ······file:2818 ······file:
2819 ········path:·/boot/grub2/grub.cfg2819 ········path:·/boot/grub2/grub.cfg
2820 ········group:·'0'2820 ········group:·'0'
2821 ······when:2821 ······when:
2822 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2823 ······-·'"grub2"·in·ansible_facts.packages'2822 ······-·'"grub2"·in·ansible_facts.packages'
 2823 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2826 ······tags:2826 ······tags:
2827 ······-·CCE-85849-82827 ······-·CCE-85849-8
2828 ······-·CJIS-5.5.2.22828 ······-·CJIS-5.5.2.2
2829 ······-·NIST-800-171-3.4.52829 ······-·NIST-800-171-3.4.5
2830 ······-·NIST-800-53-AC-6(1)2830 ······-·NIST-800-53-AC-6(1)
Offset 2857, 16 lines modifiedOffset 2857, 16 lines modified
2857 ······-·no_reboot_needed2857 ······-·no_reboot_needed
  
2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2859 ······stat:2859 ······stat:
2860 ········path:·/boot/grub2/grub.cfg2860 ········path:·/boot/grub2/grub.cfg
2861 ······register:·file_exists2861 ······register:·file_exists
2862 ······when:2862 ······when:
2863 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2864 ······-·'"grub2"·in·ansible_facts.packages'2863 ······-·'"grub2"·in·ansible_facts.packages'
 2864 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2866 ······tags:2866 ······tags:
2867 ······-·CCE-85848-02867 ······-·CCE-85848-0
2868 ······-·CJIS-5.5.2.22868 ······-·CJIS-5.5.2.2
2869 ······-·NIST-800-171-3.4.52869 ······-·NIST-800-171-3.4.5
2870 ······-·NIST-800-53-AC-6(1)2870 ······-·NIST-800-53-AC-6(1)
2871 ······-·NIST-800-53-CM-6(a)2871 ······-·NIST-800-53-CM-6(a)
Offset 2879, 16 lines modifiedOffset 2879, 16 lines modified
2879 ······-·no_reboot_needed2879 ······-·no_reboot_needed
  
2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2881 ······file:2881 ······file:
2882 ········path:·/boot/grub2/grub.cfg2882 ········path:·/boot/grub2/grub.cfg
2883 ········owner:·'0'2883 ········owner:·'0'
2884 ······when:2884 ······when:
2885 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2886 ······-·'"grub2"·in·ansible_facts.packages'2885 ······-·'"grub2"·in·ansible_facts.packages'
 2886 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2889 ······tags:2889 ······tags:
2890 ······-·CCE-85848-02890 ······-·CCE-85848-0
2891 ······-·CJIS-5.5.2.22891 ······-·CJIS-5.5.2.2
2892 ······-·NIST-800-171-3.4.52892 ······-·NIST-800-171-3.4.5
2893 ······-·NIST-800-53-AC-6(1)2893 ······-·NIST-800-53-AC-6(1)
Offset 2918, 16 lines modifiedOffset 2918, 16 lines modified
2918 ······-·no_reboot_needed2918 ······-·no_reboot_needed
  
2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2920 ······stat:2920 ······stat:
2921 ········path:·/boot/grub2/grub.cfg2921 ········path:·/boot/grub2/grub.cfg
2922 ······register:·file_exists2922 ······register:·file_exists
2923 ······when:2923 ······when:
2924 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2925 ······-·'"grub2"·in·ansible_facts.packages'2924 ······-·'"grub2"·in·ansible_facts.packages'
 2925 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2927 ······tags:2927 ······tags:
2928 ······-·CCE-91426-72928 ······-·CCE-91426-7
2929 ······-·NIST-800-171-3.4.52929 ······-·NIST-800-171-3.4.5
2930 ······-·NIST-800-53-AC-6(1)2930 ······-·NIST-800-53-AC-6(1)
2931 ······-·NIST-800-53-CM-6(a)2931 ······-·NIST-800-53-CM-6(a)
2932 ······-·configure_strategy2932 ······-·configure_strategy
Offset 2938, 16 lines modifiedOffset 2938, 16 lines modified
2938 ······-·no_reboot_needed2938 ······-·no_reboot_needed
  
2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2940 ······file:2940 ······file:
2941 ········path:·/boot/grub2/grub.cfg2941 ········path:·/boot/grub2/grub.cfg
2942 ········mode:·u-xs,g-xwrs,o-xwrt2942 ········mode:·u-xs,g-xwrs,o-xwrt
2943 ······when:2943 ······when:
2944 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2945 ······-·'"grub2"·in·ansible_facts.packages'2944 ······-·'"grub2"·in·ansible_facts.packages'
 2945 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2948 ······tags:2948 ······tags:
2949 ······-·CCE-91426-72949 ······-·CCE-91426-7
2950 ······-·NIST-800-171-3.4.52950 ······-·NIST-800-171-3.4.5
2951 ······-·NIST-800-53-AC-6(1)2951 ······-·NIST-800-53-AC-6(1)
2952 ······-·NIST-800-53-CM-6(a)2952 ······-·NIST-800-53-CM-6(a)
4.01 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 2794, 16 lines modifiedOffset 2794, 16 lines modified
2794 ······-·no_reboot_needed2794 ······-·no_reboot_needed
  
2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2796 ······stat:2796 ······stat:
2797 ········path:·/boot/grub2/grub.cfg2797 ········path:·/boot/grub2/grub.cfg
2798 ······register:·file_exists2798 ······register:·file_exists
2799 ······when:2799 ······when:
2800 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2801 ······-·'"grub2"·in·ansible_facts.packages'2800 ······-·'"grub2"·in·ansible_facts.packages'
 2801 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2803 ······tags:2803 ······tags:
2804 ······-·CCE-85849-82804 ······-·CCE-85849-8
2805 ······-·CJIS-5.5.2.22805 ······-·CJIS-5.5.2.2
2806 ······-·NIST-800-171-3.4.52806 ······-·NIST-800-171-3.4.5
2807 ······-·NIST-800-53-AC-6(1)2807 ······-·NIST-800-53-AC-6(1)
2808 ······-·NIST-800-53-CM-6(a)2808 ······-·NIST-800-53-CM-6(a)
Offset 2816, 16 lines modifiedOffset 2816, 16 lines modified
2816 ······-·no_reboot_needed2816 ······-·no_reboot_needed
  
2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2818 ······file:2818 ······file:
2819 ········path:·/boot/grub2/grub.cfg2819 ········path:·/boot/grub2/grub.cfg
2820 ········group:·'0'2820 ········group:·'0'
2821 ······when:2821 ······when:
2822 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2823 ······-·'"grub2"·in·ansible_facts.packages'2822 ······-·'"grub2"·in·ansible_facts.packages'
 2823 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2826 ······tags:2826 ······tags:
2827 ······-·CCE-85849-82827 ······-·CCE-85849-8
2828 ······-·CJIS-5.5.2.22828 ······-·CJIS-5.5.2.2
2829 ······-·NIST-800-171-3.4.52829 ······-·NIST-800-171-3.4.5
2830 ······-·NIST-800-53-AC-6(1)2830 ······-·NIST-800-53-AC-6(1)
Offset 2857, 16 lines modifiedOffset 2857, 16 lines modified
2857 ······-·no_reboot_needed2857 ······-·no_reboot_needed
  
2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2859 ······stat:2859 ······stat:
2860 ········path:·/boot/grub2/grub.cfg2860 ········path:·/boot/grub2/grub.cfg
2861 ······register:·file_exists2861 ······register:·file_exists
2862 ······when:2862 ······when:
2863 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2864 ······-·'"grub2"·in·ansible_facts.packages'2863 ······-·'"grub2"·in·ansible_facts.packages'
 2864 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2866 ······tags:2866 ······tags:
2867 ······-·CCE-85848-02867 ······-·CCE-85848-0
2868 ······-·CJIS-5.5.2.22868 ······-·CJIS-5.5.2.2
2869 ······-·NIST-800-171-3.4.52869 ······-·NIST-800-171-3.4.5
2870 ······-·NIST-800-53-AC-6(1)2870 ······-·NIST-800-53-AC-6(1)
2871 ······-·NIST-800-53-CM-6(a)2871 ······-·NIST-800-53-CM-6(a)
Offset 2879, 16 lines modifiedOffset 2879, 16 lines modified
2879 ······-·no_reboot_needed2879 ······-·no_reboot_needed
  
2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2881 ······file:2881 ······file:
2882 ········path:·/boot/grub2/grub.cfg2882 ········path:·/boot/grub2/grub.cfg
2883 ········owner:·'0'2883 ········owner:·'0'
2884 ······when:2884 ······when:
2885 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2886 ······-·'"grub2"·in·ansible_facts.packages'2885 ······-·'"grub2"·in·ansible_facts.packages'
 2886 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2889 ······tags:2889 ······tags:
2890 ······-·CCE-85848-02890 ······-·CCE-85848-0
2891 ······-·CJIS-5.5.2.22891 ······-·CJIS-5.5.2.2
2892 ······-·NIST-800-171-3.4.52892 ······-·NIST-800-171-3.4.5
2893 ······-·NIST-800-53-AC-6(1)2893 ······-·NIST-800-53-AC-6(1)
Offset 2918, 16 lines modifiedOffset 2918, 16 lines modified
2918 ······-·no_reboot_needed2918 ······-·no_reboot_needed
  
2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2920 ······stat:2920 ······stat:
2921 ········path:·/boot/grub2/grub.cfg2921 ········path:·/boot/grub2/grub.cfg
2922 ······register:·file_exists2922 ······register:·file_exists
2923 ······when:2923 ······when:
2924 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2925 ······-·'"grub2"·in·ansible_facts.packages'2924 ······-·'"grub2"·in·ansible_facts.packages'
 2925 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2927 ······tags:2927 ······tags:
2928 ······-·CCE-91426-72928 ······-·CCE-91426-7
2929 ······-·NIST-800-171-3.4.52929 ······-·NIST-800-171-3.4.5
2930 ······-·NIST-800-53-AC-6(1)2930 ······-·NIST-800-53-AC-6(1)
2931 ······-·NIST-800-53-CM-6(a)2931 ······-·NIST-800-53-CM-6(a)
2932 ······-·configure_strategy2932 ······-·configure_strategy
Offset 2938, 16 lines modifiedOffset 2938, 16 lines modified
2938 ······-·no_reboot_needed2938 ······-·no_reboot_needed
  
2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2940 ······file:2940 ······file:
2941 ········path:·/boot/grub2/grub.cfg2941 ········path:·/boot/grub2/grub.cfg
2942 ········mode:·u-xs,g-xwrs,o-xwrt2942 ········mode:·u-xs,g-xwrs,o-xwrt
2943 ······when:2943 ······when:
2944 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2945 ······-·'"grub2"·in·ansible_facts.packages'2944 ······-·'"grub2"·in·ansible_facts.packages'
 2945 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2948 ······tags:2948 ······tags:
2949 ······-·CCE-91426-72949 ······-·CCE-91426-7
2950 ······-·NIST-800-171-3.4.52950 ······-·NIST-800-171-3.4.5
2951 ······-·NIST-800-53-AC-6(1)2951 ······-·NIST-800-53-AC-6(1)
2952 ······-·NIST-800-53-CM-6(a)2952 ······-·NIST-800-53-CM-6(a)
4.02 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 18652, 16 lines modifiedOffset 18652, 16 lines modified
18652 ······-·no_reboot_needed18652 ······-·no_reboot_needed
  
18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18654 ······stat:18654 ······stat:
18655 ········path:·/boot/grub2/grub.cfg18655 ········path:·/boot/grub2/grub.cfg
18656 ······register:·file_exists18656 ······register:·file_exists
18657 ······when:18657 ······when:
18658 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18659 ······-·'"grub2"·in·ansible_facts.packages'18658 ······-·'"grub2"·in·ansible_facts.packages'
 18659 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18661 ······tags:18661 ······tags:
18662 ······-·CCE-85849-818662 ······-·CCE-85849-8
18663 ······-·CJIS-5.5.2.218663 ······-·CJIS-5.5.2.2
18664 ······-·NIST-800-171-3.4.518664 ······-·NIST-800-171-3.4.5
18665 ······-·NIST-800-53-AC-6(1)18665 ······-·NIST-800-53-AC-6(1)
18666 ······-·NIST-800-53-CM-6(a)18666 ······-·NIST-800-53-CM-6(a)
Offset 18674, 16 lines modifiedOffset 18674, 16 lines modified
18674 ······-·no_reboot_needed18674 ······-·no_reboot_needed
  
18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
18676 ······file:18676 ······file:
18677 ········path:·/boot/grub2/grub.cfg18677 ········path:·/boot/grub2/grub.cfg
18678 ········group:·'0'18678 ········group:·'0'
18679 ······when:18679 ······when:
18680 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18681 ······-·'"grub2"·in·ansible_facts.packages'18680 ······-·'"grub2"·in·ansible_facts.packages'
 18681 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18684 ······tags:18684 ······tags:
18685 ······-·CCE-85849-818685 ······-·CCE-85849-8
18686 ······-·CJIS-5.5.2.218686 ······-·CJIS-5.5.2.2
18687 ······-·NIST-800-171-3.4.518687 ······-·NIST-800-171-3.4.5
18688 ······-·NIST-800-53-AC-6(1)18688 ······-·NIST-800-53-AC-6(1)
Offset 18715, 16 lines modifiedOffset 18715, 16 lines modified
18715 ······-·no_reboot_needed18715 ······-·no_reboot_needed
  
18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18717 ······stat:18717 ······stat:
18718 ········path:·/boot/grub2/grub.cfg18718 ········path:·/boot/grub2/grub.cfg
18719 ······register:·file_exists18719 ······register:·file_exists
18720 ······when:18720 ······when:
18721 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18722 ······-·'"grub2"·in·ansible_facts.packages'18721 ······-·'"grub2"·in·ansible_facts.packages'
 18722 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18724 ······tags:18724 ······tags:
18725 ······-·CCE-85848-018725 ······-·CCE-85848-0
18726 ······-·CJIS-5.5.2.218726 ······-·CJIS-5.5.2.2
18727 ······-·NIST-800-171-3.4.518727 ······-·NIST-800-171-3.4.5
18728 ······-·NIST-800-53-AC-6(1)18728 ······-·NIST-800-53-AC-6(1)
18729 ······-·NIST-800-53-CM-6(a)18729 ······-·NIST-800-53-CM-6(a)
Offset 18737, 16 lines modifiedOffset 18737, 16 lines modified
18737 ······-·no_reboot_needed18737 ······-·no_reboot_needed
  
18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
18739 ······file:18739 ······file:
18740 ········path:·/boot/grub2/grub.cfg18740 ········path:·/boot/grub2/grub.cfg
18741 ········owner:·'0'18741 ········owner:·'0'
18742 ······when:18742 ······when:
18743 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18744 ······-·'"grub2"·in·ansible_facts.packages'18743 ······-·'"grub2"·in·ansible_facts.packages'
 18744 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18747 ······tags:18747 ······tags:
18748 ······-·CCE-85848-018748 ······-·CCE-85848-0
18749 ······-·CJIS-5.5.2.218749 ······-·CJIS-5.5.2.2
18750 ······-·NIST-800-171-3.4.518750 ······-·NIST-800-171-3.4.5
18751 ······-·NIST-800-53-AC-6(1)18751 ······-·NIST-800-53-AC-6(1)
Offset 18776, 16 lines modifiedOffset 18776, 16 lines modified
18776 ······-·no_reboot_needed18776 ······-·no_reboot_needed
  
18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18778 ······stat:18778 ······stat:
18779 ········path:·/boot/grub2/grub.cfg18779 ········path:·/boot/grub2/grub.cfg
18780 ······register:·file_exists18780 ······register:·file_exists
18781 ······when:18781 ······when:
18782 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18783 ······-·'"grub2"·in·ansible_facts.packages'18782 ······-·'"grub2"·in·ansible_facts.packages'
 18783 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18785 ······tags:18785 ······tags:
18786 ······-·CCE-91426-718786 ······-·CCE-91426-7
18787 ······-·NIST-800-171-3.4.518787 ······-·NIST-800-171-3.4.5
18788 ······-·NIST-800-53-AC-6(1)18788 ······-·NIST-800-53-AC-6(1)
18789 ······-·NIST-800-53-CM-6(a)18789 ······-·NIST-800-53-CM-6(a)
18790 ······-·configure_strategy18790 ······-·configure_strategy
Offset 18796, 16 lines modifiedOffset 18796, 16 lines modified
18796 ······-·no_reboot_needed18796 ······-·no_reboot_needed
  
18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
18798 ······file:18798 ······file:
18799 ········path:·/boot/grub2/grub.cfg18799 ········path:·/boot/grub2/grub.cfg
18800 ········mode:·u-xs,g-xwrs,o-xwrt18800 ········mode:·u-xs,g-xwrs,o-xwrt
18801 ······when:18801 ······when:
18802 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
18803 ······-·'"grub2"·in·ansible_facts.packages'18802 ······-·'"grub2"·in·ansible_facts.packages'
 18803 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18806 ······tags:18806 ······tags:
18807 ······-·CCE-91426-718807 ······-·CCE-91426-7
18808 ······-·NIST-800-171-3.4.518808 ······-·NIST-800-171-3.4.5
18809 ······-·NIST-800-53-AC-6(1)18809 ······-·NIST-800-53-AC-6(1)
18810 ······-·NIST-800-53-CM-6(a)18810 ······-·NIST-800-53-CM-6(a)
3.99 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-hipaa.yml
Ordering differences only
    
Offset 21255, 16 lines modifiedOffset 21255, 16 lines modified
21255 ······-·no_reboot_needed21255 ······-·no_reboot_needed
  
21256 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21256 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21257 ······stat:21257 ······stat:
21258 ········path:·/boot/grub2/grub.cfg21258 ········path:·/boot/grub2/grub.cfg
21259 ······register:·file_exists21259 ······register:·file_exists
21260 ······when:21260 ······when:
21261 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21262 ······-·'"grub2"·in·ansible_facts.packages'21261 ······-·'"grub2"·in·ansible_facts.packages'
 21262 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21263 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21263 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21264 ······tags:21264 ······tags:
21265 ······-·CCE-85849-821265 ······-·CCE-85849-8
21266 ······-·CJIS-5.5.2.221266 ······-·CJIS-5.5.2.2
21267 ······-·NIST-800-171-3.4.521267 ······-·NIST-800-171-3.4.5
21268 ······-·NIST-800-53-AC-6(1)21268 ······-·NIST-800-53-AC-6(1)
21269 ······-·NIST-800-53-CM-6(a)21269 ······-·NIST-800-53-CM-6(a)
Offset 21277, 16 lines modifiedOffset 21277, 16 lines modified
21277 ······-·no_reboot_needed21277 ······-·no_reboot_needed
  
21278 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21278 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21279 ······file:21279 ······file:
21280 ········path:·/boot/grub2/grub.cfg21280 ········path:·/boot/grub2/grub.cfg
21281 ········group:·'0'21281 ········group:·'0'
21282 ······when:21282 ······when:
21283 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21284 ······-·'"grub2"·in·ansible_facts.packages'21283 ······-·'"grub2"·in·ansible_facts.packages'
 21284 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21285 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21285 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21286 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21286 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21287 ······tags:21287 ······tags:
21288 ······-·CCE-85849-821288 ······-·CCE-85849-8
21289 ······-·CJIS-5.5.2.221289 ······-·CJIS-5.5.2.2
21290 ······-·NIST-800-171-3.4.521290 ······-·NIST-800-171-3.4.5
21291 ······-·NIST-800-53-AC-6(1)21291 ······-·NIST-800-53-AC-6(1)
Offset 21318, 16 lines modifiedOffset 21318, 16 lines modified
21318 ······-·no_reboot_needed21318 ······-·no_reboot_needed
  
21319 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21319 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21320 ······stat:21320 ······stat:
21321 ········path:·/boot/grub2/grub.cfg21321 ········path:·/boot/grub2/grub.cfg
21322 ······register:·file_exists21322 ······register:·file_exists
21323 ······when:21323 ······when:
21324 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21325 ······-·'"grub2"·in·ansible_facts.packages'21324 ······-·'"grub2"·in·ansible_facts.packages'
 21325 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21326 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21326 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21327 ······tags:21327 ······tags:
21328 ······-·CCE-85848-021328 ······-·CCE-85848-0
21329 ······-·CJIS-5.5.2.221329 ······-·CJIS-5.5.2.2
21330 ······-·NIST-800-171-3.4.521330 ······-·NIST-800-171-3.4.5
21331 ······-·NIST-800-53-AC-6(1)21331 ······-·NIST-800-53-AC-6(1)
21332 ······-·NIST-800-53-CM-6(a)21332 ······-·NIST-800-53-CM-6(a)
Offset 21340, 16 lines modifiedOffset 21340, 16 lines modified
21340 ······-·no_reboot_needed21340 ······-·no_reboot_needed
  
21341 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21341 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21342 ······file:21342 ······file:
21343 ········path:·/boot/grub2/grub.cfg21343 ········path:·/boot/grub2/grub.cfg
21344 ········owner:·'0'21344 ········owner:·'0'
21345 ······when:21345 ······when:
21346 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21347 ······-·'"grub2"·in·ansible_facts.packages'21346 ······-·'"grub2"·in·ansible_facts.packages'
 21347 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21348 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21348 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21349 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21349 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21350 ······tags:21350 ······tags:
21351 ······-·CCE-85848-021351 ······-·CCE-85848-0
21352 ······-·CJIS-5.5.2.221352 ······-·CJIS-5.5.2.2
21353 ······-·NIST-800-171-3.4.521353 ······-·NIST-800-171-3.4.5
21354 ······-·NIST-800-53-AC-6(1)21354 ······-·NIST-800-53-AC-6(1)
Offset 21379, 16 lines modifiedOffset 21379, 16 lines modified
21379 ······-·no_reboot_needed21379 ······-·no_reboot_needed
  
21380 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21380 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21381 ······stat:21381 ······stat:
21382 ········path:·/boot/grub2/grub.cfg21382 ········path:·/boot/grub2/grub.cfg
21383 ······register:·file_exists21383 ······register:·file_exists
21384 ······when:21384 ······when:
21385 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21386 ······-·'"grub2"·in·ansible_facts.packages'21385 ······-·'"grub2"·in·ansible_facts.packages'
 21386 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21387 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21387 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21388 ······tags:21388 ······tags:
21389 ······-·CCE-91426-721389 ······-·CCE-91426-7
21390 ······-·NIST-800-171-3.4.521390 ······-·NIST-800-171-3.4.5
21391 ······-·NIST-800-53-AC-6(1)21391 ······-·NIST-800-53-AC-6(1)
21392 ······-·NIST-800-53-CM-6(a)21392 ······-·NIST-800-53-CM-6(a)
21393 ······-·configure_strategy21393 ······-·configure_strategy
Offset 21399, 16 lines modifiedOffset 21399, 16 lines modified
21399 ······-·no_reboot_needed21399 ······-·no_reboot_needed
  
21400 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg21400 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
21401 ······file:21401 ······file:
21402 ········path:·/boot/grub2/grub.cfg21402 ········path:·/boot/grub2/grub.cfg
21403 ········mode:·u-xs,g-xwrs,o-xwrt21403 ········mode:·u-xs,g-xwrs,o-xwrt
21404 ······when:21404 ······when:
21405 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21406 ······-·'"grub2"·in·ansible_facts.packages'21405 ······-·'"grub2"·in·ansible_facts.packages'
 21406 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21408 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21408 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21409 ······tags:21409 ······tags:
21410 ······-·CCE-91426-721410 ······-·CCE-91426-7
21411 ······-·NIST-800-171-3.4.521411 ······-·NIST-800-171-3.4.5
21412 ······-·NIST-800-53-AC-6(1)21412 ······-·NIST-800-53-AC-6(1)
21413 ······-·NIST-800-53-CM-6(a)21413 ······-·NIST-800-53-CM-6(a)
2.69 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-pci-dss-4.yml
Ordering differences only
    
Offset 26994, 16 lines modifiedOffset 26994, 16 lines modified
26994 ······-·no_reboot_needed26994 ······-·no_reboot_needed
  
26995 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg26995 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
26996 ······stat:26996 ······stat:
26997 ········path:·/boot/grub2/grub.cfg26997 ········path:·/boot/grub2/grub.cfg
26998 ······register:·file_exists26998 ······register:·file_exists
26999 ······when:26999 ······when:
27000 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
27001 ······-·'"grub2"·in·ansible_facts.packages'27000 ······-·'"grub2"·in·ansible_facts.packages'
 27001 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
27002 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27002 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27003 ······tags:27003 ······tags:
27004 ······-·CCE-85849-827004 ······-·CCE-85849-8
27005 ······-·CJIS-5.5.2.227005 ······-·CJIS-5.5.2.2
27006 ······-·NIST-800-171-3.4.527006 ······-·NIST-800-171-3.4.5
27007 ······-·NIST-800-53-AC-6(1)27007 ······-·NIST-800-53-AC-6(1)
27008 ······-·NIST-800-53-CM-6(a)27008 ······-·NIST-800-53-CM-6(a)
Offset 27016, 16 lines modifiedOffset 27016, 16 lines modified
27016 ······-·no_reboot_needed27016 ······-·no_reboot_needed
  
27017 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg27017 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
27018 ······file:27018 ······file:
27019 ········path:·/boot/grub2/grub.cfg27019 ········path:·/boot/grub2/grub.cfg
27020 ········group:·'0'27020 ········group:·'0'
27021 ······when:27021 ······when:
27022 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
27023 ······-·'"grub2"·in·ansible_facts.packages'27022 ······-·'"grub2"·in·ansible_facts.packages'
 27023 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
27024 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27024 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27025 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists27025 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
27026 ······tags:27026 ······tags:
27027 ······-·CCE-85849-827027 ······-·CCE-85849-8
27028 ······-·CJIS-5.5.2.227028 ······-·CJIS-5.5.2.2
27029 ······-·NIST-800-171-3.4.527029 ······-·NIST-800-171-3.4.5
27030 ······-·NIST-800-53-AC-6(1)27030 ······-·NIST-800-53-AC-6(1)
Offset 27057, 16 lines modifiedOffset 27057, 16 lines modified
27057 ······-·no_reboot_needed27057 ······-·no_reboot_needed
  
27058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg27058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
27059 ······stat:27059 ······stat:
27060 ········path:·/boot/grub2/grub.cfg27060 ········path:·/boot/grub2/grub.cfg
27061 ······register:·file_exists27061 ······register:·file_exists
27062 ······when:27062 ······when:
27063 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
27064 ······-·'"grub2"·in·ansible_facts.packages'27063 ······-·'"grub2"·in·ansible_facts.packages'
 27064 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
27065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27066 ······tags:27066 ······tags:
27067 ······-·CCE-85848-027067 ······-·CCE-85848-0
27068 ······-·CJIS-5.5.2.227068 ······-·CJIS-5.5.2.2
27069 ······-·NIST-800-171-3.4.527069 ······-·NIST-800-171-3.4.5
27070 ······-·NIST-800-53-AC-6(1)27070 ······-·NIST-800-53-AC-6(1)
27071 ······-·NIST-800-53-CM-6(a)27071 ······-·NIST-800-53-CM-6(a)
Offset 27079, 16 lines modifiedOffset 27079, 16 lines modified
27079 ······-·no_reboot_needed27079 ······-·no_reboot_needed
  
27080 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg27080 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
27081 ······file:27081 ······file:
27082 ········path:·/boot/grub2/grub.cfg27082 ········path:·/boot/grub2/grub.cfg
27083 ········owner:·'0'27083 ········owner:·'0'
27084 ······when:27084 ······when:
27085 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
27086 ······-·'"grub2"·in·ansible_facts.packages'27085 ······-·'"grub2"·in·ansible_facts.packages'
 27086 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
27087 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27087 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27088 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists27088 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
27089 ······tags:27089 ······tags:
27090 ······-·CCE-85848-027090 ······-·CCE-85848-0
27091 ······-·CJIS-5.5.2.227091 ······-·CJIS-5.5.2.2
27092 ······-·NIST-800-171-3.4.527092 ······-·NIST-800-171-3.4.5
27093 ······-·NIST-800-53-AC-6(1)27093 ······-·NIST-800-53-AC-6(1)
2.69 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-pci-dss.yml
Ordering differences only
    
Offset 25610, 16 lines modifiedOffset 25610, 16 lines modified
25610 ······-·no_reboot_needed25610 ······-·no_reboot_needed
  
25611 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg25611 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
25612 ······stat:25612 ······stat:
25613 ········path:·/boot/grub2/grub.cfg25613 ········path:·/boot/grub2/grub.cfg
25614 ······register:·file_exists25614 ······register:·file_exists
25615 ······when:25615 ······when:
25616 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
25617 ······-·'"grub2"·in·ansible_facts.packages'25616 ······-·'"grub2"·in·ansible_facts.packages'
 25617 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
25618 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25618 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25619 ······tags:25619 ······tags:
25620 ······-·CCE-85849-825620 ······-·CCE-85849-8
25621 ······-·CJIS-5.5.2.225621 ······-·CJIS-5.5.2.2
25622 ······-·NIST-800-171-3.4.525622 ······-·NIST-800-171-3.4.5
25623 ······-·NIST-800-53-AC-6(1)25623 ······-·NIST-800-53-AC-6(1)
25624 ······-·NIST-800-53-CM-6(a)25624 ······-·NIST-800-53-CM-6(a)
Offset 25632, 16 lines modifiedOffset 25632, 16 lines modified
25632 ······-·no_reboot_needed25632 ······-·no_reboot_needed
  
25633 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg25633 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
25634 ······file:25634 ······file:
25635 ········path:·/boot/grub2/grub.cfg25635 ········path:·/boot/grub2/grub.cfg
25636 ········group:·'0'25636 ········group:·'0'
25637 ······when:25637 ······when:
25638 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
25639 ······-·'"grub2"·in·ansible_facts.packages'25638 ······-·'"grub2"·in·ansible_facts.packages'
 25639 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
25640 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25640 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25641 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists25641 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
25642 ······tags:25642 ······tags:
25643 ······-·CCE-85849-825643 ······-·CCE-85849-8
25644 ······-·CJIS-5.5.2.225644 ······-·CJIS-5.5.2.2
25645 ······-·NIST-800-171-3.4.525645 ······-·NIST-800-171-3.4.5
25646 ······-·NIST-800-53-AC-6(1)25646 ······-·NIST-800-53-AC-6(1)
Offset 25673, 16 lines modifiedOffset 25673, 16 lines modified
25673 ······-·no_reboot_needed25673 ······-·no_reboot_needed
  
25674 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg25674 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
25675 ······stat:25675 ······stat:
25676 ········path:·/boot/grub2/grub.cfg25676 ········path:·/boot/grub2/grub.cfg
25677 ······register:·file_exists25677 ······register:·file_exists
25678 ······when:25678 ······when:
25679 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
25680 ······-·'"grub2"·in·ansible_facts.packages'25679 ······-·'"grub2"·in·ansible_facts.packages'
 25680 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
25681 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25681 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25682 ······tags:25682 ······tags:
25683 ······-·CCE-85848-025683 ······-·CCE-85848-0
25684 ······-·CJIS-5.5.2.225684 ······-·CJIS-5.5.2.2
25685 ······-·NIST-800-171-3.4.525685 ······-·NIST-800-171-3.4.5
25686 ······-·NIST-800-53-AC-6(1)25686 ······-·NIST-800-53-AC-6(1)
25687 ······-·NIST-800-53-CM-6(a)25687 ······-·NIST-800-53-CM-6(a)
Offset 25695, 16 lines modifiedOffset 25695, 16 lines modified
25695 ······-·no_reboot_needed25695 ······-·no_reboot_needed
  
25696 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg25696 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
25697 ······file:25697 ······file:
25698 ········path:·/boot/grub2/grub.cfg25698 ········path:·/boot/grub2/grub.cfg
25699 ········owner:·'0'25699 ········owner:·'0'
25700 ······when:25700 ······when:
25701 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
25702 ······-·'"grub2"·in·ansible_facts.packages'25701 ······-·'"grub2"·in·ansible_facts.packages'
 25702 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
25703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25704 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists25704 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
25705 ······tags:25705 ······tags:
25706 ······-·CCE-85848-025706 ······-·CCE-85848-0
25707 ······-·CJIS-5.5.2.225707 ······-·CJIS-5.5.2.2
25708 ······-·NIST-800-171-3.4.525708 ······-·NIST-800-171-3.4.5
25709 ······-·NIST-800-53-AC-6(1)25709 ······-·NIST-800-53-AC-6(1)
1.14 KB
./usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml
1.0 KB
./usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2024-01-08T11:17:10.134885">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2024-01-08T11:58:08.656492">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Red·Hat·Enterprise·Linux·V3R9.7 DISA·STIG·for·Red·Hat·Enterprise·Linux·V3R9.
  
8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·7,·DISA·recognizes·this8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·7,·DISA·recognizes·this
9 configuration·baseline·as·applicable·to·the·operating·system·tier·of9 configuration·baseline·as·applicable·to·the·operating·system·tier·of
1.15 KB
./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
1.0 KB
./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2024-01-08T11:17:23.238830">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2024-01-08T11:58:23.333133">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V1R8.7 DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V1R8.
  
8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·DISA·recognizes·this8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·DISA·recognizes·this
9 configuration·baseline·as·applicable·to·the·operating·system·tier·of9 configuration·baseline·as·applicable·to·the·operating·system·tier·of
52.8 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds-1.2.xml
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds-1.2.xml
    
Offset 12735, 16 lines modifiedOffset 12735, 16 lines modified
  
12735 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12735 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12736 ··find:12736 ··find:
12737 ····paths:·/etc/audit/rules.d/12737 ····paths:·/etc/audit/rules.d/
12738 ····patterns:·'*.rules'12738 ····patterns:·'*.rules'
12739 ··register:·find_rules_d12739 ··register:·find_rules_d
12740 ··when:12740 ··when:
12741 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12742 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12741 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12742 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12743 ··tags:12743 ··tags:
12744 ··-·CJIS-5.4.1.112744 ··-·CJIS-5.4.1.1
12745 ··-·NIST-800-171-3.3.112745 ··-·NIST-800-171-3.3.1
12746 ··-·NIST-800-171-3.4.312746 ··-·NIST-800-171-3.4.3
12747 ··-·NIST-800-53-AC-6(9)12747 ··-·NIST-800-53-AC-6(9)
12748 ··-·NIST-800-53-CM-6(a)12748 ··-·NIST-800-53-CM-6(a)
12749 ··-·PCI-DSS-Req-10.5.212749 ··-·PCI-DSS-Req-10.5.2
Offset 12759, 16 lines modifiedOffset 12759, 16 lines modified
12759 ··lineinfile:12759 ··lineinfile:
12760 ····path:·'{{·item·}}'12760 ····path:·'{{·item·}}'
12761 ····regexp:·^\s*(?:-e)\s+.*$12761 ····regexp:·^\s*(?:-e)\s+.*$
12762 ····state:·absent12762 ····state:·absent
12763 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12763 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12764 ····}}'12764 ····}}'
12765 ··when:12765 ··when:
12766 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12767 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12766 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12767 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12768 ··tags:12768 ··tags:
12769 ··-·CJIS-5.4.1.112769 ··-·CJIS-5.4.1.1
12770 ··-·NIST-800-171-3.3.112770 ··-·NIST-800-171-3.3.1
12771 ··-·NIST-800-171-3.4.312771 ··-·NIST-800-171-3.4.3
12772 ··-·NIST-800-53-AC-6(9)12772 ··-·NIST-800-53-AC-6(9)
12773 ··-·NIST-800-53-CM-6(a)12773 ··-·NIST-800-53-CM-6(a)
12774 ··-·PCI-DSS-Req-10.5.212774 ··-·PCI-DSS-Req-10.5.2
Offset 12785, 16 lines modifiedOffset 12785, 16 lines modified
12785 ····create:·true12785 ····create:·true
12786 ····line:·-e·212786 ····line:·-e·2
12787 ····mode:·o-rwx12787 ····mode:·o-rwx
12788 ··loop:12788 ··loop:
12789 ··-·/etc/audit/audit.rules12789 ··-·/etc/audit/audit.rules
12790 ··-·/etc/audit/rules.d/immutable.rules12790 ··-·/etc/audit/rules.d/immutable.rules
12791 ··when:12791 ··when:
12792 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12793 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12792 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12793 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12794 ··tags:12794 ··tags:
12795 ··-·CJIS-5.4.1.112795 ··-·CJIS-5.4.1.1
12796 ··-·NIST-800-171-3.3.112796 ··-·NIST-800-171-3.3.1
12797 ··-·NIST-800-171-3.4.312797 ··-·NIST-800-171-3.4.3
12798 ··-·NIST-800-53-AC-6(9)12798 ··-·NIST-800-53-AC-6(9)
12799 ··-·NIST-800-53-CM-6(a)12799 ··-·NIST-800-53-CM-6(a)
12800 ··-·PCI-DSS-Req-10.5.212800 ··-·PCI-DSS-Req-10.5.2
Offset 13679, 16 lines modifiedOffset 13679, 16 lines modified
13679 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13679 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13680 ··find:13680 ··find:
13681 ····paths:·/etc/audit/rules.d13681 ····paths:·/etc/audit/rules.d
13682 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13682 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13683 ····patterns:·'*.rules'13683 ····patterns:·'*.rules'
13684 ··register:·find_existing_watch_rules_d13684 ··register:·find_existing_watch_rules_d
13685 ··when:13685 ··when:
13686 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13687 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13686 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13687 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13688 ··tags:13688 ··tags:
13689 ··-·CJIS-5.4.1.113689 ··-·CJIS-5.4.1.1
13690 ··-·NIST-800-171-3.1.713690 ··-·NIST-800-171-3.1.7
13691 ··-·NIST-800-53-AC-2(7)(b)13691 ··-·NIST-800-53-AC-2(7)(b)
13692 ··-·NIST-800-53-AC-6(9)13692 ··-·NIST-800-53-AC-6(9)
13693 ··-·NIST-800-53-AU-12(c)13693 ··-·NIST-800-53-AU-12(c)
13694 ··-·NIST-800-53-AU-2(d)13694 ··-·NIST-800-53-AU-2(d)
Offset 13705, 16 lines modifiedOffset 13705, 16 lines modified
13705 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13705 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
13706 ··find:13706 ··find:
13707 ····paths:·/etc/audit/rules.d13707 ····paths:·/etc/audit/rules.d
13708 ····contains:·^.*(?:-F·key=|-k\s+)actions$13708 ····contains:·^.*(?:-F·key=|-k\s+)actions$
13709 ····patterns:·'*.rules'13709 ····patterns:·'*.rules'
13710 ··register:·find_watch_key13710 ··register:·find_watch_key
13711 ··when:13711 ··when:
13712 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13713 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13712 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13713 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13714 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched13714 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
13715 ····==·013715 ····==·0
13716 ··tags:13716 ··tags:
13717 ··-·CJIS-5.4.1.113717 ··-·CJIS-5.4.1.1
13718 ··-·NIST-800-171-3.1.713718 ··-·NIST-800-171-3.1.7
13719 ··-·NIST-800-53-AC-2(7)(b)13719 ··-·NIST-800-53-AC-2(7)(b)
13720 ··-·NIST-800-53-AC-6(9)13720 ··-·NIST-800-53-AC-6(9)
Offset 13731, 16 lines modifiedOffset 13731, 16 lines modified
13731 ··-·restrict_strategy13731 ··-·restrict_strategy
  
13732 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule13732 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
13733 ··set_fact:13733 ··set_fact:
13734 ····all_files:13734 ····all_files:
13735 ····-·/etc/audit/rules.d/actions.rules13735 ····-·/etc/audit/rules.d/actions.rules
13736 ··when:13736 ··when:
13737 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13738 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13737 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13738 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13739 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched13739 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
13740 ····is·defined·and·find_existing_watch_rules_d.matched·==·013740 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13741 ··tags:13741 ··tags:
13742 ··-·CJIS-5.4.1.113742 ··-·CJIS-5.4.1.1
13743 ··-·NIST-800-171-3.1.713743 ··-·NIST-800-171-3.1.7
13744 ··-·NIST-800-53-AC-2(7)(b)13744 ··-·NIST-800-53-AC-2(7)(b)
13745 ··-·NIST-800-53-AC-6(9)13745 ··-·NIST-800-53-AC-6(9)
Offset 13757, 16 lines modifiedOffset 13757, 16 lines modified
13757 ··-·restrict_strategy13757 ··-·restrict_strategy
  
13758 -·name:·Use·matched·file·as·the·recipient·for·the·rule13758 -·name:·Use·matched·file·as·the·recipient·for·the·rule
13759 ··set_fact:13759 ··set_fact:
13760 ····all_files:13760 ····all_files:
13761 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'13761 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
13762 ··when:13762 ··when:
13763 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13764 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13763 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13764 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13765 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched13765 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
13766 ····is·defined·and·find_existing_watch_rules_d.matched·==·013766 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13767 ··tags:13767 ··tags:
13768 ··-·CJIS-5.4.1.113768 ··-·CJIS-5.4.1.1
13769 ··-·NIST-800-171-3.1.713769 ··-·NIST-800-171-3.1.7
13770 ··-·NIST-800-53-AC-2(7)(b)13770 ··-·NIST-800-53-AC-2(7)(b)
13771 ··-·NIST-800-53-AC-6(9)13771 ··-·NIST-800-53-AC-6(9)
Offset 13785, 16 lines modifiedOffset 13785, 16 lines modified
13785 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/13785 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 49137/53854 bytes (91.24%) of diff not shown.
52.8 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds.xml
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds.xml
    
Offset 12735, 16 lines modifiedOffset 12735, 16 lines modified
  
12735 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12735 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12736 ··find:12736 ··find:
12737 ····paths:·/etc/audit/rules.d/12737 ····paths:·/etc/audit/rules.d/
12738 ····patterns:·'*.rules'12738 ····patterns:·'*.rules'
12739 ··register:·find_rules_d12739 ··register:·find_rules_d
12740 ··when:12740 ··when:
12741 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12742 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12741 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12742 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12743 ··tags:12743 ··tags:
12744 ··-·CJIS-5.4.1.112744 ··-·CJIS-5.4.1.1
12745 ··-·NIST-800-171-3.3.112745 ··-·NIST-800-171-3.3.1
12746 ··-·NIST-800-171-3.4.312746 ··-·NIST-800-171-3.4.3
12747 ··-·NIST-800-53-AC-6(9)12747 ··-·NIST-800-53-AC-6(9)
12748 ··-·NIST-800-53-CM-6(a)12748 ··-·NIST-800-53-CM-6(a)
12749 ··-·PCI-DSS-Req-10.5.212749 ··-·PCI-DSS-Req-10.5.2
Offset 12759, 16 lines modifiedOffset 12759, 16 lines modified
12759 ··lineinfile:12759 ··lineinfile:
12760 ····path:·'{{·item·}}'12760 ····path:·'{{·item·}}'
12761 ····regexp:·^\s*(?:-e)\s+.*$12761 ····regexp:·^\s*(?:-e)\s+.*$
12762 ····state:·absent12762 ····state:·absent
12763 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12763 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12764 ····}}'12764 ····}}'
12765 ··when:12765 ··when:
12766 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12767 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12766 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12767 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12768 ··tags:12768 ··tags:
12769 ··-·CJIS-5.4.1.112769 ··-·CJIS-5.4.1.1
12770 ··-·NIST-800-171-3.3.112770 ··-·NIST-800-171-3.3.1
12771 ··-·NIST-800-171-3.4.312771 ··-·NIST-800-171-3.4.3
12772 ··-·NIST-800-53-AC-6(9)12772 ··-·NIST-800-53-AC-6(9)
12773 ··-·NIST-800-53-CM-6(a)12773 ··-·NIST-800-53-CM-6(a)
12774 ··-·PCI-DSS-Req-10.5.212774 ··-·PCI-DSS-Req-10.5.2
Offset 12785, 16 lines modifiedOffset 12785, 16 lines modified
12785 ····create:·true12785 ····create:·true
12786 ····line:·-e·212786 ····line:·-e·2
12787 ····mode:·o-rwx12787 ····mode:·o-rwx
12788 ··loop:12788 ··loop:
12789 ··-·/etc/audit/audit.rules12789 ··-·/etc/audit/audit.rules
12790 ··-·/etc/audit/rules.d/immutable.rules12790 ··-·/etc/audit/rules.d/immutable.rules
12791 ··when:12791 ··when:
12792 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12793 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12792 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12793 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12794 ··tags:12794 ··tags:
12795 ··-·CJIS-5.4.1.112795 ··-·CJIS-5.4.1.1
12796 ··-·NIST-800-171-3.3.112796 ··-·NIST-800-171-3.3.1
12797 ··-·NIST-800-171-3.4.312797 ··-·NIST-800-171-3.4.3
12798 ··-·NIST-800-53-AC-6(9)12798 ··-·NIST-800-53-AC-6(9)
12799 ··-·NIST-800-53-CM-6(a)12799 ··-·NIST-800-53-CM-6(a)
12800 ··-·PCI-DSS-Req-10.5.212800 ··-·PCI-DSS-Req-10.5.2
Offset 13679, 16 lines modifiedOffset 13679, 16 lines modified
13679 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13679 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13680 ··find:13680 ··find:
13681 ····paths:·/etc/audit/rules.d13681 ····paths:·/etc/audit/rules.d
13682 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13682 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13683 ····patterns:·'*.rules'13683 ····patterns:·'*.rules'
13684 ··register:·find_existing_watch_rules_d13684 ··register:·find_existing_watch_rules_d
13685 ··when:13685 ··when:
13686 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13687 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13686 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13687 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13688 ··tags:13688 ··tags:
13689 ··-·CJIS-5.4.1.113689 ··-·CJIS-5.4.1.1
13690 ··-·NIST-800-171-3.1.713690 ··-·NIST-800-171-3.1.7
13691 ··-·NIST-800-53-AC-2(7)(b)13691 ··-·NIST-800-53-AC-2(7)(b)
13692 ··-·NIST-800-53-AC-6(9)13692 ··-·NIST-800-53-AC-6(9)
13693 ··-·NIST-800-53-AU-12(c)13693 ··-·NIST-800-53-AU-12(c)
13694 ··-·NIST-800-53-AU-2(d)13694 ··-·NIST-800-53-AU-2(d)
Offset 13705, 16 lines modifiedOffset 13705, 16 lines modified
13705 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13705 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
13706 ··find:13706 ··find:
13707 ····paths:·/etc/audit/rules.d13707 ····paths:·/etc/audit/rules.d
13708 ····contains:·^.*(?:-F·key=|-k\s+)actions$13708 ····contains:·^.*(?:-F·key=|-k\s+)actions$
13709 ····patterns:·'*.rules'13709 ····patterns:·'*.rules'
13710 ··register:·find_watch_key13710 ··register:·find_watch_key
13711 ··when:13711 ··when:
13712 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13713 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13712 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13713 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13714 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched13714 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
13715 ····==·013715 ····==·0
13716 ··tags:13716 ··tags:
13717 ··-·CJIS-5.4.1.113717 ··-·CJIS-5.4.1.1
13718 ··-·NIST-800-171-3.1.713718 ··-·NIST-800-171-3.1.7
13719 ··-·NIST-800-53-AC-2(7)(b)13719 ··-·NIST-800-53-AC-2(7)(b)
13720 ··-·NIST-800-53-AC-6(9)13720 ··-·NIST-800-53-AC-6(9)
Offset 13731, 16 lines modifiedOffset 13731, 16 lines modified
13731 ··-·restrict_strategy13731 ··-·restrict_strategy
  
13732 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule13732 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
13733 ··set_fact:13733 ··set_fact:
13734 ····all_files:13734 ····all_files:
13735 ····-·/etc/audit/rules.d/actions.rules13735 ····-·/etc/audit/rules.d/actions.rules
13736 ··when:13736 ··when:
13737 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13738 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13737 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13738 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13739 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched13739 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
13740 ····is·defined·and·find_existing_watch_rules_d.matched·==·013740 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13741 ··tags:13741 ··tags:
13742 ··-·CJIS-5.4.1.113742 ··-·CJIS-5.4.1.1
13743 ··-·NIST-800-171-3.1.713743 ··-·NIST-800-171-3.1.7
13744 ··-·NIST-800-53-AC-2(7)(b)13744 ··-·NIST-800-53-AC-2(7)(b)
13745 ··-·NIST-800-53-AC-6(9)13745 ··-·NIST-800-53-AC-6(9)
Offset 13757, 16 lines modifiedOffset 13757, 16 lines modified
13757 ··-·restrict_strategy13757 ··-·restrict_strategy
  
13758 -·name:·Use·matched·file·as·the·recipient·for·the·rule13758 -·name:·Use·matched·file·as·the·recipient·for·the·rule
13759 ··set_fact:13759 ··set_fact:
13760 ····all_files:13760 ····all_files:
13761 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'13761 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
13762 ··when:13762 ··when:
13763 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13764 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13763 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13764 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13765 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched13765 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
13766 ····is·defined·and·find_existing_watch_rules_d.matched·==·013766 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13767 ··tags:13767 ··tags:
13768 ··-·CJIS-5.4.1.113768 ··-·CJIS-5.4.1.1
13769 ··-·NIST-800-171-3.1.713769 ··-·NIST-800-171-3.1.7
13770 ··-·NIST-800-53-AC-2(7)(b)13770 ··-·NIST-800-53-AC-2(7)(b)
13771 ··-·NIST-800-53-AC-6(9)13771 ··-·NIST-800-53-AC-6(9)
Offset 13785, 16 lines modifiedOffset 13785, 16 lines modified
13785 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/13785 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 49137/53854 bytes (91.24%) of diff not shown.
52.6 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-xccdf.xml
52.5 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-xccdf.xml
    
Offset 12627, 16 lines modifiedOffset 12627, 16 lines modified
  
12627 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12627 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12628 ··find:12628 ··find:
12629 ····paths:·/etc/audit/rules.d/12629 ····paths:·/etc/audit/rules.d/
12630 ····patterns:·'*.rules'12630 ····patterns:·'*.rules'
12631 ··register:·find_rules_d12631 ··register:·find_rules_d
12632 ··when:12632 ··when:
12633 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12634 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12633 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12634 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12635 ··tags:12635 ··tags:
12636 ··-·CJIS-5.4.1.112636 ··-·CJIS-5.4.1.1
12637 ··-·NIST-800-171-3.3.112637 ··-·NIST-800-171-3.3.1
12638 ··-·NIST-800-171-3.4.312638 ··-·NIST-800-171-3.4.3
12639 ··-·NIST-800-53-AC-6(9)12639 ··-·NIST-800-53-AC-6(9)
12640 ··-·NIST-800-53-CM-6(a)12640 ··-·NIST-800-53-CM-6(a)
12641 ··-·PCI-DSS-Req-10.5.212641 ··-·PCI-DSS-Req-10.5.2
Offset 12651, 16 lines modifiedOffset 12651, 16 lines modified
12651 ··lineinfile:12651 ··lineinfile:
12652 ····path:·'{{·item·}}'12652 ····path:·'{{·item·}}'
12653 ····regexp:·^\s*(?:-e)\s+.*$12653 ····regexp:·^\s*(?:-e)\s+.*$
12654 ····state:·absent12654 ····state:·absent
12655 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12655 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12656 ····}}'12656 ····}}'
12657 ··when:12657 ··when:
12658 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12659 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12658 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12659 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12660 ··tags:12660 ··tags:
12661 ··-·CJIS-5.4.1.112661 ··-·CJIS-5.4.1.1
12662 ··-·NIST-800-171-3.3.112662 ··-·NIST-800-171-3.3.1
12663 ··-·NIST-800-171-3.4.312663 ··-·NIST-800-171-3.4.3
12664 ··-·NIST-800-53-AC-6(9)12664 ··-·NIST-800-53-AC-6(9)
12665 ··-·NIST-800-53-CM-6(a)12665 ··-·NIST-800-53-CM-6(a)
12666 ··-·PCI-DSS-Req-10.5.212666 ··-·PCI-DSS-Req-10.5.2
Offset 12677, 16 lines modifiedOffset 12677, 16 lines modified
12677 ····create:·true12677 ····create:·true
12678 ····line:·-e·212678 ····line:·-e·2
12679 ····mode:·o-rwx12679 ····mode:·o-rwx
12680 ··loop:12680 ··loop:
12681 ··-·/etc/audit/audit.rules12681 ··-·/etc/audit/audit.rules
12682 ··-·/etc/audit/rules.d/immutable.rules12682 ··-·/etc/audit/rules.d/immutable.rules
12683 ··when:12683 ··when:
12684 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12685 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12684 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12685 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12686 ··tags:12686 ··tags:
12687 ··-·CJIS-5.4.1.112687 ··-·CJIS-5.4.1.1
12688 ··-·NIST-800-171-3.3.112688 ··-·NIST-800-171-3.3.1
12689 ··-·NIST-800-171-3.4.312689 ··-·NIST-800-171-3.4.3
12690 ··-·NIST-800-53-AC-6(9)12690 ··-·NIST-800-53-AC-6(9)
12691 ··-·NIST-800-53-CM-6(a)12691 ··-·NIST-800-53-CM-6(a)
12692 ··-·PCI-DSS-Req-10.5.212692 ··-·PCI-DSS-Req-10.5.2
Offset 13571, 16 lines modifiedOffset 13571, 16 lines modified
13571 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13571 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13572 ··find:13572 ··find:
13573 ····paths:·/etc/audit/rules.d13573 ····paths:·/etc/audit/rules.d
13574 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13574 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13575 ····patterns:·'*.rules'13575 ····patterns:·'*.rules'
13576 ··register:·find_existing_watch_rules_d13576 ··register:·find_existing_watch_rules_d
13577 ··when:13577 ··when:
13578 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13579 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13578 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13579 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13580 ··tags:13580 ··tags:
13581 ··-·CJIS-5.4.1.113581 ··-·CJIS-5.4.1.1
13582 ··-·NIST-800-171-3.1.713582 ··-·NIST-800-171-3.1.7
13583 ··-·NIST-800-53-AC-2(7)(b)13583 ··-·NIST-800-53-AC-2(7)(b)
13584 ··-·NIST-800-53-AC-6(9)13584 ··-·NIST-800-53-AC-6(9)
13585 ··-·NIST-800-53-AU-12(c)13585 ··-·NIST-800-53-AU-12(c)
13586 ··-·NIST-800-53-AU-2(d)13586 ··-·NIST-800-53-AU-2(d)
Offset 13597, 16 lines modifiedOffset 13597, 16 lines modified
13597 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13597 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
13598 ··find:13598 ··find:
13599 ····paths:·/etc/audit/rules.d13599 ····paths:·/etc/audit/rules.d
13600 ····contains:·^.*(?:-F·key=|-k\s+)actions$13600 ····contains:·^.*(?:-F·key=|-k\s+)actions$
13601 ····patterns:·'*.rules'13601 ····patterns:·'*.rules'
13602 ··register:·find_watch_key13602 ··register:·find_watch_key
13603 ··when:13603 ··when:
13604 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13605 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13604 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13605 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13606 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched13606 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
13607 ····==·013607 ····==·0
13608 ··tags:13608 ··tags:
13609 ··-·CJIS-5.4.1.113609 ··-·CJIS-5.4.1.1
13610 ··-·NIST-800-171-3.1.713610 ··-·NIST-800-171-3.1.7
13611 ··-·NIST-800-53-AC-2(7)(b)13611 ··-·NIST-800-53-AC-2(7)(b)
13612 ··-·NIST-800-53-AC-6(9)13612 ··-·NIST-800-53-AC-6(9)
Offset 13623, 16 lines modifiedOffset 13623, 16 lines modified
13623 ··-·restrict_strategy13623 ··-·restrict_strategy
  
13624 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule13624 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
13625 ··set_fact:13625 ··set_fact:
13626 ····all_files:13626 ····all_files:
13627 ····-·/etc/audit/rules.d/actions.rules13627 ····-·/etc/audit/rules.d/actions.rules
13628 ··when:13628 ··when:
13629 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13630 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13629 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13630 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13631 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched13631 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
13632 ····is·defined·and·find_existing_watch_rules_d.matched·==·013632 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13633 ··tags:13633 ··tags:
13634 ··-·CJIS-5.4.1.113634 ··-·CJIS-5.4.1.1
13635 ··-·NIST-800-171-3.1.713635 ··-·NIST-800-171-3.1.7
13636 ··-·NIST-800-53-AC-2(7)(b)13636 ··-·NIST-800-53-AC-2(7)(b)
13637 ··-·NIST-800-53-AC-6(9)13637 ··-·NIST-800-53-AC-6(9)
Offset 13649, 16 lines modifiedOffset 13649, 16 lines modified
13649 ··-·restrict_strategy13649 ··-·restrict_strategy
  
13650 -·name:·Use·matched·file·as·the·recipient·for·the·rule13650 -·name:·Use·matched·file·as·the·recipient·for·the·rule
13651 ··set_fact:13651 ··set_fact:
13652 ····all_files:13652 ····all_files:
13653 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'13653 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
13654 ··when:13654 ··when:
13655 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
13656 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]13655 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 13656 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
13657 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched13657 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
13658 ····is·defined·and·find_existing_watch_rules_d.matched·==·013658 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13659 ··tags:13659 ··tags:
13660 ··-·CJIS-5.4.1.113660 ··-·CJIS-5.4.1.1
13661 ··-·NIST-800-171-3.1.713661 ··-·NIST-800-171-3.1.7
13662 ··-·NIST-800-53-AC-2(7)(b)13662 ··-·NIST-800-53-AC-2(7)(b)
13663 ··-·NIST-800-53-AC-6(9)13663 ··-·NIST-800-53-AC-6(9)
Offset 13677, 16 lines modifiedOffset 13677, 16 lines modified
13677 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/13677 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48925/53642 bytes (91.21%) of diff not shown.
7.0 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds-1.2.xml
6.89 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds-1.2.xml
    
Offset 29868, 16 lines modifiedOffset 29868, 16 lines modified
29868 ··-·no_reboot_needed29868 ··-·no_reboot_needed
  
29869 -·name:·Test·for·existence·/boot/grub2/grub.cfg29869 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29870 ··stat:29870 ··stat:
29871 ····path:·/boot/grub2/grub.cfg29871 ····path:·/boot/grub2/grub.cfg
29872 ··register:·file_exists29872 ··register:·file_exists
29873 ··when:29873 ··when:
29874 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29875 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29874 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29875 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29876 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29876 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29877 ··tags:29877 ··tags:
29878 ··-·CJIS-5.5.2.229878 ··-·CJIS-5.5.2.2
29879 ··-·NIST-800-171-3.4.529879 ··-·NIST-800-171-3.4.5
29880 ··-·NIST-800-53-AC-6(1)29880 ··-·NIST-800-53-AC-6(1)
29881 ··-·NIST-800-53-CM-6(a)29881 ··-·NIST-800-53-CM-6(a)
29882 ··-·PCI-DSS-Req-7.129882 ··-·PCI-DSS-Req-7.1
Offset 29889, 16 lines modifiedOffset 29889, 16 lines modified
29889 ··-·no_reboot_needed29889 ··-·no_reboot_needed
  
29890 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29890 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29891 ··file:29891 ··file:
29892 ····path:·/boot/grub2/grub.cfg29892 ····path:·/boot/grub2/grub.cfg
29893 ····group:·'0'29893 ····group:·'0'
29894 ··when:29894 ··when:
29895 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29896 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29895 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29896 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29897 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29897 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29898 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29898 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29899 ··tags:29899 ··tags:
29900 ··-·CJIS-5.5.2.229900 ··-·CJIS-5.5.2.2
29901 ··-·NIST-800-171-3.4.529901 ··-·NIST-800-171-3.4.5
29902 ··-·NIST-800-53-AC-6(1)29902 ··-·NIST-800-53-AC-6(1)
29903 ··-·NIST-800-53-CM-6(a)29903 ··-·NIST-800-53-CM-6(a)
Offset 29906, 15 lines modifiedOffset 29906, 15 lines modified
29906 ··-·configure_strategy29906 ··-·configure_strategy
29907 ··-·file_groupowner_efi_grub2_cfg29907 ··-·file_groupowner_efi_grub2_cfg
29908 ··-·low_complexity29908 ··-·low_complexity
29909 ··-·low_disruption29909 ··-·low_disruption
29910 ··-·medium_severity29910 ··-·medium_severity
29911 ··-·no_reboot_needed</xccdf-1.2:fix>29911 ··-·no_reboot_needed</xccdf-1.2:fix>
29912 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29912 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29913 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29913 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29914 chgrp·0·/boot/grub2/grub.cfg29914 chgrp·0·/boot/grub2/grub.cfg
  
29915 else29915 else
29916 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'29916 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29917 fi</xccdf-1.2:fix>29917 fi</xccdf-1.2:fix>
29918 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">29918 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30006, 16 lines modifiedOffset 30006, 16 lines modified
30006 ··-·no_reboot_needed30006 ··-·no_reboot_needed
  
30007 -·name:·Test·for·existence·/boot/grub2/grub.cfg30007 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30008 ··stat:30008 ··stat:
30009 ····path:·/boot/grub2/grub.cfg30009 ····path:·/boot/grub2/grub.cfg
30010 ··register:·file_exists30010 ··register:·file_exists
30011 ··when:30011 ··when:
30012 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30013 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30012 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30013 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30014 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30014 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30015 ··tags:30015 ··tags:
30016 ··-·CJIS-5.5.2.230016 ··-·CJIS-5.5.2.2
30017 ··-·NIST-800-171-3.4.530017 ··-·NIST-800-171-3.4.5
30018 ··-·NIST-800-53-AC-6(1)30018 ··-·NIST-800-53-AC-6(1)
30019 ··-·NIST-800-53-CM-6(a)30019 ··-·NIST-800-53-CM-6(a)
30020 ··-·PCI-DSS-Req-7.130020 ··-·PCI-DSS-Req-7.1
Offset 30027, 16 lines modifiedOffset 30027, 16 lines modified
30027 ··-·no_reboot_needed30027 ··-·no_reboot_needed
  
30028 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg30028 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
30029 ··file:30029 ··file:
30030 ····path:·/boot/grub2/grub.cfg30030 ····path:·/boot/grub2/grub.cfg
30031 ····owner:·'0'30031 ····owner:·'0'
30032 ··when:30032 ··when:
30033 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30034 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30033 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30034 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30035 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30035 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30036 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists30036 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
30037 ··tags:30037 ··tags:
30038 ··-·CJIS-5.5.2.230038 ··-·CJIS-5.5.2.2
30039 ··-·NIST-800-171-3.4.530039 ··-·NIST-800-171-3.4.5
30040 ··-·NIST-800-53-AC-6(1)30040 ··-·NIST-800-53-AC-6(1)
30041 ··-·NIST-800-53-CM-6(a)30041 ··-·NIST-800-53-CM-6(a)
Offset 30044, 15 lines modifiedOffset 30044, 15 lines modified
30044 ··-·configure_strategy30044 ··-·configure_strategy
30045 ··-·file_owner_efi_grub2_cfg30045 ··-·file_owner_efi_grub2_cfg
30046 ··-·low_complexity30046 ··-·low_complexity
30047 ··-·low_disruption30047 ··-·low_disruption
30048 ··-·medium_severity30048 ··-·medium_severity
30049 ··-·no_reboot_needed</xccdf-1.2:fix>30049 ··-·no_reboot_needed</xccdf-1.2:fix>
30050 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms30050 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
30051 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then30051 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
30052 chown·0·/boot/grub2/grub.cfg30052 chown·0·/boot/grub2/grub.cfg
  
30053 else30053 else
30054 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30054 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30055 fi</xccdf-1.2:fix>30055 fi</xccdf-1.2:fix>
30056 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30056 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30137, 16 lines modifiedOffset 30137, 16 lines modified
30137 ··-·no_reboot_needed30137 ··-·no_reboot_needed
  
30138 -·name:·Test·for·existence·/boot/grub2/grub.cfg30138 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30139 ··stat:30139 ··stat:
30140 ····path:·/boot/grub2/grub.cfg30140 ····path:·/boot/grub2/grub.cfg
30141 ··register:·file_exists30141 ··register:·file_exists
30142 ··when:30142 ··when:
30143 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30144 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30143 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30144 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30145 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30145 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30146 ··tags:30146 ··tags:
30147 ··-·NIST-800-171-3.4.530147 ··-·NIST-800-171-3.4.5
30148 ··-·NIST-800-53-AC-6(1)30148 ··-·NIST-800-53-AC-6(1)
30149 ··-·NIST-800-53-CM-6(a)30149 ··-·NIST-800-53-CM-6(a)
30150 ··-·configure_strategy30150 ··-·configure_strategy
30151 ··-·file_permissions_efi_grub2_cfg30151 ··-·file_permissions_efi_grub2_cfg
Offset 30156, 30 lines modifiedOffset 30156, 30 lines modified
30156 ··-·no_reboot_needed30156 ··-·no_reboot_needed
  
30157 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg30157 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
30158 ··file:30158 ··file:
30159 ····path:·/boot/grub2/grub.cfg30159 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1452/6943 bytes (20.91%) of diff not shown.
6.98 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds.xml
6.88 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds.xml
    
Offset 29868, 16 lines modifiedOffset 29868, 16 lines modified
29868 ··-·no_reboot_needed29868 ··-·no_reboot_needed
  
29869 -·name:·Test·for·existence·/boot/grub2/grub.cfg29869 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29870 ··stat:29870 ··stat:
29871 ····path:·/boot/grub2/grub.cfg29871 ····path:·/boot/grub2/grub.cfg
29872 ··register:·file_exists29872 ··register:·file_exists
29873 ··when:29873 ··when:
29874 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29875 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29874 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29875 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29876 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29876 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29877 ··tags:29877 ··tags:
29878 ··-·CJIS-5.5.2.229878 ··-·CJIS-5.5.2.2
29879 ··-·NIST-800-171-3.4.529879 ··-·NIST-800-171-3.4.5
29880 ··-·NIST-800-53-AC-6(1)29880 ··-·NIST-800-53-AC-6(1)
29881 ··-·NIST-800-53-CM-6(a)29881 ··-·NIST-800-53-CM-6(a)
29882 ··-·PCI-DSS-Req-7.129882 ··-·PCI-DSS-Req-7.1
Offset 29889, 16 lines modifiedOffset 29889, 16 lines modified
29889 ··-·no_reboot_needed29889 ··-·no_reboot_needed
  
29890 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29890 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29891 ··file:29891 ··file:
29892 ····path:·/boot/grub2/grub.cfg29892 ····path:·/boot/grub2/grub.cfg
29893 ····group:·'0'29893 ····group:·'0'
29894 ··when:29894 ··when:
29895 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29896 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29895 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29896 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29897 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29897 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29898 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29898 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29899 ··tags:29899 ··tags:
29900 ··-·CJIS-5.5.2.229900 ··-·CJIS-5.5.2.2
29901 ··-·NIST-800-171-3.4.529901 ··-·NIST-800-171-3.4.5
29902 ··-·NIST-800-53-AC-6(1)29902 ··-·NIST-800-53-AC-6(1)
29903 ··-·NIST-800-53-CM-6(a)29903 ··-·NIST-800-53-CM-6(a)
Offset 29906, 15 lines modifiedOffset 29906, 15 lines modified
29906 ··-·configure_strategy29906 ··-·configure_strategy
29907 ··-·file_groupowner_efi_grub2_cfg29907 ··-·file_groupowner_efi_grub2_cfg
29908 ··-·low_complexity29908 ··-·low_complexity
29909 ··-·low_disruption29909 ··-·low_disruption
29910 ··-·medium_severity29910 ··-·medium_severity
29911 ··-·no_reboot_needed</xccdf-1.2:fix>29911 ··-·no_reboot_needed</xccdf-1.2:fix>
29912 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29912 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29913 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29913 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29914 chgrp·0·/boot/grub2/grub.cfg29914 chgrp·0·/boot/grub2/grub.cfg
  
29915 else29915 else
29916 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'29916 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29917 fi</xccdf-1.2:fix>29917 fi</xccdf-1.2:fix>
29918 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">29918 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30006, 16 lines modifiedOffset 30006, 16 lines modified
30006 ··-·no_reboot_needed30006 ··-·no_reboot_needed
  
30007 -·name:·Test·for·existence·/boot/grub2/grub.cfg30007 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30008 ··stat:30008 ··stat:
30009 ····path:·/boot/grub2/grub.cfg30009 ····path:·/boot/grub2/grub.cfg
30010 ··register:·file_exists30010 ··register:·file_exists
30011 ··when:30011 ··when:
30012 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30013 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30012 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30013 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30014 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30014 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30015 ··tags:30015 ··tags:
30016 ··-·CJIS-5.5.2.230016 ··-·CJIS-5.5.2.2
30017 ··-·NIST-800-171-3.4.530017 ··-·NIST-800-171-3.4.5
30018 ··-·NIST-800-53-AC-6(1)30018 ··-·NIST-800-53-AC-6(1)
30019 ··-·NIST-800-53-CM-6(a)30019 ··-·NIST-800-53-CM-6(a)
30020 ··-·PCI-DSS-Req-7.130020 ··-·PCI-DSS-Req-7.1
Offset 30027, 16 lines modifiedOffset 30027, 16 lines modified
30027 ··-·no_reboot_needed30027 ··-·no_reboot_needed
  
30028 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg30028 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
30029 ··file:30029 ··file:
30030 ····path:·/boot/grub2/grub.cfg30030 ····path:·/boot/grub2/grub.cfg
30031 ····owner:·'0'30031 ····owner:·'0'
30032 ··when:30032 ··when:
30033 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30034 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30033 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30034 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30035 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30035 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30036 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists30036 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
30037 ··tags:30037 ··tags:
30038 ··-·CJIS-5.5.2.230038 ··-·CJIS-5.5.2.2
30039 ··-·NIST-800-171-3.4.530039 ··-·NIST-800-171-3.4.5
30040 ··-·NIST-800-53-AC-6(1)30040 ··-·NIST-800-53-AC-6(1)
30041 ··-·NIST-800-53-CM-6(a)30041 ··-·NIST-800-53-CM-6(a)
Offset 30044, 15 lines modifiedOffset 30044, 15 lines modified
30044 ··-·configure_strategy30044 ··-·configure_strategy
30045 ··-·file_owner_efi_grub2_cfg30045 ··-·file_owner_efi_grub2_cfg
30046 ··-·low_complexity30046 ··-·low_complexity
30047 ··-·low_disruption30047 ··-·low_disruption
30048 ··-·medium_severity30048 ··-·medium_severity
30049 ··-·no_reboot_needed</xccdf-1.2:fix>30049 ··-·no_reboot_needed</xccdf-1.2:fix>
30050 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms30050 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
30051 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then30051 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
30052 chown·0·/boot/grub2/grub.cfg30052 chown·0·/boot/grub2/grub.cfg
  
30053 else30053 else
30054 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30054 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30055 fi</xccdf-1.2:fix>30055 fi</xccdf-1.2:fix>
30056 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30056 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30137, 16 lines modifiedOffset 30137, 16 lines modified
30137 ··-·no_reboot_needed30137 ··-·no_reboot_needed
  
30138 -·name:·Test·for·existence·/boot/grub2/grub.cfg30138 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30139 ··stat:30139 ··stat:
30140 ····path:·/boot/grub2/grub.cfg30140 ····path:·/boot/grub2/grub.cfg
30141 ··register:·file_exists30141 ··register:·file_exists
30142 ··when:30142 ··when:
30143 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30144 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30143 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30144 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30145 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30145 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30146 ··tags:30146 ··tags:
30147 ··-·NIST-800-171-3.4.530147 ··-·NIST-800-171-3.4.5
30148 ··-·NIST-800-53-AC-6(1)30148 ··-·NIST-800-53-AC-6(1)
30149 ··-·NIST-800-53-CM-6(a)30149 ··-·NIST-800-53-CM-6(a)
30150 ··-·configure_strategy30150 ··-·configure_strategy
30151 ··-·file_permissions_efi_grub2_cfg30151 ··-·file_permissions_efi_grub2_cfg
Offset 30156, 30 lines modifiedOffset 30156, 30 lines modified
30156 ··-·no_reboot_needed30156 ··-·no_reboot_needed
  
30157 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg30157 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
30158 ··file:30158 ··file:
30159 ····path:·/boot/grub2/grub.cfg30159 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1452/6943 bytes (20.91%) of diff not shown.
6.97 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-xccdf.xml
6.86 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-xccdf.xml
    
Offset 29756, 16 lines modifiedOffset 29756, 16 lines modified
29756 ··-·no_reboot_needed29756 ··-·no_reboot_needed
  
29757 -·name:·Test·for·existence·/boot/grub2/grub.cfg29757 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29758 ··stat:29758 ··stat:
29759 ····path:·/boot/grub2/grub.cfg29759 ····path:·/boot/grub2/grub.cfg
29760 ··register:·file_exists29760 ··register:·file_exists
29761 ··when:29761 ··when:
29762 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29763 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29762 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29763 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29764 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29764 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29765 ··tags:29765 ··tags:
29766 ··-·CJIS-5.5.2.229766 ··-·CJIS-5.5.2.2
29767 ··-·NIST-800-171-3.4.529767 ··-·NIST-800-171-3.4.5
29768 ··-·NIST-800-53-AC-6(1)29768 ··-·NIST-800-53-AC-6(1)
29769 ··-·NIST-800-53-CM-6(a)29769 ··-·NIST-800-53-CM-6(a)
29770 ··-·PCI-DSS-Req-7.129770 ··-·PCI-DSS-Req-7.1
Offset 29777, 16 lines modifiedOffset 29777, 16 lines modified
29777 ··-·no_reboot_needed29777 ··-·no_reboot_needed
  
29778 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29778 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29779 ··file:29779 ··file:
29780 ····path:·/boot/grub2/grub.cfg29780 ····path:·/boot/grub2/grub.cfg
29781 ····group:·'0'29781 ····group:·'0'
29782 ··when:29782 ··when:
29783 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29784 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29783 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29784 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29785 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29785 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29786 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29786 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29787 ··tags:29787 ··tags:
29788 ··-·CJIS-5.5.2.229788 ··-·CJIS-5.5.2.2
29789 ··-·NIST-800-171-3.4.529789 ··-·NIST-800-171-3.4.5
29790 ··-·NIST-800-53-AC-6(1)29790 ··-·NIST-800-53-AC-6(1)
29791 ··-·NIST-800-53-CM-6(a)29791 ··-·NIST-800-53-CM-6(a)
Offset 29794, 15 lines modifiedOffset 29794, 15 lines modified
29794 ··-·configure_strategy29794 ··-·configure_strategy
29795 ··-·file_groupowner_efi_grub2_cfg29795 ··-·file_groupowner_efi_grub2_cfg
29796 ··-·low_complexity29796 ··-·low_complexity
29797 ··-·low_disruption29797 ··-·low_disruption
29798 ··-·medium_severity29798 ··-·medium_severity
29799 ··-·no_reboot_needed</xccdf-1.2:fix>29799 ··-·no_reboot_needed</xccdf-1.2:fix>
29800 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29800 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29801 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29801 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29802 chgrp·0·/boot/grub2/grub.cfg29802 chgrp·0·/boot/grub2/grub.cfg
  
29803 else29803 else
29804 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'29804 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29805 fi</xccdf-1.2:fix>29805 fi</xccdf-1.2:fix>
29806 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">29806 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 29894, 16 lines modifiedOffset 29894, 16 lines modified
29894 ··-·no_reboot_needed29894 ··-·no_reboot_needed
  
29895 -·name:·Test·for·existence·/boot/grub2/grub.cfg29895 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29896 ··stat:29896 ··stat:
29897 ····path:·/boot/grub2/grub.cfg29897 ····path:·/boot/grub2/grub.cfg
29898 ··register:·file_exists29898 ··register:·file_exists
29899 ··when:29899 ··when:
29900 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29901 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29900 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29901 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29902 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29902 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29903 ··tags:29903 ··tags:
29904 ··-·CJIS-5.5.2.229904 ··-·CJIS-5.5.2.2
29905 ··-·NIST-800-171-3.4.529905 ··-·NIST-800-171-3.4.5
29906 ··-·NIST-800-53-AC-6(1)29906 ··-·NIST-800-53-AC-6(1)
29907 ··-·NIST-800-53-CM-6(a)29907 ··-·NIST-800-53-CM-6(a)
29908 ··-·PCI-DSS-Req-7.129908 ··-·PCI-DSS-Req-7.1
Offset 29915, 16 lines modifiedOffset 29915, 16 lines modified
29915 ··-·no_reboot_needed29915 ··-·no_reboot_needed
  
29916 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg29916 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
29917 ··file:29917 ··file:
29918 ····path:·/boot/grub2/grub.cfg29918 ····path:·/boot/grub2/grub.cfg
29919 ····owner:·'0'29919 ····owner:·'0'
29920 ··when:29920 ··when:
29921 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
29922 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'29921 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 29922 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
29923 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29923 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29924 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29924 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29925 ··tags:29925 ··tags:
29926 ··-·CJIS-5.5.2.229926 ··-·CJIS-5.5.2.2
29927 ··-·NIST-800-171-3.4.529927 ··-·NIST-800-171-3.4.5
29928 ··-·NIST-800-53-AC-6(1)29928 ··-·NIST-800-53-AC-6(1)
29929 ··-·NIST-800-53-CM-6(a)29929 ··-·NIST-800-53-CM-6(a)
Offset 29932, 15 lines modifiedOffset 29932, 15 lines modified
29932 ··-·configure_strategy29932 ··-·configure_strategy
29933 ··-·file_owner_efi_grub2_cfg29933 ··-·file_owner_efi_grub2_cfg
29934 ··-·low_complexity29934 ··-·low_complexity
29935 ··-·low_disruption29935 ··-·low_disruption
29936 ··-·medium_severity29936 ··-·medium_severity
29937 ··-·no_reboot_needed</xccdf-1.2:fix>29937 ··-·no_reboot_needed</xccdf-1.2:fix>
29938 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29938 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29939 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29939 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29940 chown·0·/boot/grub2/grub.cfg29940 chown·0·/boot/grub2/grub.cfg
  
29941 else29941 else
29942 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'29942 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29943 fi</xccdf-1.2:fix>29943 fi</xccdf-1.2:fix>
29944 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">29944 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30025, 16 lines modifiedOffset 30025, 16 lines modified
30025 ··-·no_reboot_needed30025 ··-·no_reboot_needed
  
30026 -·name:·Test·for·existence·/boot/grub2/grub.cfg30026 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30027 ··stat:30027 ··stat:
30028 ····path:·/boot/grub2/grub.cfg30028 ····path:·/boot/grub2/grub.cfg
30029 ··register:·file_exists30029 ··register:·file_exists
30030 ··when:30030 ··when:
30031 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
30032 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'30031 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 30032 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
30033 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30033 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30034 ··tags:30034 ··tags:
30035 ··-·NIST-800-171-3.4.530035 ··-·NIST-800-171-3.4.5
30036 ··-·NIST-800-53-AC-6(1)30036 ··-·NIST-800-53-AC-6(1)
30037 ··-·NIST-800-53-CM-6(a)30037 ··-·NIST-800-53-CM-6(a)
30038 ··-·configure_strategy30038 ··-·configure_strategy
30039 ··-·file_permissions_efi_grub2_cfg30039 ··-·file_permissions_efi_grub2_cfg
Offset 30044, 30 lines modifiedOffset 30044, 30 lines modified
30044 ··-·no_reboot_needed30044 ··-·no_reboot_needed
  
30045 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg30045 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
30046 ··file:30046 ··file:
30047 ····path:·/boot/grub2/grub.cfg30047 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1444/6919 bytes (20.87%) of diff not shown.
57.4 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds-1.2.xml
57.3 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds-1.2.xml
    
Offset 11095, 16 lines modifiedOffset 11095, 16 lines modified
  
11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11096 ··find:11096 ··find:
11097 ····paths:·/etc/audit/rules.d/11097 ····paths:·/etc/audit/rules.d/
11098 ····patterns:·'*.rules'11098 ····patterns:·'*.rules'
11099 ··register:·find_rules_d11099 ··register:·find_rules_d
11100 ··when:11100 ··when:
11101 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11102 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11101 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11102 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11103 ··tags:11103 ··tags:
11104 ··-·CJIS-5.4.1.111104 ··-·CJIS-5.4.1.1
11105 ··-·NIST-800-171-3.3.111105 ··-·NIST-800-171-3.3.1
11106 ··-·NIST-800-171-3.4.311106 ··-·NIST-800-171-3.4.3
11107 ··-·NIST-800-53-AC-6(9)11107 ··-·NIST-800-53-AC-6(9)
11108 ··-·NIST-800-53-CM-6(a)11108 ··-·NIST-800-53-CM-6(a)
11109 ··-·PCI-DSS-Req-10.5.211109 ··-·PCI-DSS-Req-10.5.2
Offset 11119, 16 lines modifiedOffset 11119, 16 lines modified
11119 ··lineinfile:11119 ··lineinfile:
11120 ····path:·'{{·item·}}'11120 ····path:·'{{·item·}}'
11121 ····regexp:·^\s*(?:-e)\s+.*$11121 ····regexp:·^\s*(?:-e)\s+.*$
11122 ····state:·absent11122 ····state:·absent
11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11124 ····}}'11124 ····}}'
11125 ··when:11125 ··when:
11126 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11127 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11126 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11127 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11128 ··tags:11128 ··tags:
11129 ··-·CJIS-5.4.1.111129 ··-·CJIS-5.4.1.1
11130 ··-·NIST-800-171-3.3.111130 ··-·NIST-800-171-3.3.1
11131 ··-·NIST-800-171-3.4.311131 ··-·NIST-800-171-3.4.3
11132 ··-·NIST-800-53-AC-6(9)11132 ··-·NIST-800-53-AC-6(9)
11133 ··-·NIST-800-53-CM-6(a)11133 ··-·NIST-800-53-CM-6(a)
11134 ··-·PCI-DSS-Req-10.5.211134 ··-·PCI-DSS-Req-10.5.2
Offset 11145, 16 lines modifiedOffset 11145, 16 lines modified
11145 ····create:·true11145 ····create:·true
11146 ····line:·-e·211146 ····line:·-e·2
11147 ····mode:·o-rwx11147 ····mode:·o-rwx
11148 ··loop:11148 ··loop:
11149 ··-·/etc/audit/audit.rules11149 ··-·/etc/audit/audit.rules
11150 ··-·/etc/audit/rules.d/immutable.rules11150 ··-·/etc/audit/rules.d/immutable.rules
11151 ··when:11151 ··when:
11152 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11153 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11152 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11154 ··tags:11154 ··tags:
11155 ··-·CJIS-5.4.1.111155 ··-·CJIS-5.4.1.1
11156 ··-·NIST-800-171-3.3.111156 ··-·NIST-800-171-3.3.1
11157 ··-·NIST-800-171-3.4.311157 ··-·NIST-800-171-3.4.3
11158 ··-·NIST-800-53-AC-6(9)11158 ··-·NIST-800-53-AC-6(9)
11159 ··-·NIST-800-53-CM-6(a)11159 ··-·NIST-800-53-CM-6(a)
11160 ··-·PCI-DSS-Req-10.5.211160 ··-·PCI-DSS-Req-10.5.2
Offset 12034, 16 lines modifiedOffset 12034, 16 lines modified
12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
12035 ··find:12035 ··find:
12036 ····paths:·/etc/audit/rules.d12036 ····paths:·/etc/audit/rules.d
12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
12038 ····patterns:·'*.rules'12038 ····patterns:·'*.rules'
12039 ··register:·find_existing_watch_rules_d12039 ··register:·find_existing_watch_rules_d
12040 ··when:12040 ··when:
12041 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12042 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12041 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12042 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12043 ··tags:12043 ··tags:
12044 ··-·CJIS-5.4.1.112044 ··-·CJIS-5.4.1.1
12045 ··-·NIST-800-171-3.1.712045 ··-·NIST-800-171-3.1.7
12046 ··-·NIST-800-53-AC-2(7)(b)12046 ··-·NIST-800-53-AC-2(7)(b)
12047 ··-·NIST-800-53-AC-6(9)12047 ··-·NIST-800-53-AC-6(9)
12048 ··-·NIST-800-53-AU-12(c)12048 ··-·NIST-800-53-AU-12(c)
12049 ··-·NIST-800-53-AU-2(d)12049 ··-·NIST-800-53-AU-2(d)
Offset 12060, 16 lines modifiedOffset 12060, 16 lines modified
12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
12061 ··find:12061 ··find:
12062 ····paths:·/etc/audit/rules.d12062 ····paths:·/etc/audit/rules.d
12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$
12064 ····patterns:·'*.rules'12064 ····patterns:·'*.rules'
12065 ··register:·find_watch_key12065 ··register:·find_watch_key
12066 ··when:12066 ··when:
12067 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12068 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12067 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12068 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
12070 ····==·012070 ····==·0
12071 ··tags:12071 ··tags:
12072 ··-·CJIS-5.4.1.112072 ··-·CJIS-5.4.1.1
12073 ··-·NIST-800-171-3.1.712073 ··-·NIST-800-171-3.1.7
12074 ··-·NIST-800-53-AC-2(7)(b)12074 ··-·NIST-800-53-AC-2(7)(b)
12075 ··-·NIST-800-53-AC-6(9)12075 ··-·NIST-800-53-AC-6(9)
Offset 12086, 16 lines modifiedOffset 12086, 16 lines modified
12086 ··-·restrict_strategy12086 ··-·restrict_strategy
  
12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
12088 ··set_fact:12088 ··set_fact:
12089 ····all_files:12089 ····all_files:
12090 ····-·/etc/audit/rules.d/actions.rules12090 ····-·/etc/audit/rules.d/actions.rules
12091 ··when:12091 ··when:
12092 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12092 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
12095 ····is·defined·and·find_existing_watch_rules_d.matched·==·012095 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12096 ··tags:12096 ··tags:
12097 ··-·CJIS-5.4.1.112097 ··-·CJIS-5.4.1.1
12098 ··-·NIST-800-171-3.1.712098 ··-·NIST-800-171-3.1.7
12099 ··-·NIST-800-53-AC-2(7)(b)12099 ··-·NIST-800-53-AC-2(7)(b)
12100 ··-·NIST-800-53-AC-6(9)12100 ··-·NIST-800-53-AC-6(9)
Offset 12112, 16 lines modifiedOffset 12112, 16 lines modified
12112 ··-·restrict_strategy12112 ··-·restrict_strategy
  
12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule
12114 ··set_fact:12114 ··set_fact:
12115 ····all_files:12115 ····all_files:
12116 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'12116 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
12117 ··when:12117 ··when:
12118 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12119 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12118 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12119 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12120 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched12120 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
12121 ····is·defined·and·find_existing_watch_rules_d.matched·==·012121 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12122 ··tags:12122 ··tags:
12123 ··-·CJIS-5.4.1.112123 ··-·CJIS-5.4.1.1
12124 ··-·NIST-800-171-3.1.712124 ··-·NIST-800-171-3.1.7
12125 ··-·NIST-800-53-AC-2(7)(b)12125 ··-·NIST-800-53-AC-2(7)(b)
12126 ··-·NIST-800-53-AC-6(9)12126 ··-·NIST-800-53-AC-6(9)
Offset 12140, 16 lines modifiedOffset 12140, 16 lines modified
12140 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/12140 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 53208/58555 bytes (90.87%) of diff not shown.
57.4 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds.xml
57.3 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds.xml
    
Offset 11095, 16 lines modifiedOffset 11095, 16 lines modified
  
11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11096 ··find:11096 ··find:
11097 ····paths:·/etc/audit/rules.d/11097 ····paths:·/etc/audit/rules.d/
11098 ····patterns:·'*.rules'11098 ····patterns:·'*.rules'
11099 ··register:·find_rules_d11099 ··register:·find_rules_d
11100 ··when:11100 ··when:
11101 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11102 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11101 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11102 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11103 ··tags:11103 ··tags:
11104 ··-·CJIS-5.4.1.111104 ··-·CJIS-5.4.1.1
11105 ··-·NIST-800-171-3.3.111105 ··-·NIST-800-171-3.3.1
11106 ··-·NIST-800-171-3.4.311106 ··-·NIST-800-171-3.4.3
11107 ··-·NIST-800-53-AC-6(9)11107 ··-·NIST-800-53-AC-6(9)
11108 ··-·NIST-800-53-CM-6(a)11108 ··-·NIST-800-53-CM-6(a)
11109 ··-·PCI-DSS-Req-10.5.211109 ··-·PCI-DSS-Req-10.5.2
Offset 11119, 16 lines modifiedOffset 11119, 16 lines modified
11119 ··lineinfile:11119 ··lineinfile:
11120 ····path:·'{{·item·}}'11120 ····path:·'{{·item·}}'
11121 ····regexp:·^\s*(?:-e)\s+.*$11121 ····regexp:·^\s*(?:-e)\s+.*$
11122 ····state:·absent11122 ····state:·absent
11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11124 ····}}'11124 ····}}'
11125 ··when:11125 ··when:
11126 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11127 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11126 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11127 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11128 ··tags:11128 ··tags:
11129 ··-·CJIS-5.4.1.111129 ··-·CJIS-5.4.1.1
11130 ··-·NIST-800-171-3.3.111130 ··-·NIST-800-171-3.3.1
11131 ··-·NIST-800-171-3.4.311131 ··-·NIST-800-171-3.4.3
11132 ··-·NIST-800-53-AC-6(9)11132 ··-·NIST-800-53-AC-6(9)
11133 ··-·NIST-800-53-CM-6(a)11133 ··-·NIST-800-53-CM-6(a)
11134 ··-·PCI-DSS-Req-10.5.211134 ··-·PCI-DSS-Req-10.5.2
Offset 11145, 16 lines modifiedOffset 11145, 16 lines modified
11145 ····create:·true11145 ····create:·true
11146 ····line:·-e·211146 ····line:·-e·2
11147 ····mode:·o-rwx11147 ····mode:·o-rwx
11148 ··loop:11148 ··loop:
11149 ··-·/etc/audit/audit.rules11149 ··-·/etc/audit/audit.rules
11150 ··-·/etc/audit/rules.d/immutable.rules11150 ··-·/etc/audit/rules.d/immutable.rules
11151 ··when:11151 ··when:
11152 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11153 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11152 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11154 ··tags:11154 ··tags:
11155 ··-·CJIS-5.4.1.111155 ··-·CJIS-5.4.1.1
11156 ··-·NIST-800-171-3.3.111156 ··-·NIST-800-171-3.3.1
11157 ··-·NIST-800-171-3.4.311157 ··-·NIST-800-171-3.4.3
11158 ··-·NIST-800-53-AC-6(9)11158 ··-·NIST-800-53-AC-6(9)
11159 ··-·NIST-800-53-CM-6(a)11159 ··-·NIST-800-53-CM-6(a)
11160 ··-·PCI-DSS-Req-10.5.211160 ··-·PCI-DSS-Req-10.5.2
Offset 12034, 16 lines modifiedOffset 12034, 16 lines modified
12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
12035 ··find:12035 ··find:
12036 ····paths:·/etc/audit/rules.d12036 ····paths:·/etc/audit/rules.d
12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
12038 ····patterns:·'*.rules'12038 ····patterns:·'*.rules'
12039 ··register:·find_existing_watch_rules_d12039 ··register:·find_existing_watch_rules_d
12040 ··when:12040 ··when:
12041 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12042 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12041 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12042 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12043 ··tags:12043 ··tags:
12044 ··-·CJIS-5.4.1.112044 ··-·CJIS-5.4.1.1
12045 ··-·NIST-800-171-3.1.712045 ··-·NIST-800-171-3.1.7
12046 ··-·NIST-800-53-AC-2(7)(b)12046 ··-·NIST-800-53-AC-2(7)(b)
12047 ··-·NIST-800-53-AC-6(9)12047 ··-·NIST-800-53-AC-6(9)
12048 ··-·NIST-800-53-AU-12(c)12048 ··-·NIST-800-53-AU-12(c)
12049 ··-·NIST-800-53-AU-2(d)12049 ··-·NIST-800-53-AU-2(d)
Offset 12060, 16 lines modifiedOffset 12060, 16 lines modified
12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
12061 ··find:12061 ··find:
12062 ····paths:·/etc/audit/rules.d12062 ····paths:·/etc/audit/rules.d
12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$
12064 ····patterns:·'*.rules'12064 ····patterns:·'*.rules'
12065 ··register:·find_watch_key12065 ··register:·find_watch_key
12066 ··when:12066 ··when:
12067 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12068 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12067 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12068 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
12070 ····==·012070 ····==·0
12071 ··tags:12071 ··tags:
12072 ··-·CJIS-5.4.1.112072 ··-·CJIS-5.4.1.1
12073 ··-·NIST-800-171-3.1.712073 ··-·NIST-800-171-3.1.7
12074 ··-·NIST-800-53-AC-2(7)(b)12074 ··-·NIST-800-53-AC-2(7)(b)
12075 ··-·NIST-800-53-AC-6(9)12075 ··-·NIST-800-53-AC-6(9)
Offset 12086, 16 lines modifiedOffset 12086, 16 lines modified
12086 ··-·restrict_strategy12086 ··-·restrict_strategy
  
12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
12088 ··set_fact:12088 ··set_fact:
12089 ····all_files:12089 ····all_files:
12090 ····-·/etc/audit/rules.d/actions.rules12090 ····-·/etc/audit/rules.d/actions.rules
12091 ··when:12091 ··when:
12092 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12092 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
12095 ····is·defined·and·find_existing_watch_rules_d.matched·==·012095 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12096 ··tags:12096 ··tags:
12097 ··-·CJIS-5.4.1.112097 ··-·CJIS-5.4.1.1
12098 ··-·NIST-800-171-3.1.712098 ··-·NIST-800-171-3.1.7
12099 ··-·NIST-800-53-AC-2(7)(b)12099 ··-·NIST-800-53-AC-2(7)(b)
12100 ··-·NIST-800-53-AC-6(9)12100 ··-·NIST-800-53-AC-6(9)
Offset 12112, 16 lines modifiedOffset 12112, 16 lines modified
12112 ··-·restrict_strategy12112 ··-·restrict_strategy
  
12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule
12114 ··set_fact:12114 ··set_fact:
12115 ····all_files:12115 ····all_files:
12116 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'12116 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
12117 ··when:12117 ··when:
12118 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12119 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12118 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12119 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12120 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched12120 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
12121 ····is·defined·and·find_existing_watch_rules_d.matched·==·012121 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12122 ··tags:12122 ··tags:
12123 ··-·CJIS-5.4.1.112123 ··-·CJIS-5.4.1.1
12124 ··-·NIST-800-171-3.1.712124 ··-·NIST-800-171-3.1.7
12125 ··-·NIST-800-53-AC-2(7)(b)12125 ··-·NIST-800-53-AC-2(7)(b)
12126 ··-·NIST-800-53-AC-6(9)12126 ··-·NIST-800-53-AC-6(9)
Offset 12140, 16 lines modifiedOffset 12140, 16 lines modified
12140 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/12140 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 53208/58555 bytes (90.87%) of diff not shown.
57.2 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-xccdf.xml
57.1 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-xccdf.xml
    
Offset 10991, 16 lines modifiedOffset 10991, 16 lines modified
  
10991 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension10991 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
10992 ··find:10992 ··find:
10993 ····paths:·/etc/audit/rules.d/10993 ····paths:·/etc/audit/rules.d/
10994 ····patterns:·'*.rules'10994 ····patterns:·'*.rules'
10995 ··register:·find_rules_d10995 ··register:·find_rules_d
10996 ··when:10996 ··when:
10997 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
10998 ··-·'&quot;audit&quot;·in·ansible_facts.packages'10997 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 10998 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
10999 ··tags:10999 ··tags:
11000 ··-·CJIS-5.4.1.111000 ··-·CJIS-5.4.1.1
11001 ··-·NIST-800-171-3.3.111001 ··-·NIST-800-171-3.3.1
11002 ··-·NIST-800-171-3.4.311002 ··-·NIST-800-171-3.4.3
11003 ··-·NIST-800-53-AC-6(9)11003 ··-·NIST-800-53-AC-6(9)
11004 ··-·NIST-800-53-CM-6(a)11004 ··-·NIST-800-53-CM-6(a)
11005 ··-·PCI-DSS-Req-10.5.211005 ··-·PCI-DSS-Req-10.5.2
Offset 11015, 16 lines modifiedOffset 11015, 16 lines modified
11015 ··lineinfile:11015 ··lineinfile:
11016 ····path:·'{{·item·}}'11016 ····path:·'{{·item·}}'
11017 ····regexp:·^\s*(?:-e)\s+.*$11017 ····regexp:·^\s*(?:-e)\s+.*$
11018 ····state:·absent11018 ····state:·absent
11019 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11019 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11020 ····}}'11020 ····}}'
11021 ··when:11021 ··when:
11022 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11023 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11022 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11023 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11024 ··tags:11024 ··tags:
11025 ··-·CJIS-5.4.1.111025 ··-·CJIS-5.4.1.1
11026 ··-·NIST-800-171-3.3.111026 ··-·NIST-800-171-3.3.1
11027 ··-·NIST-800-171-3.4.311027 ··-·NIST-800-171-3.4.3
11028 ··-·NIST-800-53-AC-6(9)11028 ··-·NIST-800-53-AC-6(9)
11029 ··-·NIST-800-53-CM-6(a)11029 ··-·NIST-800-53-CM-6(a)
11030 ··-·PCI-DSS-Req-10.5.211030 ··-·PCI-DSS-Req-10.5.2
Offset 11041, 16 lines modifiedOffset 11041, 16 lines modified
11041 ····create:·true11041 ····create:·true
11042 ····line:·-e·211042 ····line:·-e·2
11043 ····mode:·o-rwx11043 ····mode:·o-rwx
11044 ··loop:11044 ··loop:
11045 ··-·/etc/audit/audit.rules11045 ··-·/etc/audit/audit.rules
11046 ··-·/etc/audit/rules.d/immutable.rules11046 ··-·/etc/audit/rules.d/immutable.rules
11047 ··when:11047 ··when:
11048 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11049 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11048 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11049 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11050 ··tags:11050 ··tags:
11051 ··-·CJIS-5.4.1.111051 ··-·CJIS-5.4.1.1
11052 ··-·NIST-800-171-3.3.111052 ··-·NIST-800-171-3.3.1
11053 ··-·NIST-800-171-3.4.311053 ··-·NIST-800-171-3.4.3
11054 ··-·NIST-800-53-AC-6(9)11054 ··-·NIST-800-53-AC-6(9)
11055 ··-·NIST-800-53-CM-6(a)11055 ··-·NIST-800-53-CM-6(a)
11056 ··-·PCI-DSS-Req-10.5.211056 ··-·PCI-DSS-Req-10.5.2
Offset 11930, 16 lines modifiedOffset 11930, 16 lines modified
11930 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/11930 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
11931 ··find:11931 ··find:
11932 ····paths:·/etc/audit/rules.d11932 ····paths:·/etc/audit/rules.d
11933 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+11933 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
11934 ····patterns:·'*.rules'11934 ····patterns:·'*.rules'
11935 ··register:·find_existing_watch_rules_d11935 ··register:·find_existing_watch_rules_d
11936 ··when:11936 ··when:
11937 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11938 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11937 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11938 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11939 ··tags:11939 ··tags:
11940 ··-·CJIS-5.4.1.111940 ··-·CJIS-5.4.1.1
11941 ··-·NIST-800-171-3.1.711941 ··-·NIST-800-171-3.1.7
11942 ··-·NIST-800-53-AC-2(7)(b)11942 ··-·NIST-800-53-AC-2(7)(b)
11943 ··-·NIST-800-53-AC-6(9)11943 ··-·NIST-800-53-AC-6(9)
11944 ··-·NIST-800-53-AU-12(c)11944 ··-·NIST-800-53-AU-12(c)
11945 ··-·NIST-800-53-AU-2(d)11945 ··-·NIST-800-53-AU-2(d)
Offset 11956, 16 lines modifiedOffset 11956, 16 lines modified
11956 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions11956 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
11957 ··find:11957 ··find:
11958 ····paths:·/etc/audit/rules.d11958 ····paths:·/etc/audit/rules.d
11959 ····contains:·^.*(?:-F·key=|-k\s+)actions$11959 ····contains:·^.*(?:-F·key=|-k\s+)actions$
11960 ····patterns:·'*.rules'11960 ····patterns:·'*.rules'
11961 ··register:·find_watch_key11961 ··register:·find_watch_key
11962 ··when:11962 ··when:
11963 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11964 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11963 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11964 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11965 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched11965 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
11966 ····==·011966 ····==·0
11967 ··tags:11967 ··tags:
11968 ··-·CJIS-5.4.1.111968 ··-·CJIS-5.4.1.1
11969 ··-·NIST-800-171-3.1.711969 ··-·NIST-800-171-3.1.7
11970 ··-·NIST-800-53-AC-2(7)(b)11970 ··-·NIST-800-53-AC-2(7)(b)
11971 ··-·NIST-800-53-AC-6(9)11971 ··-·NIST-800-53-AC-6(9)
Offset 11982, 16 lines modifiedOffset 11982, 16 lines modified
11982 ··-·restrict_strategy11982 ··-·restrict_strategy
  
11983 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule11983 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
11984 ··set_fact:11984 ··set_fact:
11985 ····all_files:11985 ····all_files:
11986 ····-·/etc/audit/rules.d/actions.rules11986 ····-·/etc/audit/rules.d/actions.rules
11987 ··when:11987 ··when:
11988 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
11989 ··-·'&quot;audit&quot;·in·ansible_facts.packages'11988 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 11989 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
11990 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched11990 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
11991 ····is·defined·and·find_existing_watch_rules_d.matched·==·011991 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
11992 ··tags:11992 ··tags:
11993 ··-·CJIS-5.4.1.111993 ··-·CJIS-5.4.1.1
11994 ··-·NIST-800-171-3.1.711994 ··-·NIST-800-171-3.1.7
11995 ··-·NIST-800-53-AC-2(7)(b)11995 ··-·NIST-800-53-AC-2(7)(b)
11996 ··-·NIST-800-53-AC-6(9)11996 ··-·NIST-800-53-AC-6(9)
Offset 12008, 16 lines modifiedOffset 12008, 16 lines modified
12008 ··-·restrict_strategy12008 ··-·restrict_strategy
  
12009 -·name:·Use·matched·file·as·the·recipient·for·the·rule12009 -·name:·Use·matched·file·as·the·recipient·for·the·rule
12010 ··set_fact:12010 ··set_fact:
12011 ····all_files:12011 ····all_files:
12012 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'12012 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
12013 ··when:12013 ··when:
12014 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12015 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12014 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12015 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12016 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched12016 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
12017 ····is·defined·and·find_existing_watch_rules_d.matched·==·012017 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12018 ··tags:12018 ··tags:
12019 ··-·CJIS-5.4.1.112019 ··-·CJIS-5.4.1.1
12020 ··-·NIST-800-171-3.1.712020 ··-·NIST-800-171-3.1.7
12021 ··-·NIST-800-53-AC-2(7)(b)12021 ··-·NIST-800-53-AC-2(7)(b)
12022 ··-·NIST-800-53-AC-6(9)12022 ··-·NIST-800-53-AC-6(9)
Offset 12036, 16 lines modifiedOffset 12036, 16 lines modified
12036 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/12036 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 52996/58343 bytes (90.84%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml
    
Offset 151306, 16 lines modifiedOffset 151306, 16 lines modified
151306 ··-·no_reboot_needed151306 ··-·no_reboot_needed
  
151307 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151307 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151308 ··stat:151308 ··stat:
151309 ····path:·/boot/efi/EFI/redhat/grub.cfg151309 ····path:·/boot/efi/EFI/redhat/grub.cfg
151310 ··register:·file_exists151310 ··register:·file_exists
151311 ··when:151311 ··when:
151312 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151313 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151312 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151313 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151314 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151314 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151315 ··tags:151315 ··tags:
151316 ··-·CJIS-5.5.2.2151316 ··-·CJIS-5.5.2.2
151317 ··-·NIST-800-171-3.4.5151317 ··-·NIST-800-171-3.4.5
151318 ··-·NIST-800-53-AC-6(1)151318 ··-·NIST-800-53-AC-6(1)
151319 ··-·NIST-800-53-CM-6(a)151319 ··-·NIST-800-53-CM-6(a)
151320 ··-·PCI-DSS-Req-7.1151320 ··-·PCI-DSS-Req-7.1
Offset 151327, 16 lines modifiedOffset 151327, 16 lines modified
151327 ··-·no_reboot_needed151327 ··-·no_reboot_needed
  
151328 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151328 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151329 ··file:151329 ··file:
151330 ····path:·/boot/efi/EFI/redhat/grub.cfg151330 ····path:·/boot/efi/EFI/redhat/grub.cfg
151331 ····group:·'0'151331 ····group:·'0'
151332 ··when:151332 ··when:
151333 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151334 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151333 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151334 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151336 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151336 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151337 ··tags:151337 ··tags:
151338 ··-·CJIS-5.5.2.2151338 ··-·CJIS-5.5.2.2
151339 ··-·NIST-800-171-3.4.5151339 ··-·NIST-800-171-3.4.5
151340 ··-·NIST-800-53-AC-6(1)151340 ··-·NIST-800-53-AC-6(1)
151341 ··-·NIST-800-53-CM-6(a)151341 ··-·NIST-800-53-CM-6(a)
Offset 151344, 15 lines modifiedOffset 151344, 15 lines modified
151344 ··-·configure_strategy151344 ··-·configure_strategy
151345 ··-·file_groupowner_efi_grub2_cfg151345 ··-·file_groupowner_efi_grub2_cfg
151346 ··-·low_complexity151346 ··-·low_complexity
151347 ··-·low_disruption151347 ··-·low_disruption
151348 ··-·medium_severity151348 ··-·medium_severity
151349 ··-·no_reboot_needed</xccdf-1.2:fix>151349 ··-·no_reboot_needed</xccdf-1.2:fix>
151350 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151350 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151351 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151351 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151352 chgrp·0·/boot/efi/EFI/redhat/grub.cfg151352 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
151353 else151353 else
151354 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151354 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151355 fi</xccdf-1.2:fix>151355 fi</xccdf-1.2:fix>
151356 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151356 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151448, 16 lines modifiedOffset 151448, 16 lines modified
151448 ··-·no_reboot_needed151448 ··-·no_reboot_needed
  
151449 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg151449 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
151450 ··stat:151450 ··stat:
151451 ····path:·/boot/efi/EFI/redhat/user.cfg151451 ····path:·/boot/efi/EFI/redhat/user.cfg
151452 ··register:·file_exists151452 ··register:·file_exists
151453 ··when:151453 ··when:
151454 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151455 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151454 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151455 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151456 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151456 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151457 ··tags:151457 ··tags:
151458 ··-·CJIS-5.5.2.2151458 ··-·CJIS-5.5.2.2
151459 ··-·NIST-800-171-3.4.5151459 ··-·NIST-800-171-3.4.5
151460 ··-·NIST-800-53-AC-6(1)151460 ··-·NIST-800-53-AC-6(1)
151461 ··-·NIST-800-53-CM-6(a)151461 ··-·NIST-800-53-CM-6(a)
151462 ··-·PCI-DSS-Req-7.1151462 ··-·PCI-DSS-Req-7.1
Offset 151469, 16 lines modifiedOffset 151469, 16 lines modified
151469 ··-·no_reboot_needed151469 ··-·no_reboot_needed
  
151470 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg151470 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
151471 ··file:151471 ··file:
151472 ····path:·/boot/efi/EFI/redhat/user.cfg151472 ····path:·/boot/efi/EFI/redhat/user.cfg
151473 ····group:·'0'151473 ····group:·'0'
151474 ··when:151474 ··when:
151475 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151476 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151475 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151476 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151477 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151477 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151478 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151478 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151479 ··tags:151479 ··tags:
151480 ··-·CJIS-5.5.2.2151480 ··-·CJIS-5.5.2.2
151481 ··-·NIST-800-171-3.4.5151481 ··-·NIST-800-171-3.4.5
151482 ··-·NIST-800-53-AC-6(1)151482 ··-·NIST-800-53-AC-6(1)
151483 ··-·NIST-800-53-CM-6(a)151483 ··-·NIST-800-53-CM-6(a)
Offset 151486, 15 lines modifiedOffset 151486, 15 lines modified
151486 ··-·configure_strategy151486 ··-·configure_strategy
151487 ··-·file_groupowner_efi_user_cfg151487 ··-·file_groupowner_efi_user_cfg
151488 ··-·low_complexity151488 ··-·low_complexity
151489 ··-·low_disruption151489 ··-·low_disruption
151490 ··-·medium_severity151490 ··-·medium_severity
151491 ··-·no_reboot_needed</xccdf-1.2:fix>151491 ··-·no_reboot_needed</xccdf-1.2:fix>
151492 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151492 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151493 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151493 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151494 chgrp·0·/boot/efi/EFI/redhat/user.cfg151494 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
151495 else151495 else
151496 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151496 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151497 fi</xccdf-1.2:fix>151497 fi</xccdf-1.2:fix>
151498 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151498 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151586, 16 lines modifiedOffset 151586, 16 lines modified
151586 ··-·no_reboot_needed151586 ··-·no_reboot_needed
  
151587 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151587 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151588 ··stat:151588 ··stat:
151589 ····path:·/boot/efi/EFI/redhat/grub.cfg151589 ····path:·/boot/efi/EFI/redhat/grub.cfg
151590 ··register:·file_exists151590 ··register:·file_exists
151591 ··when:151591 ··when:
151592 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151593 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151592 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151593 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151594 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151594 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151595 ··tags:151595 ··tags:
151596 ··-·CJIS-5.5.2.2151596 ··-·CJIS-5.5.2.2
151597 ··-·NIST-800-171-3.4.5151597 ··-·NIST-800-171-3.4.5
151598 ··-·NIST-800-53-AC-6(1)151598 ··-·NIST-800-53-AC-6(1)
151599 ··-·NIST-800-53-CM-6(a)151599 ··-·NIST-800-53-CM-6(a)
151600 ··-·PCI-DSS-Req-7.1151600 ··-·PCI-DSS-Req-7.1
Offset 151607, 16 lines modifiedOffset 151607, 16 lines modified
151607 ··-·no_reboot_needed151607 ··-·no_reboot_needed
  
151608 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151608 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151609 ··file:151609 ··file:
151610 ····path:·/boot/efi/EFI/redhat/grub.cfg151610 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9972/15564 bytes (64.07%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
    
Offset 151308, 16 lines modifiedOffset 151308, 16 lines modified
151308 ··-·no_reboot_needed151308 ··-·no_reboot_needed
  
151309 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151309 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151310 ··stat:151310 ··stat:
151311 ····path:·/boot/efi/EFI/redhat/grub.cfg151311 ····path:·/boot/efi/EFI/redhat/grub.cfg
151312 ··register:·file_exists151312 ··register:·file_exists
151313 ··when:151313 ··when:
151314 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151315 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151314 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151315 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151316 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151316 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151317 ··tags:151317 ··tags:
151318 ··-·CJIS-5.5.2.2151318 ··-·CJIS-5.5.2.2
151319 ··-·NIST-800-171-3.4.5151319 ··-·NIST-800-171-3.4.5
151320 ··-·NIST-800-53-AC-6(1)151320 ··-·NIST-800-53-AC-6(1)
151321 ··-·NIST-800-53-CM-6(a)151321 ··-·NIST-800-53-CM-6(a)
151322 ··-·PCI-DSS-Req-7.1151322 ··-·PCI-DSS-Req-7.1
Offset 151329, 16 lines modifiedOffset 151329, 16 lines modified
151329 ··-·no_reboot_needed151329 ··-·no_reboot_needed
  
151330 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151330 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151331 ··file:151331 ··file:
151332 ····path:·/boot/efi/EFI/redhat/grub.cfg151332 ····path:·/boot/efi/EFI/redhat/grub.cfg
151333 ····group:·'0'151333 ····group:·'0'
151334 ··when:151334 ··when:
151335 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151336 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151335 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151336 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151337 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151337 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151338 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151338 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151339 ··tags:151339 ··tags:
151340 ··-·CJIS-5.5.2.2151340 ··-·CJIS-5.5.2.2
151341 ··-·NIST-800-171-3.4.5151341 ··-·NIST-800-171-3.4.5
151342 ··-·NIST-800-53-AC-6(1)151342 ··-·NIST-800-53-AC-6(1)
151343 ··-·NIST-800-53-CM-6(a)151343 ··-·NIST-800-53-CM-6(a)
Offset 151346, 15 lines modifiedOffset 151346, 15 lines modified
151346 ··-·configure_strategy151346 ··-·configure_strategy
151347 ··-·file_groupowner_efi_grub2_cfg151347 ··-·file_groupowner_efi_grub2_cfg
151348 ··-·low_complexity151348 ··-·low_complexity
151349 ··-·low_disruption151349 ··-·low_disruption
151350 ··-·medium_severity151350 ··-·medium_severity
151351 ··-·no_reboot_needed</xccdf-1.2:fix>151351 ··-·no_reboot_needed</xccdf-1.2:fix>
151352 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151352 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151353 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151353 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151354 chgrp·0·/boot/efi/EFI/redhat/grub.cfg151354 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
151355 else151355 else
151356 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151356 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151357 fi</xccdf-1.2:fix>151357 fi</xccdf-1.2:fix>
151358 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151358 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151450, 16 lines modifiedOffset 151450, 16 lines modified
151450 ··-·no_reboot_needed151450 ··-·no_reboot_needed
  
151451 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg151451 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
151452 ··stat:151452 ··stat:
151453 ····path:·/boot/efi/EFI/redhat/user.cfg151453 ····path:·/boot/efi/EFI/redhat/user.cfg
151454 ··register:·file_exists151454 ··register:·file_exists
151455 ··when:151455 ··when:
151456 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151457 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151456 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151457 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151458 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151458 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151459 ··tags:151459 ··tags:
151460 ··-·CJIS-5.5.2.2151460 ··-·CJIS-5.5.2.2
151461 ··-·NIST-800-171-3.4.5151461 ··-·NIST-800-171-3.4.5
151462 ··-·NIST-800-53-AC-6(1)151462 ··-·NIST-800-53-AC-6(1)
151463 ··-·NIST-800-53-CM-6(a)151463 ··-·NIST-800-53-CM-6(a)
151464 ··-·PCI-DSS-Req-7.1151464 ··-·PCI-DSS-Req-7.1
Offset 151471, 16 lines modifiedOffset 151471, 16 lines modified
151471 ··-·no_reboot_needed151471 ··-·no_reboot_needed
  
151472 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg151472 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
151473 ··file:151473 ··file:
151474 ····path:·/boot/efi/EFI/redhat/user.cfg151474 ····path:·/boot/efi/EFI/redhat/user.cfg
151475 ····group:·'0'151475 ····group:·'0'
151476 ··when:151476 ··when:
151477 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151478 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151477 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151478 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151479 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151479 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151480 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151480 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151481 ··tags:151481 ··tags:
151482 ··-·CJIS-5.5.2.2151482 ··-·CJIS-5.5.2.2
151483 ··-·NIST-800-171-3.4.5151483 ··-·NIST-800-171-3.4.5
151484 ··-·NIST-800-53-AC-6(1)151484 ··-·NIST-800-53-AC-6(1)
151485 ··-·NIST-800-53-CM-6(a)151485 ··-·NIST-800-53-CM-6(a)
Offset 151488, 15 lines modifiedOffset 151488, 15 lines modified
151488 ··-·configure_strategy151488 ··-·configure_strategy
151489 ··-·file_groupowner_efi_user_cfg151489 ··-·file_groupowner_efi_user_cfg
151490 ··-·low_complexity151490 ··-·low_complexity
151491 ··-·low_disruption151491 ··-·low_disruption
151492 ··-·medium_severity151492 ··-·medium_severity
151493 ··-·no_reboot_needed</xccdf-1.2:fix>151493 ··-·no_reboot_needed</xccdf-1.2:fix>
151494 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151494 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151495 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151495 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151496 chgrp·0·/boot/efi/EFI/redhat/user.cfg151496 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
151497 else151497 else
151498 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151498 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151499 fi</xccdf-1.2:fix>151499 fi</xccdf-1.2:fix>
151500 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151500 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151588, 16 lines modifiedOffset 151588, 16 lines modified
151588 ··-·no_reboot_needed151588 ··-·no_reboot_needed
  
151589 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151589 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151590 ··stat:151590 ··stat:
151591 ····path:·/boot/efi/EFI/redhat/grub.cfg151591 ····path:·/boot/efi/EFI/redhat/grub.cfg
151592 ··register:·file_exists151592 ··register:·file_exists
151593 ··when:151593 ··when:
151594 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151595 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151594 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151595 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151596 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151596 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151597 ··tags:151597 ··tags:
151598 ··-·CJIS-5.5.2.2151598 ··-·CJIS-5.5.2.2
151599 ··-·NIST-800-171-3.4.5151599 ··-·NIST-800-171-3.4.5
151600 ··-·NIST-800-53-AC-6(1)151600 ··-·NIST-800-53-AC-6(1)
151601 ··-·NIST-800-53-CM-6(a)151601 ··-·NIST-800-53-CM-6(a)
151602 ··-·PCI-DSS-Req-7.1151602 ··-·PCI-DSS-Req-7.1
Offset 151609, 16 lines modifiedOffset 151609, 16 lines modified
151609 ··-·no_reboot_needed151609 ··-·no_reboot_needed
  
151610 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151610 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151611 ··file:151611 ··file:
151612 ····path:·/boot/efi/EFI/redhat/grub.cfg151612 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9972/15564 bytes (64.07%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
    
Offset 151134, 16 lines modifiedOffset 151134, 16 lines modified
151134 ··-·no_reboot_needed151134 ··-·no_reboot_needed
  
151135 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151135 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151136 ··stat:151136 ··stat:
151137 ····path:·/boot/efi/EFI/redhat/grub.cfg151137 ····path:·/boot/efi/EFI/redhat/grub.cfg
151138 ··register:·file_exists151138 ··register:·file_exists
151139 ··when:151139 ··when:
151140 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151141 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151140 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151141 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151142 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151142 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151143 ··tags:151143 ··tags:
151144 ··-·CJIS-5.5.2.2151144 ··-·CJIS-5.5.2.2
151145 ··-·NIST-800-171-3.4.5151145 ··-·NIST-800-171-3.4.5
151146 ··-·NIST-800-53-AC-6(1)151146 ··-·NIST-800-53-AC-6(1)
151147 ··-·NIST-800-53-CM-6(a)151147 ··-·NIST-800-53-CM-6(a)
151148 ··-·PCI-DSS-Req-7.1151148 ··-·PCI-DSS-Req-7.1
Offset 151155, 16 lines modifiedOffset 151155, 16 lines modified
151155 ··-·no_reboot_needed151155 ··-·no_reboot_needed
  
151156 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151156 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151157 ··file:151157 ··file:
151158 ····path:·/boot/efi/EFI/redhat/grub.cfg151158 ····path:·/boot/efi/EFI/redhat/grub.cfg
151159 ····group:·'0'151159 ····group:·'0'
151160 ··when:151160 ··when:
151161 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151162 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151161 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151162 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151163 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151163 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151164 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151164 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151165 ··tags:151165 ··tags:
151166 ··-·CJIS-5.5.2.2151166 ··-·CJIS-5.5.2.2
151167 ··-·NIST-800-171-3.4.5151167 ··-·NIST-800-171-3.4.5
151168 ··-·NIST-800-53-AC-6(1)151168 ··-·NIST-800-53-AC-6(1)
151169 ··-·NIST-800-53-CM-6(a)151169 ··-·NIST-800-53-CM-6(a)
Offset 151172, 15 lines modifiedOffset 151172, 15 lines modified
151172 ··-·configure_strategy151172 ··-·configure_strategy
151173 ··-·file_groupowner_efi_grub2_cfg151173 ··-·file_groupowner_efi_grub2_cfg
151174 ··-·low_complexity151174 ··-·low_complexity
151175 ··-·low_disruption151175 ··-·low_disruption
151176 ··-·medium_severity151176 ··-·medium_severity
151177 ··-·no_reboot_needed</xccdf-1.2:fix>151177 ··-·no_reboot_needed</xccdf-1.2:fix>
151178 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151178 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151179 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151179 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151180 chgrp·0·/boot/efi/EFI/redhat/grub.cfg151180 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
151181 else151181 else
151182 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151182 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151183 fi</xccdf-1.2:fix>151183 fi</xccdf-1.2:fix>
151184 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151184 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151276, 16 lines modifiedOffset 151276, 16 lines modified
151276 ··-·no_reboot_needed151276 ··-·no_reboot_needed
  
151277 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg151277 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
151278 ··stat:151278 ··stat:
151279 ····path:·/boot/efi/EFI/redhat/user.cfg151279 ····path:·/boot/efi/EFI/redhat/user.cfg
151280 ··register:·file_exists151280 ··register:·file_exists
151281 ··when:151281 ··when:
151282 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151283 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151282 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151283 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151284 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151284 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151285 ··tags:151285 ··tags:
151286 ··-·CJIS-5.5.2.2151286 ··-·CJIS-5.5.2.2
151287 ··-·NIST-800-171-3.4.5151287 ··-·NIST-800-171-3.4.5
151288 ··-·NIST-800-53-AC-6(1)151288 ··-·NIST-800-53-AC-6(1)
151289 ··-·NIST-800-53-CM-6(a)151289 ··-·NIST-800-53-CM-6(a)
151290 ··-·PCI-DSS-Req-7.1151290 ··-·PCI-DSS-Req-7.1
Offset 151297, 16 lines modifiedOffset 151297, 16 lines modified
151297 ··-·no_reboot_needed151297 ··-·no_reboot_needed
  
151298 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg151298 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
151299 ··file:151299 ··file:
151300 ····path:·/boot/efi/EFI/redhat/user.cfg151300 ····path:·/boot/efi/EFI/redhat/user.cfg
151301 ····group:·'0'151301 ····group:·'0'
151302 ··when:151302 ··when:
151303 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151304 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151303 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151304 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151305 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151305 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151306 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151306 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151307 ··tags:151307 ··tags:
151308 ··-·CJIS-5.5.2.2151308 ··-·CJIS-5.5.2.2
151309 ··-·NIST-800-171-3.4.5151309 ··-·NIST-800-171-3.4.5
151310 ··-·NIST-800-53-AC-6(1)151310 ··-·NIST-800-53-AC-6(1)
151311 ··-·NIST-800-53-CM-6(a)151311 ··-·NIST-800-53-CM-6(a)
Offset 151314, 15 lines modifiedOffset 151314, 15 lines modified
151314 ··-·configure_strategy151314 ··-·configure_strategy
151315 ··-·file_groupowner_efi_user_cfg151315 ··-·file_groupowner_efi_user_cfg
151316 ··-·low_complexity151316 ··-·low_complexity
151317 ··-·low_disruption151317 ··-·low_disruption
151318 ··-·medium_severity151318 ··-·medium_severity
151319 ··-·no_reboot_needed</xccdf-1.2:fix>151319 ··-·no_reboot_needed</xccdf-1.2:fix>
151320 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151320 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151321 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151321 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151322 chgrp·0·/boot/efi/EFI/redhat/user.cfg151322 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
151323 else151323 else
151324 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151324 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151325 fi</xccdf-1.2:fix>151325 fi</xccdf-1.2:fix>
151326 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151326 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151414, 16 lines modifiedOffset 151414, 16 lines modified
151414 ··-·no_reboot_needed151414 ··-·no_reboot_needed
  
151415 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151415 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151416 ··stat:151416 ··stat:
151417 ····path:·/boot/efi/EFI/redhat/grub.cfg151417 ····path:·/boot/efi/EFI/redhat/grub.cfg
151418 ··register:·file_exists151418 ··register:·file_exists
151419 ··when:151419 ··when:
151420 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151421 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151420 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151421 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151422 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151422 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151423 ··tags:151423 ··tags:
151424 ··-·CJIS-5.5.2.2151424 ··-·CJIS-5.5.2.2
151425 ··-·NIST-800-171-3.4.5151425 ··-·NIST-800-171-3.4.5
151426 ··-·NIST-800-53-AC-6(1)151426 ··-·NIST-800-53-AC-6(1)
151427 ··-·NIST-800-53-CM-6(a)151427 ··-·NIST-800-53-CM-6(a)
151428 ··-·PCI-DSS-Req-7.1151428 ··-·PCI-DSS-Req-7.1
Offset 151435, 16 lines modifiedOffset 151435, 16 lines modified
151435 ··-·no_reboot_needed151435 ··-·no_reboot_needed
  
151436 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151436 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151437 ··file:151437 ··file:
151438 ····path:·/boot/efi/EFI/redhat/grub.cfg151438 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9936/15512 bytes (64.05%) of diff not shown.
29.1 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml
29.0 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml
    
Offset 169143, 16 lines modifiedOffset 169143, 16 lines modified
169143 ··-·no_reboot_needed169143 ··-·no_reboot_needed
  
169144 -·name:·Test·for·existence·/boot/grub2/grub.cfg169144 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169145 ··stat:169145 ··stat:
169146 ····path:·/boot/grub2/grub.cfg169146 ····path:·/boot/grub2/grub.cfg
169147 ··register:·file_exists169147 ··register:·file_exists
169148 ··when:169148 ··when:
169149 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169150 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169149 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169150 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169151 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169151 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169152 ··tags:169152 ··tags:
169153 ··-·CJIS-5.5.2.2169153 ··-·CJIS-5.5.2.2
169154 ··-·NIST-800-171-3.4.5169154 ··-·NIST-800-171-3.4.5
169155 ··-·NIST-800-53-AC-6(1)169155 ··-·NIST-800-53-AC-6(1)
169156 ··-·NIST-800-53-CM-6(a)169156 ··-·NIST-800-53-CM-6(a)
169157 ··-·PCI-DSS-Req-7.1169157 ··-·PCI-DSS-Req-7.1
Offset 169164, 16 lines modifiedOffset 169164, 16 lines modified
169164 ··-·no_reboot_needed169164 ··-·no_reboot_needed
  
169165 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg169165 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
169166 ··file:169166 ··file:
169167 ····path:·/boot/grub2/grub.cfg169167 ····path:·/boot/grub2/grub.cfg
169168 ····group:·'0'169168 ····group:·'0'
169169 ··when:169169 ··when:
169170 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169171 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169170 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169171 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169172 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169172 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169173 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169173 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169174 ··tags:169174 ··tags:
169175 ··-·CJIS-5.5.2.2169175 ··-·CJIS-5.5.2.2
169176 ··-·NIST-800-171-3.4.5169176 ··-·NIST-800-171-3.4.5
169177 ··-·NIST-800-53-AC-6(1)169177 ··-·NIST-800-53-AC-6(1)
169178 ··-·NIST-800-53-CM-6(a)169178 ··-·NIST-800-53-CM-6(a)
Offset 169181, 15 lines modifiedOffset 169181, 15 lines modified
169181 ··-·configure_strategy169181 ··-·configure_strategy
169182 ··-·file_groupowner_grub2_cfg169182 ··-·file_groupowner_grub2_cfg
169183 ··-·low_complexity169183 ··-·low_complexity
169184 ··-·low_disruption169184 ··-·low_disruption
169185 ··-·medium_severity169185 ··-·medium_severity
169186 ··-·no_reboot_needed</xccdf-1.2:fix>169186 ··-·no_reboot_needed</xccdf-1.2:fix>
169187 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169187 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169188 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169188 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169189 chgrp·0·/boot/grub2/grub.cfg169189 chgrp·0·/boot/grub2/grub.cfg
  
169190 else169190 else
169191 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169191 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169192 fi</xccdf-1.2:fix>169192 fi</xccdf-1.2:fix>
169193 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169193 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169297, 16 lines modifiedOffset 169297, 16 lines modified
169297 ··-·no_reboot_needed169297 ··-·no_reboot_needed
  
169298 -·name:·Test·for·existence·/boot/grub2/user.cfg169298 -·name:·Test·for·existence·/boot/grub2/user.cfg
169299 ··stat:169299 ··stat:
169300 ····path:·/boot/grub2/user.cfg169300 ····path:·/boot/grub2/user.cfg
169301 ··register:·file_exists169301 ··register:·file_exists
169302 ··when:169302 ··when:
169303 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169304 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169303 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169304 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169305 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169305 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169306 ··tags:169306 ··tags:
169307 ··-·CJIS-5.5.2.2169307 ··-·CJIS-5.5.2.2
169308 ··-·NIST-800-171-3.4.5169308 ··-·NIST-800-171-3.4.5
169309 ··-·NIST-800-53-AC-6(1)169309 ··-·NIST-800-53-AC-6(1)
169310 ··-·NIST-800-53-CM-6(a)169310 ··-·NIST-800-53-CM-6(a)
169311 ··-·PCI-DSS-Req-7.1169311 ··-·PCI-DSS-Req-7.1
Offset 169318, 16 lines modifiedOffset 169318, 16 lines modified
169318 ··-·no_reboot_needed169318 ··-·no_reboot_needed
  
169319 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg169319 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
169320 ··file:169320 ··file:
169321 ····path:·/boot/grub2/user.cfg169321 ····path:·/boot/grub2/user.cfg
169322 ····group:·'0'169322 ····group:·'0'
169323 ··when:169323 ··when:
169324 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169325 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169324 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169325 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169326 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169326 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169327 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169327 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169328 ··tags:169328 ··tags:
169329 ··-·CJIS-5.5.2.2169329 ··-·CJIS-5.5.2.2
169330 ··-·NIST-800-171-3.4.5169330 ··-·NIST-800-171-3.4.5
169331 ··-·NIST-800-53-AC-6(1)169331 ··-·NIST-800-53-AC-6(1)
169332 ··-·NIST-800-53-CM-6(a)169332 ··-·NIST-800-53-CM-6(a)
Offset 169335, 15 lines modifiedOffset 169335, 15 lines modified
169335 ··-·configure_strategy169335 ··-·configure_strategy
169336 ··-·file_groupowner_user_cfg169336 ··-·file_groupowner_user_cfg
169337 ··-·low_complexity169337 ··-·low_complexity
169338 ··-·low_disruption169338 ··-·low_disruption
169339 ··-·medium_severity169339 ··-·medium_severity
169340 ··-·no_reboot_needed</xccdf-1.2:fix>169340 ··-·no_reboot_needed</xccdf-1.2:fix>
169341 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169341 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169342 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169342 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169343 chgrp·0·/boot/grub2/user.cfg169343 chgrp·0·/boot/grub2/user.cfg
  
169344 else169344 else
169345 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169345 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169346 fi</xccdf-1.2:fix>169346 fi</xccdf-1.2:fix>
169347 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169347 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169446, 16 lines modifiedOffset 169446, 16 lines modified
169446 ··-·no_reboot_needed169446 ··-·no_reboot_needed
  
169447 -·name:·Test·for·existence·/boot/grub2/grub.cfg169447 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169448 ··stat:169448 ··stat:
169449 ····path:·/boot/grub2/grub.cfg169449 ····path:·/boot/grub2/grub.cfg
169450 ··register:·file_exists169450 ··register:·file_exists
169451 ··when:169451 ··when:
169452 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169453 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169452 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169453 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169454 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169454 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169455 ··tags:169455 ··tags:
169456 ··-·CJIS-5.5.2.2169456 ··-·CJIS-5.5.2.2
169457 ··-·NIST-800-171-3.4.5169457 ··-·NIST-800-171-3.4.5
169458 ··-·NIST-800-53-AC-6(1)169458 ··-·NIST-800-53-AC-6(1)
169459 ··-·NIST-800-53-CM-6(a)169459 ··-·NIST-800-53-CM-6(a)
169460 ··-·PCI-DSS-Req-7.1169460 ··-·PCI-DSS-Req-7.1
Offset 169467, 16 lines modifiedOffset 169467, 16 lines modified
169467 ··-·no_reboot_needed169467 ··-·no_reboot_needed
  
169468 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg169468 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
169469 ··file:169469 ··file:
169470 ····path:·/boot/grub2/grub.cfg169470 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 24047/29545 bytes (81.39%) of diff not shown.
29.1 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
29.0 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
    
Offset 169145, 16 lines modifiedOffset 169145, 16 lines modified
169145 ··-·no_reboot_needed169145 ··-·no_reboot_needed
  
169146 -·name:·Test·for·existence·/boot/grub2/grub.cfg169146 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169147 ··stat:169147 ··stat:
169148 ····path:·/boot/grub2/grub.cfg169148 ····path:·/boot/grub2/grub.cfg
169149 ··register:·file_exists169149 ··register:·file_exists
169150 ··when:169150 ··when:
169151 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169152 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169151 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169152 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169154 ··tags:169154 ··tags:
169155 ··-·CJIS-5.5.2.2169155 ··-·CJIS-5.5.2.2
169156 ··-·NIST-800-171-3.4.5169156 ··-·NIST-800-171-3.4.5
169157 ··-·NIST-800-53-AC-6(1)169157 ··-·NIST-800-53-AC-6(1)
169158 ··-·NIST-800-53-CM-6(a)169158 ··-·NIST-800-53-CM-6(a)
169159 ··-·PCI-DSS-Req-7.1169159 ··-·PCI-DSS-Req-7.1
Offset 169166, 16 lines modifiedOffset 169166, 16 lines modified
169166 ··-·no_reboot_needed169166 ··-·no_reboot_needed
  
169167 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg169167 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
169168 ··file:169168 ··file:
169169 ····path:·/boot/grub2/grub.cfg169169 ····path:·/boot/grub2/grub.cfg
169170 ····group:·'0'169170 ····group:·'0'
169171 ··when:169171 ··when:
169172 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169173 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169172 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169173 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169174 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169174 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169175 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169175 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169176 ··tags:169176 ··tags:
169177 ··-·CJIS-5.5.2.2169177 ··-·CJIS-5.5.2.2
169178 ··-·NIST-800-171-3.4.5169178 ··-·NIST-800-171-3.4.5
169179 ··-·NIST-800-53-AC-6(1)169179 ··-·NIST-800-53-AC-6(1)
169180 ··-·NIST-800-53-CM-6(a)169180 ··-·NIST-800-53-CM-6(a)
Offset 169183, 15 lines modifiedOffset 169183, 15 lines modified
169183 ··-·configure_strategy169183 ··-·configure_strategy
169184 ··-·file_groupowner_grub2_cfg169184 ··-·file_groupowner_grub2_cfg
169185 ··-·low_complexity169185 ··-·low_complexity
169186 ··-·low_disruption169186 ··-·low_disruption
169187 ··-·medium_severity169187 ··-·medium_severity
169188 ··-·no_reboot_needed</xccdf-1.2:fix>169188 ··-·no_reboot_needed</xccdf-1.2:fix>
169189 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169189 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169190 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169190 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169191 chgrp·0·/boot/grub2/grub.cfg169191 chgrp·0·/boot/grub2/grub.cfg
  
169192 else169192 else
169193 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169193 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169194 fi</xccdf-1.2:fix>169194 fi</xccdf-1.2:fix>
169195 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169195 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169299, 16 lines modifiedOffset 169299, 16 lines modified
169299 ··-·no_reboot_needed169299 ··-·no_reboot_needed
  
169300 -·name:·Test·for·existence·/boot/grub2/user.cfg169300 -·name:·Test·for·existence·/boot/grub2/user.cfg
169301 ··stat:169301 ··stat:
169302 ····path:·/boot/grub2/user.cfg169302 ····path:·/boot/grub2/user.cfg
169303 ··register:·file_exists169303 ··register:·file_exists
169304 ··when:169304 ··when:
169305 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169306 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169305 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169306 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169307 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169307 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169308 ··tags:169308 ··tags:
169309 ··-·CJIS-5.5.2.2169309 ··-·CJIS-5.5.2.2
169310 ··-·NIST-800-171-3.4.5169310 ··-·NIST-800-171-3.4.5
169311 ··-·NIST-800-53-AC-6(1)169311 ··-·NIST-800-53-AC-6(1)
169312 ··-·NIST-800-53-CM-6(a)169312 ··-·NIST-800-53-CM-6(a)
169313 ··-·PCI-DSS-Req-7.1169313 ··-·PCI-DSS-Req-7.1
Offset 169320, 16 lines modifiedOffset 169320, 16 lines modified
169320 ··-·no_reboot_needed169320 ··-·no_reboot_needed
  
169321 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg169321 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
169322 ··file:169322 ··file:
169323 ····path:·/boot/grub2/user.cfg169323 ····path:·/boot/grub2/user.cfg
169324 ····group:·'0'169324 ····group:·'0'
169325 ··when:169325 ··when:
169326 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169327 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169326 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169327 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169328 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169328 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169329 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169329 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169330 ··tags:169330 ··tags:
169331 ··-·CJIS-5.5.2.2169331 ··-·CJIS-5.5.2.2
169332 ··-·NIST-800-171-3.4.5169332 ··-·NIST-800-171-3.4.5
169333 ··-·NIST-800-53-AC-6(1)169333 ··-·NIST-800-53-AC-6(1)
169334 ··-·NIST-800-53-CM-6(a)169334 ··-·NIST-800-53-CM-6(a)
Offset 169337, 15 lines modifiedOffset 169337, 15 lines modified
169337 ··-·configure_strategy169337 ··-·configure_strategy
169338 ··-·file_groupowner_user_cfg169338 ··-·file_groupowner_user_cfg
169339 ··-·low_complexity169339 ··-·low_complexity
169340 ··-·low_disruption169340 ··-·low_disruption
169341 ··-·medium_severity169341 ··-·medium_severity
169342 ··-·no_reboot_needed</xccdf-1.2:fix>169342 ··-·no_reboot_needed</xccdf-1.2:fix>
169343 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169343 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169344 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169344 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169345 chgrp·0·/boot/grub2/user.cfg169345 chgrp·0·/boot/grub2/user.cfg
  
169346 else169346 else
169347 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169347 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169348 fi</xccdf-1.2:fix>169348 fi</xccdf-1.2:fix>
169349 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169349 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169448, 16 lines modifiedOffset 169448, 16 lines modified
169448 ··-·no_reboot_needed169448 ··-·no_reboot_needed
  
169449 -·name:·Test·for·existence·/boot/grub2/grub.cfg169449 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169450 ··stat:169450 ··stat:
169451 ····path:·/boot/grub2/grub.cfg169451 ····path:·/boot/grub2/grub.cfg
169452 ··register:·file_exists169452 ··register:·file_exists
169453 ··when:169453 ··when:
169454 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169455 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169454 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169455 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169456 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169456 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169457 ··tags:169457 ··tags:
169458 ··-·CJIS-5.5.2.2169458 ··-·CJIS-5.5.2.2
169459 ··-·NIST-800-171-3.4.5169459 ··-·NIST-800-171-3.4.5
169460 ··-·NIST-800-53-AC-6(1)169460 ··-·NIST-800-53-AC-6(1)
169461 ··-·NIST-800-53-CM-6(a)169461 ··-·NIST-800-53-CM-6(a)
169462 ··-·PCI-DSS-Req-7.1169462 ··-·PCI-DSS-Req-7.1
Offset 169469, 16 lines modifiedOffset 169469, 16 lines modified
169469 ··-·no_reboot_needed169469 ··-·no_reboot_needed
  
169470 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg169470 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
169471 ··file:169471 ··file:
169472 ····path:·/boot/grub2/grub.cfg169472 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 24047/29545 bytes (81.39%) of diff not shown.
29.0 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml
28.9 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml
    
Offset 168935, 16 lines modifiedOffset 168935, 16 lines modified
168935 ··-·no_reboot_needed168935 ··-·no_reboot_needed
  
168936 -·name:·Test·for·existence·/boot/grub2/grub.cfg168936 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168937 ··stat:168937 ··stat:
168938 ····path:·/boot/grub2/grub.cfg168938 ····path:·/boot/grub2/grub.cfg
168939 ··register:·file_exists168939 ··register:·file_exists
168940 ··when:168940 ··when:
168941 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168942 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168941 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168942 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168943 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168943 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168944 ··tags:168944 ··tags:
168945 ··-·CJIS-5.5.2.2168945 ··-·CJIS-5.5.2.2
168946 ··-·NIST-800-171-3.4.5168946 ··-·NIST-800-171-3.4.5
168947 ··-·NIST-800-53-AC-6(1)168947 ··-·NIST-800-53-AC-6(1)
168948 ··-·NIST-800-53-CM-6(a)168948 ··-·NIST-800-53-CM-6(a)
168949 ··-·PCI-DSS-Req-7.1168949 ··-·PCI-DSS-Req-7.1
Offset 168956, 16 lines modifiedOffset 168956, 16 lines modified
168956 ··-·no_reboot_needed168956 ··-·no_reboot_needed
  
168957 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg168957 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
168958 ··file:168958 ··file:
168959 ····path:·/boot/grub2/grub.cfg168959 ····path:·/boot/grub2/grub.cfg
168960 ····group:·'0'168960 ····group:·'0'
168961 ··when:168961 ··when:
168962 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168963 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168962 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168963 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168964 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168964 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168965 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168965 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168966 ··tags:168966 ··tags:
168967 ··-·CJIS-5.5.2.2168967 ··-·CJIS-5.5.2.2
168968 ··-·NIST-800-171-3.4.5168968 ··-·NIST-800-171-3.4.5
168969 ··-·NIST-800-53-AC-6(1)168969 ··-·NIST-800-53-AC-6(1)
168970 ··-·NIST-800-53-CM-6(a)168970 ··-·NIST-800-53-CM-6(a)
Offset 168973, 15 lines modifiedOffset 168973, 15 lines modified
168973 ··-·configure_strategy168973 ··-·configure_strategy
168974 ··-·file_groupowner_grub2_cfg168974 ··-·file_groupowner_grub2_cfg
168975 ··-·low_complexity168975 ··-·low_complexity
168976 ··-·low_disruption168976 ··-·low_disruption
168977 ··-·medium_severity168977 ··-·medium_severity
168978 ··-·no_reboot_needed</xccdf-1.2:fix>168978 ··-·no_reboot_needed</xccdf-1.2:fix>
168979 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168979 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168980 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168980 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168981 chgrp·0·/boot/grub2/grub.cfg168981 chgrp·0·/boot/grub2/grub.cfg
  
168982 else168982 else
168983 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168983 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168984 fi</xccdf-1.2:fix>168984 fi</xccdf-1.2:fix>
168985 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168985 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169089, 16 lines modifiedOffset 169089, 16 lines modified
169089 ··-·no_reboot_needed169089 ··-·no_reboot_needed
  
169090 -·name:·Test·for·existence·/boot/grub2/user.cfg169090 -·name:·Test·for·existence·/boot/grub2/user.cfg
169091 ··stat:169091 ··stat:
169092 ····path:·/boot/grub2/user.cfg169092 ····path:·/boot/grub2/user.cfg
169093 ··register:·file_exists169093 ··register:·file_exists
169094 ··when:169094 ··when:
169095 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169096 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169095 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169096 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169097 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169097 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169098 ··tags:169098 ··tags:
169099 ··-·CJIS-5.5.2.2169099 ··-·CJIS-5.5.2.2
169100 ··-·NIST-800-171-3.4.5169100 ··-·NIST-800-171-3.4.5
169101 ··-·NIST-800-53-AC-6(1)169101 ··-·NIST-800-53-AC-6(1)
169102 ··-·NIST-800-53-CM-6(a)169102 ··-·NIST-800-53-CM-6(a)
169103 ··-·PCI-DSS-Req-7.1169103 ··-·PCI-DSS-Req-7.1
Offset 169110, 16 lines modifiedOffset 169110, 16 lines modified
169110 ··-·no_reboot_needed169110 ··-·no_reboot_needed
  
169111 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg169111 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
169112 ··file:169112 ··file:
169113 ····path:·/boot/grub2/user.cfg169113 ····path:·/boot/grub2/user.cfg
169114 ····group:·'0'169114 ····group:·'0'
169115 ··when:169115 ··when:
169116 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169117 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169116 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169117 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169118 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169118 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169119 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169119 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169120 ··tags:169120 ··tags:
169121 ··-·CJIS-5.5.2.2169121 ··-·CJIS-5.5.2.2
169122 ··-·NIST-800-171-3.4.5169122 ··-·NIST-800-171-3.4.5
169123 ··-·NIST-800-53-AC-6(1)169123 ··-·NIST-800-53-AC-6(1)
169124 ··-·NIST-800-53-CM-6(a)169124 ··-·NIST-800-53-CM-6(a)
Offset 169127, 15 lines modifiedOffset 169127, 15 lines modified
169127 ··-·configure_strategy169127 ··-·configure_strategy
169128 ··-·file_groupowner_user_cfg169128 ··-·file_groupowner_user_cfg
169129 ··-·low_complexity169129 ··-·low_complexity
169130 ··-·low_disruption169130 ··-·low_disruption
169131 ··-·medium_severity169131 ··-·medium_severity
169132 ··-·no_reboot_needed</xccdf-1.2:fix>169132 ··-·no_reboot_needed</xccdf-1.2:fix>
169133 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169133 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169134 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169134 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169135 chgrp·0·/boot/grub2/user.cfg169135 chgrp·0·/boot/grub2/user.cfg
  
169136 else169136 else
169137 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169137 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169138 fi</xccdf-1.2:fix>169138 fi</xccdf-1.2:fix>
169139 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169139 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169238, 16 lines modifiedOffset 169238, 16 lines modified
169238 ··-·no_reboot_needed169238 ··-·no_reboot_needed
  
169239 -·name:·Test·for·existence·/boot/grub2/grub.cfg169239 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169240 ··stat:169240 ··stat:
169241 ····path:·/boot/grub2/grub.cfg169241 ····path:·/boot/grub2/grub.cfg
169242 ··register:·file_exists169242 ··register:·file_exists
169243 ··when:169243 ··when:
169244 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169245 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169244 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169245 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169246 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169246 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169247 ··tags:169247 ··tags:
169248 ··-·CJIS-5.5.2.2169248 ··-·CJIS-5.5.2.2
169249 ··-·NIST-800-171-3.4.5169249 ··-·NIST-800-171-3.4.5
169250 ··-·NIST-800-53-AC-6(1)169250 ··-·NIST-800-53-AC-6(1)
169251 ··-·NIST-800-53-CM-6(a)169251 ··-·NIST-800-53-CM-6(a)
169252 ··-·PCI-DSS-Req-7.1169252 ··-·PCI-DSS-Req-7.1
Offset 169259, 16 lines modifiedOffset 169259, 16 lines modified
169259 ··-·no_reboot_needed169259 ··-·no_reboot_needed
  
169260 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg169260 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
169261 ··file:169261 ··file:
169262 ····path:·/boot/grub2/grub.cfg169262 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 23963/29445 bytes (81.38%) of diff not shown.
10.6 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml
10.5 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml
    
Offset 167790, 16 lines modifiedOffset 167790, 16 lines modified
167790 ··-·no_reboot_needed167790 ··-·no_reboot_needed
  
167791 -·name:·Test·for·existence·/boot/grub2/user.cfg167791 -·name:·Test·for·existence·/boot/grub2/user.cfg
167792 ··stat:167792 ··stat:
167793 ····path:·/boot/grub2/user.cfg167793 ····path:·/boot/grub2/user.cfg
167794 ··register:·file_exists167794 ··register:·file_exists
167795 ··when:167795 ··when:
167796 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167797 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167796 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167797 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167798 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167798 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167799 ··tags:167799 ··tags:
167800 ··-·CJIS-5.5.2.2167800 ··-·CJIS-5.5.2.2
167801 ··-·NIST-800-171-3.4.5167801 ··-·NIST-800-171-3.4.5
167802 ··-·NIST-800-53-AC-6(1)167802 ··-·NIST-800-53-AC-6(1)
167803 ··-·NIST-800-53-CM-6(a)167803 ··-·NIST-800-53-CM-6(a)
167804 ··-·PCI-DSS-Req-7.1167804 ··-·PCI-DSS-Req-7.1
Offset 167811, 16 lines modifiedOffset 167811, 16 lines modified
167811 ··-·no_reboot_needed167811 ··-·no_reboot_needed
  
167812 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg167812 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
167813 ··file:167813 ··file:
167814 ····path:·/boot/grub2/user.cfg167814 ····path:·/boot/grub2/user.cfg
167815 ····group:·'0'167815 ····group:·'0'
167816 ··when:167816 ··when:
167817 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167818 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167817 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167818 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167819 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167819 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167820 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists167820 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
167821 ··tags:167821 ··tags:
167822 ··-·CJIS-5.5.2.2167822 ··-·CJIS-5.5.2.2
167823 ··-·NIST-800-171-3.4.5167823 ··-·NIST-800-171-3.4.5
167824 ··-·NIST-800-53-AC-6(1)167824 ··-·NIST-800-53-AC-6(1)
167825 ··-·NIST-800-53-CM-6(a)167825 ··-·NIST-800-53-CM-6(a)
Offset 167828, 15 lines modifiedOffset 167828, 15 lines modified
167828 ··-·configure_strategy167828 ··-·configure_strategy
167829 ··-·file_groupowner_efi_user_cfg167829 ··-·file_groupowner_efi_user_cfg
167830 ··-·low_complexity167830 ··-·low_complexity
167831 ··-·low_disruption167831 ··-·low_disruption
167832 ··-·medium_severity167832 ··-·medium_severity
167833 ··-·no_reboot_needed</xccdf-1.2:fix>167833 ··-·no_reboot_needed</xccdf-1.2:fix>
167834 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms167834 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
167835 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then167835 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
167836 chgrp·0·/boot/grub2/user.cfg167836 chgrp·0·/boot/grub2/user.cfg
  
167837 else167837 else
167838 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'167838 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
167839 fi</xccdf-1.2:fix>167839 fi</xccdf-1.2:fix>
167840 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">167840 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 167927, 16 lines modifiedOffset 167927, 16 lines modified
167927 ··-·no_reboot_needed167927 ··-·no_reboot_needed
  
167928 -·name:·Test·for·existence·/boot/grub2/user.cfg167928 -·name:·Test·for·existence·/boot/grub2/user.cfg
167929 ··stat:167929 ··stat:
167930 ····path:·/boot/grub2/user.cfg167930 ····path:·/boot/grub2/user.cfg
167931 ··register:·file_exists167931 ··register:·file_exists
167932 ··when:167932 ··when:
167933 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167934 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167933 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167934 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167935 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167935 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167936 ··tags:167936 ··tags:
167937 ··-·CJIS-5.5.2.2167937 ··-·CJIS-5.5.2.2
167938 ··-·NIST-800-171-3.4.5167938 ··-·NIST-800-171-3.4.5
167939 ··-·NIST-800-53-AC-6(1)167939 ··-·NIST-800-53-AC-6(1)
167940 ··-·NIST-800-53-CM-6(a)167940 ··-·NIST-800-53-CM-6(a)
167941 ··-·PCI-DSS-Req-7.1167941 ··-·PCI-DSS-Req-7.1
Offset 167948, 16 lines modifiedOffset 167948, 16 lines modified
167948 ··-·no_reboot_needed167948 ··-·no_reboot_needed
  
167949 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg167949 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
167950 ··file:167950 ··file:
167951 ····path:·/boot/grub2/user.cfg167951 ····path:·/boot/grub2/user.cfg
167952 ····owner:·'0'167952 ····owner:·'0'
167953 ··when:167953 ··when:
167954 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167955 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167954 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167955 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167956 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167956 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167957 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists167957 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
167958 ··tags:167958 ··tags:
167959 ··-·CJIS-5.5.2.2167959 ··-·CJIS-5.5.2.2
167960 ··-·NIST-800-171-3.4.5167960 ··-·NIST-800-171-3.4.5
167961 ··-·NIST-800-53-AC-6(1)167961 ··-·NIST-800-53-AC-6(1)
167962 ··-·NIST-800-53-CM-6(a)167962 ··-·NIST-800-53-CM-6(a)
Offset 167965, 15 lines modifiedOffset 167965, 15 lines modified
167965 ··-·configure_strategy167965 ··-·configure_strategy
167966 ··-·file_owner_efi_user_cfg167966 ··-·file_owner_efi_user_cfg
167967 ··-·low_complexity167967 ··-·low_complexity
167968 ··-·low_disruption167968 ··-·low_disruption
167969 ··-·medium_severity167969 ··-·medium_severity
167970 ··-·no_reboot_needed</xccdf-1.2:fix>167970 ··-·no_reboot_needed</xccdf-1.2:fix>
167971 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms167971 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
167972 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then167972 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
167973 chown·0·/boot/grub2/user.cfg167973 chown·0·/boot/grub2/user.cfg
  
167974 else167974 else
167975 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'167975 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
167976 fi</xccdf-1.2:fix>167976 fi</xccdf-1.2:fix>
167977 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">167977 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168057, 16 lines modifiedOffset 168057, 16 lines modified
168057 ··-·no_reboot_needed168057 ··-·no_reboot_needed
  
168058 -·name:·Test·for·existence·/boot/grub2/grub.cfg168058 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168059 ··stat:168059 ··stat:
168060 ····path:·/boot/grub2/grub.cfg168060 ····path:·/boot/grub2/grub.cfg
168061 ··register:·file_exists168061 ··register:·file_exists
168062 ··when:168062 ··when:
168063 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168064 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168063 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168064 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168065 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168065 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168066 ··tags:168066 ··tags:
168067 ··-·NIST-800-171-3.4.5168067 ··-·NIST-800-171-3.4.5
168068 ··-·NIST-800-53-AC-6(1)168068 ··-·NIST-800-53-AC-6(1)
168069 ··-·NIST-800-53-CM-6(a)168069 ··-·NIST-800-53-CM-6(a)
168070 ··-·configure_strategy168070 ··-·configure_strategy
168071 ··-·file_permissions_efi_grub2_cfg168071 ··-·file_permissions_efi_grub2_cfg
Offset 168076, 30 lines modifiedOffset 168076, 30 lines modified
168076 ··-·no_reboot_needed168076 ··-·no_reboot_needed
  
168077 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg168077 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
168078 ··file:168078 ··file:
168079 ····path:·/boot/grub2/grub.cfg168079 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 5141/10644 bytes (48.30%) of diff not shown.
10.6 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
10.5 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
    
Offset 167792, 16 lines modifiedOffset 167792, 16 lines modified
167792 ··-·no_reboot_needed167792 ··-·no_reboot_needed
  
167793 -·name:·Test·for·existence·/boot/grub2/user.cfg167793 -·name:·Test·for·existence·/boot/grub2/user.cfg
167794 ··stat:167794 ··stat:
167795 ····path:·/boot/grub2/user.cfg167795 ····path:·/boot/grub2/user.cfg
167796 ··register:·file_exists167796 ··register:·file_exists
167797 ··when:167797 ··when:
167798 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167799 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167798 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167799 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167800 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167800 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167801 ··tags:167801 ··tags:
167802 ··-·CJIS-5.5.2.2167802 ··-·CJIS-5.5.2.2
167803 ··-·NIST-800-171-3.4.5167803 ··-·NIST-800-171-3.4.5
167804 ··-·NIST-800-53-AC-6(1)167804 ··-·NIST-800-53-AC-6(1)
167805 ··-·NIST-800-53-CM-6(a)167805 ··-·NIST-800-53-CM-6(a)
167806 ··-·PCI-DSS-Req-7.1167806 ··-·PCI-DSS-Req-7.1
Offset 167813, 16 lines modifiedOffset 167813, 16 lines modified
167813 ··-·no_reboot_needed167813 ··-·no_reboot_needed
  
167814 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg167814 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
167815 ··file:167815 ··file:
167816 ····path:·/boot/grub2/user.cfg167816 ····path:·/boot/grub2/user.cfg
167817 ····group:·'0'167817 ····group:·'0'
167818 ··when:167818 ··when:
167819 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167820 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167819 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167820 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167821 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167821 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167822 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists167822 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
167823 ··tags:167823 ··tags:
167824 ··-·CJIS-5.5.2.2167824 ··-·CJIS-5.5.2.2
167825 ··-·NIST-800-171-3.4.5167825 ··-·NIST-800-171-3.4.5
167826 ··-·NIST-800-53-AC-6(1)167826 ··-·NIST-800-53-AC-6(1)
167827 ··-·NIST-800-53-CM-6(a)167827 ··-·NIST-800-53-CM-6(a)
Offset 167830, 15 lines modifiedOffset 167830, 15 lines modified
167830 ··-·configure_strategy167830 ··-·configure_strategy
167831 ··-·file_groupowner_efi_user_cfg167831 ··-·file_groupowner_efi_user_cfg
167832 ··-·low_complexity167832 ··-·low_complexity
167833 ··-·low_disruption167833 ··-·low_disruption
167834 ··-·medium_severity167834 ··-·medium_severity
167835 ··-·no_reboot_needed</xccdf-1.2:fix>167835 ··-·no_reboot_needed</xccdf-1.2:fix>
167836 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms167836 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
167837 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then167837 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
167838 chgrp·0·/boot/grub2/user.cfg167838 chgrp·0·/boot/grub2/user.cfg
  
167839 else167839 else
167840 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'167840 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
167841 fi</xccdf-1.2:fix>167841 fi</xccdf-1.2:fix>
167842 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">167842 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 167929, 16 lines modifiedOffset 167929, 16 lines modified
167929 ··-·no_reboot_needed167929 ··-·no_reboot_needed
  
167930 -·name:·Test·for·existence·/boot/grub2/user.cfg167930 -·name:·Test·for·existence·/boot/grub2/user.cfg
167931 ··stat:167931 ··stat:
167932 ····path:·/boot/grub2/user.cfg167932 ····path:·/boot/grub2/user.cfg
167933 ··register:·file_exists167933 ··register:·file_exists
167934 ··when:167934 ··when:
167935 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167936 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167935 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167936 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167937 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167937 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167938 ··tags:167938 ··tags:
167939 ··-·CJIS-5.5.2.2167939 ··-·CJIS-5.5.2.2
167940 ··-·NIST-800-171-3.4.5167940 ··-·NIST-800-171-3.4.5
167941 ··-·NIST-800-53-AC-6(1)167941 ··-·NIST-800-53-AC-6(1)
167942 ··-·NIST-800-53-CM-6(a)167942 ··-·NIST-800-53-CM-6(a)
167943 ··-·PCI-DSS-Req-7.1167943 ··-·PCI-DSS-Req-7.1
Offset 167950, 16 lines modifiedOffset 167950, 16 lines modified
167950 ··-·no_reboot_needed167950 ··-·no_reboot_needed
  
167951 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg167951 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
167952 ··file:167952 ··file:
167953 ····path:·/boot/grub2/user.cfg167953 ····path:·/boot/grub2/user.cfg
167954 ····owner:·'0'167954 ····owner:·'0'
167955 ··when:167955 ··when:
167956 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167957 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167956 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167957 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167958 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167958 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167959 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists167959 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
167960 ··tags:167960 ··tags:
167961 ··-·CJIS-5.5.2.2167961 ··-·CJIS-5.5.2.2
167962 ··-·NIST-800-171-3.4.5167962 ··-·NIST-800-171-3.4.5
167963 ··-·NIST-800-53-AC-6(1)167963 ··-·NIST-800-53-AC-6(1)
167964 ··-·NIST-800-53-CM-6(a)167964 ··-·NIST-800-53-CM-6(a)
Offset 167967, 15 lines modifiedOffset 167967, 15 lines modified
167967 ··-·configure_strategy167967 ··-·configure_strategy
167968 ··-·file_owner_efi_user_cfg167968 ··-·file_owner_efi_user_cfg
167969 ··-·low_complexity167969 ··-·low_complexity
167970 ··-·low_disruption167970 ··-·low_disruption
167971 ··-·medium_severity167971 ··-·medium_severity
167972 ··-·no_reboot_needed</xccdf-1.2:fix>167972 ··-·no_reboot_needed</xccdf-1.2:fix>
167973 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms167973 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
167974 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then167974 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
167975 chown·0·/boot/grub2/user.cfg167975 chown·0·/boot/grub2/user.cfg
  
167976 else167976 else
167977 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'167977 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
167978 fi</xccdf-1.2:fix>167978 fi</xccdf-1.2:fix>
167979 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">167979 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168059, 16 lines modifiedOffset 168059, 16 lines modified
168059 ··-·no_reboot_needed168059 ··-·no_reboot_needed
  
168060 -·name:·Test·for·existence·/boot/grub2/grub.cfg168060 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168061 ··stat:168061 ··stat:
168062 ····path:·/boot/grub2/grub.cfg168062 ····path:·/boot/grub2/grub.cfg
168063 ··register:·file_exists168063 ··register:·file_exists
168064 ··when:168064 ··when:
168065 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168066 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168065 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168066 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168067 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168067 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168068 ··tags:168068 ··tags:
168069 ··-·NIST-800-171-3.4.5168069 ··-·NIST-800-171-3.4.5
168070 ··-·NIST-800-53-AC-6(1)168070 ··-·NIST-800-53-AC-6(1)
168071 ··-·NIST-800-53-CM-6(a)168071 ··-·NIST-800-53-CM-6(a)
168072 ··-·configure_strategy168072 ··-·configure_strategy
168073 ··-·file_permissions_efi_grub2_cfg168073 ··-·file_permissions_efi_grub2_cfg
Offset 168078, 30 lines modifiedOffset 168078, 30 lines modified
168078 ··-·no_reboot_needed168078 ··-·no_reboot_needed
  
168079 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg168079 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
168080 ··file:168080 ··file:
168081 ····path:·/boot/grub2/grub.cfg168081 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 5141/10644 bytes (48.30%) of diff not shown.
10.6 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml
10.5 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml
    
Offset 167626, 16 lines modifiedOffset 167626, 16 lines modified
167626 ··-·no_reboot_needed167626 ··-·no_reboot_needed
  
167627 -·name:·Test·for·existence·/boot/grub2/user.cfg167627 -·name:·Test·for·existence·/boot/grub2/user.cfg
167628 ··stat:167628 ··stat:
167629 ····path:·/boot/grub2/user.cfg167629 ····path:·/boot/grub2/user.cfg
167630 ··register:·file_exists167630 ··register:·file_exists
167631 ··when:167631 ··when:
167632 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167633 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167632 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167633 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167634 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167634 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167635 ··tags:167635 ··tags:
167636 ··-·CJIS-5.5.2.2167636 ··-·CJIS-5.5.2.2
167637 ··-·NIST-800-171-3.4.5167637 ··-·NIST-800-171-3.4.5
167638 ··-·NIST-800-53-AC-6(1)167638 ··-·NIST-800-53-AC-6(1)
167639 ··-·NIST-800-53-CM-6(a)167639 ··-·NIST-800-53-CM-6(a)
167640 ··-·PCI-DSS-Req-7.1167640 ··-·PCI-DSS-Req-7.1
Offset 167647, 16 lines modifiedOffset 167647, 16 lines modified
167647 ··-·no_reboot_needed167647 ··-·no_reboot_needed
  
167648 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg167648 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
167649 ··file:167649 ··file:
167650 ····path:·/boot/grub2/user.cfg167650 ····path:·/boot/grub2/user.cfg
167651 ····group:·'0'167651 ····group:·'0'
167652 ··when:167652 ··when:
167653 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167654 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167653 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167654 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167655 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167655 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167656 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists167656 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
167657 ··tags:167657 ··tags:
167658 ··-·CJIS-5.5.2.2167658 ··-·CJIS-5.5.2.2
167659 ··-·NIST-800-171-3.4.5167659 ··-·NIST-800-171-3.4.5
167660 ··-·NIST-800-53-AC-6(1)167660 ··-·NIST-800-53-AC-6(1)
167661 ··-·NIST-800-53-CM-6(a)167661 ··-·NIST-800-53-CM-6(a)
Offset 167664, 15 lines modifiedOffset 167664, 15 lines modified
167664 ··-·configure_strategy167664 ··-·configure_strategy
167665 ··-·file_groupowner_efi_user_cfg167665 ··-·file_groupowner_efi_user_cfg
167666 ··-·low_complexity167666 ··-·low_complexity
167667 ··-·low_disruption167667 ··-·low_disruption
167668 ··-·medium_severity167668 ··-·medium_severity
167669 ··-·no_reboot_needed</xccdf-1.2:fix>167669 ··-·no_reboot_needed</xccdf-1.2:fix>
167670 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms167670 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
167671 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then167671 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
167672 chgrp·0·/boot/grub2/user.cfg167672 chgrp·0·/boot/grub2/user.cfg
  
167673 else167673 else
167674 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'167674 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
167675 fi</xccdf-1.2:fix>167675 fi</xccdf-1.2:fix>
167676 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">167676 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 167763, 16 lines modifiedOffset 167763, 16 lines modified
167763 ··-·no_reboot_needed167763 ··-·no_reboot_needed
  
167764 -·name:·Test·for·existence·/boot/grub2/user.cfg167764 -·name:·Test·for·existence·/boot/grub2/user.cfg
167765 ··stat:167765 ··stat:
167766 ····path:·/boot/grub2/user.cfg167766 ····path:·/boot/grub2/user.cfg
167767 ··register:·file_exists167767 ··register:·file_exists
167768 ··when:167768 ··when:
167769 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167770 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167769 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167770 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167771 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167771 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167772 ··tags:167772 ··tags:
167773 ··-·CJIS-5.5.2.2167773 ··-·CJIS-5.5.2.2
167774 ··-·NIST-800-171-3.4.5167774 ··-·NIST-800-171-3.4.5
167775 ··-·NIST-800-53-AC-6(1)167775 ··-·NIST-800-53-AC-6(1)
167776 ··-·NIST-800-53-CM-6(a)167776 ··-·NIST-800-53-CM-6(a)
167777 ··-·PCI-DSS-Req-7.1167777 ··-·PCI-DSS-Req-7.1
Offset 167784, 16 lines modifiedOffset 167784, 16 lines modified
167784 ··-·no_reboot_needed167784 ··-·no_reboot_needed
  
167785 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg167785 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
167786 ··file:167786 ··file:
167787 ····path:·/boot/grub2/user.cfg167787 ····path:·/boot/grub2/user.cfg
167788 ····owner:·'0'167788 ····owner:·'0'
167789 ··when:167789 ··when:
167790 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167791 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167790 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167791 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167792 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167792 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167793 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists167793 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
167794 ··tags:167794 ··tags:
167795 ··-·CJIS-5.5.2.2167795 ··-·CJIS-5.5.2.2
167796 ··-·NIST-800-171-3.4.5167796 ··-·NIST-800-171-3.4.5
167797 ··-·NIST-800-53-AC-6(1)167797 ··-·NIST-800-53-AC-6(1)
167798 ··-·NIST-800-53-CM-6(a)167798 ··-·NIST-800-53-CM-6(a)
Offset 167801, 15 lines modifiedOffset 167801, 15 lines modified
167801 ··-·configure_strategy167801 ··-·configure_strategy
167802 ··-·file_owner_efi_user_cfg167802 ··-·file_owner_efi_user_cfg
167803 ··-·low_complexity167803 ··-·low_complexity
167804 ··-·low_disruption167804 ··-·low_disruption
167805 ··-·medium_severity167805 ··-·medium_severity
167806 ··-·no_reboot_needed</xccdf-1.2:fix>167806 ··-·no_reboot_needed</xccdf-1.2:fix>
167807 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms167807 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
167808 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then167808 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
167809 chown·0·/boot/grub2/user.cfg167809 chown·0·/boot/grub2/user.cfg
  
167810 else167810 else
167811 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'167811 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
167812 fi</xccdf-1.2:fix>167812 fi</xccdf-1.2:fix>
167813 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">167813 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 167893, 16 lines modifiedOffset 167893, 16 lines modified
167893 ··-·no_reboot_needed167893 ··-·no_reboot_needed
  
167894 -·name:·Test·for·existence·/boot/grub2/grub.cfg167894 -·name:·Test·for·existence·/boot/grub2/grub.cfg
167895 ··stat:167895 ··stat:
167896 ····path:·/boot/grub2/grub.cfg167896 ····path:·/boot/grub2/grub.cfg
167897 ··register:·file_exists167897 ··register:·file_exists
167898 ··when:167898 ··when:
167899 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
167900 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'167899 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 167900 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
167901 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]167901 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
167902 ··tags:167902 ··tags:
167903 ··-·NIST-800-171-3.4.5167903 ··-·NIST-800-171-3.4.5
167904 ··-·NIST-800-53-AC-6(1)167904 ··-·NIST-800-53-AC-6(1)
167905 ··-·NIST-800-53-CM-6(a)167905 ··-·NIST-800-53-CM-6(a)
167906 ··-·configure_strategy167906 ··-·configure_strategy
167907 ··-·file_permissions_efi_grub2_cfg167907 ··-·file_permissions_efi_grub2_cfg
Offset 167912, 30 lines modifiedOffset 167912, 30 lines modified
167912 ··-·no_reboot_needed167912 ··-·no_reboot_needed
  
167913 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg167913 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
167914 ··file:167914 ··file:
167915 ····path:·/boot/grub2/grub.cfg167915 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 5121/10608 bytes (48.27%) of diff not shown.
455 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml
455 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml
    
Offset 39087, 16 lines modifiedOffset 39087, 16 lines modified
39087 ··-·reboot_required39087 ··-·reboot_required
39088 ··-·restrict_strategy39088 ··-·restrict_strategy
  
39089 -·name:·Set·architecture·for·audit·open·tasks39089 -·name:·Set·architecture·for·audit·open·tasks
39090 ··set_fact:39090 ··set_fact:
39091 ····audit_arch:·b6439091 ····audit_arch:·b64
39092 ··when:39092 ··when:
39093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39094 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39094 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39097 ··tags:39097 ··tags:
39098 ··-·NIST-800-53-AC-2(4)39098 ··-·NIST-800-53-AC-2(4)
39099 ··-·NIST-800-53-AC-6(9)39099 ··-·NIST-800-53-AC-6(9)
39100 ··-·NIST-800-53-AU-12(c)39100 ··-·NIST-800-53-AU-12(c)
39101 ··-·NIST-800-53-AU-2(d)39101 ··-·NIST-800-53-AU-2(d)
Offset 39225, 16 lines modifiedOffset 39225, 16 lines modified
39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39227 ······create:·true39227 ······create:·true
39228 ······mode:·o-rwx39228 ······mode:·o-rwx
39229 ······state:·present39229 ······state:·present
39230 ····when:·syscalls_found·|·length·==·039230 ····when:·syscalls_found·|·length·==·0
39231 ··when:39231 ··when:
39232 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39233 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39232 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39233 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39234 ··tags:39234 ··tags:
39235 ··-·NIST-800-53-AC-2(4)39235 ··-·NIST-800-53-AC-2(4)
39236 ··-·NIST-800-53-AC-6(9)39236 ··-·NIST-800-53-AC-6(9)
39237 ··-·NIST-800-53-AU-12(c)39237 ··-·NIST-800-53-AU-12(c)
39238 ··-·NIST-800-53-AU-2(d)39238 ··-·NIST-800-53-AU-2(d)
39239 ··-·NIST-800-53-CM-6(a)39239 ··-·NIST-800-53-CM-6(a)
39240 ··-·audit_rules_etc_group_open39240 ··-·audit_rules_etc_group_open
Offset 39361, 31 lines modifiedOffset 39361, 31 lines modified
39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39363 ······create:·true39363 ······create:·true
39364 ······mode:·o-rwx39364 ······mode:·o-rwx
39365 ······state:·present39365 ······state:·present
39366 ····when:·syscalls_found·|·length·==·039366 ····when:·syscalls_found·|·length·==·0
39367 ··when:39367 ··when:
39368 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39369 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39368 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39369 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39370 ··-·audit_arch·==·&quot;b64&quot;39370 ··-·audit_arch·==·&quot;b64&quot;
39371 ··tags:39371 ··tags:
39372 ··-·NIST-800-53-AC-2(4)39372 ··-·NIST-800-53-AC-2(4)
39373 ··-·NIST-800-53-AC-6(9)39373 ··-·NIST-800-53-AC-6(9)
39374 ··-·NIST-800-53-AU-12(c)39374 ··-·NIST-800-53-AU-12(c)
39375 ··-·NIST-800-53-AU-2(d)39375 ··-·NIST-800-53-AU-2(d)
39376 ··-·NIST-800-53-CM-6(a)39376 ··-·NIST-800-53-CM-6(a)
39377 ··-·audit_rules_etc_group_open39377 ··-·audit_rules_etc_group_open
39378 ··-·low_complexity39378 ··-·low_complexity
39379 ··-·low_disruption39379 ··-·low_disruption
39380 ··-·medium_severity39380 ··-·medium_severity
39381 ··-·reboot_required39381 ··-·reboot_required
39382 ··-·restrict_strategy</xccdf-1.2:fix>39382 ··-·restrict_strategy</xccdf-1.2:fix>
39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
39384 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then39384 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
39385 #·First·perform·the·remediation·of·the·syscall·rule39385 #·First·perform·the·remediation·of·the·syscall·rule
39386 #·Retrieve·hardware·architecture·of·the·underlying·system39386 #·Retrieve·hardware·architecture·of·the·underlying·system
39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
39389 do39389 do
Offset 39781, 16 lines modifiedOffset 39781, 16 lines modified
39781 ··-·reboot_required39781 ··-·reboot_required
39782 ··-·restrict_strategy39782 ··-·restrict_strategy
  
39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
39784 ··set_fact:39784 ··set_fact:
39785 ····audit_arch:·b6439785 ····audit_arch:·b64
39786 ··when:39786 ··when:
39787 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39788 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39787 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39788 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39791 ··tags:39791 ··tags:
39792 ··-·NIST-800-53-AC-2(4)39792 ··-·NIST-800-53-AC-2(4)
39793 ··-·NIST-800-53-AC-6(9)39793 ··-·NIST-800-53-AC-6(9)
39794 ··-·NIST-800-53-AU-12(c)39794 ··-·NIST-800-53-AU-12(c)
39795 ··-·NIST-800-53-AU-2(d)39795 ··-·NIST-800-53-AU-2(d)
Offset 39919, 16 lines modifiedOffset 39919, 16 lines modified
39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39921 ······create:·true39921 ······create:·true
39922 ······mode:·o-rwx39922 ······mode:·o-rwx
39923 ······state:·present39923 ······state:·present
39924 ····when:·syscalls_found·|·length·==·039924 ····when:·syscalls_found·|·length·==·0
39925 ··when:39925 ··when:
39926 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39927 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39926 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39927 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39928 ··tags:39928 ··tags:
39929 ··-·NIST-800-53-AC-2(4)39929 ··-·NIST-800-53-AC-2(4)
39930 ··-·NIST-800-53-AC-6(9)39930 ··-·NIST-800-53-AC-6(9)
39931 ··-·NIST-800-53-AU-12(c)39931 ··-·NIST-800-53-AU-12(c)
39932 ··-·NIST-800-53-AU-2(d)39932 ··-·NIST-800-53-AU-2(d)
39933 ··-·NIST-800-53-CM-6(a)39933 ··-·NIST-800-53-CM-6(a)
39934 ··-·audit_rules_etc_group_open_by_handle_at39934 ··-·audit_rules_etc_group_open_by_handle_at
Offset 40055, 31 lines modifiedOffset 40055, 31 lines modified
40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40057 ······create:·true40057 ······create:·true
40058 ······mode:·o-rwx40058 ······mode:·o-rwx
40059 ······state:·present40059 ······state:·present
40060 ····when:·syscalls_found·|·length·==·040060 ····when:·syscalls_found·|·length·==·0
40061 ··when:40061 ··when:
40062 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40063 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40062 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40063 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40064 ··-·audit_arch·==·&quot;b64&quot;40064 ··-·audit_arch·==·&quot;b64&quot;
40065 ··tags:40065 ··tags:
40066 ··-·NIST-800-53-AC-2(4)40066 ··-·NIST-800-53-AC-2(4)
40067 ··-·NIST-800-53-AC-6(9)40067 ··-·NIST-800-53-AC-6(9)
40068 ··-·NIST-800-53-AU-12(c)40068 ··-·NIST-800-53-AU-12(c)
40069 ··-·NIST-800-53-AU-2(d)40069 ··-·NIST-800-53-AU-2(d)
40070 ··-·NIST-800-53-CM-6(a)40070 ··-·NIST-800-53-CM-6(a)
40071 ··-·audit_rules_etc_group_open_by_handle_at40071 ··-·audit_rules_etc_group_open_by_handle_at
40072 ··-·low_complexity40072 ··-·low_complexity
40073 ··-·low_disruption40073 ··-·low_disruption
40074 ··-·medium_severity40074 ··-·medium_severity
40075 ··-·reboot_required40075 ··-·reboot_required
Max diff block lines reached; 459837/465701 bytes (98.74%) of diff not shown.
455 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
455 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
    
Offset 39087, 16 lines modifiedOffset 39087, 16 lines modified
39087 ··-·reboot_required39087 ··-·reboot_required
39088 ··-·restrict_strategy39088 ··-·restrict_strategy
  
39089 -·name:·Set·architecture·for·audit·open·tasks39089 -·name:·Set·architecture·for·audit·open·tasks
39090 ··set_fact:39090 ··set_fact:
39091 ····audit_arch:·b6439091 ····audit_arch:·b64
39092 ··when:39092 ··when:
39093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39094 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39094 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39097 ··tags:39097 ··tags:
39098 ··-·NIST-800-53-AC-2(4)39098 ··-·NIST-800-53-AC-2(4)
39099 ··-·NIST-800-53-AC-6(9)39099 ··-·NIST-800-53-AC-6(9)
39100 ··-·NIST-800-53-AU-12(c)39100 ··-·NIST-800-53-AU-12(c)
39101 ··-·NIST-800-53-AU-2(d)39101 ··-·NIST-800-53-AU-2(d)
Offset 39225, 16 lines modifiedOffset 39225, 16 lines modified
39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39227 ······create:·true39227 ······create:·true
39228 ······mode:·o-rwx39228 ······mode:·o-rwx
39229 ······state:·present39229 ······state:·present
39230 ····when:·syscalls_found·|·length·==·039230 ····when:·syscalls_found·|·length·==·0
39231 ··when:39231 ··when:
39232 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39233 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39232 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39233 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39234 ··tags:39234 ··tags:
39235 ··-·NIST-800-53-AC-2(4)39235 ··-·NIST-800-53-AC-2(4)
39236 ··-·NIST-800-53-AC-6(9)39236 ··-·NIST-800-53-AC-6(9)
39237 ··-·NIST-800-53-AU-12(c)39237 ··-·NIST-800-53-AU-12(c)
39238 ··-·NIST-800-53-AU-2(d)39238 ··-·NIST-800-53-AU-2(d)
39239 ··-·NIST-800-53-CM-6(a)39239 ··-·NIST-800-53-CM-6(a)
39240 ··-·audit_rules_etc_group_open39240 ··-·audit_rules_etc_group_open
Offset 39361, 31 lines modifiedOffset 39361, 31 lines modified
39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39363 ······create:·true39363 ······create:·true
39364 ······mode:·o-rwx39364 ······mode:·o-rwx
39365 ······state:·present39365 ······state:·present
39366 ····when:·syscalls_found·|·length·==·039366 ····when:·syscalls_found·|·length·==·0
39367 ··when:39367 ··when:
39368 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39369 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39368 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39369 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39370 ··-·audit_arch·==·&quot;b64&quot;39370 ··-·audit_arch·==·&quot;b64&quot;
39371 ··tags:39371 ··tags:
39372 ··-·NIST-800-53-AC-2(4)39372 ··-·NIST-800-53-AC-2(4)
39373 ··-·NIST-800-53-AC-6(9)39373 ··-·NIST-800-53-AC-6(9)
39374 ··-·NIST-800-53-AU-12(c)39374 ··-·NIST-800-53-AU-12(c)
39375 ··-·NIST-800-53-AU-2(d)39375 ··-·NIST-800-53-AU-2(d)
39376 ··-·NIST-800-53-CM-6(a)39376 ··-·NIST-800-53-CM-6(a)
39377 ··-·audit_rules_etc_group_open39377 ··-·audit_rules_etc_group_open
39378 ··-·low_complexity39378 ··-·low_complexity
39379 ··-·low_disruption39379 ··-·low_disruption
39380 ··-·medium_severity39380 ··-·medium_severity
39381 ··-·reboot_required39381 ··-·reboot_required
39382 ··-·restrict_strategy</xccdf-1.2:fix>39382 ··-·restrict_strategy</xccdf-1.2:fix>
39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
39384 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then39384 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
39385 #·First·perform·the·remediation·of·the·syscall·rule39385 #·First·perform·the·remediation·of·the·syscall·rule
39386 #·Retrieve·hardware·architecture·of·the·underlying·system39386 #·Retrieve·hardware·architecture·of·the·underlying·system
39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
39389 do39389 do
Offset 39781, 16 lines modifiedOffset 39781, 16 lines modified
39781 ··-·reboot_required39781 ··-·reboot_required
39782 ··-·restrict_strategy39782 ··-·restrict_strategy
  
39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
39784 ··set_fact:39784 ··set_fact:
39785 ····audit_arch:·b6439785 ····audit_arch:·b64
39786 ··when:39786 ··when:
39787 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39788 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39787 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39788 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39791 ··tags:39791 ··tags:
39792 ··-·NIST-800-53-AC-2(4)39792 ··-·NIST-800-53-AC-2(4)
39793 ··-·NIST-800-53-AC-6(9)39793 ··-·NIST-800-53-AC-6(9)
39794 ··-·NIST-800-53-AU-12(c)39794 ··-·NIST-800-53-AU-12(c)
39795 ··-·NIST-800-53-AU-2(d)39795 ··-·NIST-800-53-AU-2(d)
Offset 39919, 16 lines modifiedOffset 39919, 16 lines modified
39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39921 ······create:·true39921 ······create:·true
39922 ······mode:·o-rwx39922 ······mode:·o-rwx
39923 ······state:·present39923 ······state:·present
39924 ····when:·syscalls_found·|·length·==·039924 ····when:·syscalls_found·|·length·==·0
39925 ··when:39925 ··when:
39926 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39927 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39926 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39927 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39928 ··tags:39928 ··tags:
39929 ··-·NIST-800-53-AC-2(4)39929 ··-·NIST-800-53-AC-2(4)
39930 ··-·NIST-800-53-AC-6(9)39930 ··-·NIST-800-53-AC-6(9)
39931 ··-·NIST-800-53-AU-12(c)39931 ··-·NIST-800-53-AU-12(c)
39932 ··-·NIST-800-53-AU-2(d)39932 ··-·NIST-800-53-AU-2(d)
39933 ··-·NIST-800-53-CM-6(a)39933 ··-·NIST-800-53-CM-6(a)
39934 ··-·audit_rules_etc_group_open_by_handle_at39934 ··-·audit_rules_etc_group_open_by_handle_at
Offset 40055, 31 lines modifiedOffset 40055, 31 lines modified
40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40057 ······create:·true40057 ······create:·true
40058 ······mode:·o-rwx40058 ······mode:·o-rwx
40059 ······state:·present40059 ······state:·present
40060 ····when:·syscalls_found·|·length·==·040060 ····when:·syscalls_found·|·length·==·0
40061 ··when:40061 ··when:
40062 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40063 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40062 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40063 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40064 ··-·audit_arch·==·&quot;b64&quot;40064 ··-·audit_arch·==·&quot;b64&quot;
40065 ··tags:40065 ··tags:
40066 ··-·NIST-800-53-AC-2(4)40066 ··-·NIST-800-53-AC-2(4)
40067 ··-·NIST-800-53-AC-6(9)40067 ··-·NIST-800-53-AC-6(9)
40068 ··-·NIST-800-53-AU-12(c)40068 ··-·NIST-800-53-AU-12(c)
40069 ··-·NIST-800-53-AU-2(d)40069 ··-·NIST-800-53-AU-2(d)
40070 ··-·NIST-800-53-CM-6(a)40070 ··-·NIST-800-53-CM-6(a)
40071 ··-·audit_rules_etc_group_open_by_handle_at40071 ··-·audit_rules_etc_group_open_by_handle_at
40072 ··-·low_complexity40072 ··-·low_complexity
40073 ··-·low_disruption40073 ··-·low_disruption
40074 ··-·medium_severity40074 ··-·medium_severity
40075 ··-·reboot_required40075 ··-·reboot_required
Max diff block lines reached; 459837/465701 bytes (98.74%) of diff not shown.
454 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml
454 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml
    
Offset 38939, 16 lines modifiedOffset 38939, 16 lines modified
38939 ··-·reboot_required38939 ··-·reboot_required
38940 ··-·restrict_strategy38940 ··-·restrict_strategy
  
38941 -·name:·Set·architecture·for·audit·open·tasks38941 -·name:·Set·architecture·for·audit·open·tasks
38942 ··set_fact:38942 ··set_fact:
38943 ····audit_arch:·b6438943 ····audit_arch:·b64
38944 ··when:38944 ··when:
38945 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
38946 ··-·'&quot;audit&quot;·in·ansible_facts.packages'38945 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 38946 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
38947 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture38947 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
38948 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;38948 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
38949 ··tags:38949 ··tags:
38950 ··-·NIST-800-53-AC-2(4)38950 ··-·NIST-800-53-AC-2(4)
38951 ··-·NIST-800-53-AC-6(9)38951 ··-·NIST-800-53-AC-6(9)
38952 ··-·NIST-800-53-AU-12(c)38952 ··-·NIST-800-53-AU-12(c)
38953 ··-·NIST-800-53-AU-2(d)38953 ··-·NIST-800-53-AU-2(d)
Offset 39077, 16 lines modifiedOffset 39077, 16 lines modified
39077 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39077 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39078 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39078 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39079 ······create:·true39079 ······create:·true
39080 ······mode:·o-rwx39080 ······mode:·o-rwx
39081 ······state:·present39081 ······state:·present
39082 ····when:·syscalls_found·|·length·==·039082 ····when:·syscalls_found·|·length·==·0
39083 ··when:39083 ··when:
39084 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39085 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39084 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39085 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39086 ··tags:39086 ··tags:
39087 ··-·NIST-800-53-AC-2(4)39087 ··-·NIST-800-53-AC-2(4)
39088 ··-·NIST-800-53-AC-6(9)39088 ··-·NIST-800-53-AC-6(9)
39089 ··-·NIST-800-53-AU-12(c)39089 ··-·NIST-800-53-AU-12(c)
39090 ··-·NIST-800-53-AU-2(d)39090 ··-·NIST-800-53-AU-2(d)
39091 ··-·NIST-800-53-CM-6(a)39091 ··-·NIST-800-53-CM-6(a)
39092 ··-·audit_rules_etc_group_open39092 ··-·audit_rules_etc_group_open
Offset 39213, 31 lines modifiedOffset 39213, 31 lines modified
39213 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39213 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39214 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39214 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39215 ······create:·true39215 ······create:·true
39216 ······mode:·o-rwx39216 ······mode:·o-rwx
39217 ······state:·present39217 ······state:·present
39218 ····when:·syscalls_found·|·length·==·039218 ····when:·syscalls_found·|·length·==·0
39219 ··when:39219 ··when:
39220 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39221 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39220 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39221 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39222 ··-·audit_arch·==·&quot;b64&quot;39222 ··-·audit_arch·==·&quot;b64&quot;
39223 ··tags:39223 ··tags:
39224 ··-·NIST-800-53-AC-2(4)39224 ··-·NIST-800-53-AC-2(4)
39225 ··-·NIST-800-53-AC-6(9)39225 ··-·NIST-800-53-AC-6(9)
39226 ··-·NIST-800-53-AU-12(c)39226 ··-·NIST-800-53-AU-12(c)
39227 ··-·NIST-800-53-AU-2(d)39227 ··-·NIST-800-53-AU-2(d)
39228 ··-·NIST-800-53-CM-6(a)39228 ··-·NIST-800-53-CM-6(a)
39229 ··-·audit_rules_etc_group_open39229 ··-·audit_rules_etc_group_open
39230 ··-·low_complexity39230 ··-·low_complexity
39231 ··-·low_disruption39231 ··-·low_disruption
39232 ··-·medium_severity39232 ··-·medium_severity
39233 ··-·reboot_required39233 ··-·reboot_required
39234 ··-·restrict_strategy</xccdf-1.2:fix>39234 ··-·restrict_strategy</xccdf-1.2:fix>
39235 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms39235 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
39236 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then39236 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
39237 #·First·perform·the·remediation·of·the·syscall·rule39237 #·First·perform·the·remediation·of·the·syscall·rule
39238 #·Retrieve·hardware·architecture·of·the·underlying·system39238 #·Retrieve·hardware·architecture·of·the·underlying·system
39239 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)39239 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
39240 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;39240 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
39241 do39241 do
Offset 39633, 16 lines modifiedOffset 39633, 16 lines modified
39633 ··-·reboot_required39633 ··-·reboot_required
39634 ··-·restrict_strategy39634 ··-·restrict_strategy
  
39635 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks39635 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
39636 ··set_fact:39636 ··set_fact:
39637 ····audit_arch:·b6439637 ····audit_arch:·b64
39638 ··when:39638 ··when:
39639 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39640 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39639 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39640 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39641 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39641 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39642 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39642 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39643 ··tags:39643 ··tags:
39644 ··-·NIST-800-53-AC-2(4)39644 ··-·NIST-800-53-AC-2(4)
39645 ··-·NIST-800-53-AC-6(9)39645 ··-·NIST-800-53-AC-6(9)
39646 ··-·NIST-800-53-AU-12(c)39646 ··-·NIST-800-53-AU-12(c)
39647 ··-·NIST-800-53-AU-2(d)39647 ··-·NIST-800-53-AU-2(d)
Offset 39771, 16 lines modifiedOffset 39771, 16 lines modified
39771 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39771 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39772 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39772 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39773 ······create:·true39773 ······create:·true
39774 ······mode:·o-rwx39774 ······mode:·o-rwx
39775 ······state:·present39775 ······state:·present
39776 ····when:·syscalls_found·|·length·==·039776 ····when:·syscalls_found·|·length·==·0
39777 ··when:39777 ··when:
39778 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39779 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39778 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39779 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39780 ··tags:39780 ··tags:
39781 ··-·NIST-800-53-AC-2(4)39781 ··-·NIST-800-53-AC-2(4)
39782 ··-·NIST-800-53-AC-6(9)39782 ··-·NIST-800-53-AC-6(9)
39783 ··-·NIST-800-53-AU-12(c)39783 ··-·NIST-800-53-AU-12(c)
39784 ··-·NIST-800-53-AU-2(d)39784 ··-·NIST-800-53-AU-2(d)
39785 ··-·NIST-800-53-CM-6(a)39785 ··-·NIST-800-53-CM-6(a)
39786 ··-·audit_rules_etc_group_open_by_handle_at39786 ··-·audit_rules_etc_group_open_by_handle_at
Offset 39907, 31 lines modifiedOffset 39907, 31 lines modified
39907 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39907 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39908 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39908 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39909 ······create:·true39909 ······create:·true
39910 ······mode:·o-rwx39910 ······mode:·o-rwx
39911 ······state:·present39911 ······state:·present
39912 ····when:·syscalls_found·|·length·==·039912 ····when:·syscalls_found·|·length·==·0
39913 ··when:39913 ··when:
39914 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39915 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39914 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39915 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39916 ··-·audit_arch·==·&quot;b64&quot;39916 ··-·audit_arch·==·&quot;b64&quot;
39917 ··tags:39917 ··tags:
39918 ··-·NIST-800-53-AC-2(4)39918 ··-·NIST-800-53-AC-2(4)
39919 ··-·NIST-800-53-AC-6(9)39919 ··-·NIST-800-53-AC-6(9)
39920 ··-·NIST-800-53-AU-12(c)39920 ··-·NIST-800-53-AU-12(c)
39921 ··-·NIST-800-53-AU-2(d)39921 ··-·NIST-800-53-AU-2(d)
39922 ··-·NIST-800-53-CM-6(a)39922 ··-·NIST-800-53-CM-6(a)
39923 ··-·audit_rules_etc_group_open_by_handle_at39923 ··-·audit_rules_etc_group_open_by_handle_at
39924 ··-·low_complexity39924 ··-·low_complexity
39925 ··-·low_disruption39925 ··-·low_disruption
39926 ··-·medium_severity39926 ··-·medium_severity
39927 ··-·reboot_required39927 ··-·reboot_required
Max diff block lines reached; 459055/464915 bytes (98.74%) of diff not shown.
3.53 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-cpe-oval.xml
3.42 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-cpe-oval.xml
Ordering differences only
    
Offset 2742, 27 lines modifiedOffset 2742, 27 lines modified
2742 ······<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>2742 ······<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>
2743 ····</ind:textfilecontent54_state>2743 ····</ind:textfilecontent54_state>
2744 ····<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">2744 ····<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">
2745 ······<unix:processor_type·operation="equals">ppc64le</unix:processor_type>2745 ······<unix:processor_type·operation="equals">ppc64le</unix:processor_type>
2746 ····</unix:uname_state>2746 ····</unix:uname_state>
2747 ··</oval-def:states>2747 ··</oval-def:states>
2748 ··<oval-def:variables>2748 ··<oval-def:variables>
2749 ····<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1"> 
2750 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component> 
2751 ····</oval-def:local_variable> 
2752 ····<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1"> 
2753 ······<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component> 
2754 ····</oval-def:local_variable> 
2755 ····<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1"> 
2756 ······<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component> 
2757 ····</oval-def:local_variable> 
2758 ····<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">2749 ····<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
2759 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>2750 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>
2760 ····</oval-def:local_variable>2751 ····</oval-def:local_variable>
2761 ····<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">2752 ····<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
2762 ······<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>2753 ······<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>
2763 ····</oval-def:local_variable>2754 ····</oval-def:local_variable>
2764 ····<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">2755 ····<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
2765 ······<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>2756 ······<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>
2766 ····</oval-def:local_variable>2757 ····</oval-def:local_variable>
 2758 ····<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1">
 2759 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component>
 2760 ····</oval-def:local_variable>
 2761 ····<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
 2762 ······<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component>
 2763 ····</oval-def:local_variable>
 2764 ····<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
 2765 ······<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component>
 2766 ····</oval-def:local_variable>
2767 ··</oval-def:variables>2767 ··</oval-def:variables>
2768 </oval-def:oval_definitions>2768 </oval-def:oval_definitions>
3.71 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds-1.2.xml
3.61 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds-1.2.xml
Ordering differences only
    
Offset 48529, 29 lines modifiedOffset 48529, 29 lines modified
48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>
48530 ········</ind:textfilecontent54_state>48530 ········</ind:textfilecontent54_state>
48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">
48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>
48533 ········</unix:uname_state>48533 ········</unix:uname_state>
48534 ······</oval-def:states>48534 ······</oval-def:states>
48535 ······<oval-def:variables>48535 ······<oval-def:variables>
48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1"> 
48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component> 
48538 ········</oval-def:local_variable> 
48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1"> 
48540 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component> 
48541 ········</oval-def:local_variable> 
48542 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1"> 
48543 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component> 
48544 ········</oval-def:local_variable> 
48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>
48547 ········</oval-def:local_variable>48538 ········</oval-def:local_variable>
48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48549 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>48540 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>
48550 ········</oval-def:local_variable>48541 ········</oval-def:local_variable>
48551 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48542 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48552 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>48543 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>
48553 ········</oval-def:local_variable>48544 ········</oval-def:local_variable>
 48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1">
 48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component>
 48547 ········</oval-def:local_variable>
 48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
 48549 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component>
 48550 ········</oval-def:local_variable>
 48551 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
 48552 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component>
 48553 ········</oval-def:local_variable>
48554 ······</oval-def:variables>48554 ······</oval-def:variables>
48555 ····</oval-def:oval_definitions>48555 ····</oval-def:oval_definitions>
48556 ··</ds:component>48556 ··</ds:component>
48557 </ds:data-stream-collection>48557 </ds:data-stream-collection>
3.69 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
3.6 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
Ordering differences only
    
Offset 48529, 29 lines modifiedOffset 48529, 29 lines modified
48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>
48530 ········</ind:textfilecontent54_state>48530 ········</ind:textfilecontent54_state>
48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">
48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>
48533 ········</unix:uname_state>48533 ········</unix:uname_state>
48534 ······</oval-def:states>48534 ······</oval-def:states>
48535 ······<oval-def:variables>48535 ······<oval-def:variables>
48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1"> 
48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component> 
48538 ········</oval-def:local_variable> 
48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1"> 
48540 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component> 
48541 ········</oval-def:local_variable> 
48542 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1"> 
48543 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component> 
48544 ········</oval-def:local_variable> 
48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>
48547 ········</oval-def:local_variable>48538 ········</oval-def:local_variable>
48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48549 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>48540 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>
48550 ········</oval-def:local_variable>48541 ········</oval-def:local_variable>
48551 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48542 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48552 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>48543 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>
48553 ········</oval-def:local_variable>48544 ········</oval-def:local_variable>
 48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1">
 48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component>
 48547 ········</oval-def:local_variable>
 48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
 48549 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component>
 48550 ········</oval-def:local_variable>
 48551 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
 48552 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component>
 48553 ········</oval-def:local_variable>
48554 ······</oval-def:variables>48554 ······</oval-def:variables>
48555 ····</oval-def:oval_definitions>48555 ····</oval-def:oval_definitions>
48556 ··</ds:component>48556 ··</ds:component>
48557 </ds:data-stream-collection>48557 </ds:data-stream-collection>
513 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml
513 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml
    
Offset 43146, 16 lines modifiedOffset 43146, 16 lines modified
43146 ··-·reboot_required43146 ··-·reboot_required
43147 ··-·restrict_strategy43147 ··-·restrict_strategy
  
43148 -·name:·Set·architecture·for·audit·open·tasks43148 -·name:·Set·architecture·for·audit·open·tasks
43149 ··set_fact:43149 ··set_fact:
43150 ····audit_arch:·b6443150 ····audit_arch:·b64
43151 ··when:43151 ··when:
43152 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43153 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43152 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43154 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture43154 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
43155 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;43155 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
43156 ··tags:43156 ··tags:
43157 ··-·NIST-800-53-AC-2(4)43157 ··-·NIST-800-53-AC-2(4)
43158 ··-·NIST-800-53-AC-6(9)43158 ··-·NIST-800-53-AC-6(9)
43159 ··-·NIST-800-53-AU-12(c)43159 ··-·NIST-800-53-AU-12(c)
43160 ··-·NIST-800-53-AU-2(d)43160 ··-·NIST-800-53-AU-2(d)
Offset 43284, 16 lines modifiedOffset 43284, 16 lines modified
43284 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group43284 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
43285 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43285 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43286 ······create:·true43286 ······create:·true
43287 ······mode:·o-rwx43287 ······mode:·o-rwx
43288 ······state:·present43288 ······state:·present
43289 ····when:·syscalls_found·|·length·==·043289 ····when:·syscalls_found·|·length·==·0
43290 ··when:43290 ··when:
43291 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43292 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43291 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43292 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43293 ··tags:43293 ··tags:
43294 ··-·NIST-800-53-AC-2(4)43294 ··-·NIST-800-53-AC-2(4)
43295 ··-·NIST-800-53-AC-6(9)43295 ··-·NIST-800-53-AC-6(9)
43296 ··-·NIST-800-53-AU-12(c)43296 ··-·NIST-800-53-AU-12(c)
43297 ··-·NIST-800-53-AU-2(d)43297 ··-·NIST-800-53-AU-2(d)
43298 ··-·NIST-800-53-CM-6(a)43298 ··-·NIST-800-53-CM-6(a)
43299 ··-·audit_rules_etc_group_open43299 ··-·audit_rules_etc_group_open
Offset 43420, 31 lines modifiedOffset 43420, 31 lines modified
43420 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group43420 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
43421 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43421 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43422 ······create:·true43422 ······create:·true
43423 ······mode:·o-rwx43423 ······mode:·o-rwx
43424 ······state:·present43424 ······state:·present
43425 ····when:·syscalls_found·|·length·==·043425 ····when:·syscalls_found·|·length·==·0
43426 ··when:43426 ··when:
43427 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43428 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43427 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43428 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43429 ··-·audit_arch·==·&quot;b64&quot;43429 ··-·audit_arch·==·&quot;b64&quot;
43430 ··tags:43430 ··tags:
43431 ··-·NIST-800-53-AC-2(4)43431 ··-·NIST-800-53-AC-2(4)
43432 ··-·NIST-800-53-AC-6(9)43432 ··-·NIST-800-53-AC-6(9)
43433 ··-·NIST-800-53-AU-12(c)43433 ··-·NIST-800-53-AU-12(c)
43434 ··-·NIST-800-53-AU-2(d)43434 ··-·NIST-800-53-AU-2(d)
43435 ··-·NIST-800-53-CM-6(a)43435 ··-·NIST-800-53-CM-6(a)
43436 ··-·audit_rules_etc_group_open43436 ··-·audit_rules_etc_group_open
43437 ··-·low_complexity43437 ··-·low_complexity
43438 ··-·low_disruption43438 ··-·low_disruption
43439 ··-·medium_severity43439 ··-·medium_severity
43440 ··-·reboot_required43440 ··-·reboot_required
43441 ··-·restrict_strategy</xccdf-1.2:fix>43441 ··-·restrict_strategy</xccdf-1.2:fix>
43442 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms43442 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
43443 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then43443 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
43444 #·First·perform·the·remediation·of·the·syscall·rule43444 #·First·perform·the·remediation·of·the·syscall·rule
43445 #·Retrieve·hardware·architecture·of·the·underlying·system43445 #·Retrieve·hardware·architecture·of·the·underlying·system
43446 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)43446 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
43447 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;43447 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
43448 do43448 do
Offset 43840, 16 lines modifiedOffset 43840, 16 lines modified
43840 ··-·reboot_required43840 ··-·reboot_required
43841 ··-·restrict_strategy43841 ··-·restrict_strategy
  
43842 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks43842 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
43843 ··set_fact:43843 ··set_fact:
43844 ····audit_arch:·b6443844 ····audit_arch:·b64
43845 ··when:43845 ··when:
43846 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43847 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43846 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43847 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43848 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture43848 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
43849 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;43849 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
43850 ··tags:43850 ··tags:
43851 ··-·NIST-800-53-AC-2(4)43851 ··-·NIST-800-53-AC-2(4)
43852 ··-·NIST-800-53-AC-6(9)43852 ··-·NIST-800-53-AC-6(9)
43853 ··-·NIST-800-53-AU-12(c)43853 ··-·NIST-800-53-AU-12(c)
43854 ··-·NIST-800-53-AU-2(d)43854 ··-·NIST-800-53-AU-2(d)
Offset 43978, 16 lines modifiedOffset 43978, 16 lines modified
43978 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group43978 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
43979 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43979 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43980 ······create:·true43980 ······create:·true
43981 ······mode:·o-rwx43981 ······mode:·o-rwx
43982 ······state:·present43982 ······state:·present
43983 ····when:·syscalls_found·|·length·==·043983 ····when:·syscalls_found·|·length·==·0
43984 ··when:43984 ··when:
43985 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43986 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43985 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43986 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43987 ··tags:43987 ··tags:
43988 ··-·NIST-800-53-AC-2(4)43988 ··-·NIST-800-53-AC-2(4)
43989 ··-·NIST-800-53-AC-6(9)43989 ··-·NIST-800-53-AC-6(9)
43990 ··-·NIST-800-53-AU-12(c)43990 ··-·NIST-800-53-AU-12(c)
43991 ··-·NIST-800-53-AU-2(d)43991 ··-·NIST-800-53-AU-2(d)
43992 ··-·NIST-800-53-CM-6(a)43992 ··-·NIST-800-53-CM-6(a)
43993 ··-·audit_rules_etc_group_open_by_handle_at43993 ··-·audit_rules_etc_group_open_by_handle_at
Offset 44114, 31 lines modifiedOffset 44114, 31 lines modified
44114 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group44114 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
44115 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify44115 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
44116 ······create:·true44116 ······create:·true
44117 ······mode:·o-rwx44117 ······mode:·o-rwx
44118 ······state:·present44118 ······state:·present
44119 ····when:·syscalls_found·|·length·==·044119 ····when:·syscalls_found·|·length·==·0
44120 ··when:44120 ··when:
44121 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
44122 ··-·'&quot;audit&quot;·in·ansible_facts.packages'44121 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 44122 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
44123 ··-·audit_arch·==·&quot;b64&quot;44123 ··-·audit_arch·==·&quot;b64&quot;
44124 ··tags:44124 ··tags:
44125 ··-·NIST-800-53-AC-2(4)44125 ··-·NIST-800-53-AC-2(4)
44126 ··-·NIST-800-53-AC-6(9)44126 ··-·NIST-800-53-AC-6(9)
44127 ··-·NIST-800-53-AU-12(c)44127 ··-·NIST-800-53-AU-12(c)
44128 ··-·NIST-800-53-AU-2(d)44128 ··-·NIST-800-53-AU-2(d)
44129 ··-·NIST-800-53-CM-6(a)44129 ··-·NIST-800-53-CM-6(a)
44130 ··-·audit_rules_etc_group_open_by_handle_at44130 ··-·audit_rules_etc_group_open_by_handle_at
44131 ··-·low_complexity44131 ··-·low_complexity
44132 ··-·low_disruption44132 ··-·low_disruption
44133 ··-·medium_severity44133 ··-·medium_severity
44134 ··-·reboot_required44134 ··-·reboot_required
Max diff block lines reached; 519179/525043 bytes (98.88%) of diff not shown.
513 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml
513 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml
    
Offset 43148, 16 lines modifiedOffset 43148, 16 lines modified
43148 ··-·reboot_required43148 ··-·reboot_required
43149 ··-·restrict_strategy43149 ··-·restrict_strategy
  
43150 -·name:·Set·architecture·for·audit·open·tasks43150 -·name:·Set·architecture·for·audit·open·tasks
43151 ··set_fact:43151 ··set_fact:
43152 ····audit_arch:·b6443152 ····audit_arch:·b64
43153 ··when:43153 ··when:
43154 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43155 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43154 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43155 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43156 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture43156 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
43157 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;43157 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
43158 ··tags:43158 ··tags:
43159 ··-·NIST-800-53-AC-2(4)43159 ··-·NIST-800-53-AC-2(4)
43160 ··-·NIST-800-53-AC-6(9)43160 ··-·NIST-800-53-AC-6(9)
43161 ··-·NIST-800-53-AU-12(c)43161 ··-·NIST-800-53-AU-12(c)
43162 ··-·NIST-800-53-AU-2(d)43162 ··-·NIST-800-53-AU-2(d)
Offset 43286, 16 lines modifiedOffset 43286, 16 lines modified
43286 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group43286 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
43287 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43287 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43288 ······create:·true43288 ······create:·true
43289 ······mode:·o-rwx43289 ······mode:·o-rwx
43290 ······state:·present43290 ······state:·present
43291 ····when:·syscalls_found·|·length·==·043291 ····when:·syscalls_found·|·length·==·0
43292 ··when:43292 ··when:
43293 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43294 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43293 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43294 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43295 ··tags:43295 ··tags:
43296 ··-·NIST-800-53-AC-2(4)43296 ··-·NIST-800-53-AC-2(4)
43297 ··-·NIST-800-53-AC-6(9)43297 ··-·NIST-800-53-AC-6(9)
43298 ··-·NIST-800-53-AU-12(c)43298 ··-·NIST-800-53-AU-12(c)
43299 ··-·NIST-800-53-AU-2(d)43299 ··-·NIST-800-53-AU-2(d)
43300 ··-·NIST-800-53-CM-6(a)43300 ··-·NIST-800-53-CM-6(a)
43301 ··-·audit_rules_etc_group_open43301 ··-·audit_rules_etc_group_open
Offset 43422, 31 lines modifiedOffset 43422, 31 lines modified
43422 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group43422 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
43423 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43423 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43424 ······create:·true43424 ······create:·true
43425 ······mode:·o-rwx43425 ······mode:·o-rwx
43426 ······state:·present43426 ······state:·present
43427 ····when:·syscalls_found·|·length·==·043427 ····when:·syscalls_found·|·length·==·0
43428 ··when:43428 ··when:
43429 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43430 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43429 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43430 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43431 ··-·audit_arch·==·&quot;b64&quot;43431 ··-·audit_arch·==·&quot;b64&quot;
43432 ··tags:43432 ··tags:
43433 ··-·NIST-800-53-AC-2(4)43433 ··-·NIST-800-53-AC-2(4)
43434 ··-·NIST-800-53-AC-6(9)43434 ··-·NIST-800-53-AC-6(9)
43435 ··-·NIST-800-53-AU-12(c)43435 ··-·NIST-800-53-AU-12(c)
43436 ··-·NIST-800-53-AU-2(d)43436 ··-·NIST-800-53-AU-2(d)
43437 ··-·NIST-800-53-CM-6(a)43437 ··-·NIST-800-53-CM-6(a)
43438 ··-·audit_rules_etc_group_open43438 ··-·audit_rules_etc_group_open
43439 ··-·low_complexity43439 ··-·low_complexity
43440 ··-·low_disruption43440 ··-·low_disruption
43441 ··-·medium_severity43441 ··-·medium_severity
43442 ··-·reboot_required43442 ··-·reboot_required
43443 ··-·restrict_strategy</xccdf-1.2:fix>43443 ··-·restrict_strategy</xccdf-1.2:fix>
43444 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms43444 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
43445 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then43445 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
43446 #·First·perform·the·remediation·of·the·syscall·rule43446 #·First·perform·the·remediation·of·the·syscall·rule
43447 #·Retrieve·hardware·architecture·of·the·underlying·system43447 #·Retrieve·hardware·architecture·of·the·underlying·system
43448 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)43448 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
43449 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;43449 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
43450 do43450 do
Offset 43842, 16 lines modifiedOffset 43842, 16 lines modified
43842 ··-·reboot_required43842 ··-·reboot_required
43843 ··-·restrict_strategy43843 ··-·restrict_strategy
  
43844 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks43844 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
43845 ··set_fact:43845 ··set_fact:
43846 ····audit_arch:·b6443846 ····audit_arch:·b64
43847 ··when:43847 ··when:
43848 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43849 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43848 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43849 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43850 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture43850 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
43851 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;43851 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
43852 ··tags:43852 ··tags:
43853 ··-·NIST-800-53-AC-2(4)43853 ··-·NIST-800-53-AC-2(4)
43854 ··-·NIST-800-53-AC-6(9)43854 ··-·NIST-800-53-AC-6(9)
43855 ··-·NIST-800-53-AU-12(c)43855 ··-·NIST-800-53-AU-12(c)
43856 ··-·NIST-800-53-AU-2(d)43856 ··-·NIST-800-53-AU-2(d)
Offset 43980, 16 lines modifiedOffset 43980, 16 lines modified
43980 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group43980 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
43981 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43981 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43982 ······create:·true43982 ······create:·true
43983 ······mode:·o-rwx43983 ······mode:·o-rwx
43984 ······state:·present43984 ······state:·present
43985 ····when:·syscalls_found·|·length·==·043985 ····when:·syscalls_found·|·length·==·0
43986 ··when:43986 ··when:
43987 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43988 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43987 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43988 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43989 ··tags:43989 ··tags:
43990 ··-·NIST-800-53-AC-2(4)43990 ··-·NIST-800-53-AC-2(4)
43991 ··-·NIST-800-53-AC-6(9)43991 ··-·NIST-800-53-AC-6(9)
43992 ··-·NIST-800-53-AU-12(c)43992 ··-·NIST-800-53-AU-12(c)
43993 ··-·NIST-800-53-AU-2(d)43993 ··-·NIST-800-53-AU-2(d)
43994 ··-·NIST-800-53-CM-6(a)43994 ··-·NIST-800-53-CM-6(a)
43995 ··-·audit_rules_etc_group_open_by_handle_at43995 ··-·audit_rules_etc_group_open_by_handle_at
Offset 44116, 31 lines modifiedOffset 44116, 31 lines modified
44116 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group44116 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
44117 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify44117 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
44118 ······create:·true44118 ······create:·true
44119 ······mode:·o-rwx44119 ······mode:·o-rwx
44120 ······state:·present44120 ······state:·present
44121 ····when:·syscalls_found·|·length·==·044121 ····when:·syscalls_found·|·length·==·0
44122 ··when:44122 ··when:
44123 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
44124 ··-·'&quot;audit&quot;·in·ansible_facts.packages'44123 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 44124 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
44125 ··-·audit_arch·==·&quot;b64&quot;44125 ··-·audit_arch·==·&quot;b64&quot;
44126 ··tags:44126 ··tags:
44127 ··-·NIST-800-53-AC-2(4)44127 ··-·NIST-800-53-AC-2(4)
44128 ··-·NIST-800-53-AC-6(9)44128 ··-·NIST-800-53-AC-6(9)
44129 ··-·NIST-800-53-AU-12(c)44129 ··-·NIST-800-53-AU-12(c)
44130 ··-·NIST-800-53-AU-2(d)44130 ··-·NIST-800-53-AU-2(d)
44131 ··-·NIST-800-53-CM-6(a)44131 ··-·NIST-800-53-CM-6(a)
44132 ··-·audit_rules_etc_group_open_by_handle_at44132 ··-·audit_rules_etc_group_open_by_handle_at
44133 ··-·low_complexity44133 ··-·low_complexity
44134 ··-·low_disruption44134 ··-·low_disruption
44135 ··-·medium_severity44135 ··-·medium_severity
44136 ··-·reboot_required44136 ··-·reboot_required
Max diff block lines reached; 519179/525043 bytes (98.88%) of diff not shown.
512 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml
512 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml
    
Offset 43002, 16 lines modifiedOffset 43002, 16 lines modified
43002 ··-·reboot_required43002 ··-·reboot_required
43003 ··-·restrict_strategy43003 ··-·restrict_strategy
  
43004 -·name:·Set·architecture·for·audit·open·tasks43004 -·name:·Set·architecture·for·audit·open·tasks
43005 ··set_fact:43005 ··set_fact:
43006 ····audit_arch:·b6443006 ····audit_arch:·b64
43007 ··when:43007 ··when:
43008 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43009 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43008 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43009 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43010 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture43010 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
43011 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;43011 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
43012 ··tags:43012 ··tags:
43013 ··-·NIST-800-53-AC-2(4)43013 ··-·NIST-800-53-AC-2(4)
43014 ··-·NIST-800-53-AC-6(9)43014 ··-·NIST-800-53-AC-6(9)
43015 ··-·NIST-800-53-AU-12(c)43015 ··-·NIST-800-53-AU-12(c)
43016 ··-·NIST-800-53-AU-2(d)43016 ··-·NIST-800-53-AU-2(d)
Offset 43140, 16 lines modifiedOffset 43140, 16 lines modified
43140 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group43140 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
43141 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43141 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43142 ······create:·true43142 ······create:·true
43143 ······mode:·o-rwx43143 ······mode:·o-rwx
43144 ······state:·present43144 ······state:·present
43145 ····when:·syscalls_found·|·length·==·043145 ····when:·syscalls_found·|·length·==·0
43146 ··when:43146 ··when:
43147 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43148 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43147 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43148 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43149 ··tags:43149 ··tags:
43150 ··-·NIST-800-53-AC-2(4)43150 ··-·NIST-800-53-AC-2(4)
43151 ··-·NIST-800-53-AC-6(9)43151 ··-·NIST-800-53-AC-6(9)
43152 ··-·NIST-800-53-AU-12(c)43152 ··-·NIST-800-53-AU-12(c)
43153 ··-·NIST-800-53-AU-2(d)43153 ··-·NIST-800-53-AU-2(d)
43154 ··-·NIST-800-53-CM-6(a)43154 ··-·NIST-800-53-CM-6(a)
43155 ··-·audit_rules_etc_group_open43155 ··-·audit_rules_etc_group_open
Offset 43276, 31 lines modifiedOffset 43276, 31 lines modified
43276 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group43276 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
43277 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43277 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43278 ······create:·true43278 ······create:·true
43279 ······mode:·o-rwx43279 ······mode:·o-rwx
43280 ······state:·present43280 ······state:·present
43281 ····when:·syscalls_found·|·length·==·043281 ····when:·syscalls_found·|·length·==·0
43282 ··when:43282 ··when:
43283 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43284 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43283 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43284 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43285 ··-·audit_arch·==·&quot;b64&quot;43285 ··-·audit_arch·==·&quot;b64&quot;
43286 ··tags:43286 ··tags:
43287 ··-·NIST-800-53-AC-2(4)43287 ··-·NIST-800-53-AC-2(4)
43288 ··-·NIST-800-53-AC-6(9)43288 ··-·NIST-800-53-AC-6(9)
43289 ··-·NIST-800-53-AU-12(c)43289 ··-·NIST-800-53-AU-12(c)
43290 ··-·NIST-800-53-AU-2(d)43290 ··-·NIST-800-53-AU-2(d)
43291 ··-·NIST-800-53-CM-6(a)43291 ··-·NIST-800-53-CM-6(a)
43292 ··-·audit_rules_etc_group_open43292 ··-·audit_rules_etc_group_open
43293 ··-·low_complexity43293 ··-·low_complexity
43294 ··-·low_disruption43294 ··-·low_disruption
43295 ··-·medium_severity43295 ··-·medium_severity
43296 ··-·reboot_required43296 ··-·reboot_required
43297 ··-·restrict_strategy</xccdf-1.2:fix>43297 ··-·restrict_strategy</xccdf-1.2:fix>
43298 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms43298 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
43299 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then43299 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
43300 #·First·perform·the·remediation·of·the·syscall·rule43300 #·First·perform·the·remediation·of·the·syscall·rule
43301 #·Retrieve·hardware·architecture·of·the·underlying·system43301 #·Retrieve·hardware·architecture·of·the·underlying·system
43302 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)43302 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
43303 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;43303 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
43304 do43304 do
Offset 43696, 16 lines modifiedOffset 43696, 16 lines modified
43696 ··-·reboot_required43696 ··-·reboot_required
43697 ··-·restrict_strategy43697 ··-·restrict_strategy
  
43698 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks43698 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
43699 ··set_fact:43699 ··set_fact:
43700 ····audit_arch:·b6443700 ····audit_arch:·b64
43701 ··when:43701 ··when:
43702 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43703 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43702 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43703 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43704 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture43704 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
43705 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;43705 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
43706 ··tags:43706 ··tags:
43707 ··-·NIST-800-53-AC-2(4)43707 ··-·NIST-800-53-AC-2(4)
43708 ··-·NIST-800-53-AC-6(9)43708 ··-·NIST-800-53-AC-6(9)
43709 ··-·NIST-800-53-AU-12(c)43709 ··-·NIST-800-53-AU-12(c)
43710 ··-·NIST-800-53-AU-2(d)43710 ··-·NIST-800-53-AU-2(d)
Offset 43834, 16 lines modifiedOffset 43834, 16 lines modified
43834 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group43834 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
43835 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43835 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43836 ······create:·true43836 ······create:·true
43837 ······mode:·o-rwx43837 ······mode:·o-rwx
43838 ······state:·present43838 ······state:·present
43839 ····when:·syscalls_found·|·length·==·043839 ····when:·syscalls_found·|·length·==·0
43840 ··when:43840 ··when:
43841 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43842 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43841 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43842 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43843 ··tags:43843 ··tags:
43844 ··-·NIST-800-53-AC-2(4)43844 ··-·NIST-800-53-AC-2(4)
43845 ··-·NIST-800-53-AC-6(9)43845 ··-·NIST-800-53-AC-6(9)
43846 ··-·NIST-800-53-AU-12(c)43846 ··-·NIST-800-53-AU-12(c)
43847 ··-·NIST-800-53-AU-2(d)43847 ··-·NIST-800-53-AU-2(d)
43848 ··-·NIST-800-53-CM-6(a)43848 ··-·NIST-800-53-CM-6(a)
43849 ··-·audit_rules_etc_group_open_by_handle_at43849 ··-·audit_rules_etc_group_open_by_handle_at
Offset 43970, 31 lines modifiedOffset 43970, 31 lines modified
43970 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group43970 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
43971 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify43971 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
43972 ······create:·true43972 ······create:·true
43973 ······mode:·o-rwx43973 ······mode:·o-rwx
43974 ······state:·present43974 ······state:·present
43975 ····when:·syscalls_found·|·length·==·043975 ····when:·syscalls_found·|·length·==·0
43976 ··when:43976 ··when:
43977 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
43978 ··-·'&quot;audit&quot;·in·ansible_facts.packages'43977 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 43978 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
43979 ··-·audit_arch·==·&quot;b64&quot;43979 ··-·audit_arch·==·&quot;b64&quot;
43980 ··tags:43980 ··tags:
43981 ··-·NIST-800-53-AC-2(4)43981 ··-·NIST-800-53-AC-2(4)
43982 ··-·NIST-800-53-AC-6(9)43982 ··-·NIST-800-53-AC-6(9)
43983 ··-·NIST-800-53-AU-12(c)43983 ··-·NIST-800-53-AU-12(c)
43984 ··-·NIST-800-53-AU-2(d)43984 ··-·NIST-800-53-AU-2(d)
43985 ··-·NIST-800-53-CM-6(a)43985 ··-·NIST-800-53-CM-6(a)
43986 ··-·audit_rules_etc_group_open_by_handle_at43986 ··-·audit_rules_etc_group_open_by_handle_at
43987 ··-·low_complexity43987 ··-·low_complexity
43988 ··-·low_disruption43988 ··-·low_disruption
43989 ··-·medium_severity43989 ··-·medium_severity
43990 ··-·reboot_required43990 ··-·reboot_required
Max diff block lines reached; 518043/523903 bytes (98.88%) of diff not shown.
531 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml
531 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml
    
Offset 48609, 16 lines modifiedOffset 48609, 16 lines modified
48609 ··-·reboot_required48609 ··-·reboot_required
48610 ··-·restrict_strategy48610 ··-·restrict_strategy
  
48611 -·name:·Set·architecture·for·audit·open·tasks48611 -·name:·Set·architecture·for·audit·open·tasks
48612 ··set_fact:48612 ··set_fact:
48613 ····audit_arch:·b6448613 ····audit_arch:·b64
48614 ··when:48614 ··when:
48615 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48616 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48615 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48616 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48617 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture48617 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
48618 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;48618 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
48619 ··tags:48619 ··tags:
48620 ··-·NIST-800-53-AC-2(4)48620 ··-·NIST-800-53-AC-2(4)
48621 ··-·NIST-800-53-AC-6(9)48621 ··-·NIST-800-53-AC-6(9)
48622 ··-·NIST-800-53-AU-12(c)48622 ··-·NIST-800-53-AU-12(c)
48623 ··-·NIST-800-53-AU-2(d)48623 ··-·NIST-800-53-AU-2(d)
Offset 48747, 16 lines modifiedOffset 48747, 16 lines modified
48747 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group48747 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
48748 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify48748 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
48749 ······create:·true48749 ······create:·true
48750 ······mode:·o-rwx48750 ······mode:·o-rwx
48751 ······state:·present48751 ······state:·present
48752 ····when:·syscalls_found·|·length·==·048752 ····when:·syscalls_found·|·length·==·0
48753 ··when:48753 ··when:
48754 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48755 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48754 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48755 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48756 ··tags:48756 ··tags:
48757 ··-·NIST-800-53-AC-2(4)48757 ··-·NIST-800-53-AC-2(4)
48758 ··-·NIST-800-53-AC-6(9)48758 ··-·NIST-800-53-AC-6(9)
48759 ··-·NIST-800-53-AU-12(c)48759 ··-·NIST-800-53-AU-12(c)
48760 ··-·NIST-800-53-AU-2(d)48760 ··-·NIST-800-53-AU-2(d)
48761 ··-·NIST-800-53-CM-6(a)48761 ··-·NIST-800-53-CM-6(a)
48762 ··-·audit_rules_etc_group_open48762 ··-·audit_rules_etc_group_open
Offset 48883, 31 lines modifiedOffset 48883, 31 lines modified
48883 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group48883 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
48884 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify48884 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
48885 ······create:·true48885 ······create:·true
48886 ······mode:·o-rwx48886 ······mode:·o-rwx
48887 ······state:·present48887 ······state:·present
48888 ····when:·syscalls_found·|·length·==·048888 ····when:·syscalls_found·|·length·==·0
48889 ··when:48889 ··when:
48890 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48891 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48890 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48891 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48892 ··-·audit_arch·==·&quot;b64&quot;48892 ··-·audit_arch·==·&quot;b64&quot;
48893 ··tags:48893 ··tags:
48894 ··-·NIST-800-53-AC-2(4)48894 ··-·NIST-800-53-AC-2(4)
48895 ··-·NIST-800-53-AC-6(9)48895 ··-·NIST-800-53-AC-6(9)
48896 ··-·NIST-800-53-AU-12(c)48896 ··-·NIST-800-53-AU-12(c)
48897 ··-·NIST-800-53-AU-2(d)48897 ··-·NIST-800-53-AU-2(d)
48898 ··-·NIST-800-53-CM-6(a)48898 ··-·NIST-800-53-CM-6(a)
48899 ··-·audit_rules_etc_group_open48899 ··-·audit_rules_etc_group_open
48900 ··-·low_complexity48900 ··-·low_complexity
48901 ··-·low_disruption48901 ··-·low_disruption
48902 ··-·medium_severity48902 ··-·medium_severity
48903 ··-·reboot_required48903 ··-·reboot_required
48904 ··-·restrict_strategy</xccdf-1.2:fix>48904 ··-·restrict_strategy</xccdf-1.2:fix>
48905 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms48905 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
48906 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then48906 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
48907 #·First·perform·the·remediation·of·the·syscall·rule48907 #·First·perform·the·remediation·of·the·syscall·rule
48908 #·Retrieve·hardware·architecture·of·the·underlying·system48908 #·Retrieve·hardware·architecture·of·the·underlying·system
48909 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)48909 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
48910 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;48910 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
48911 do48911 do
Offset 49303, 16 lines modifiedOffset 49303, 16 lines modified
49303 ··-·reboot_required49303 ··-·reboot_required
49304 ··-·restrict_strategy49304 ··-·restrict_strategy
  
49305 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks49305 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
49306 ··set_fact:49306 ··set_fact:
49307 ····audit_arch:·b6449307 ····audit_arch:·b64
49308 ··when:49308 ··when:
49309 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49310 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49309 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49310 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49311 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49311 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49312 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49312 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49313 ··tags:49313 ··tags:
49314 ··-·NIST-800-53-AC-2(4)49314 ··-·NIST-800-53-AC-2(4)
49315 ··-·NIST-800-53-AC-6(9)49315 ··-·NIST-800-53-AC-6(9)
49316 ··-·NIST-800-53-AU-12(c)49316 ··-·NIST-800-53-AU-12(c)
49317 ··-·NIST-800-53-AU-2(d)49317 ··-·NIST-800-53-AU-2(d)
Offset 49441, 16 lines modifiedOffset 49441, 16 lines modified
49441 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49441 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49442 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49442 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49443 ······create:·true49443 ······create:·true
49444 ······mode:·o-rwx49444 ······mode:·o-rwx
49445 ······state:·present49445 ······state:·present
49446 ····when:·syscalls_found·|·length·==·049446 ····when:·syscalls_found·|·length·==·0
49447 ··when:49447 ··when:
49448 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49449 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49448 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49449 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49450 ··tags:49450 ··tags:
49451 ··-·NIST-800-53-AC-2(4)49451 ··-·NIST-800-53-AC-2(4)
49452 ··-·NIST-800-53-AC-6(9)49452 ··-·NIST-800-53-AC-6(9)
49453 ··-·NIST-800-53-AU-12(c)49453 ··-·NIST-800-53-AU-12(c)
49454 ··-·NIST-800-53-AU-2(d)49454 ··-·NIST-800-53-AU-2(d)
49455 ··-·NIST-800-53-CM-6(a)49455 ··-·NIST-800-53-CM-6(a)
49456 ··-·audit_rules_etc_group_open_by_handle_at49456 ··-·audit_rules_etc_group_open_by_handle_at
Offset 49577, 31 lines modifiedOffset 49577, 31 lines modified
49577 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49577 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49578 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49578 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49579 ······create:·true49579 ······create:·true
49580 ······mode:·o-rwx49580 ······mode:·o-rwx
49581 ······state:·present49581 ······state:·present
49582 ····when:·syscalls_found·|·length·==·049582 ····when:·syscalls_found·|·length·==·0
49583 ··when:49583 ··when:
49584 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49585 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49584 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49585 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49586 ··-·audit_arch·==·&quot;b64&quot;49586 ··-·audit_arch·==·&quot;b64&quot;
49587 ··tags:49587 ··tags:
49588 ··-·NIST-800-53-AC-2(4)49588 ··-·NIST-800-53-AC-2(4)
49589 ··-·NIST-800-53-AC-6(9)49589 ··-·NIST-800-53-AC-6(9)
49590 ··-·NIST-800-53-AU-12(c)49590 ··-·NIST-800-53-AU-12(c)
49591 ··-·NIST-800-53-AU-2(d)49591 ··-·NIST-800-53-AU-2(d)
49592 ··-·NIST-800-53-CM-6(a)49592 ··-·NIST-800-53-CM-6(a)
49593 ··-·audit_rules_etc_group_open_by_handle_at49593 ··-·audit_rules_etc_group_open_by_handle_at
49594 ··-·low_complexity49594 ··-·low_complexity
49595 ··-·low_disruption49595 ··-·low_disruption
49596 ··-·medium_severity49596 ··-·medium_severity
49597 ··-·reboot_required49597 ··-·reboot_required
Max diff block lines reached; 537557/543421 bytes (98.92%) of diff not shown.
531 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml
531 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml
    
Offset 48611, 16 lines modifiedOffset 48611, 16 lines modified
48611 ··-·reboot_required48611 ··-·reboot_required
48612 ··-·restrict_strategy48612 ··-·restrict_strategy
  
48613 -·name:·Set·architecture·for·audit·open·tasks48613 -·name:·Set·architecture·for·audit·open·tasks
48614 ··set_fact:48614 ··set_fact:
48615 ····audit_arch:·b6448615 ····audit_arch:·b64
48616 ··when:48616 ··when:
48617 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48618 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48617 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48618 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48619 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture48619 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
48620 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;48620 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
48621 ··tags:48621 ··tags:
48622 ··-·NIST-800-53-AC-2(4)48622 ··-·NIST-800-53-AC-2(4)
48623 ··-·NIST-800-53-AC-6(9)48623 ··-·NIST-800-53-AC-6(9)
48624 ··-·NIST-800-53-AU-12(c)48624 ··-·NIST-800-53-AU-12(c)
48625 ··-·NIST-800-53-AU-2(d)48625 ··-·NIST-800-53-AU-2(d)
Offset 48749, 16 lines modifiedOffset 48749, 16 lines modified
48749 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group48749 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
48750 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify48750 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
48751 ······create:·true48751 ······create:·true
48752 ······mode:·o-rwx48752 ······mode:·o-rwx
48753 ······state:·present48753 ······state:·present
48754 ····when:·syscalls_found·|·length·==·048754 ····when:·syscalls_found·|·length·==·0
48755 ··when:48755 ··when:
48756 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48757 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48756 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48757 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48758 ··tags:48758 ··tags:
48759 ··-·NIST-800-53-AC-2(4)48759 ··-·NIST-800-53-AC-2(4)
48760 ··-·NIST-800-53-AC-6(9)48760 ··-·NIST-800-53-AC-6(9)
48761 ··-·NIST-800-53-AU-12(c)48761 ··-·NIST-800-53-AU-12(c)
48762 ··-·NIST-800-53-AU-2(d)48762 ··-·NIST-800-53-AU-2(d)
48763 ··-·NIST-800-53-CM-6(a)48763 ··-·NIST-800-53-CM-6(a)
48764 ··-·audit_rules_etc_group_open48764 ··-·audit_rules_etc_group_open
Offset 48885, 31 lines modifiedOffset 48885, 31 lines modified
48885 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group48885 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
48886 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify48886 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
48887 ······create:·true48887 ······create:·true
48888 ······mode:·o-rwx48888 ······mode:·o-rwx
48889 ······state:·present48889 ······state:·present
48890 ····when:·syscalls_found·|·length·==·048890 ····when:·syscalls_found·|·length·==·0
48891 ··when:48891 ··when:
48892 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48893 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48892 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48893 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48894 ··-·audit_arch·==·&quot;b64&quot;48894 ··-·audit_arch·==·&quot;b64&quot;
48895 ··tags:48895 ··tags:
48896 ··-·NIST-800-53-AC-2(4)48896 ··-·NIST-800-53-AC-2(4)
48897 ··-·NIST-800-53-AC-6(9)48897 ··-·NIST-800-53-AC-6(9)
48898 ··-·NIST-800-53-AU-12(c)48898 ··-·NIST-800-53-AU-12(c)
48899 ··-·NIST-800-53-AU-2(d)48899 ··-·NIST-800-53-AU-2(d)
48900 ··-·NIST-800-53-CM-6(a)48900 ··-·NIST-800-53-CM-6(a)
48901 ··-·audit_rules_etc_group_open48901 ··-·audit_rules_etc_group_open
48902 ··-·low_complexity48902 ··-·low_complexity
48903 ··-·low_disruption48903 ··-·low_disruption
48904 ··-·medium_severity48904 ··-·medium_severity
48905 ··-·reboot_required48905 ··-·reboot_required
48906 ··-·restrict_strategy</xccdf-1.2:fix>48906 ··-·restrict_strategy</xccdf-1.2:fix>
48907 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms48907 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
48908 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then48908 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
48909 #·First·perform·the·remediation·of·the·syscall·rule48909 #·First·perform·the·remediation·of·the·syscall·rule
48910 #·Retrieve·hardware·architecture·of·the·underlying·system48910 #·Retrieve·hardware·architecture·of·the·underlying·system
48911 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)48911 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
48912 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;48912 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
48913 do48913 do
Offset 49305, 16 lines modifiedOffset 49305, 16 lines modified
49305 ··-·reboot_required49305 ··-·reboot_required
49306 ··-·restrict_strategy49306 ··-·restrict_strategy
  
49307 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks49307 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
49308 ··set_fact:49308 ··set_fact:
49309 ····audit_arch:·b6449309 ····audit_arch:·b64
49310 ··when:49310 ··when:
49311 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49312 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49311 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49312 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49313 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49313 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49314 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49314 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49315 ··tags:49315 ··tags:
49316 ··-·NIST-800-53-AC-2(4)49316 ··-·NIST-800-53-AC-2(4)
49317 ··-·NIST-800-53-AC-6(9)49317 ··-·NIST-800-53-AC-6(9)
49318 ··-·NIST-800-53-AU-12(c)49318 ··-·NIST-800-53-AU-12(c)
49319 ··-·NIST-800-53-AU-2(d)49319 ··-·NIST-800-53-AU-2(d)
Offset 49443, 16 lines modifiedOffset 49443, 16 lines modified
49443 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49443 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49444 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49444 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49445 ······create:·true49445 ······create:·true
49446 ······mode:·o-rwx49446 ······mode:·o-rwx
49447 ······state:·present49447 ······state:·present
49448 ····when:·syscalls_found·|·length·==·049448 ····when:·syscalls_found·|·length·==·0
49449 ··when:49449 ··when:
49450 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49451 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49450 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49451 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49452 ··tags:49452 ··tags:
49453 ··-·NIST-800-53-AC-2(4)49453 ··-·NIST-800-53-AC-2(4)
49454 ··-·NIST-800-53-AC-6(9)49454 ··-·NIST-800-53-AC-6(9)
49455 ··-·NIST-800-53-AU-12(c)49455 ··-·NIST-800-53-AU-12(c)
49456 ··-·NIST-800-53-AU-2(d)49456 ··-·NIST-800-53-AU-2(d)
49457 ··-·NIST-800-53-CM-6(a)49457 ··-·NIST-800-53-CM-6(a)
49458 ··-·audit_rules_etc_group_open_by_handle_at49458 ··-·audit_rules_etc_group_open_by_handle_at
Offset 49579, 31 lines modifiedOffset 49579, 31 lines modified
49579 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49579 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49580 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49580 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49581 ······create:·true49581 ······create:·true
49582 ······mode:·o-rwx49582 ······mode:·o-rwx
49583 ······state:·present49583 ······state:·present
49584 ····when:·syscalls_found·|·length·==·049584 ····when:·syscalls_found·|·length·==·0
49585 ··when:49585 ··when:
49586 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49587 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49586 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49587 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49588 ··-·audit_arch·==·&quot;b64&quot;49588 ··-·audit_arch·==·&quot;b64&quot;
49589 ··tags:49589 ··tags:
49590 ··-·NIST-800-53-AC-2(4)49590 ··-·NIST-800-53-AC-2(4)
49591 ··-·NIST-800-53-AC-6(9)49591 ··-·NIST-800-53-AC-6(9)
49592 ··-·NIST-800-53-AU-12(c)49592 ··-·NIST-800-53-AU-12(c)
49593 ··-·NIST-800-53-AU-2(d)49593 ··-·NIST-800-53-AU-2(d)
49594 ··-·NIST-800-53-CM-6(a)49594 ··-·NIST-800-53-CM-6(a)
49595 ··-·audit_rules_etc_group_open_by_handle_at49595 ··-·audit_rules_etc_group_open_by_handle_at
49596 ··-·low_complexity49596 ··-·low_complexity
49597 ··-·low_disruption49597 ··-·low_disruption
49598 ··-·medium_severity49598 ··-·medium_severity
49599 ··-·reboot_required49599 ··-·reboot_required
Max diff block lines reached; 537557/543421 bytes (98.92%) of diff not shown.
530 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml
530 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml
    
Offset 48457, 16 lines modifiedOffset 48457, 16 lines modified
48457 ··-·reboot_required48457 ··-·reboot_required
48458 ··-·restrict_strategy48458 ··-·restrict_strategy
  
48459 -·name:·Set·architecture·for·audit·open·tasks48459 -·name:·Set·architecture·for·audit·open·tasks
48460 ··set_fact:48460 ··set_fact:
48461 ····audit_arch:·b6448461 ····audit_arch:·b64
48462 ··when:48462 ··when:
48463 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48464 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48463 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48464 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48465 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture48465 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
48466 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;48466 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
48467 ··tags:48467 ··tags:
48468 ··-·NIST-800-53-AC-2(4)48468 ··-·NIST-800-53-AC-2(4)
48469 ··-·NIST-800-53-AC-6(9)48469 ··-·NIST-800-53-AC-6(9)
48470 ··-·NIST-800-53-AU-12(c)48470 ··-·NIST-800-53-AU-12(c)
48471 ··-·NIST-800-53-AU-2(d)48471 ··-·NIST-800-53-AU-2(d)
Offset 48595, 16 lines modifiedOffset 48595, 16 lines modified
48595 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group48595 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
48596 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify48596 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
48597 ······create:·true48597 ······create:·true
48598 ······mode:·o-rwx48598 ······mode:·o-rwx
48599 ······state:·present48599 ······state:·present
48600 ····when:·syscalls_found·|·length·==·048600 ····when:·syscalls_found·|·length·==·0
48601 ··when:48601 ··when:
48602 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48603 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48602 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48603 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48604 ··tags:48604 ··tags:
48605 ··-·NIST-800-53-AC-2(4)48605 ··-·NIST-800-53-AC-2(4)
48606 ··-·NIST-800-53-AC-6(9)48606 ··-·NIST-800-53-AC-6(9)
48607 ··-·NIST-800-53-AU-12(c)48607 ··-·NIST-800-53-AU-12(c)
48608 ··-·NIST-800-53-AU-2(d)48608 ··-·NIST-800-53-AU-2(d)
48609 ··-·NIST-800-53-CM-6(a)48609 ··-·NIST-800-53-CM-6(a)
48610 ··-·audit_rules_etc_group_open48610 ··-·audit_rules_etc_group_open
Offset 48731, 31 lines modifiedOffset 48731, 31 lines modified
48731 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group48731 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
48732 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify48732 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
48733 ······create:·true48733 ······create:·true
48734 ······mode:·o-rwx48734 ······mode:·o-rwx
48735 ······state:·present48735 ······state:·present
48736 ····when:·syscalls_found·|·length·==·048736 ····when:·syscalls_found·|·length·==·0
48737 ··when:48737 ··when:
48738 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48739 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48738 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48739 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48740 ··-·audit_arch·==·&quot;b64&quot;48740 ··-·audit_arch·==·&quot;b64&quot;
48741 ··tags:48741 ··tags:
48742 ··-·NIST-800-53-AC-2(4)48742 ··-·NIST-800-53-AC-2(4)
48743 ··-·NIST-800-53-AC-6(9)48743 ··-·NIST-800-53-AC-6(9)
48744 ··-·NIST-800-53-AU-12(c)48744 ··-·NIST-800-53-AU-12(c)
48745 ··-·NIST-800-53-AU-2(d)48745 ··-·NIST-800-53-AU-2(d)
48746 ··-·NIST-800-53-CM-6(a)48746 ··-·NIST-800-53-CM-6(a)
48747 ··-·audit_rules_etc_group_open48747 ··-·audit_rules_etc_group_open
48748 ··-·low_complexity48748 ··-·low_complexity
48749 ··-·low_disruption48749 ··-·low_disruption
48750 ··-·medium_severity48750 ··-·medium_severity
48751 ··-·reboot_required48751 ··-·reboot_required
48752 ··-·restrict_strategy</xccdf-1.2:fix>48752 ··-·restrict_strategy</xccdf-1.2:fix>
48753 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms48753 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
48754 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then48754 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
48755 #·First·perform·the·remediation·of·the·syscall·rule48755 #·First·perform·the·remediation·of·the·syscall·rule
48756 #·Retrieve·hardware·architecture·of·the·underlying·system48756 #·Retrieve·hardware·architecture·of·the·underlying·system
48757 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)48757 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
48758 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;48758 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
48759 do48759 do
Offset 49151, 16 lines modifiedOffset 49151, 16 lines modified
49151 ··-·reboot_required49151 ··-·reboot_required
49152 ··-·restrict_strategy49152 ··-·restrict_strategy
  
49153 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks49153 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
49154 ··set_fact:49154 ··set_fact:
49155 ····audit_arch:·b6449155 ····audit_arch:·b64
49156 ··when:49156 ··when:
49157 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49158 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49157 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49158 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49159 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49159 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49160 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49160 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49161 ··tags:49161 ··tags:
49162 ··-·NIST-800-53-AC-2(4)49162 ··-·NIST-800-53-AC-2(4)
49163 ··-·NIST-800-53-AC-6(9)49163 ··-·NIST-800-53-AC-6(9)
49164 ··-·NIST-800-53-AU-12(c)49164 ··-·NIST-800-53-AU-12(c)
49165 ··-·NIST-800-53-AU-2(d)49165 ··-·NIST-800-53-AU-2(d)
Offset 49289, 16 lines modifiedOffset 49289, 16 lines modified
49289 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49289 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49290 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49290 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49291 ······create:·true49291 ······create:·true
49292 ······mode:·o-rwx49292 ······mode:·o-rwx
49293 ······state:·present49293 ······state:·present
49294 ····when:·syscalls_found·|·length·==·049294 ····when:·syscalls_found·|·length·==·0
49295 ··when:49295 ··when:
49296 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49297 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49296 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49297 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49298 ··tags:49298 ··tags:
49299 ··-·NIST-800-53-AC-2(4)49299 ··-·NIST-800-53-AC-2(4)
49300 ··-·NIST-800-53-AC-6(9)49300 ··-·NIST-800-53-AC-6(9)
49301 ··-·NIST-800-53-AU-12(c)49301 ··-·NIST-800-53-AU-12(c)
49302 ··-·NIST-800-53-AU-2(d)49302 ··-·NIST-800-53-AU-2(d)
49303 ··-·NIST-800-53-CM-6(a)49303 ··-·NIST-800-53-CM-6(a)
49304 ··-·audit_rules_etc_group_open_by_handle_at49304 ··-·audit_rules_etc_group_open_by_handle_at
Offset 49425, 31 lines modifiedOffset 49425, 31 lines modified
49425 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49425 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49426 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49426 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49427 ······create:·true49427 ······create:·true
49428 ······mode:·o-rwx49428 ······mode:·o-rwx
49429 ······state:·present49429 ······state:·present
49430 ····when:·syscalls_found·|·length·==·049430 ····when:·syscalls_found·|·length·==·0
49431 ··when:49431 ··when:
49432 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49433 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49432 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49433 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49434 ··-·audit_arch·==·&quot;b64&quot;49434 ··-·audit_arch·==·&quot;b64&quot;
49435 ··tags:49435 ··tags:
49436 ··-·NIST-800-53-AC-2(4)49436 ··-·NIST-800-53-AC-2(4)
49437 ··-·NIST-800-53-AC-6(9)49437 ··-·NIST-800-53-AC-6(9)
49438 ··-·NIST-800-53-AU-12(c)49438 ··-·NIST-800-53-AU-12(c)
49439 ··-·NIST-800-53-AU-2(d)49439 ··-·NIST-800-53-AU-2(d)
49440 ··-·NIST-800-53-CM-6(a)49440 ··-·NIST-800-53-CM-6(a)
49441 ··-·audit_rules_etc_group_open_by_handle_at49441 ··-·audit_rules_etc_group_open_by_handle_at
49442 ··-·low_complexity49442 ··-·low_complexity
49443 ··-·low_disruption49443 ··-·low_disruption
49444 ··-·medium_severity49444 ··-·medium_severity
49445 ··-·reboot_required49445 ··-·reboot_required
Max diff block lines reached; 536259/542119 bytes (98.92%) of diff not shown.
3.8 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml
3.71 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml
    
Offset 115243, 16 lines modifiedOffset 115243, 16 lines modified
115243 ··-·no_reboot_needed115243 ··-·no_reboot_needed
  
115244 -·name:·Test·for·existence·/boot/grub2/user.cfg115244 -·name:·Test·for·existence·/boot/grub2/user.cfg
115245 ··stat:115245 ··stat:
115246 ····path:·/boot/grub2/user.cfg115246 ····path:·/boot/grub2/user.cfg
115247 ··register:·file_exists115247 ··register:·file_exists
115248 ··when:115248 ··when:
115249 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115250 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115249 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115250 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115251 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115251 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115252 ··tags:115252 ··tags:
115253 ··-·CJIS-5.5.2.2115253 ··-·CJIS-5.5.2.2
115254 ··-·NIST-800-171-3.4.5115254 ··-·NIST-800-171-3.4.5
115255 ··-·NIST-800-53-AC-6(1)115255 ··-·NIST-800-53-AC-6(1)
115256 ··-·NIST-800-53-CM-6(a)115256 ··-·NIST-800-53-CM-6(a)
115257 ··-·PCI-DSS-Req-7.1115257 ··-·PCI-DSS-Req-7.1
Offset 115264, 16 lines modifiedOffset 115264, 16 lines modified
115264 ··-·no_reboot_needed115264 ··-·no_reboot_needed
  
115265 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg115265 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
115266 ··file:115266 ··file:
115267 ····path:·/boot/grub2/user.cfg115267 ····path:·/boot/grub2/user.cfg
115268 ····group:·'0'115268 ····group:·'0'
115269 ··when:115269 ··when:
115270 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115271 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115270 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115271 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115272 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115272 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115273 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists115273 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
115274 ··tags:115274 ··tags:
115275 ··-·CJIS-5.5.2.2115275 ··-·CJIS-5.5.2.2
115276 ··-·NIST-800-171-3.4.5115276 ··-·NIST-800-171-3.4.5
115277 ··-·NIST-800-53-AC-6(1)115277 ··-·NIST-800-53-AC-6(1)
115278 ··-·NIST-800-53-CM-6(a)115278 ··-·NIST-800-53-CM-6(a)
Offset 115281, 15 lines modifiedOffset 115281, 15 lines modified
115281 ··-·configure_strategy115281 ··-·configure_strategy
115282 ··-·file_groupowner_efi_user_cfg115282 ··-·file_groupowner_efi_user_cfg
115283 ··-·low_complexity115283 ··-·low_complexity
115284 ··-·low_disruption115284 ··-·low_disruption
115285 ··-·medium_severity115285 ··-·medium_severity
115286 ··-·no_reboot_needed</xccdf-1.2:fix>115286 ··-·no_reboot_needed</xccdf-1.2:fix>
115287 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms115287 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
115288 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then115288 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
115289 chgrp·0·/boot/grub2/user.cfg115289 chgrp·0·/boot/grub2/user.cfg
  
115290 else115290 else
115291 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'115291 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
115292 fi</xccdf-1.2:fix>115292 fi</xccdf-1.2:fix>
115293 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">115293 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 158759, 25 lines modifiedOffset 158759, 25 lines modified
158759 ····lineinfile:158759 ····lineinfile:
158760 ······path:·/etc/postfix/main.cf158760 ······path:·/etc/postfix/main.cf
158761 ······create:·true158761 ······create:·true
158762 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*158762 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
158763 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject158763 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
158764 ······state:·present158764 ······state:·present
158765 ··when:158765 ··when:
158766 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
158767 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'158766 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'
 158767 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
158768 ··tags:158768 ··tags:
158769 ··-·low_complexity158769 ··-·low_complexity
158770 ··-·low_disruption158770 ··-·low_disruption
158771 ··-·medium_severity158771 ··-·medium_severity
158772 ··-·no_reboot_needed158772 ··-·no_reboot_needed
158773 ··-·postfix_prevent_unrestricted_relay158773 ··-·postfix_prevent_unrestricted_relay
158774 ··-·restrict_strategy</xccdf-1.2:fix>158774 ··-·restrict_strategy</xccdf-1.2:fix>
158775 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms158775 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms
158776 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·postfix;·then158776 if·rpm·--quiet·-q·postfix·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
158777 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then158777 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
158778 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf158778 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf
158779 else158779 else
158780 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf158780 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf
158781 fi158781 fi
  
3.79 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
3.7 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
    
Offset 115245, 16 lines modifiedOffset 115245, 16 lines modified
115245 ··-·no_reboot_needed115245 ··-·no_reboot_needed
  
115246 -·name:·Test·for·existence·/boot/grub2/user.cfg115246 -·name:·Test·for·existence·/boot/grub2/user.cfg
115247 ··stat:115247 ··stat:
115248 ····path:·/boot/grub2/user.cfg115248 ····path:·/boot/grub2/user.cfg
115249 ··register:·file_exists115249 ··register:·file_exists
115250 ··when:115250 ··when:
115251 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115252 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115251 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115252 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115254 ··tags:115254 ··tags:
115255 ··-·CJIS-5.5.2.2115255 ··-·CJIS-5.5.2.2
115256 ··-·NIST-800-171-3.4.5115256 ··-·NIST-800-171-3.4.5
115257 ··-·NIST-800-53-AC-6(1)115257 ··-·NIST-800-53-AC-6(1)
115258 ··-·NIST-800-53-CM-6(a)115258 ··-·NIST-800-53-CM-6(a)
115259 ··-·PCI-DSS-Req-7.1115259 ··-·PCI-DSS-Req-7.1
Offset 115266, 16 lines modifiedOffset 115266, 16 lines modified
115266 ··-·no_reboot_needed115266 ··-·no_reboot_needed
  
115267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg115267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
115268 ··file:115268 ··file:
115269 ····path:·/boot/grub2/user.cfg115269 ····path:·/boot/grub2/user.cfg
115270 ····group:·'0'115270 ····group:·'0'
115271 ··when:115271 ··when:
115272 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115273 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115272 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115273 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115274 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115274 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists115275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
115276 ··tags:115276 ··tags:
115277 ··-·CJIS-5.5.2.2115277 ··-·CJIS-5.5.2.2
115278 ··-·NIST-800-171-3.4.5115278 ··-·NIST-800-171-3.4.5
115279 ··-·NIST-800-53-AC-6(1)115279 ··-·NIST-800-53-AC-6(1)
115280 ··-·NIST-800-53-CM-6(a)115280 ··-·NIST-800-53-CM-6(a)
Offset 115283, 15 lines modifiedOffset 115283, 15 lines modified
115283 ··-·configure_strategy115283 ··-·configure_strategy
115284 ··-·file_groupowner_efi_user_cfg115284 ··-·file_groupowner_efi_user_cfg
115285 ··-·low_complexity115285 ··-·low_complexity
115286 ··-·low_disruption115286 ··-·low_disruption
115287 ··-·medium_severity115287 ··-·medium_severity
115288 ··-·no_reboot_needed</xccdf-1.2:fix>115288 ··-·no_reboot_needed</xccdf-1.2:fix>
115289 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms115289 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
115290 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then115290 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
115291 chgrp·0·/boot/grub2/user.cfg115291 chgrp·0·/boot/grub2/user.cfg
  
115292 else115292 else
115293 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'115293 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
115294 fi</xccdf-1.2:fix>115294 fi</xccdf-1.2:fix>
115295 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">115295 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 158761, 25 lines modifiedOffset 158761, 25 lines modified
158761 ····lineinfile:158761 ····lineinfile:
158762 ······path:·/etc/postfix/main.cf158762 ······path:·/etc/postfix/main.cf
158763 ······create:·true158763 ······create:·true
158764 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*158764 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
158765 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject158765 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
158766 ······state:·present158766 ······state:·present
158767 ··when:158767 ··when:
158768 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
158769 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'158768 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'
 158769 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
158770 ··tags:158770 ··tags:
158771 ··-·low_complexity158771 ··-·low_complexity
158772 ··-·low_disruption158772 ··-·low_disruption
158773 ··-·medium_severity158773 ··-·medium_severity
158774 ··-·no_reboot_needed158774 ··-·no_reboot_needed
158775 ··-·postfix_prevent_unrestricted_relay158775 ··-·postfix_prevent_unrestricted_relay
158776 ··-·restrict_strategy</xccdf-1.2:fix>158776 ··-·restrict_strategy</xccdf-1.2:fix>
158777 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms158777 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms
158778 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·postfix;·then158778 if·rpm·--quiet·-q·postfix·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
158779 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then158779 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
158780 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf158780 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf
158781 else158781 else
158782 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf158782 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf
158783 fi158783 fi
  
3.79 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml
3.69 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml
    
Offset 115107, 16 lines modifiedOffset 115107, 16 lines modified
115107 ··-·no_reboot_needed115107 ··-·no_reboot_needed
  
115108 -·name:·Test·for·existence·/boot/grub2/user.cfg115108 -·name:·Test·for·existence·/boot/grub2/user.cfg
115109 ··stat:115109 ··stat:
115110 ····path:·/boot/grub2/user.cfg115110 ····path:·/boot/grub2/user.cfg
115111 ··register:·file_exists115111 ··register:·file_exists
115112 ··when:115112 ··when:
115113 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115114 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115113 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115114 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115115 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115115 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115116 ··tags:115116 ··tags:
115117 ··-·CJIS-5.5.2.2115117 ··-·CJIS-5.5.2.2
115118 ··-·NIST-800-171-3.4.5115118 ··-·NIST-800-171-3.4.5
115119 ··-·NIST-800-53-AC-6(1)115119 ··-·NIST-800-53-AC-6(1)
115120 ··-·NIST-800-53-CM-6(a)115120 ··-·NIST-800-53-CM-6(a)
115121 ··-·PCI-DSS-Req-7.1115121 ··-·PCI-DSS-Req-7.1
Offset 115128, 16 lines modifiedOffset 115128, 16 lines modified
115128 ··-·no_reboot_needed115128 ··-·no_reboot_needed
  
115129 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg115129 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
115130 ··file:115130 ··file:
115131 ····path:·/boot/grub2/user.cfg115131 ····path:·/boot/grub2/user.cfg
115132 ····group:·'0'115132 ····group:·'0'
115133 ··when:115133 ··when:
115134 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115135 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115134 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115135 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115136 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115136 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115137 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists115137 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
115138 ··tags:115138 ··tags:
115139 ··-·CJIS-5.5.2.2115139 ··-·CJIS-5.5.2.2
115140 ··-·NIST-800-171-3.4.5115140 ··-·NIST-800-171-3.4.5
115141 ··-·NIST-800-53-AC-6(1)115141 ··-·NIST-800-53-AC-6(1)
115142 ··-·NIST-800-53-CM-6(a)115142 ··-·NIST-800-53-CM-6(a)
Offset 115145, 15 lines modifiedOffset 115145, 15 lines modified
115145 ··-·configure_strategy115145 ··-·configure_strategy
115146 ··-·file_groupowner_efi_user_cfg115146 ··-·file_groupowner_efi_user_cfg
115147 ··-·low_complexity115147 ··-·low_complexity
115148 ··-·low_disruption115148 ··-·low_disruption
115149 ··-·medium_severity115149 ··-·medium_severity
115150 ··-·no_reboot_needed</xccdf-1.2:fix>115150 ··-·no_reboot_needed</xccdf-1.2:fix>
115151 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms115151 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
115152 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then115152 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
115153 chgrp·0·/boot/grub2/user.cfg115153 chgrp·0·/boot/grub2/user.cfg
  
115154 else115154 else
115155 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'115155 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
115156 fi</xccdf-1.2:fix>115156 fi</xccdf-1.2:fix>
115157 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">115157 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 158623, 25 lines modifiedOffset 158623, 25 lines modified
158623 ····lineinfile:158623 ····lineinfile:
158624 ······path:·/etc/postfix/main.cf158624 ······path:·/etc/postfix/main.cf
158625 ······create:·true158625 ······create:·true
158626 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*158626 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
158627 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject158627 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
158628 ······state:·present158628 ······state:·present
158629 ··when:158629 ··when:
158630 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
158631 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'158630 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'
 158631 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
158632 ··tags:158632 ··tags:
158633 ··-·low_complexity158633 ··-·low_complexity
158634 ··-·low_disruption158634 ··-·low_disruption
158635 ··-·medium_severity158635 ··-·medium_severity
158636 ··-·no_reboot_needed158636 ··-·no_reboot_needed
158637 ··-·postfix_prevent_unrestricted_relay158637 ··-·postfix_prevent_unrestricted_relay
158638 ··-·restrict_strategy</xccdf-1.2:fix>158638 ··-·restrict_strategy</xccdf-1.2:fix>
158639 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms158639 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms
158640 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·postfix;·then158640 if·rpm·--quiet·-q·postfix·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
158641 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then158641 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
158642 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf158642 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf
158643 else158643 else
158644 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf158644 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf
158645 fi158645 fi
  
44.6 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml
44.5 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml
    
Offset 6906, 16 lines modifiedOffset 6906, 16 lines modified
  
6906 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension6906 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
6907 ··find:6907 ··find:
6908 ····paths:·/etc/audit/rules.d/6908 ····paths:·/etc/audit/rules.d/
6909 ····patterns:·'*.rules'6909 ····patterns:·'*.rules'
6910 ··register:·find_rules_d6910 ··register:·find_rules_d
6911 ··when:6911 ··when:
6912 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6913 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6912 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6914 ··tags:6914 ··tags:
6915 ··-·CJIS-5.4.1.16915 ··-·CJIS-5.4.1.1
6916 ··-·NIST-800-171-3.3.16916 ··-·NIST-800-171-3.3.1
6917 ··-·NIST-800-171-3.4.36917 ··-·NIST-800-171-3.4.3
6918 ··-·NIST-800-53-AC-6(9)6918 ··-·NIST-800-53-AC-6(9)
6919 ··-·NIST-800-53-CM-6(a)6919 ··-·NIST-800-53-CM-6(a)
6920 ··-·PCI-DSS-Req-10.5.26920 ··-·PCI-DSS-Req-10.5.2
Offset 6930, 16 lines modifiedOffset 6930, 16 lines modified
6930 ··lineinfile:6930 ··lineinfile:
6931 ····path:·'{{·item·}}'6931 ····path:·'{{·item·}}'
6932 ····regexp:·^\s*(?:-e)\s+.*$6932 ····regexp:·^\s*(?:-e)\s+.*$
6933 ····state:·absent6933 ····state:·absent
6934 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']6934 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
6935 ····}}'6935 ····}}'
6936 ··when:6936 ··when:
6937 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6938 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6937 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6938 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6939 ··tags:6939 ··tags:
6940 ··-·CJIS-5.4.1.16940 ··-·CJIS-5.4.1.1
6941 ··-·NIST-800-171-3.3.16941 ··-·NIST-800-171-3.3.1
6942 ··-·NIST-800-171-3.4.36942 ··-·NIST-800-171-3.4.3
6943 ··-·NIST-800-53-AC-6(9)6943 ··-·NIST-800-53-AC-6(9)
6944 ··-·NIST-800-53-CM-6(a)6944 ··-·NIST-800-53-CM-6(a)
6945 ··-·PCI-DSS-Req-10.5.26945 ··-·PCI-DSS-Req-10.5.2
Offset 6956, 16 lines modifiedOffset 6956, 16 lines modified
6956 ····create:·true6956 ····create:·true
6957 ····line:·-e·26957 ····line:·-e·2
6958 ····mode:·o-rwx6958 ····mode:·o-rwx
6959 ··loop:6959 ··loop:
6960 ··-·/etc/audit/audit.rules6960 ··-·/etc/audit/audit.rules
6961 ··-·/etc/audit/rules.d/immutable.rules6961 ··-·/etc/audit/rules.d/immutable.rules
6962 ··when:6962 ··when:
6963 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6964 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6963 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6964 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6965 ··tags:6965 ··tags:
6966 ··-·CJIS-5.4.1.16966 ··-·CJIS-5.4.1.1
6967 ··-·NIST-800-171-3.3.16967 ··-·NIST-800-171-3.3.1
6968 ··-·NIST-800-171-3.4.36968 ··-·NIST-800-171-3.4.3
6969 ··-·NIST-800-53-AC-6(9)6969 ··-·NIST-800-53-AC-6(9)
6970 ··-·NIST-800-53-CM-6(a)6970 ··-·NIST-800-53-CM-6(a)
6971 ··-·PCI-DSS-Req-10.5.26971 ··-·PCI-DSS-Req-10.5.2
Offset 7845, 16 lines modifiedOffset 7845, 16 lines modified
7845 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/7845 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
7846 ··find:7846 ··find:
7847 ····paths:·/etc/audit/rules.d7847 ····paths:·/etc/audit/rules.d
7848 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+7848 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
7849 ····patterns:·'*.rules'7849 ····patterns:·'*.rules'
7850 ··register:·find_existing_watch_rules_d7850 ··register:·find_existing_watch_rules_d
7851 ··when:7851 ··when:
7852 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7853 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7852 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7853 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7854 ··tags:7854 ··tags:
7855 ··-·CJIS-5.4.1.17855 ··-·CJIS-5.4.1.1
7856 ··-·NIST-800-171-3.1.77856 ··-·NIST-800-171-3.1.7
7857 ··-·NIST-800-53-AC-2(7)(b)7857 ··-·NIST-800-53-AC-2(7)(b)
7858 ··-·NIST-800-53-AC-6(9)7858 ··-·NIST-800-53-AC-6(9)
7859 ··-·NIST-800-53-AU-12(c)7859 ··-·NIST-800-53-AU-12(c)
7860 ··-·NIST-800-53-AU-2(d)7860 ··-·NIST-800-53-AU-2(d)
Offset 7871, 16 lines modifiedOffset 7871, 16 lines modified
7871 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions7871 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
7872 ··find:7872 ··find:
7873 ····paths:·/etc/audit/rules.d7873 ····paths:·/etc/audit/rules.d
7874 ····contains:·^.*(?:-F·key=|-k\s+)actions$7874 ····contains:·^.*(?:-F·key=|-k\s+)actions$
7875 ····patterns:·'*.rules'7875 ····patterns:·'*.rules'
7876 ··register:·find_watch_key7876 ··register:·find_watch_key
7877 ··when:7877 ··when:
7878 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7879 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7878 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7879 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7880 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched7880 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
7881 ····==·07881 ····==·0
7882 ··tags:7882 ··tags:
7883 ··-·CJIS-5.4.1.17883 ··-·CJIS-5.4.1.1
7884 ··-·NIST-800-171-3.1.77884 ··-·NIST-800-171-3.1.7
7885 ··-·NIST-800-53-AC-2(7)(b)7885 ··-·NIST-800-53-AC-2(7)(b)
7886 ··-·NIST-800-53-AC-6(9)7886 ··-·NIST-800-53-AC-6(9)
Offset 7897, 16 lines modifiedOffset 7897, 16 lines modified
7897 ··-·restrict_strategy7897 ··-·restrict_strategy
  
7898 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule7898 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
7899 ··set_fact:7899 ··set_fact:
7900 ····all_files:7900 ····all_files:
7901 ····-·/etc/audit/rules.d/actions.rules7901 ····-·/etc/audit/rules.d/actions.rules
7902 ··when:7902 ··when:
7903 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7904 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7903 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7904 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7905 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched7905 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
7906 ····is·defined·and·find_existing_watch_rules_d.matched·==·07906 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
7907 ··tags:7907 ··tags:
7908 ··-·CJIS-5.4.1.17908 ··-·CJIS-5.4.1.1
7909 ··-·NIST-800-171-3.1.77909 ··-·NIST-800-171-3.1.7
7910 ··-·NIST-800-53-AC-2(7)(b)7910 ··-·NIST-800-53-AC-2(7)(b)
7911 ··-·NIST-800-53-AC-6(9)7911 ··-·NIST-800-53-AC-6(9)
Offset 7923, 16 lines modifiedOffset 7923, 16 lines modified
7923 ··-·restrict_strategy7923 ··-·restrict_strategy
  
7924 -·name:·Use·matched·file·as·the·recipient·for·the·rule7924 -·name:·Use·matched·file·as·the·recipient·for·the·rule
7925 ··set_fact:7925 ··set_fact:
7926 ····all_files:7926 ····all_files:
7927 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'7927 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
7928 ··when:7928 ··when:
7929 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7930 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7929 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7930 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7931 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched7931 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
7932 ····is·defined·and·find_existing_watch_rules_d.matched·==·07932 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
7933 ··tags:7933 ··tags:
7934 ··-·CJIS-5.4.1.17934 ··-·CJIS-5.4.1.1
7935 ··-·NIST-800-171-3.1.77935 ··-·NIST-800-171-3.1.7
7936 ··-·NIST-800-53-AC-2(7)(b)7936 ··-·NIST-800-53-AC-2(7)(b)
7937 ··-·NIST-800-53-AC-6(9)7937 ··-·NIST-800-53-AC-6(9)
Offset 7951, 16 lines modifiedOffset 7951, 16 lines modified
7951 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/7951 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 40159/45490 bytes (88.28%) of diff not shown.
44.6 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml
44.5 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml
    
Offset 6906, 16 lines modifiedOffset 6906, 16 lines modified
  
6906 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension6906 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
6907 ··find:6907 ··find:
6908 ····paths:·/etc/audit/rules.d/6908 ····paths:·/etc/audit/rules.d/
6909 ····patterns:·'*.rules'6909 ····patterns:·'*.rules'
6910 ··register:·find_rules_d6910 ··register:·find_rules_d
6911 ··when:6911 ··when:
6912 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6913 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6912 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6914 ··tags:6914 ··tags:
6915 ··-·CJIS-5.4.1.16915 ··-·CJIS-5.4.1.1
6916 ··-·NIST-800-171-3.3.16916 ··-·NIST-800-171-3.3.1
6917 ··-·NIST-800-171-3.4.36917 ··-·NIST-800-171-3.4.3
6918 ··-·NIST-800-53-AC-6(9)6918 ··-·NIST-800-53-AC-6(9)
6919 ··-·NIST-800-53-CM-6(a)6919 ··-·NIST-800-53-CM-6(a)
6920 ··-·PCI-DSS-Req-10.5.26920 ··-·PCI-DSS-Req-10.5.2
Offset 6930, 16 lines modifiedOffset 6930, 16 lines modified
6930 ··lineinfile:6930 ··lineinfile:
6931 ····path:·'{{·item·}}'6931 ····path:·'{{·item·}}'
6932 ····regexp:·^\s*(?:-e)\s+.*$6932 ····regexp:·^\s*(?:-e)\s+.*$
6933 ····state:·absent6933 ····state:·absent
6934 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']6934 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
6935 ····}}'6935 ····}}'
6936 ··when:6936 ··when:
6937 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6938 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6937 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6938 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6939 ··tags:6939 ··tags:
6940 ··-·CJIS-5.4.1.16940 ··-·CJIS-5.4.1.1
6941 ··-·NIST-800-171-3.3.16941 ··-·NIST-800-171-3.3.1
6942 ··-·NIST-800-171-3.4.36942 ··-·NIST-800-171-3.4.3
6943 ··-·NIST-800-53-AC-6(9)6943 ··-·NIST-800-53-AC-6(9)
6944 ··-·NIST-800-53-CM-6(a)6944 ··-·NIST-800-53-CM-6(a)
6945 ··-·PCI-DSS-Req-10.5.26945 ··-·PCI-DSS-Req-10.5.2
Offset 6956, 16 lines modifiedOffset 6956, 16 lines modified
6956 ····create:·true6956 ····create:·true
6957 ····line:·-e·26957 ····line:·-e·2
6958 ····mode:·o-rwx6958 ····mode:·o-rwx
6959 ··loop:6959 ··loop:
6960 ··-·/etc/audit/audit.rules6960 ··-·/etc/audit/audit.rules
6961 ··-·/etc/audit/rules.d/immutable.rules6961 ··-·/etc/audit/rules.d/immutable.rules
6962 ··when:6962 ··when:
6963 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6964 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6963 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6964 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6965 ··tags:6965 ··tags:
6966 ··-·CJIS-5.4.1.16966 ··-·CJIS-5.4.1.1
6967 ··-·NIST-800-171-3.3.16967 ··-·NIST-800-171-3.3.1
6968 ··-·NIST-800-171-3.4.36968 ··-·NIST-800-171-3.4.3
6969 ··-·NIST-800-53-AC-6(9)6969 ··-·NIST-800-53-AC-6(9)
6970 ··-·NIST-800-53-CM-6(a)6970 ··-·NIST-800-53-CM-6(a)
6971 ··-·PCI-DSS-Req-10.5.26971 ··-·PCI-DSS-Req-10.5.2
Offset 7845, 16 lines modifiedOffset 7845, 16 lines modified
7845 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/7845 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
7846 ··find:7846 ··find:
7847 ····paths:·/etc/audit/rules.d7847 ····paths:·/etc/audit/rules.d
7848 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+7848 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
7849 ····patterns:·'*.rules'7849 ····patterns:·'*.rules'
7850 ··register:·find_existing_watch_rules_d7850 ··register:·find_existing_watch_rules_d
7851 ··when:7851 ··when:
7852 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7853 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7852 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7853 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7854 ··tags:7854 ··tags:
7855 ··-·CJIS-5.4.1.17855 ··-·CJIS-5.4.1.1
7856 ··-·NIST-800-171-3.1.77856 ··-·NIST-800-171-3.1.7
7857 ··-·NIST-800-53-AC-2(7)(b)7857 ··-·NIST-800-53-AC-2(7)(b)
7858 ··-·NIST-800-53-AC-6(9)7858 ··-·NIST-800-53-AC-6(9)
7859 ··-·NIST-800-53-AU-12(c)7859 ··-·NIST-800-53-AU-12(c)
7860 ··-·NIST-800-53-AU-2(d)7860 ··-·NIST-800-53-AU-2(d)
Offset 7871, 16 lines modifiedOffset 7871, 16 lines modified
7871 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions7871 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
7872 ··find:7872 ··find:
7873 ····paths:·/etc/audit/rules.d7873 ····paths:·/etc/audit/rules.d
7874 ····contains:·^.*(?:-F·key=|-k\s+)actions$7874 ····contains:·^.*(?:-F·key=|-k\s+)actions$
7875 ····patterns:·'*.rules'7875 ····patterns:·'*.rules'
7876 ··register:·find_watch_key7876 ··register:·find_watch_key
7877 ··when:7877 ··when:
7878 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7879 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7878 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7879 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7880 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched7880 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
7881 ····==·07881 ····==·0
7882 ··tags:7882 ··tags:
7883 ··-·CJIS-5.4.1.17883 ··-·CJIS-5.4.1.1
7884 ··-·NIST-800-171-3.1.77884 ··-·NIST-800-171-3.1.7
7885 ··-·NIST-800-53-AC-2(7)(b)7885 ··-·NIST-800-53-AC-2(7)(b)
7886 ··-·NIST-800-53-AC-6(9)7886 ··-·NIST-800-53-AC-6(9)
Offset 7897, 16 lines modifiedOffset 7897, 16 lines modified
7897 ··-·restrict_strategy7897 ··-·restrict_strategy
  
7898 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule7898 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
7899 ··set_fact:7899 ··set_fact:
7900 ····all_files:7900 ····all_files:
7901 ····-·/etc/audit/rules.d/actions.rules7901 ····-·/etc/audit/rules.d/actions.rules
7902 ··when:7902 ··when:
7903 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7904 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7903 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7904 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7905 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched7905 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
7906 ····is·defined·and·find_existing_watch_rules_d.matched·==·07906 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
7907 ··tags:7907 ··tags:
7908 ··-·CJIS-5.4.1.17908 ··-·CJIS-5.4.1.1
7909 ··-·NIST-800-171-3.1.77909 ··-·NIST-800-171-3.1.7
7910 ··-·NIST-800-53-AC-2(7)(b)7910 ··-·NIST-800-53-AC-2(7)(b)
7911 ··-·NIST-800-53-AC-6(9)7911 ··-·NIST-800-53-AC-6(9)
Offset 7923, 16 lines modifiedOffset 7923, 16 lines modified
7923 ··-·restrict_strategy7923 ··-·restrict_strategy
  
7924 -·name:·Use·matched·file·as·the·recipient·for·the·rule7924 -·name:·Use·matched·file·as·the·recipient·for·the·rule
7925 ··set_fact:7925 ··set_fact:
7926 ····all_files:7926 ····all_files:
7927 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'7927 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
7928 ··when:7928 ··when:
7929 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7930 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7929 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7930 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7931 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched7931 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
7932 ····is·defined·and·find_existing_watch_rules_d.matched·==·07932 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
7933 ··tags:7933 ··tags:
7934 ··-·CJIS-5.4.1.17934 ··-·CJIS-5.4.1.1
7935 ··-·NIST-800-171-3.1.77935 ··-·NIST-800-171-3.1.7
7936 ··-·NIST-800-53-AC-2(7)(b)7936 ··-·NIST-800-53-AC-2(7)(b)
7937 ··-·NIST-800-53-AC-6(9)7937 ··-·NIST-800-53-AC-6(9)
Offset 7951, 16 lines modifiedOffset 7951, 16 lines modified
7951 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/7951 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 40159/45490 bytes (88.28%) of diff not shown.
44.5 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml
44.4 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml
    
Offset 6798, 16 lines modifiedOffset 6798, 16 lines modified
  
6798 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension6798 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
6799 ··find:6799 ··find:
6800 ····paths:·/etc/audit/rules.d/6800 ····paths:·/etc/audit/rules.d/
6801 ····patterns:·'*.rules'6801 ····patterns:·'*.rules'
6802 ··register:·find_rules_d6802 ··register:·find_rules_d
6803 ··when:6803 ··when:
6804 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6805 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6804 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6805 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6806 ··tags:6806 ··tags:
6807 ··-·CJIS-5.4.1.16807 ··-·CJIS-5.4.1.1
6808 ··-·NIST-800-171-3.3.16808 ··-·NIST-800-171-3.3.1
6809 ··-·NIST-800-171-3.4.36809 ··-·NIST-800-171-3.4.3
6810 ··-·NIST-800-53-AC-6(9)6810 ··-·NIST-800-53-AC-6(9)
6811 ··-·NIST-800-53-CM-6(a)6811 ··-·NIST-800-53-CM-6(a)
6812 ··-·PCI-DSS-Req-10.5.26812 ··-·PCI-DSS-Req-10.5.2
Offset 6822, 16 lines modifiedOffset 6822, 16 lines modified
6822 ··lineinfile:6822 ··lineinfile:
6823 ····path:·'{{·item·}}'6823 ····path:·'{{·item·}}'
6824 ····regexp:·^\s*(?:-e)\s+.*$6824 ····regexp:·^\s*(?:-e)\s+.*$
6825 ····state:·absent6825 ····state:·absent
6826 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']6826 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
6827 ····}}'6827 ····}}'
6828 ··when:6828 ··when:
6829 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6830 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6829 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6830 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6831 ··tags:6831 ··tags:
6832 ··-·CJIS-5.4.1.16832 ··-·CJIS-5.4.1.1
6833 ··-·NIST-800-171-3.3.16833 ··-·NIST-800-171-3.3.1
6834 ··-·NIST-800-171-3.4.36834 ··-·NIST-800-171-3.4.3
6835 ··-·NIST-800-53-AC-6(9)6835 ··-·NIST-800-53-AC-6(9)
6836 ··-·NIST-800-53-CM-6(a)6836 ··-·NIST-800-53-CM-6(a)
6837 ··-·PCI-DSS-Req-10.5.26837 ··-·PCI-DSS-Req-10.5.2
Offset 6848, 16 lines modifiedOffset 6848, 16 lines modified
6848 ····create:·true6848 ····create:·true
6849 ····line:·-e·26849 ····line:·-e·2
6850 ····mode:·o-rwx6850 ····mode:·o-rwx
6851 ··loop:6851 ··loop:
6852 ··-·/etc/audit/audit.rules6852 ··-·/etc/audit/audit.rules
6853 ··-·/etc/audit/rules.d/immutable.rules6853 ··-·/etc/audit/rules.d/immutable.rules
6854 ··when:6854 ··when:
6855 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
6856 ··-·'&quot;audit&quot;·in·ansible_facts.packages'6855 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 6856 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
6857 ··tags:6857 ··tags:
6858 ··-·CJIS-5.4.1.16858 ··-·CJIS-5.4.1.1
6859 ··-·NIST-800-171-3.3.16859 ··-·NIST-800-171-3.3.1
6860 ··-·NIST-800-171-3.4.36860 ··-·NIST-800-171-3.4.3
6861 ··-·NIST-800-53-AC-6(9)6861 ··-·NIST-800-53-AC-6(9)
6862 ··-·NIST-800-53-CM-6(a)6862 ··-·NIST-800-53-CM-6(a)
6863 ··-·PCI-DSS-Req-10.5.26863 ··-·PCI-DSS-Req-10.5.2
Offset 7737, 16 lines modifiedOffset 7737, 16 lines modified
7737 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/7737 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
7738 ··find:7738 ··find:
7739 ····paths:·/etc/audit/rules.d7739 ····paths:·/etc/audit/rules.d
7740 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+7740 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
7741 ····patterns:·'*.rules'7741 ····patterns:·'*.rules'
7742 ··register:·find_existing_watch_rules_d7742 ··register:·find_existing_watch_rules_d
7743 ··when:7743 ··when:
7744 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7745 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7744 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7745 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7746 ··tags:7746 ··tags:
7747 ··-·CJIS-5.4.1.17747 ··-·CJIS-5.4.1.1
7748 ··-·NIST-800-171-3.1.77748 ··-·NIST-800-171-3.1.7
7749 ··-·NIST-800-53-AC-2(7)(b)7749 ··-·NIST-800-53-AC-2(7)(b)
7750 ··-·NIST-800-53-AC-6(9)7750 ··-·NIST-800-53-AC-6(9)
7751 ··-·NIST-800-53-AU-12(c)7751 ··-·NIST-800-53-AU-12(c)
7752 ··-·NIST-800-53-AU-2(d)7752 ··-·NIST-800-53-AU-2(d)
Offset 7763, 16 lines modifiedOffset 7763, 16 lines modified
7763 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions7763 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
7764 ··find:7764 ··find:
7765 ····paths:·/etc/audit/rules.d7765 ····paths:·/etc/audit/rules.d
7766 ····contains:·^.*(?:-F·key=|-k\s+)actions$7766 ····contains:·^.*(?:-F·key=|-k\s+)actions$
7767 ····patterns:·'*.rules'7767 ····patterns:·'*.rules'
7768 ··register:·find_watch_key7768 ··register:·find_watch_key
7769 ··when:7769 ··when:
7770 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7771 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7770 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7771 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7772 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched7772 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
7773 ····==·07773 ····==·0
7774 ··tags:7774 ··tags:
7775 ··-·CJIS-5.4.1.17775 ··-·CJIS-5.4.1.1
7776 ··-·NIST-800-171-3.1.77776 ··-·NIST-800-171-3.1.7
7777 ··-·NIST-800-53-AC-2(7)(b)7777 ··-·NIST-800-53-AC-2(7)(b)
7778 ··-·NIST-800-53-AC-6(9)7778 ··-·NIST-800-53-AC-6(9)
Offset 7789, 16 lines modifiedOffset 7789, 16 lines modified
7789 ··-·restrict_strategy7789 ··-·restrict_strategy
  
7790 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule7790 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
7791 ··set_fact:7791 ··set_fact:
7792 ····all_files:7792 ····all_files:
7793 ····-·/etc/audit/rules.d/actions.rules7793 ····-·/etc/audit/rules.d/actions.rules
7794 ··when:7794 ··when:
7795 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7796 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7795 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7796 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7797 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched7797 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
7798 ····is·defined·and·find_existing_watch_rules_d.matched·==·07798 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
7799 ··tags:7799 ··tags:
7800 ··-·CJIS-5.4.1.17800 ··-·CJIS-5.4.1.1
7801 ··-·NIST-800-171-3.1.77801 ··-·NIST-800-171-3.1.7
7802 ··-·NIST-800-53-AC-2(7)(b)7802 ··-·NIST-800-53-AC-2(7)(b)
7803 ··-·NIST-800-53-AC-6(9)7803 ··-·NIST-800-53-AC-6(9)
Offset 7815, 16 lines modifiedOffset 7815, 16 lines modified
7815 ··-·restrict_strategy7815 ··-·restrict_strategy
  
7816 -·name:·Use·matched·file·as·the·recipient·for·the·rule7816 -·name:·Use·matched·file·as·the·recipient·for·the·rule
7817 ··set_fact:7817 ··set_fact:
7818 ····all_files:7818 ····all_files:
7819 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'7819 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
7820 ··when:7820 ··when:
7821 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
7822 ··-·'&quot;audit&quot;·in·ansible_facts.packages'7821 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 7822 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
7823 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched7823 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
7824 ····is·defined·and·find_existing_watch_rules_d.matched·==·07824 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
7825 ··tags:7825 ··tags:
7826 ··-·CJIS-5.4.1.17826 ··-·CJIS-5.4.1.1
7827 ··-·NIST-800-171-3.1.77827 ··-·NIST-800-171-3.1.7
7828 ··-·NIST-800-53-AC-2(7)(b)7828 ··-·NIST-800-53-AC-2(7)(b)
7829 ··-·NIST-800-53-AC-6(9)7829 ··-·NIST-800-53-AC-6(9)
Offset 7843, 16 lines modifiedOffset 7843, 16 lines modified
7843 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/7843 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 40051/45382 bytes (88.25%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml
    
Offset 161207, 16 lines modifiedOffset 161207, 16 lines modified
161207 ··-·no_reboot_needed161207 ··-·no_reboot_needed
  
161208 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg161208 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
161209 ··stat:161209 ··stat:
161210 ····path:·/boot/efi/EFI/redhat/grub.cfg161210 ····path:·/boot/efi/EFI/redhat/grub.cfg
161211 ··register:·file_exists161211 ··register:·file_exists
161212 ··when:161212 ··when:
161213 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161214 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161213 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161214 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161215 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161215 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161216 ··tags:161216 ··tags:
161217 ··-·CCE-83430-9161217 ··-·CCE-83430-9
161218 ··-·CJIS-5.5.2.2161218 ··-·CJIS-5.5.2.2
161219 ··-·NIST-800-171-3.4.5161219 ··-·NIST-800-171-3.4.5
161220 ··-·NIST-800-53-AC-6(1)161220 ··-·NIST-800-53-AC-6(1)
161221 ··-·NIST-800-53-CM-6(a)161221 ··-·NIST-800-53-CM-6(a)
Offset 161229, 16 lines modifiedOffset 161229, 16 lines modified
161229 ··-·no_reboot_needed161229 ··-·no_reboot_needed
  
161230 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg161230 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
161231 ··file:161231 ··file:
161232 ····path:·/boot/efi/EFI/redhat/grub.cfg161232 ····path:·/boot/efi/EFI/redhat/grub.cfg
161233 ····group:·'0'161233 ····group:·'0'
161234 ··when:161234 ··when:
161235 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161236 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161235 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161236 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161237 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161237 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161238 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists161238 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
161239 ··tags:161239 ··tags:
161240 ··-·CCE-83430-9161240 ··-·CCE-83430-9
161241 ··-·CJIS-5.5.2.2161241 ··-·CJIS-5.5.2.2
161242 ··-·NIST-800-171-3.4.5161242 ··-·NIST-800-171-3.4.5
161243 ··-·NIST-800-53-AC-6(1)161243 ··-·NIST-800-53-AC-6(1)
Offset 161247, 15 lines modifiedOffset 161247, 15 lines modified
161247 ··-·configure_strategy161247 ··-·configure_strategy
161248 ··-·file_groupowner_efi_grub2_cfg161248 ··-·file_groupowner_efi_grub2_cfg
161249 ··-·low_complexity161249 ··-·low_complexity
161250 ··-·low_disruption161250 ··-·low_disruption
161251 ··-·medium_severity161251 ··-·medium_severity
161252 ··-·no_reboot_needed</xccdf-1.2:fix>161252 ··-·no_reboot_needed</xccdf-1.2:fix>
161253 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms161253 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
161254 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then161254 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
161255 chgrp·0·/boot/efi/EFI/redhat/grub.cfg161255 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
161256 else161256 else
161257 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'161257 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
161258 fi</xccdf-1.2:fix>161258 fi</xccdf-1.2:fix>
161259 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">161259 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 161353, 16 lines modifiedOffset 161353, 16 lines modified
161353 ··-·no_reboot_needed161353 ··-·no_reboot_needed
  
161354 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg161354 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
161355 ··stat:161355 ··stat:
161356 ····path:·/boot/efi/EFI/redhat/user.cfg161356 ····path:·/boot/efi/EFI/redhat/user.cfg
161357 ··register:·file_exists161357 ··register:·file_exists
161358 ··when:161358 ··when:
161359 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161360 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161359 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161360 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161361 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161361 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161362 ··tags:161362 ··tags:
161363 ··-·CCE-86011-4161363 ··-·CCE-86011-4
161364 ··-·CJIS-5.5.2.2161364 ··-·CJIS-5.5.2.2
161365 ··-·NIST-800-171-3.4.5161365 ··-·NIST-800-171-3.4.5
161366 ··-·NIST-800-53-AC-6(1)161366 ··-·NIST-800-53-AC-6(1)
161367 ··-·NIST-800-53-CM-6(a)161367 ··-·NIST-800-53-CM-6(a)
Offset 161375, 16 lines modifiedOffset 161375, 16 lines modified
161375 ··-·no_reboot_needed161375 ··-·no_reboot_needed
  
161376 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg161376 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
161377 ··file:161377 ··file:
161378 ····path:·/boot/efi/EFI/redhat/user.cfg161378 ····path:·/boot/efi/EFI/redhat/user.cfg
161379 ····group:·'0'161379 ····group:·'0'
161380 ··when:161380 ··when:
161381 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161382 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161381 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161382 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161383 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161383 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161384 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists161384 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
161385 ··tags:161385 ··tags:
161386 ··-·CCE-86011-4161386 ··-·CCE-86011-4
161387 ··-·CJIS-5.5.2.2161387 ··-·CJIS-5.5.2.2
161388 ··-·NIST-800-171-3.4.5161388 ··-·NIST-800-171-3.4.5
161389 ··-·NIST-800-53-AC-6(1)161389 ··-·NIST-800-53-AC-6(1)
Offset 161393, 15 lines modifiedOffset 161393, 15 lines modified
161393 ··-·configure_strategy161393 ··-·configure_strategy
161394 ··-·file_groupowner_efi_user_cfg161394 ··-·file_groupowner_efi_user_cfg
161395 ··-·low_complexity161395 ··-·low_complexity
161396 ··-·low_disruption161396 ··-·low_disruption
161397 ··-·medium_severity161397 ··-·medium_severity
161398 ··-·no_reboot_needed</xccdf-1.2:fix>161398 ··-·no_reboot_needed</xccdf-1.2:fix>
161399 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms161399 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
161400 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then161400 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
161401 chgrp·0·/boot/efi/EFI/redhat/user.cfg161401 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
161402 else161402 else
161403 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'161403 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
161404 fi</xccdf-1.2:fix>161404 fi</xccdf-1.2:fix>
161405 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">161405 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 161495, 16 lines modifiedOffset 161495, 16 lines modified
161495 ··-·no_reboot_needed161495 ··-·no_reboot_needed
  
161496 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg161496 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
161497 ··stat:161497 ··stat:
161498 ····path:·/boot/efi/EFI/redhat/grub.cfg161498 ····path:·/boot/efi/EFI/redhat/grub.cfg
161499 ··register:·file_exists161499 ··register:·file_exists
161500 ··when:161500 ··when:
161501 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161502 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161501 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161502 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161503 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161503 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161504 ··tags:161504 ··tags:
161505 ··-·CCE-83429-1161505 ··-·CCE-83429-1
161506 ··-·CJIS-5.5.2.2161506 ··-·CJIS-5.5.2.2
161507 ··-·NIST-800-171-3.4.5161507 ··-·NIST-800-171-3.4.5
161508 ··-·NIST-800-53-AC-6(1)161508 ··-·NIST-800-53-AC-6(1)
161509 ··-·NIST-800-53-CM-6(a)161509 ··-·NIST-800-53-CM-6(a)
Offset 161517, 16 lines modifiedOffset 161517, 16 lines modified
161517 ··-·no_reboot_needed161517 ··-·no_reboot_needed
  
161518 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg161518 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
161519 ··file:161519 ··file:
161520 ····path:·/boot/efi/EFI/redhat/grub.cfg161520 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9966/15530 bytes (64.17%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
    
Offset 161209, 16 lines modifiedOffset 161209, 16 lines modified
161209 ··-·no_reboot_needed161209 ··-·no_reboot_needed
  
161210 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg161210 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
161211 ··stat:161211 ··stat:
161212 ····path:·/boot/efi/EFI/redhat/grub.cfg161212 ····path:·/boot/efi/EFI/redhat/grub.cfg
161213 ··register:·file_exists161213 ··register:·file_exists
161214 ··when:161214 ··when:
161215 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161216 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161215 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161216 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161217 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161217 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161218 ··tags:161218 ··tags:
161219 ··-·CCE-83430-9161219 ··-·CCE-83430-9
161220 ··-·CJIS-5.5.2.2161220 ··-·CJIS-5.5.2.2
161221 ··-·NIST-800-171-3.4.5161221 ··-·NIST-800-171-3.4.5
161222 ··-·NIST-800-53-AC-6(1)161222 ··-·NIST-800-53-AC-6(1)
161223 ··-·NIST-800-53-CM-6(a)161223 ··-·NIST-800-53-CM-6(a)
Offset 161231, 16 lines modifiedOffset 161231, 16 lines modified
161231 ··-·no_reboot_needed161231 ··-·no_reboot_needed
  
161232 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg161232 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
161233 ··file:161233 ··file:
161234 ····path:·/boot/efi/EFI/redhat/grub.cfg161234 ····path:·/boot/efi/EFI/redhat/grub.cfg
161235 ····group:·'0'161235 ····group:·'0'
161236 ··when:161236 ··when:
161237 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161238 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161237 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161238 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161239 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161239 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161240 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists161240 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
161241 ··tags:161241 ··tags:
161242 ··-·CCE-83430-9161242 ··-·CCE-83430-9
161243 ··-·CJIS-5.5.2.2161243 ··-·CJIS-5.5.2.2
161244 ··-·NIST-800-171-3.4.5161244 ··-·NIST-800-171-3.4.5
161245 ··-·NIST-800-53-AC-6(1)161245 ··-·NIST-800-53-AC-6(1)
Offset 161249, 15 lines modifiedOffset 161249, 15 lines modified
161249 ··-·configure_strategy161249 ··-·configure_strategy
161250 ··-·file_groupowner_efi_grub2_cfg161250 ··-·file_groupowner_efi_grub2_cfg
161251 ··-·low_complexity161251 ··-·low_complexity
161252 ··-·low_disruption161252 ··-·low_disruption
161253 ··-·medium_severity161253 ··-·medium_severity
161254 ··-·no_reboot_needed</xccdf-1.2:fix>161254 ··-·no_reboot_needed</xccdf-1.2:fix>
161255 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms161255 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
161256 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then161256 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
161257 chgrp·0·/boot/efi/EFI/redhat/grub.cfg161257 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
161258 else161258 else
161259 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'161259 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
161260 fi</xccdf-1.2:fix>161260 fi</xccdf-1.2:fix>
161261 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">161261 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 161355, 16 lines modifiedOffset 161355, 16 lines modified
161355 ··-·no_reboot_needed161355 ··-·no_reboot_needed
  
161356 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg161356 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
161357 ··stat:161357 ··stat:
161358 ····path:·/boot/efi/EFI/redhat/user.cfg161358 ····path:·/boot/efi/EFI/redhat/user.cfg
161359 ··register:·file_exists161359 ··register:·file_exists
161360 ··when:161360 ··when:
161361 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161362 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161361 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161362 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161363 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161363 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161364 ··tags:161364 ··tags:
161365 ··-·CCE-86011-4161365 ··-·CCE-86011-4
161366 ··-·CJIS-5.5.2.2161366 ··-·CJIS-5.5.2.2
161367 ··-·NIST-800-171-3.4.5161367 ··-·NIST-800-171-3.4.5
161368 ··-·NIST-800-53-AC-6(1)161368 ··-·NIST-800-53-AC-6(1)
161369 ··-·NIST-800-53-CM-6(a)161369 ··-·NIST-800-53-CM-6(a)
Offset 161377, 16 lines modifiedOffset 161377, 16 lines modified
161377 ··-·no_reboot_needed161377 ··-·no_reboot_needed
  
161378 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg161378 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
161379 ··file:161379 ··file:
161380 ····path:·/boot/efi/EFI/redhat/user.cfg161380 ····path:·/boot/efi/EFI/redhat/user.cfg
161381 ····group:·'0'161381 ····group:·'0'
161382 ··when:161382 ··when:
161383 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161384 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161383 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161384 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161385 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161385 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161386 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists161386 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
161387 ··tags:161387 ··tags:
161388 ··-·CCE-86011-4161388 ··-·CCE-86011-4
161389 ··-·CJIS-5.5.2.2161389 ··-·CJIS-5.5.2.2
161390 ··-·NIST-800-171-3.4.5161390 ··-·NIST-800-171-3.4.5
161391 ··-·NIST-800-53-AC-6(1)161391 ··-·NIST-800-53-AC-6(1)
Offset 161395, 15 lines modifiedOffset 161395, 15 lines modified
161395 ··-·configure_strategy161395 ··-·configure_strategy
161396 ··-·file_groupowner_efi_user_cfg161396 ··-·file_groupowner_efi_user_cfg
161397 ··-·low_complexity161397 ··-·low_complexity
161398 ··-·low_disruption161398 ··-·low_disruption
161399 ··-·medium_severity161399 ··-·medium_severity
161400 ··-·no_reboot_needed</xccdf-1.2:fix>161400 ··-·no_reboot_needed</xccdf-1.2:fix>
161401 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms161401 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
161402 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then161402 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
161403 chgrp·0·/boot/efi/EFI/redhat/user.cfg161403 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
161404 else161404 else
161405 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'161405 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
161406 fi</xccdf-1.2:fix>161406 fi</xccdf-1.2:fix>
161407 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">161407 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 161497, 16 lines modifiedOffset 161497, 16 lines modified
161497 ··-·no_reboot_needed161497 ··-·no_reboot_needed
  
161498 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg161498 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
161499 ··stat:161499 ··stat:
161500 ····path:·/boot/efi/EFI/redhat/grub.cfg161500 ····path:·/boot/efi/EFI/redhat/grub.cfg
161501 ··register:·file_exists161501 ··register:·file_exists
161502 ··when:161502 ··when:
161503 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161504 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161503 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161504 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161505 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161505 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161506 ··tags:161506 ··tags:
161507 ··-·CCE-83429-1161507 ··-·CCE-83429-1
161508 ··-·CJIS-5.5.2.2161508 ··-·CJIS-5.5.2.2
161509 ··-·NIST-800-171-3.4.5161509 ··-·NIST-800-171-3.4.5
161510 ··-·NIST-800-53-AC-6(1)161510 ··-·NIST-800-53-AC-6(1)
161511 ··-·NIST-800-53-CM-6(a)161511 ··-·NIST-800-53-CM-6(a)
Offset 161519, 16 lines modifiedOffset 161519, 16 lines modified
161519 ··-·no_reboot_needed161519 ··-·no_reboot_needed
  
161520 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg161520 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
161521 ··file:161521 ··file:
161522 ····path:·/boot/efi/EFI/redhat/grub.cfg161522 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9966/15530 bytes (64.17%) of diff not shown.
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
15.2 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
    
Offset 161039, 16 lines modifiedOffset 161039, 16 lines modified
161039 ··-·no_reboot_needed161039 ··-·no_reboot_needed
  
161040 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg161040 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
161041 ··stat:161041 ··stat:
161042 ····path:·/boot/efi/EFI/redhat/grub.cfg161042 ····path:·/boot/efi/EFI/redhat/grub.cfg
161043 ··register:·file_exists161043 ··register:·file_exists
161044 ··when:161044 ··when:
161045 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161046 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161045 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161046 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161047 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161047 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161048 ··tags:161048 ··tags:
161049 ··-·CCE-83430-9161049 ··-·CCE-83430-9
161050 ··-·CJIS-5.5.2.2161050 ··-·CJIS-5.5.2.2
161051 ··-·NIST-800-171-3.4.5161051 ··-·NIST-800-171-3.4.5
161052 ··-·NIST-800-53-AC-6(1)161052 ··-·NIST-800-53-AC-6(1)
161053 ··-·NIST-800-53-CM-6(a)161053 ··-·NIST-800-53-CM-6(a)
Offset 161061, 16 lines modifiedOffset 161061, 16 lines modified
161061 ··-·no_reboot_needed161061 ··-·no_reboot_needed
  
161062 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg161062 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
161063 ··file:161063 ··file:
161064 ····path:·/boot/efi/EFI/redhat/grub.cfg161064 ····path:·/boot/efi/EFI/redhat/grub.cfg
161065 ····group:·'0'161065 ····group:·'0'
161066 ··when:161066 ··when:
161067 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161068 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161067 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161068 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161069 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161069 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161070 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists161070 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
161071 ··tags:161071 ··tags:
161072 ··-·CCE-83430-9161072 ··-·CCE-83430-9
161073 ··-·CJIS-5.5.2.2161073 ··-·CJIS-5.5.2.2
161074 ··-·NIST-800-171-3.4.5161074 ··-·NIST-800-171-3.4.5
161075 ··-·NIST-800-53-AC-6(1)161075 ··-·NIST-800-53-AC-6(1)
Offset 161079, 15 lines modifiedOffset 161079, 15 lines modified
161079 ··-·configure_strategy161079 ··-·configure_strategy
161080 ··-·file_groupowner_efi_grub2_cfg161080 ··-·file_groupowner_efi_grub2_cfg
161081 ··-·low_complexity161081 ··-·low_complexity
161082 ··-·low_disruption161082 ··-·low_disruption
161083 ··-·medium_severity161083 ··-·medium_severity
161084 ··-·no_reboot_needed</xccdf-1.2:fix>161084 ··-·no_reboot_needed</xccdf-1.2:fix>
161085 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms161085 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
161086 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then161086 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
161087 chgrp·0·/boot/efi/EFI/redhat/grub.cfg161087 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
161088 else161088 else
161089 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'161089 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
161090 fi</xccdf-1.2:fix>161090 fi</xccdf-1.2:fix>
161091 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">161091 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 161185, 16 lines modifiedOffset 161185, 16 lines modified
161185 ··-·no_reboot_needed161185 ··-·no_reboot_needed
  
161186 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg161186 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
161187 ··stat:161187 ··stat:
161188 ····path:·/boot/efi/EFI/redhat/user.cfg161188 ····path:·/boot/efi/EFI/redhat/user.cfg
161189 ··register:·file_exists161189 ··register:·file_exists
161190 ··when:161190 ··when:
161191 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161192 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161191 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161192 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161193 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161193 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161194 ··tags:161194 ··tags:
161195 ··-·CCE-86011-4161195 ··-·CCE-86011-4
161196 ··-·CJIS-5.5.2.2161196 ··-·CJIS-5.5.2.2
161197 ··-·NIST-800-171-3.4.5161197 ··-·NIST-800-171-3.4.5
161198 ··-·NIST-800-53-AC-6(1)161198 ··-·NIST-800-53-AC-6(1)
161199 ··-·NIST-800-53-CM-6(a)161199 ··-·NIST-800-53-CM-6(a)
Offset 161207, 16 lines modifiedOffset 161207, 16 lines modified
161207 ··-·no_reboot_needed161207 ··-·no_reboot_needed
  
161208 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg161208 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
161209 ··file:161209 ··file:
161210 ····path:·/boot/efi/EFI/redhat/user.cfg161210 ····path:·/boot/efi/EFI/redhat/user.cfg
161211 ····group:·'0'161211 ····group:·'0'
161212 ··when:161212 ··when:
161213 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161214 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161213 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161214 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161215 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161215 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161216 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists161216 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
161217 ··tags:161217 ··tags:
161218 ··-·CCE-86011-4161218 ··-·CCE-86011-4
161219 ··-·CJIS-5.5.2.2161219 ··-·CJIS-5.5.2.2
161220 ··-·NIST-800-171-3.4.5161220 ··-·NIST-800-171-3.4.5
161221 ··-·NIST-800-53-AC-6(1)161221 ··-·NIST-800-53-AC-6(1)
Offset 161225, 15 lines modifiedOffset 161225, 15 lines modified
161225 ··-·configure_strategy161225 ··-·configure_strategy
161226 ··-·file_groupowner_efi_user_cfg161226 ··-·file_groupowner_efi_user_cfg
161227 ··-·low_complexity161227 ··-·low_complexity
161228 ··-·low_disruption161228 ··-·low_disruption
161229 ··-·medium_severity161229 ··-·medium_severity
161230 ··-·no_reboot_needed</xccdf-1.2:fix>161230 ··-·no_reboot_needed</xccdf-1.2:fix>
161231 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms161231 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
161232 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then161232 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
161233 chgrp·0·/boot/efi/EFI/redhat/user.cfg161233 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
161234 else161234 else
161235 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'161235 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
161236 fi</xccdf-1.2:fix>161236 fi</xccdf-1.2:fix>
161237 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">161237 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 161327, 16 lines modifiedOffset 161327, 16 lines modified
161327 ··-·no_reboot_needed161327 ··-·no_reboot_needed
  
161328 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg161328 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
161329 ··stat:161329 ··stat:
161330 ····path:·/boot/efi/EFI/redhat/grub.cfg161330 ····path:·/boot/efi/EFI/redhat/grub.cfg
161331 ··register:·file_exists161331 ··register:·file_exists
161332 ··when:161332 ··when:
161333 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
161334 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'161333 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 161334 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
161335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]161335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
161336 ··tags:161336 ··tags:
161337 ··-·CCE-83429-1161337 ··-·CCE-83429-1
161338 ··-·CJIS-5.5.2.2161338 ··-·CJIS-5.5.2.2
161339 ··-·NIST-800-171-3.4.5161339 ··-·NIST-800-171-3.4.5
161340 ··-·NIST-800-53-AC-6(1)161340 ··-·NIST-800-53-AC-6(1)
161341 ··-·NIST-800-53-CM-6(a)161341 ··-·NIST-800-53-CM-6(a)
Offset 161349, 16 lines modifiedOffset 161349, 16 lines modified
161349 ··-·no_reboot_needed161349 ··-·no_reboot_needed
  
161350 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg161350 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
161351 ··file:161351 ··file:
161352 ····path:·/boot/efi/EFI/redhat/grub.cfg161352 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9930/15478 bytes (64.16%) of diff not shown.
29.0 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml
28.9 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml
    
Offset 171047, 16 lines modifiedOffset 171047, 16 lines modified
171047 ··-·no_reboot_needed171047 ··-·no_reboot_needed
  
171048 -·name:·Test·for·existence·/boot/grub2/grub.cfg171048 -·name:·Test·for·existence·/boot/grub2/grub.cfg
171049 ··stat:171049 ··stat:
171050 ····path:·/boot/grub2/grub.cfg171050 ····path:·/boot/grub2/grub.cfg
171051 ··register:·file_exists171051 ··register:·file_exists
171052 ··when:171052 ··when:
171053 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171054 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171053 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171054 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171055 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171055 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171056 ··tags:171056 ··tags:
171057 ··-·CCE-80800-6171057 ··-·CCE-80800-6
171058 ··-·CJIS-5.5.2.2171058 ··-·CJIS-5.5.2.2
171059 ··-·NIST-800-171-3.4.5171059 ··-·NIST-800-171-3.4.5
171060 ··-·NIST-800-53-AC-6(1)171060 ··-·NIST-800-53-AC-6(1)
171061 ··-·NIST-800-53-CM-6(a)171061 ··-·NIST-800-53-CM-6(a)
Offset 171069, 16 lines modifiedOffset 171069, 16 lines modified
171069 ··-·no_reboot_needed171069 ··-·no_reboot_needed
  
171070 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg171070 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
171071 ··file:171071 ··file:
171072 ····path:·/boot/grub2/grub.cfg171072 ····path:·/boot/grub2/grub.cfg
171073 ····group:·'0'171073 ····group:·'0'
171074 ··when:171074 ··when:
171075 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171076 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171075 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171076 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171077 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171077 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171078 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists171078 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
171079 ··tags:171079 ··tags:
171080 ··-·CCE-80800-6171080 ··-·CCE-80800-6
171081 ··-·CJIS-5.5.2.2171081 ··-·CJIS-5.5.2.2
171082 ··-·NIST-800-171-3.4.5171082 ··-·NIST-800-171-3.4.5
171083 ··-·NIST-800-53-AC-6(1)171083 ··-·NIST-800-53-AC-6(1)
Offset 171087, 15 lines modifiedOffset 171087, 15 lines modified
171087 ··-·configure_strategy171087 ··-·configure_strategy
171088 ··-·file_groupowner_grub2_cfg171088 ··-·file_groupowner_grub2_cfg
171089 ··-·low_complexity171089 ··-·low_complexity
171090 ··-·low_disruption171090 ··-·low_disruption
171091 ··-·medium_severity171091 ··-·medium_severity
171092 ··-·no_reboot_needed</xccdf-1.2:fix>171092 ··-·no_reboot_needed</xccdf-1.2:fix>
171093 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms171093 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
171094 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then171094 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
171095 chgrp·0·/boot/grub2/grub.cfg171095 chgrp·0·/boot/grub2/grub.cfg
  
171096 else171096 else
171097 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'171097 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
171098 fi</xccdf-1.2:fix>171098 fi</xccdf-1.2:fix>
171099 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">171099 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 171205, 16 lines modifiedOffset 171205, 16 lines modified
171205 ··-·no_reboot_needed171205 ··-·no_reboot_needed
  
171206 -·name:·Test·for·existence·/boot/grub2/user.cfg171206 -·name:·Test·for·existence·/boot/grub2/user.cfg
171207 ··stat:171207 ··stat:
171208 ····path:·/boot/grub2/user.cfg171208 ····path:·/boot/grub2/user.cfg
171209 ··register:·file_exists171209 ··register:·file_exists
171210 ··when:171210 ··when:
171211 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171212 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171211 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171212 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171213 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171213 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171214 ··tags:171214 ··tags:
171215 ··-·CCE-86009-8171215 ··-·CCE-86009-8
171216 ··-·CJIS-5.5.2.2171216 ··-·CJIS-5.5.2.2
171217 ··-·NIST-800-171-3.4.5171217 ··-·NIST-800-171-3.4.5
171218 ··-·NIST-800-53-AC-6(1)171218 ··-·NIST-800-53-AC-6(1)
171219 ··-·NIST-800-53-CM-6(a)171219 ··-·NIST-800-53-CM-6(a)
Offset 171227, 16 lines modifiedOffset 171227, 16 lines modified
171227 ··-·no_reboot_needed171227 ··-·no_reboot_needed
  
171228 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg171228 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
171229 ··file:171229 ··file:
171230 ····path:·/boot/grub2/user.cfg171230 ····path:·/boot/grub2/user.cfg
171231 ····group:·'0'171231 ····group:·'0'
171232 ··when:171232 ··when:
171233 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171234 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171233 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171234 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171235 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171235 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171236 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists171236 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
171237 ··tags:171237 ··tags:
171238 ··-·CCE-86009-8171238 ··-·CCE-86009-8
171239 ··-·CJIS-5.5.2.2171239 ··-·CJIS-5.5.2.2
171240 ··-·NIST-800-171-3.4.5171240 ··-·NIST-800-171-3.4.5
171241 ··-·NIST-800-53-AC-6(1)171241 ··-·NIST-800-53-AC-6(1)
Offset 171245, 15 lines modifiedOffset 171245, 15 lines modified
171245 ··-·configure_strategy171245 ··-·configure_strategy
171246 ··-·file_groupowner_user_cfg171246 ··-·file_groupowner_user_cfg
171247 ··-·low_complexity171247 ··-·low_complexity
171248 ··-·low_disruption171248 ··-·low_disruption
171249 ··-·medium_severity171249 ··-·medium_severity
171250 ··-·no_reboot_needed</xccdf-1.2:fix>171250 ··-·no_reboot_needed</xccdf-1.2:fix>
171251 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms171251 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
171252 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then171252 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
171253 chgrp·0·/boot/grub2/user.cfg171253 chgrp·0·/boot/grub2/user.cfg
  
171254 else171254 else
171255 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'171255 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
171256 fi</xccdf-1.2:fix>171256 fi</xccdf-1.2:fix>
171257 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">171257 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 171358, 16 lines modifiedOffset 171358, 16 lines modified
171358 ··-·no_reboot_needed171358 ··-·no_reboot_needed
  
171359 -·name:·Test·for·existence·/boot/grub2/grub.cfg171359 -·name:·Test·for·existence·/boot/grub2/grub.cfg
171360 ··stat:171360 ··stat:
171361 ····path:·/boot/grub2/grub.cfg171361 ····path:·/boot/grub2/grub.cfg
171362 ··register:·file_exists171362 ··register:·file_exists
171363 ··when:171363 ··when:
171364 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171365 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171364 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171365 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171366 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171366 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171367 ··tags:171367 ··tags:
171368 ··-·CCE-80805-5171368 ··-·CCE-80805-5
171369 ··-·CJIS-5.5.2.2171369 ··-·CJIS-5.5.2.2
171370 ··-·NIST-800-171-3.4.5171370 ··-·NIST-800-171-3.4.5
171371 ··-·NIST-800-53-AC-6(1)171371 ··-·NIST-800-53-AC-6(1)
171372 ··-·NIST-800-53-CM-6(a)171372 ··-·NIST-800-53-CM-6(a)
Offset 171380, 16 lines modifiedOffset 171380, 16 lines modified
171380 ··-·no_reboot_needed171380 ··-·no_reboot_needed
  
171381 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg171381 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
171382 ··file:171382 ··file:
171383 ····path:·/boot/grub2/grub.cfg171383 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 23998/29468 bytes (81.44%) of diff not shown.
29.0 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
28.9 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
    
Offset 171049, 16 lines modifiedOffset 171049, 16 lines modified
171049 ··-·no_reboot_needed171049 ··-·no_reboot_needed
  
171050 -·name:·Test·for·existence·/boot/grub2/grub.cfg171050 -·name:·Test·for·existence·/boot/grub2/grub.cfg
171051 ··stat:171051 ··stat:
171052 ····path:·/boot/grub2/grub.cfg171052 ····path:·/boot/grub2/grub.cfg
171053 ··register:·file_exists171053 ··register:·file_exists
171054 ··when:171054 ··when:
171055 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171056 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171055 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171056 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171057 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171057 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171058 ··tags:171058 ··tags:
171059 ··-·CCE-80800-6171059 ··-·CCE-80800-6
171060 ··-·CJIS-5.5.2.2171060 ··-·CJIS-5.5.2.2
171061 ··-·NIST-800-171-3.4.5171061 ··-·NIST-800-171-3.4.5
171062 ··-·NIST-800-53-AC-6(1)171062 ··-·NIST-800-53-AC-6(1)
171063 ··-·NIST-800-53-CM-6(a)171063 ··-·NIST-800-53-CM-6(a)
Offset 171071, 16 lines modifiedOffset 171071, 16 lines modified
171071 ··-·no_reboot_needed171071 ··-·no_reboot_needed
  
171072 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg171072 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
171073 ··file:171073 ··file:
171074 ····path:·/boot/grub2/grub.cfg171074 ····path:·/boot/grub2/grub.cfg
171075 ····group:·'0'171075 ····group:·'0'
171076 ··when:171076 ··when:
171077 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171078 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171077 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171078 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171079 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171079 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171080 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists171080 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
171081 ··tags:171081 ··tags:
171082 ··-·CCE-80800-6171082 ··-·CCE-80800-6
171083 ··-·CJIS-5.5.2.2171083 ··-·CJIS-5.5.2.2
171084 ··-·NIST-800-171-3.4.5171084 ··-·NIST-800-171-3.4.5
171085 ··-·NIST-800-53-AC-6(1)171085 ··-·NIST-800-53-AC-6(1)
Offset 171089, 15 lines modifiedOffset 171089, 15 lines modified
171089 ··-·configure_strategy171089 ··-·configure_strategy
171090 ··-·file_groupowner_grub2_cfg171090 ··-·file_groupowner_grub2_cfg
171091 ··-·low_complexity171091 ··-·low_complexity
171092 ··-·low_disruption171092 ··-·low_disruption
171093 ··-·medium_severity171093 ··-·medium_severity
171094 ··-·no_reboot_needed</xccdf-1.2:fix>171094 ··-·no_reboot_needed</xccdf-1.2:fix>
171095 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms171095 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
171096 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then171096 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
171097 chgrp·0·/boot/grub2/grub.cfg171097 chgrp·0·/boot/grub2/grub.cfg
  
171098 else171098 else
171099 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'171099 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
171100 fi</xccdf-1.2:fix>171100 fi</xccdf-1.2:fix>
171101 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">171101 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 171207, 16 lines modifiedOffset 171207, 16 lines modified
171207 ··-·no_reboot_needed171207 ··-·no_reboot_needed
  
171208 -·name:·Test·for·existence·/boot/grub2/user.cfg171208 -·name:·Test·for·existence·/boot/grub2/user.cfg
171209 ··stat:171209 ··stat:
171210 ····path:·/boot/grub2/user.cfg171210 ····path:·/boot/grub2/user.cfg
171211 ··register:·file_exists171211 ··register:·file_exists
171212 ··when:171212 ··when:
171213 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171214 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171213 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171214 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171215 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171215 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171216 ··tags:171216 ··tags:
171217 ··-·CCE-86009-8171217 ··-·CCE-86009-8
171218 ··-·CJIS-5.5.2.2171218 ··-·CJIS-5.5.2.2
171219 ··-·NIST-800-171-3.4.5171219 ··-·NIST-800-171-3.4.5
171220 ··-·NIST-800-53-AC-6(1)171220 ··-·NIST-800-53-AC-6(1)
171221 ··-·NIST-800-53-CM-6(a)171221 ··-·NIST-800-53-CM-6(a)
Offset 171229, 16 lines modifiedOffset 171229, 16 lines modified
171229 ··-·no_reboot_needed171229 ··-·no_reboot_needed
  
171230 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg171230 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
171231 ··file:171231 ··file:
171232 ····path:·/boot/grub2/user.cfg171232 ····path:·/boot/grub2/user.cfg
171233 ····group:·'0'171233 ····group:·'0'
171234 ··when:171234 ··when:
171235 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171236 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171235 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171236 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171237 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171237 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171238 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists171238 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
171239 ··tags:171239 ··tags:
171240 ··-·CCE-86009-8171240 ··-·CCE-86009-8
171241 ··-·CJIS-5.5.2.2171241 ··-·CJIS-5.5.2.2
171242 ··-·NIST-800-171-3.4.5171242 ··-·NIST-800-171-3.4.5
171243 ··-·NIST-800-53-AC-6(1)171243 ··-·NIST-800-53-AC-6(1)
Offset 171247, 15 lines modifiedOffset 171247, 15 lines modified
171247 ··-·configure_strategy171247 ··-·configure_strategy
171248 ··-·file_groupowner_user_cfg171248 ··-·file_groupowner_user_cfg
171249 ··-·low_complexity171249 ··-·low_complexity
171250 ··-·low_disruption171250 ··-·low_disruption
171251 ··-·medium_severity171251 ··-·medium_severity
171252 ··-·no_reboot_needed</xccdf-1.2:fix>171252 ··-·no_reboot_needed</xccdf-1.2:fix>
171253 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms171253 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
171254 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then171254 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
171255 chgrp·0·/boot/grub2/user.cfg171255 chgrp·0·/boot/grub2/user.cfg
  
171256 else171256 else
171257 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'171257 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
171258 fi</xccdf-1.2:fix>171258 fi</xccdf-1.2:fix>
171259 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">171259 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 171360, 16 lines modifiedOffset 171360, 16 lines modified
171360 ··-·no_reboot_needed171360 ··-·no_reboot_needed
  
171361 -·name:·Test·for·existence·/boot/grub2/grub.cfg171361 -·name:·Test·for·existence·/boot/grub2/grub.cfg
171362 ··stat:171362 ··stat:
171363 ····path:·/boot/grub2/grub.cfg171363 ····path:·/boot/grub2/grub.cfg
171364 ··register:·file_exists171364 ··register:·file_exists
171365 ··when:171365 ··when:
171366 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171367 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171366 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171367 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171368 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171368 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171369 ··tags:171369 ··tags:
171370 ··-·CCE-80805-5171370 ··-·CCE-80805-5
171371 ··-·CJIS-5.5.2.2171371 ··-·CJIS-5.5.2.2
171372 ··-·NIST-800-171-3.4.5171372 ··-·NIST-800-171-3.4.5
171373 ··-·NIST-800-53-AC-6(1)171373 ··-·NIST-800-53-AC-6(1)
171374 ··-·NIST-800-53-CM-6(a)171374 ··-·NIST-800-53-CM-6(a)
Offset 171382, 16 lines modifiedOffset 171382, 16 lines modified
171382 ··-·no_reboot_needed171382 ··-·no_reboot_needed
  
171383 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg171383 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
171384 ··file:171384 ··file:
171385 ····path:·/boot/grub2/grub.cfg171385 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 23998/29468 bytes (81.44%) of diff not shown.
28.9 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
28.8 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
    
Offset 170843, 16 lines modifiedOffset 170843, 16 lines modified
170843 ··-·no_reboot_needed170843 ··-·no_reboot_needed
  
170844 -·name:·Test·for·existence·/boot/grub2/grub.cfg170844 -·name:·Test·for·existence·/boot/grub2/grub.cfg
170845 ··stat:170845 ··stat:
170846 ····path:·/boot/grub2/grub.cfg170846 ····path:·/boot/grub2/grub.cfg
170847 ··register:·file_exists170847 ··register:·file_exists
170848 ··when:170848 ··when:
170849 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
170850 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'170849 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 170850 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
170851 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]170851 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
170852 ··tags:170852 ··tags:
170853 ··-·CCE-80800-6170853 ··-·CCE-80800-6
170854 ··-·CJIS-5.5.2.2170854 ··-·CJIS-5.5.2.2
170855 ··-·NIST-800-171-3.4.5170855 ··-·NIST-800-171-3.4.5
170856 ··-·NIST-800-53-AC-6(1)170856 ··-·NIST-800-53-AC-6(1)
170857 ··-·NIST-800-53-CM-6(a)170857 ··-·NIST-800-53-CM-6(a)
Offset 170865, 16 lines modifiedOffset 170865, 16 lines modified
170865 ··-·no_reboot_needed170865 ··-·no_reboot_needed
  
170866 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg170866 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
170867 ··file:170867 ··file:
170868 ····path:·/boot/grub2/grub.cfg170868 ····path:·/boot/grub2/grub.cfg
170869 ····group:·'0'170869 ····group:·'0'
170870 ··when:170870 ··when:
170871 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
170872 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'170871 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 170872 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
170873 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]170873 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
170874 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists170874 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
170875 ··tags:170875 ··tags:
170876 ··-·CCE-80800-6170876 ··-·CCE-80800-6
170877 ··-·CJIS-5.5.2.2170877 ··-·CJIS-5.5.2.2
170878 ··-·NIST-800-171-3.4.5170878 ··-·NIST-800-171-3.4.5
170879 ··-·NIST-800-53-AC-6(1)170879 ··-·NIST-800-53-AC-6(1)
Offset 170883, 15 lines modifiedOffset 170883, 15 lines modified
170883 ··-·configure_strategy170883 ··-·configure_strategy
170884 ··-·file_groupowner_grub2_cfg170884 ··-·file_groupowner_grub2_cfg
170885 ··-·low_complexity170885 ··-·low_complexity
170886 ··-·low_disruption170886 ··-·low_disruption
170887 ··-·medium_severity170887 ··-·medium_severity
170888 ··-·no_reboot_needed</xccdf-1.2:fix>170888 ··-·no_reboot_needed</xccdf-1.2:fix>
170889 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms170889 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
170890 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then170890 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
170891 chgrp·0·/boot/grub2/grub.cfg170891 chgrp·0·/boot/grub2/grub.cfg
  
170892 else170892 else
170893 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'170893 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
170894 fi</xccdf-1.2:fix>170894 fi</xccdf-1.2:fix>
170895 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">170895 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 171001, 16 lines modifiedOffset 171001, 16 lines modified
171001 ··-·no_reboot_needed171001 ··-·no_reboot_needed
  
171002 -·name:·Test·for·existence·/boot/grub2/user.cfg171002 -·name:·Test·for·existence·/boot/grub2/user.cfg
171003 ··stat:171003 ··stat:
171004 ····path:·/boot/grub2/user.cfg171004 ····path:·/boot/grub2/user.cfg
171005 ··register:·file_exists171005 ··register:·file_exists
171006 ··when:171006 ··when:
171007 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171008 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171007 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171008 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171009 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171009 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171010 ··tags:171010 ··tags:
171011 ··-·CCE-86009-8171011 ··-·CCE-86009-8
171012 ··-·CJIS-5.5.2.2171012 ··-·CJIS-5.5.2.2
171013 ··-·NIST-800-171-3.4.5171013 ··-·NIST-800-171-3.4.5
171014 ··-·NIST-800-53-AC-6(1)171014 ··-·NIST-800-53-AC-6(1)
171015 ··-·NIST-800-53-CM-6(a)171015 ··-·NIST-800-53-CM-6(a)
Offset 171023, 16 lines modifiedOffset 171023, 16 lines modified
171023 ··-·no_reboot_needed171023 ··-·no_reboot_needed
  
171024 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg171024 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
171025 ··file:171025 ··file:
171026 ····path:·/boot/grub2/user.cfg171026 ····path:·/boot/grub2/user.cfg
171027 ····group:·'0'171027 ····group:·'0'
171028 ··when:171028 ··when:
171029 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171030 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171029 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171030 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171031 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171031 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171032 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists171032 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
171033 ··tags:171033 ··tags:
171034 ··-·CCE-86009-8171034 ··-·CCE-86009-8
171035 ··-·CJIS-5.5.2.2171035 ··-·CJIS-5.5.2.2
171036 ··-·NIST-800-171-3.4.5171036 ··-·NIST-800-171-3.4.5
171037 ··-·NIST-800-53-AC-6(1)171037 ··-·NIST-800-53-AC-6(1)
Offset 171041, 15 lines modifiedOffset 171041, 15 lines modified
171041 ··-·configure_strategy171041 ··-·configure_strategy
171042 ··-·file_groupowner_user_cfg171042 ··-·file_groupowner_user_cfg
171043 ··-·low_complexity171043 ··-·low_complexity
171044 ··-·low_disruption171044 ··-·low_disruption
171045 ··-·medium_severity171045 ··-·medium_severity
171046 ··-·no_reboot_needed</xccdf-1.2:fix>171046 ··-·no_reboot_needed</xccdf-1.2:fix>
171047 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms171047 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
171048 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then171048 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
171049 chgrp·0·/boot/grub2/user.cfg171049 chgrp·0·/boot/grub2/user.cfg
  
171050 else171050 else
171051 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'171051 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
171052 fi</xccdf-1.2:fix>171052 fi</xccdf-1.2:fix>
171053 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">171053 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 171154, 16 lines modifiedOffset 171154, 16 lines modified
171154 ··-·no_reboot_needed171154 ··-·no_reboot_needed
  
171155 -·name:·Test·for·existence·/boot/grub2/grub.cfg171155 -·name:·Test·for·existence·/boot/grub2/grub.cfg
171156 ··stat:171156 ··stat:
171157 ····path:·/boot/grub2/grub.cfg171157 ····path:·/boot/grub2/grub.cfg
171158 ··register:·file_exists171158 ··register:·file_exists
171159 ··when:171159 ··when:
171160 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
171161 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'171160 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 171161 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
171162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]171162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
171163 ··tags:171163 ··tags:
171164 ··-·CCE-80805-5171164 ··-·CCE-80805-5
171165 ··-·CJIS-5.5.2.2171165 ··-·CJIS-5.5.2.2
171166 ··-·NIST-800-171-3.4.5171166 ··-·NIST-800-171-3.4.5
171167 ··-·NIST-800-53-AC-6(1)171167 ··-·NIST-800-53-AC-6(1)
171168 ··-·NIST-800-53-CM-6(a)171168 ··-·NIST-800-53-CM-6(a)
Offset 171176, 16 lines modifiedOffset 171176, 16 lines modified
171176 ··-·no_reboot_needed171176 ··-·no_reboot_needed
  
171177 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg171177 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
171178 ··file:171178 ··file:
171179 ····path:·/boot/grub2/grub.cfg171179 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 23914/29368 bytes (81.43%) of diff not shown.
10.6 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml
10.5 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml
    
Offset 169324, 16 lines modifiedOffset 169324, 16 lines modified
169324 ··-·no_reboot_needed169324 ··-·no_reboot_needed
  
169325 -·name:·Test·for·existence·/boot/grub2/user.cfg169325 -·name:·Test·for·existence·/boot/grub2/user.cfg
169326 ··stat:169326 ··stat:
169327 ····path:·/boot/grub2/user.cfg169327 ····path:·/boot/grub2/user.cfg
169328 ··register:·file_exists169328 ··register:·file_exists
169329 ··when:169329 ··when:
169330 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169331 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169330 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169331 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169332 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169332 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169333 ··tags:169333 ··tags:
169334 ··-·CCE-86013-0169334 ··-·CCE-86013-0
169335 ··-·CJIS-5.5.2.2169335 ··-·CJIS-5.5.2.2
169336 ··-·NIST-800-171-3.4.5169336 ··-·NIST-800-171-3.4.5
169337 ··-·NIST-800-53-AC-6(1)169337 ··-·NIST-800-53-AC-6(1)
169338 ··-·NIST-800-53-CM-6(a)169338 ··-·NIST-800-53-CM-6(a)
Offset 169346, 16 lines modifiedOffset 169346, 16 lines modified
169346 ··-·no_reboot_needed169346 ··-·no_reboot_needed
  
169347 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg169347 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
169348 ··file:169348 ··file:
169349 ····path:·/boot/grub2/user.cfg169349 ····path:·/boot/grub2/user.cfg
169350 ····group:·'0'169350 ····group:·'0'
169351 ··when:169351 ··when:
169352 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169353 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169352 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169353 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169354 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169354 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169355 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169355 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169356 ··tags:169356 ··tags:
169357 ··-·CCE-86013-0169357 ··-·CCE-86013-0
169358 ··-·CJIS-5.5.2.2169358 ··-·CJIS-5.5.2.2
169359 ··-·NIST-800-171-3.4.5169359 ··-·NIST-800-171-3.4.5
169360 ··-·NIST-800-53-AC-6(1)169360 ··-·NIST-800-53-AC-6(1)
Offset 169364, 15 lines modifiedOffset 169364, 15 lines modified
169364 ··-·configure_strategy169364 ··-·configure_strategy
169365 ··-·file_groupowner_efi_user_cfg169365 ··-·file_groupowner_efi_user_cfg
169366 ··-·low_complexity169366 ··-·low_complexity
169367 ··-·low_disruption169367 ··-·low_disruption
169368 ··-·medium_severity169368 ··-·medium_severity
169369 ··-·no_reboot_needed</xccdf-1.2:fix>169369 ··-·no_reboot_needed</xccdf-1.2:fix>
169370 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169370 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169371 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169371 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169372 chgrp·0·/boot/grub2/user.cfg169372 chgrp·0·/boot/grub2/user.cfg
  
169373 else169373 else
169374 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169374 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169375 fi</xccdf-1.2:fix>169375 fi</xccdf-1.2:fix>
169376 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169376 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169465, 16 lines modifiedOffset 169465, 16 lines modified
169465 ··-·no_reboot_needed169465 ··-·no_reboot_needed
  
169466 -·name:·Test·for·existence·/boot/grub2/user.cfg169466 -·name:·Test·for·existence·/boot/grub2/user.cfg
169467 ··stat:169467 ··stat:
169468 ····path:·/boot/grub2/user.cfg169468 ····path:·/boot/grub2/user.cfg
169469 ··register:·file_exists169469 ··register:·file_exists
169470 ··when:169470 ··when:
169471 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169472 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169471 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169472 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169473 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169473 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169474 ··tags:169474 ··tags:
169475 ··-·CCE-86022-1169475 ··-·CCE-86022-1
169476 ··-·CJIS-5.5.2.2169476 ··-·CJIS-5.5.2.2
169477 ··-·NIST-800-171-3.4.5169477 ··-·NIST-800-171-3.4.5
169478 ··-·NIST-800-53-AC-6(1)169478 ··-·NIST-800-53-AC-6(1)
169479 ··-·NIST-800-53-CM-6(a)169479 ··-·NIST-800-53-CM-6(a)
Offset 169487, 16 lines modifiedOffset 169487, 16 lines modified
169487 ··-·no_reboot_needed169487 ··-·no_reboot_needed
  
169488 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg169488 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
169489 ··file:169489 ··file:
169490 ····path:·/boot/grub2/user.cfg169490 ····path:·/boot/grub2/user.cfg
169491 ····owner:·'0'169491 ····owner:·'0'
169492 ··when:169492 ··when:
169493 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169494 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169493 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169494 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169495 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169495 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169496 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169496 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169497 ··tags:169497 ··tags:
169498 ··-·CCE-86022-1169498 ··-·CCE-86022-1
169499 ··-·CJIS-5.5.2.2169499 ··-·CJIS-5.5.2.2
169500 ··-·NIST-800-171-3.4.5169500 ··-·NIST-800-171-3.4.5
169501 ··-·NIST-800-53-AC-6(1)169501 ··-·NIST-800-53-AC-6(1)
Offset 169505, 15 lines modifiedOffset 169505, 15 lines modified
169505 ··-·configure_strategy169505 ··-·configure_strategy
169506 ··-·file_owner_efi_user_cfg169506 ··-·file_owner_efi_user_cfg
169507 ··-·low_complexity169507 ··-·low_complexity
169508 ··-·low_disruption169508 ··-·low_disruption
169509 ··-·medium_severity169509 ··-·medium_severity
169510 ··-·no_reboot_needed</xccdf-1.2:fix>169510 ··-·no_reboot_needed</xccdf-1.2:fix>
169511 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169511 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169512 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169512 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169513 chown·0·/boot/grub2/user.cfg169513 chown·0·/boot/grub2/user.cfg
  
169514 else169514 else
169515 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169515 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169516 fi</xccdf-1.2:fix>169516 fi</xccdf-1.2:fix>
169517 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169517 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169599, 16 lines modifiedOffset 169599, 16 lines modified
169599 ··-·no_reboot_needed169599 ··-·no_reboot_needed
  
169600 -·name:·Test·for·existence·/boot/grub2/grub.cfg169600 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169601 ··stat:169601 ··stat:
169602 ····path:·/boot/grub2/grub.cfg169602 ····path:·/boot/grub2/grub.cfg
169603 ··register:·file_exists169603 ··register:·file_exists
169604 ··when:169604 ··when:
169605 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169606 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169605 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169606 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169607 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169607 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169608 ··tags:169608 ··tags:
169609 ··-·CCE-85925-6169609 ··-·CCE-85925-6
169610 ··-·NIST-800-171-3.4.5169610 ··-·NIST-800-171-3.4.5
169611 ··-·NIST-800-53-AC-6(1)169611 ··-·NIST-800-53-AC-6(1)
169612 ··-·NIST-800-53-CM-6(a)169612 ··-·NIST-800-53-CM-6(a)
169613 ··-·configure_strategy169613 ··-·configure_strategy
Offset 169619, 31 lines modifiedOffset 169619, 31 lines modified
169619 ··-·no_reboot_needed169619 ··-·no_reboot_needed
  
169620 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg169620 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
169621 ··file:169621 ··file:
169622 ····path:·/boot/grub2/grub.cfg169622 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 5174/10634 bytes (48.66%) of diff not shown.
10.6 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
10.5 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
    
Offset 169326, 16 lines modifiedOffset 169326, 16 lines modified
169326 ··-·no_reboot_needed169326 ··-·no_reboot_needed
  
169327 -·name:·Test·for·existence·/boot/grub2/user.cfg169327 -·name:·Test·for·existence·/boot/grub2/user.cfg
169328 ··stat:169328 ··stat:
169329 ····path:·/boot/grub2/user.cfg169329 ····path:·/boot/grub2/user.cfg
169330 ··register:·file_exists169330 ··register:·file_exists
169331 ··when:169331 ··when:
169332 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169333 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169332 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169333 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169334 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169334 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169335 ··tags:169335 ··tags:
169336 ··-·CCE-86013-0169336 ··-·CCE-86013-0
169337 ··-·CJIS-5.5.2.2169337 ··-·CJIS-5.5.2.2
169338 ··-·NIST-800-171-3.4.5169338 ··-·NIST-800-171-3.4.5
169339 ··-·NIST-800-53-AC-6(1)169339 ··-·NIST-800-53-AC-6(1)
169340 ··-·NIST-800-53-CM-6(a)169340 ··-·NIST-800-53-CM-6(a)
Offset 169348, 16 lines modifiedOffset 169348, 16 lines modified
169348 ··-·no_reboot_needed169348 ··-·no_reboot_needed
  
169349 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg169349 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
169350 ··file:169350 ··file:
169351 ····path:·/boot/grub2/user.cfg169351 ····path:·/boot/grub2/user.cfg
169352 ····group:·'0'169352 ····group:·'0'
169353 ··when:169353 ··when:
169354 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169355 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169354 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169355 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169356 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169356 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169357 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169357 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169358 ··tags:169358 ··tags:
169359 ··-·CCE-86013-0169359 ··-·CCE-86013-0
169360 ··-·CJIS-5.5.2.2169360 ··-·CJIS-5.5.2.2
169361 ··-·NIST-800-171-3.4.5169361 ··-·NIST-800-171-3.4.5
169362 ··-·NIST-800-53-AC-6(1)169362 ··-·NIST-800-53-AC-6(1)
Offset 169366, 15 lines modifiedOffset 169366, 15 lines modified
169366 ··-·configure_strategy169366 ··-·configure_strategy
169367 ··-·file_groupowner_efi_user_cfg169367 ··-·file_groupowner_efi_user_cfg
169368 ··-·low_complexity169368 ··-·low_complexity
169369 ··-·low_disruption169369 ··-·low_disruption
169370 ··-·medium_severity169370 ··-·medium_severity
169371 ··-·no_reboot_needed</xccdf-1.2:fix>169371 ··-·no_reboot_needed</xccdf-1.2:fix>
169372 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169372 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169373 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169373 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169374 chgrp·0·/boot/grub2/user.cfg169374 chgrp·0·/boot/grub2/user.cfg
  
169375 else169375 else
169376 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169376 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169377 fi</xccdf-1.2:fix>169377 fi</xccdf-1.2:fix>
169378 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169378 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169467, 16 lines modifiedOffset 169467, 16 lines modified
169467 ··-·no_reboot_needed169467 ··-·no_reboot_needed
  
169468 -·name:·Test·for·existence·/boot/grub2/user.cfg169468 -·name:·Test·for·existence·/boot/grub2/user.cfg
169469 ··stat:169469 ··stat:
169470 ····path:·/boot/grub2/user.cfg169470 ····path:·/boot/grub2/user.cfg
169471 ··register:·file_exists169471 ··register:·file_exists
169472 ··when:169472 ··when:
169473 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169474 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169473 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169474 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169475 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169475 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169476 ··tags:169476 ··tags:
169477 ··-·CCE-86022-1169477 ··-·CCE-86022-1
169478 ··-·CJIS-5.5.2.2169478 ··-·CJIS-5.5.2.2
169479 ··-·NIST-800-171-3.4.5169479 ··-·NIST-800-171-3.4.5
169480 ··-·NIST-800-53-AC-6(1)169480 ··-·NIST-800-53-AC-6(1)
169481 ··-·NIST-800-53-CM-6(a)169481 ··-·NIST-800-53-CM-6(a)
Offset 169489, 16 lines modifiedOffset 169489, 16 lines modified
169489 ··-·no_reboot_needed169489 ··-·no_reboot_needed
  
169490 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg169490 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
169491 ··file:169491 ··file:
169492 ····path:·/boot/grub2/user.cfg169492 ····path:·/boot/grub2/user.cfg
169493 ····owner:·'0'169493 ····owner:·'0'
169494 ··when:169494 ··when:
169495 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169496 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169495 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169496 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169497 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169497 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169498 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169498 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169499 ··tags:169499 ··tags:
169500 ··-·CCE-86022-1169500 ··-·CCE-86022-1
169501 ··-·CJIS-5.5.2.2169501 ··-·CJIS-5.5.2.2
169502 ··-·NIST-800-171-3.4.5169502 ··-·NIST-800-171-3.4.5
169503 ··-·NIST-800-53-AC-6(1)169503 ··-·NIST-800-53-AC-6(1)
Offset 169507, 15 lines modifiedOffset 169507, 15 lines modified
169507 ··-·configure_strategy169507 ··-·configure_strategy
169508 ··-·file_owner_efi_user_cfg169508 ··-·file_owner_efi_user_cfg
169509 ··-·low_complexity169509 ··-·low_complexity
169510 ··-·low_disruption169510 ··-·low_disruption
169511 ··-·medium_severity169511 ··-·medium_severity
169512 ··-·no_reboot_needed</xccdf-1.2:fix>169512 ··-·no_reboot_needed</xccdf-1.2:fix>
169513 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169513 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169514 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169514 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169515 chown·0·/boot/grub2/user.cfg169515 chown·0·/boot/grub2/user.cfg
  
169516 else169516 else
169517 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169517 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169518 fi</xccdf-1.2:fix>169518 fi</xccdf-1.2:fix>
169519 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169519 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169601, 16 lines modifiedOffset 169601, 16 lines modified
169601 ··-·no_reboot_needed169601 ··-·no_reboot_needed
  
169602 -·name:·Test·for·existence·/boot/grub2/grub.cfg169602 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169603 ··stat:169603 ··stat:
169604 ····path:·/boot/grub2/grub.cfg169604 ····path:·/boot/grub2/grub.cfg
169605 ··register:·file_exists169605 ··register:·file_exists
169606 ··when:169606 ··when:
169607 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169608 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169607 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169608 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169609 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169609 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169610 ··tags:169610 ··tags:
169611 ··-·CCE-85925-6169611 ··-·CCE-85925-6
169612 ··-·NIST-800-171-3.4.5169612 ··-·NIST-800-171-3.4.5
169613 ··-·NIST-800-53-AC-6(1)169613 ··-·NIST-800-53-AC-6(1)
169614 ··-·NIST-800-53-CM-6(a)169614 ··-·NIST-800-53-CM-6(a)
169615 ··-·configure_strategy169615 ··-·configure_strategy
Offset 169621, 31 lines modifiedOffset 169621, 31 lines modified
169621 ··-·no_reboot_needed169621 ··-·no_reboot_needed
  
169622 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg169622 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
169623 ··file:169623 ··file:
169624 ····path:·/boot/grub2/grub.cfg169624 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 5174/10634 bytes (48.66%) of diff not shown.
10.6 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml
10.5 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml
    
Offset 169164, 16 lines modifiedOffset 169164, 16 lines modified
169164 ··-·no_reboot_needed169164 ··-·no_reboot_needed
  
169165 -·name:·Test·for·existence·/boot/grub2/user.cfg169165 -·name:·Test·for·existence·/boot/grub2/user.cfg
169166 ··stat:169166 ··stat:
169167 ····path:·/boot/grub2/user.cfg169167 ····path:·/boot/grub2/user.cfg
169168 ··register:·file_exists169168 ··register:·file_exists
169169 ··when:169169 ··when:
169170 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169171 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169170 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169171 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169172 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169172 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169173 ··tags:169173 ··tags:
169174 ··-·CCE-86013-0169174 ··-·CCE-86013-0
169175 ··-·CJIS-5.5.2.2169175 ··-·CJIS-5.5.2.2
169176 ··-·NIST-800-171-3.4.5169176 ··-·NIST-800-171-3.4.5
169177 ··-·NIST-800-53-AC-6(1)169177 ··-·NIST-800-53-AC-6(1)
169178 ··-·NIST-800-53-CM-6(a)169178 ··-·NIST-800-53-CM-6(a)
Offset 169186, 16 lines modifiedOffset 169186, 16 lines modified
169186 ··-·no_reboot_needed169186 ··-·no_reboot_needed
  
169187 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg169187 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
169188 ··file:169188 ··file:
169189 ····path:·/boot/grub2/user.cfg169189 ····path:·/boot/grub2/user.cfg
169190 ····group:·'0'169190 ····group:·'0'
169191 ··when:169191 ··when:
169192 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169193 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169192 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169193 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169194 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169194 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169195 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169195 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169196 ··tags:169196 ··tags:
169197 ··-·CCE-86013-0169197 ··-·CCE-86013-0
169198 ··-·CJIS-5.5.2.2169198 ··-·CJIS-5.5.2.2
169199 ··-·NIST-800-171-3.4.5169199 ··-·NIST-800-171-3.4.5
169200 ··-·NIST-800-53-AC-6(1)169200 ··-·NIST-800-53-AC-6(1)
Offset 169204, 15 lines modifiedOffset 169204, 15 lines modified
169204 ··-·configure_strategy169204 ··-·configure_strategy
169205 ··-·file_groupowner_efi_user_cfg169205 ··-·file_groupowner_efi_user_cfg
169206 ··-·low_complexity169206 ··-·low_complexity
169207 ··-·low_disruption169207 ··-·low_disruption
169208 ··-·medium_severity169208 ··-·medium_severity
169209 ··-·no_reboot_needed</xccdf-1.2:fix>169209 ··-·no_reboot_needed</xccdf-1.2:fix>
169210 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169210 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169211 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169211 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169212 chgrp·0·/boot/grub2/user.cfg169212 chgrp·0·/boot/grub2/user.cfg
  
169213 else169213 else
169214 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169214 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169215 fi</xccdf-1.2:fix>169215 fi</xccdf-1.2:fix>
169216 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169216 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169305, 16 lines modifiedOffset 169305, 16 lines modified
169305 ··-·no_reboot_needed169305 ··-·no_reboot_needed
  
169306 -·name:·Test·for·existence·/boot/grub2/user.cfg169306 -·name:·Test·for·existence·/boot/grub2/user.cfg
169307 ··stat:169307 ··stat:
169308 ····path:·/boot/grub2/user.cfg169308 ····path:·/boot/grub2/user.cfg
169309 ··register:·file_exists169309 ··register:·file_exists
169310 ··when:169310 ··when:
169311 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169312 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169311 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169312 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169313 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169313 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169314 ··tags:169314 ··tags:
169315 ··-·CCE-86022-1169315 ··-·CCE-86022-1
169316 ··-·CJIS-5.5.2.2169316 ··-·CJIS-5.5.2.2
169317 ··-·NIST-800-171-3.4.5169317 ··-·NIST-800-171-3.4.5
169318 ··-·NIST-800-53-AC-6(1)169318 ··-·NIST-800-53-AC-6(1)
169319 ··-·NIST-800-53-CM-6(a)169319 ··-·NIST-800-53-CM-6(a)
Offset 169327, 16 lines modifiedOffset 169327, 16 lines modified
169327 ··-·no_reboot_needed169327 ··-·no_reboot_needed
  
169328 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg169328 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
169329 ··file:169329 ··file:
169330 ····path:·/boot/grub2/user.cfg169330 ····path:·/boot/grub2/user.cfg
169331 ····owner:·'0'169331 ····owner:·'0'
169332 ··when:169332 ··when:
169333 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169334 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169333 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169334 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169336 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists169336 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
169337 ··tags:169337 ··tags:
169338 ··-·CCE-86022-1169338 ··-·CCE-86022-1
169339 ··-·CJIS-5.5.2.2169339 ··-·CJIS-5.5.2.2
169340 ··-·NIST-800-171-3.4.5169340 ··-·NIST-800-171-3.4.5
169341 ··-·NIST-800-53-AC-6(1)169341 ··-·NIST-800-53-AC-6(1)
Offset 169345, 15 lines modifiedOffset 169345, 15 lines modified
169345 ··-·configure_strategy169345 ··-·configure_strategy
169346 ··-·file_owner_efi_user_cfg169346 ··-·file_owner_efi_user_cfg
169347 ··-·low_complexity169347 ··-·low_complexity
169348 ··-·low_disruption169348 ··-·low_disruption
169349 ··-·medium_severity169349 ··-·medium_severity
169350 ··-·no_reboot_needed</xccdf-1.2:fix>169350 ··-·no_reboot_needed</xccdf-1.2:fix>
169351 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms169351 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
169352 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then169352 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
169353 chown·0·/boot/grub2/user.cfg169353 chown·0·/boot/grub2/user.cfg
  
169354 else169354 else
169355 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'169355 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
169356 fi</xccdf-1.2:fix>169356 fi</xccdf-1.2:fix>
169357 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">169357 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 169439, 16 lines modifiedOffset 169439, 16 lines modified
169439 ··-·no_reboot_needed169439 ··-·no_reboot_needed
  
169440 -·name:·Test·for·existence·/boot/grub2/grub.cfg169440 -·name:·Test·for·existence·/boot/grub2/grub.cfg
169441 ··stat:169441 ··stat:
169442 ····path:·/boot/grub2/grub.cfg169442 ····path:·/boot/grub2/grub.cfg
169443 ··register:·file_exists169443 ··register:·file_exists
169444 ··when:169444 ··when:
169445 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
169446 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'169445 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 169446 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
169447 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]169447 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
169448 ··tags:169448 ··tags:
169449 ··-·CCE-85925-6169449 ··-·CCE-85925-6
169450 ··-·NIST-800-171-3.4.5169450 ··-·NIST-800-171-3.4.5
169451 ··-·NIST-800-53-AC-6(1)169451 ··-·NIST-800-53-AC-6(1)
169452 ··-·NIST-800-53-CM-6(a)169452 ··-·NIST-800-53-CM-6(a)
169453 ··-·configure_strategy169453 ··-·configure_strategy
Offset 169459, 31 lines modifiedOffset 169459, 31 lines modified
169459 ··-·no_reboot_needed169459 ··-·no_reboot_needed
  
169460 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg169460 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
169461 ··file:169461 ··file:
169462 ····path:·/boot/grub2/grub.cfg169462 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 5154/10598 bytes (48.63%) of diff not shown.
13.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml
13.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml
    
Offset 96884, 16 lines modifiedOffset 96884, 16 lines modified
96884 ··-·no_reboot_needed96884 ··-·no_reboot_needed
  
96885 -·name:·Test·for·existence·/boot/grub2/grub.cfg96885 -·name:·Test·for·existence·/boot/grub2/grub.cfg
96886 ··stat:96886 ··stat:
96887 ····path:·/boot/grub2/grub.cfg96887 ····path:·/boot/grub2/grub.cfg
96888 ··register:·file_exists96888 ··register:·file_exists
96889 ··when:96889 ··when:
96890 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96891 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96890 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96891 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96892 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96892 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96893 ··tags:96893 ··tags:
96894 ··-·CJIS-5.5.2.296894 ··-·CJIS-5.5.2.2
96895 ··-·NIST-800-171-3.4.596895 ··-·NIST-800-171-3.4.5
96896 ··-·NIST-800-53-AC-6(1)96896 ··-·NIST-800-53-AC-6(1)
96897 ··-·NIST-800-53-CM-6(a)96897 ··-·NIST-800-53-CM-6(a)
96898 ··-·PCI-DSS-Req-7.196898 ··-·PCI-DSS-Req-7.1
Offset 96905, 16 lines modifiedOffset 96905, 16 lines modified
96905 ··-·no_reboot_needed96905 ··-·no_reboot_needed
  
96906 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg96906 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
96907 ··file:96907 ··file:
96908 ····path:·/boot/grub2/grub.cfg96908 ····path:·/boot/grub2/grub.cfg
96909 ····group:·'0'96909 ····group:·'0'
96910 ··when:96910 ··when:
96911 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96912 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96911 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96912 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96914 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists96914 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
96915 ··tags:96915 ··tags:
96916 ··-·CJIS-5.5.2.296916 ··-·CJIS-5.5.2.2
96917 ··-·NIST-800-171-3.4.596917 ··-·NIST-800-171-3.4.5
96918 ··-·NIST-800-53-AC-6(1)96918 ··-·NIST-800-53-AC-6(1)
96919 ··-·NIST-800-53-CM-6(a)96919 ··-·NIST-800-53-CM-6(a)
Offset 96922, 15 lines modifiedOffset 96922, 15 lines modified
96922 ··-·configure_strategy96922 ··-·configure_strategy
96923 ··-·file_groupowner_grub2_cfg96923 ··-·file_groupowner_grub2_cfg
96924 ··-·low_complexity96924 ··-·low_complexity
96925 ··-·low_disruption96925 ··-·low_disruption
96926 ··-·medium_severity96926 ··-·medium_severity
96927 ··-·no_reboot_needed</xccdf-1.2:fix>96927 ··-·no_reboot_needed</xccdf-1.2:fix>
96928 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms96928 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
96929 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then96929 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
96930 chgrp·0·/boot/grub2/grub.cfg96930 chgrp·0·/boot/grub2/grub.cfg
  
96931 else96931 else
96932 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'96932 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
96933 fi</xccdf-1.2:fix>96933 fi</xccdf-1.2:fix>
96934 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">96934 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 97037, 16 lines modifiedOffset 97037, 16 lines modified
97037 ··-·no_reboot_needed97037 ··-·no_reboot_needed
  
97038 -·name:·Test·for·existence·/boot/grub2/user.cfg97038 -·name:·Test·for·existence·/boot/grub2/user.cfg
97039 ··stat:97039 ··stat:
97040 ····path:·/boot/grub2/user.cfg97040 ····path:·/boot/grub2/user.cfg
97041 ··register:·file_exists97041 ··register:·file_exists
97042 ··when:97042 ··when:
97043 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97044 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97043 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97044 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97045 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97045 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97046 ··tags:97046 ··tags:
97047 ··-·CJIS-5.5.2.297047 ··-·CJIS-5.5.2.2
97048 ··-·NIST-800-171-3.4.597048 ··-·NIST-800-171-3.4.5
97049 ··-·NIST-800-53-AC-6(1)97049 ··-·NIST-800-53-AC-6(1)
97050 ··-·NIST-800-53-CM-6(a)97050 ··-·NIST-800-53-CM-6(a)
97051 ··-·PCI-DSS-Req-7.197051 ··-·PCI-DSS-Req-7.1
Offset 97058, 16 lines modifiedOffset 97058, 16 lines modified
97058 ··-·no_reboot_needed97058 ··-·no_reboot_needed
  
97059 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg97059 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
97060 ··file:97060 ··file:
97061 ····path:·/boot/grub2/user.cfg97061 ····path:·/boot/grub2/user.cfg
97062 ····group:·'0'97062 ····group:·'0'
97063 ··when:97063 ··when:
97064 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97065 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97064 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97065 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97066 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97066 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97067 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists97067 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
97068 ··tags:97068 ··tags:
97069 ··-·CJIS-5.5.2.297069 ··-·CJIS-5.5.2.2
97070 ··-·NIST-800-171-3.4.597070 ··-·NIST-800-171-3.4.5
97071 ··-·NIST-800-53-AC-6(1)97071 ··-·NIST-800-53-AC-6(1)
97072 ··-·NIST-800-53-CM-6(a)97072 ··-·NIST-800-53-CM-6(a)
Offset 97075, 15 lines modifiedOffset 97075, 15 lines modified
97075 ··-·configure_strategy97075 ··-·configure_strategy
97076 ··-·file_groupowner_user_cfg97076 ··-·file_groupowner_user_cfg
97077 ··-·low_complexity97077 ··-·low_complexity
97078 ··-·low_disruption97078 ··-·low_disruption
97079 ··-·medium_severity97079 ··-·medium_severity
97080 ··-·no_reboot_needed</xccdf-1.2:fix>97080 ··-·no_reboot_needed</xccdf-1.2:fix>
97081 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms97081 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
97082 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then97082 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
97083 chgrp·0·/boot/grub2/user.cfg97083 chgrp·0·/boot/grub2/user.cfg
  
97084 else97084 else
97085 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'97085 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
97086 fi</xccdf-1.2:fix>97086 fi</xccdf-1.2:fix>
97087 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">97087 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 97185, 16 lines modifiedOffset 97185, 16 lines modified
97185 ··-·no_reboot_needed97185 ··-·no_reboot_needed
  
97186 -·name:·Test·for·existence·/boot/grub2/grub.cfg97186 -·name:·Test·for·existence·/boot/grub2/grub.cfg
97187 ··stat:97187 ··stat:
97188 ····path:·/boot/grub2/grub.cfg97188 ····path:·/boot/grub2/grub.cfg
97189 ··register:·file_exists97189 ··register:·file_exists
97190 ··when:97190 ··when:
97191 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97192 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97191 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97192 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97193 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97193 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97194 ··tags:97194 ··tags:
97195 ··-·CJIS-5.5.2.297195 ··-·CJIS-5.5.2.2
97196 ··-·NIST-800-171-3.4.597196 ··-·NIST-800-171-3.4.5
97197 ··-·NIST-800-53-AC-6(1)97197 ··-·NIST-800-53-AC-6(1)
97198 ··-·NIST-800-53-CM-6(a)97198 ··-·NIST-800-53-CM-6(a)
97199 ··-·PCI-DSS-Req-7.197199 ··-·PCI-DSS-Req-7.1
Offset 97206, 16 lines modifiedOffset 97206, 16 lines modified
97206 ··-·no_reboot_needed97206 ··-·no_reboot_needed
  
97207 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg97207 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
97208 ··file:97208 ··file:
97209 ····path:·/boot/grub2/grub.cfg97209 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 8222/13529 bytes (60.77%) of diff not shown.
13.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml
13.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml
    
Offset 96884, 16 lines modifiedOffset 96884, 16 lines modified
96884 ··-·no_reboot_needed96884 ··-·no_reboot_needed
  
96885 -·name:·Test·for·existence·/boot/grub2/grub.cfg96885 -·name:·Test·for·existence·/boot/grub2/grub.cfg
96886 ··stat:96886 ··stat:
96887 ····path:·/boot/grub2/grub.cfg96887 ····path:·/boot/grub2/grub.cfg
96888 ··register:·file_exists96888 ··register:·file_exists
96889 ··when:96889 ··when:
96890 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96891 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96890 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96891 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96892 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96892 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96893 ··tags:96893 ··tags:
96894 ··-·CJIS-5.5.2.296894 ··-·CJIS-5.5.2.2
96895 ··-·NIST-800-171-3.4.596895 ··-·NIST-800-171-3.4.5
96896 ··-·NIST-800-53-AC-6(1)96896 ··-·NIST-800-53-AC-6(1)
96897 ··-·NIST-800-53-CM-6(a)96897 ··-·NIST-800-53-CM-6(a)
96898 ··-·PCI-DSS-Req-7.196898 ··-·PCI-DSS-Req-7.1
Offset 96905, 16 lines modifiedOffset 96905, 16 lines modified
96905 ··-·no_reboot_needed96905 ··-·no_reboot_needed
  
96906 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg96906 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
96907 ··file:96907 ··file:
96908 ····path:·/boot/grub2/grub.cfg96908 ····path:·/boot/grub2/grub.cfg
96909 ····group:·'0'96909 ····group:·'0'
96910 ··when:96910 ··when:
96911 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96912 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96911 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96912 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96914 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists96914 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
96915 ··tags:96915 ··tags:
96916 ··-·CJIS-5.5.2.296916 ··-·CJIS-5.5.2.2
96917 ··-·NIST-800-171-3.4.596917 ··-·NIST-800-171-3.4.5
96918 ··-·NIST-800-53-AC-6(1)96918 ··-·NIST-800-53-AC-6(1)
96919 ··-·NIST-800-53-CM-6(a)96919 ··-·NIST-800-53-CM-6(a)
Offset 96922, 15 lines modifiedOffset 96922, 15 lines modified
96922 ··-·configure_strategy96922 ··-·configure_strategy
96923 ··-·file_groupowner_grub2_cfg96923 ··-·file_groupowner_grub2_cfg
96924 ··-·low_complexity96924 ··-·low_complexity
96925 ··-·low_disruption96925 ··-·low_disruption
96926 ··-·medium_severity96926 ··-·medium_severity
96927 ··-·no_reboot_needed</xccdf-1.2:fix>96927 ··-·no_reboot_needed</xccdf-1.2:fix>
96928 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms96928 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
96929 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then96929 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
96930 chgrp·0·/boot/grub2/grub.cfg96930 chgrp·0·/boot/grub2/grub.cfg
  
96931 else96931 else
96932 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'96932 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
96933 fi</xccdf-1.2:fix>96933 fi</xccdf-1.2:fix>
96934 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">96934 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 97037, 16 lines modifiedOffset 97037, 16 lines modified
97037 ··-·no_reboot_needed97037 ··-·no_reboot_needed
  
97038 -·name:·Test·for·existence·/boot/grub2/user.cfg97038 -·name:·Test·for·existence·/boot/grub2/user.cfg
97039 ··stat:97039 ··stat:
97040 ····path:·/boot/grub2/user.cfg97040 ····path:·/boot/grub2/user.cfg
97041 ··register:·file_exists97041 ··register:·file_exists
97042 ··when:97042 ··when:
97043 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97044 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97043 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97044 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97045 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97045 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97046 ··tags:97046 ··tags:
97047 ··-·CJIS-5.5.2.297047 ··-·CJIS-5.5.2.2
97048 ··-·NIST-800-171-3.4.597048 ··-·NIST-800-171-3.4.5
97049 ··-·NIST-800-53-AC-6(1)97049 ··-·NIST-800-53-AC-6(1)
97050 ··-·NIST-800-53-CM-6(a)97050 ··-·NIST-800-53-CM-6(a)
97051 ··-·PCI-DSS-Req-7.197051 ··-·PCI-DSS-Req-7.1
Offset 97058, 16 lines modifiedOffset 97058, 16 lines modified
97058 ··-·no_reboot_needed97058 ··-·no_reboot_needed
  
97059 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg97059 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
97060 ··file:97060 ··file:
97061 ····path:·/boot/grub2/user.cfg97061 ····path:·/boot/grub2/user.cfg
97062 ····group:·'0'97062 ····group:·'0'
97063 ··when:97063 ··when:
97064 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97065 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97064 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97065 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97066 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97066 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97067 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists97067 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
97068 ··tags:97068 ··tags:
97069 ··-·CJIS-5.5.2.297069 ··-·CJIS-5.5.2.2
97070 ··-·NIST-800-171-3.4.597070 ··-·NIST-800-171-3.4.5
97071 ··-·NIST-800-53-AC-6(1)97071 ··-·NIST-800-53-AC-6(1)
97072 ··-·NIST-800-53-CM-6(a)97072 ··-·NIST-800-53-CM-6(a)
Offset 97075, 15 lines modifiedOffset 97075, 15 lines modified
97075 ··-·configure_strategy97075 ··-·configure_strategy
97076 ··-·file_groupowner_user_cfg97076 ··-·file_groupowner_user_cfg
97077 ··-·low_complexity97077 ··-·low_complexity
97078 ··-·low_disruption97078 ··-·low_disruption
97079 ··-·medium_severity97079 ··-·medium_severity
97080 ··-·no_reboot_needed</xccdf-1.2:fix>97080 ··-·no_reboot_needed</xccdf-1.2:fix>
97081 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms97081 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
97082 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then97082 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
97083 chgrp·0·/boot/grub2/user.cfg97083 chgrp·0·/boot/grub2/user.cfg
  
97084 else97084 else
97085 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'97085 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
97086 fi</xccdf-1.2:fix>97086 fi</xccdf-1.2:fix>
97087 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">97087 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 97185, 16 lines modifiedOffset 97185, 16 lines modified
97185 ··-·no_reboot_needed97185 ··-·no_reboot_needed
  
97186 -·name:·Test·for·existence·/boot/grub2/grub.cfg97186 -·name:·Test·for·existence·/boot/grub2/grub.cfg
97187 ··stat:97187 ··stat:
97188 ····path:·/boot/grub2/grub.cfg97188 ····path:·/boot/grub2/grub.cfg
97189 ··register:·file_exists97189 ··register:·file_exists
97190 ··when:97190 ··when:
97191 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97192 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97191 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97192 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97193 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97193 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97194 ··tags:97194 ··tags:
97195 ··-·CJIS-5.5.2.297195 ··-·CJIS-5.5.2.2
97196 ··-·NIST-800-171-3.4.597196 ··-·NIST-800-171-3.4.5
97197 ··-·NIST-800-53-AC-6(1)97197 ··-·NIST-800-53-AC-6(1)
97198 ··-·NIST-800-53-CM-6(a)97198 ··-·NIST-800-53-CM-6(a)
97199 ··-·PCI-DSS-Req-7.197199 ··-·PCI-DSS-Req-7.1
Offset 97206, 16 lines modifiedOffset 97206, 16 lines modified
97206 ··-·no_reboot_needed97206 ··-·no_reboot_needed
  
97207 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg97207 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
97208 ··file:97208 ··file:
97209 ····path:·/boot/grub2/grub.cfg97209 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 8222/13529 bytes (60.77%) of diff not shown.
13.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml
13.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml
    
Offset 96756, 16 lines modifiedOffset 96756, 16 lines modified
96756 ··-·no_reboot_needed96756 ··-·no_reboot_needed
  
96757 -·name:·Test·for·existence·/boot/grub2/grub.cfg96757 -·name:·Test·for·existence·/boot/grub2/grub.cfg
96758 ··stat:96758 ··stat:
96759 ····path:·/boot/grub2/grub.cfg96759 ····path:·/boot/grub2/grub.cfg
96760 ··register:·file_exists96760 ··register:·file_exists
96761 ··when:96761 ··when:
96762 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96763 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96762 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96763 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96764 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96764 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96765 ··tags:96765 ··tags:
96766 ··-·CJIS-5.5.2.296766 ··-·CJIS-5.5.2.2
96767 ··-·NIST-800-171-3.4.596767 ··-·NIST-800-171-3.4.5
96768 ··-·NIST-800-53-AC-6(1)96768 ··-·NIST-800-53-AC-6(1)
96769 ··-·NIST-800-53-CM-6(a)96769 ··-·NIST-800-53-CM-6(a)
96770 ··-·PCI-DSS-Req-7.196770 ··-·PCI-DSS-Req-7.1
Offset 96777, 16 lines modifiedOffset 96777, 16 lines modified
96777 ··-·no_reboot_needed96777 ··-·no_reboot_needed
  
96778 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg96778 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
96779 ··file:96779 ··file:
96780 ····path:·/boot/grub2/grub.cfg96780 ····path:·/boot/grub2/grub.cfg
96781 ····group:·'0'96781 ····group:·'0'
96782 ··when:96782 ··when:
96783 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96784 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96783 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96784 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96785 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96785 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96786 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists96786 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
96787 ··tags:96787 ··tags:
96788 ··-·CJIS-5.5.2.296788 ··-·CJIS-5.5.2.2
96789 ··-·NIST-800-171-3.4.596789 ··-·NIST-800-171-3.4.5
96790 ··-·NIST-800-53-AC-6(1)96790 ··-·NIST-800-53-AC-6(1)
96791 ··-·NIST-800-53-CM-6(a)96791 ··-·NIST-800-53-CM-6(a)
Offset 96794, 15 lines modifiedOffset 96794, 15 lines modified
96794 ··-·configure_strategy96794 ··-·configure_strategy
96795 ··-·file_groupowner_grub2_cfg96795 ··-·file_groupowner_grub2_cfg
96796 ··-·low_complexity96796 ··-·low_complexity
96797 ··-·low_disruption96797 ··-·low_disruption
96798 ··-·medium_severity96798 ··-·medium_severity
96799 ··-·no_reboot_needed</xccdf-1.2:fix>96799 ··-·no_reboot_needed</xccdf-1.2:fix>
96800 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms96800 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
96801 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then96801 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
96802 chgrp·0·/boot/grub2/grub.cfg96802 chgrp·0·/boot/grub2/grub.cfg
  
96803 else96803 else
96804 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'96804 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
96805 fi</xccdf-1.2:fix>96805 fi</xccdf-1.2:fix>
96806 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">96806 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 96909, 16 lines modifiedOffset 96909, 16 lines modified
96909 ··-·no_reboot_needed96909 ··-·no_reboot_needed
  
96910 -·name:·Test·for·existence·/boot/grub2/user.cfg96910 -·name:·Test·for·existence·/boot/grub2/user.cfg
96911 ··stat:96911 ··stat:
96912 ····path:·/boot/grub2/user.cfg96912 ····path:·/boot/grub2/user.cfg
96913 ··register:·file_exists96913 ··register:·file_exists
96914 ··when:96914 ··when:
96915 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96916 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96915 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96916 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96917 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96917 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96918 ··tags:96918 ··tags:
96919 ··-·CJIS-5.5.2.296919 ··-·CJIS-5.5.2.2
96920 ··-·NIST-800-171-3.4.596920 ··-·NIST-800-171-3.4.5
96921 ··-·NIST-800-53-AC-6(1)96921 ··-·NIST-800-53-AC-6(1)
96922 ··-·NIST-800-53-CM-6(a)96922 ··-·NIST-800-53-CM-6(a)
96923 ··-·PCI-DSS-Req-7.196923 ··-·PCI-DSS-Req-7.1
Offset 96930, 16 lines modifiedOffset 96930, 16 lines modified
96930 ··-·no_reboot_needed96930 ··-·no_reboot_needed
  
96931 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg96931 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
96932 ··file:96932 ··file:
96933 ····path:·/boot/grub2/user.cfg96933 ····path:·/boot/grub2/user.cfg
96934 ····group:·'0'96934 ····group:·'0'
96935 ··when:96935 ··when:
96936 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
96937 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'96936 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 96937 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
96938 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]96938 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
96939 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists96939 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
96940 ··tags:96940 ··tags:
96941 ··-·CJIS-5.5.2.296941 ··-·CJIS-5.5.2.2
96942 ··-·NIST-800-171-3.4.596942 ··-·NIST-800-171-3.4.5
96943 ··-·NIST-800-53-AC-6(1)96943 ··-·NIST-800-53-AC-6(1)
96944 ··-·NIST-800-53-CM-6(a)96944 ··-·NIST-800-53-CM-6(a)
Offset 96947, 15 lines modifiedOffset 96947, 15 lines modified
96947 ··-·configure_strategy96947 ··-·configure_strategy
96948 ··-·file_groupowner_user_cfg96948 ··-·file_groupowner_user_cfg
96949 ··-·low_complexity96949 ··-·low_complexity
96950 ··-·low_disruption96950 ··-·low_disruption
96951 ··-·medium_severity96951 ··-·medium_severity
96952 ··-·no_reboot_needed</xccdf-1.2:fix>96952 ··-·no_reboot_needed</xccdf-1.2:fix>
96953 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms96953 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
96954 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then96954 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
96955 chgrp·0·/boot/grub2/user.cfg96955 chgrp·0·/boot/grub2/user.cfg
  
96956 else96956 else
96957 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'96957 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
96958 fi</xccdf-1.2:fix>96958 fi</xccdf-1.2:fix>
96959 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">96959 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 97057, 16 lines modifiedOffset 97057, 16 lines modified
97057 ··-·no_reboot_needed97057 ··-·no_reboot_needed
  
97058 -·name:·Test·for·existence·/boot/grub2/grub.cfg97058 -·name:·Test·for·existence·/boot/grub2/grub.cfg
97059 ··stat:97059 ··stat:
97060 ····path:·/boot/grub2/grub.cfg97060 ····path:·/boot/grub2/grub.cfg
97061 ··register:·file_exists97061 ··register:·file_exists
97062 ··when:97062 ··when:
97063 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
97064 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'97063 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 97064 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
97065 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]97065 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
97066 ··tags:97066 ··tags:
97067 ··-·CJIS-5.5.2.297067 ··-·CJIS-5.5.2.2
97068 ··-·NIST-800-171-3.4.597068 ··-·NIST-800-171-3.4.5
97069 ··-·NIST-800-53-AC-6(1)97069 ··-·NIST-800-53-AC-6(1)
97070 ··-·NIST-800-53-CM-6(a)97070 ··-·NIST-800-53-CM-6(a)
97071 ··-·PCI-DSS-Req-7.197071 ··-·PCI-DSS-Req-7.1
Offset 97078, 16 lines modifiedOffset 97078, 16 lines modified
97078 ··-·no_reboot_needed97078 ··-·no_reboot_needed
  
97079 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg97079 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
97080 ··file:97080 ··file:
97081 ····path:·/boot/grub2/grub.cfg97081 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 8190/13481 bytes (60.75%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml
    
Offset 151314, 16 lines modifiedOffset 151314, 16 lines modified
151314 ··-·no_reboot_needed151314 ··-·no_reboot_needed
  
151315 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151315 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151316 ··stat:151316 ··stat:
151317 ····path:·/boot/efi/EFI/redhat/grub.cfg151317 ····path:·/boot/efi/EFI/redhat/grub.cfg
151318 ··register:·file_exists151318 ··register:·file_exists
151319 ··when:151319 ··when:
151320 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151321 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151320 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151321 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151322 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151322 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151323 ··tags:151323 ··tags:
151324 ··-·CJIS-5.5.2.2151324 ··-·CJIS-5.5.2.2
151325 ··-·NIST-800-171-3.4.5151325 ··-·NIST-800-171-3.4.5
151326 ··-·NIST-800-53-AC-6(1)151326 ··-·NIST-800-53-AC-6(1)
151327 ··-·NIST-800-53-CM-6(a)151327 ··-·NIST-800-53-CM-6(a)
151328 ··-·PCI-DSS-Req-7.1151328 ··-·PCI-DSS-Req-7.1
Offset 151335, 16 lines modifiedOffset 151335, 16 lines modified
151335 ··-·no_reboot_needed151335 ··-·no_reboot_needed
  
151336 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151336 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151337 ··file:151337 ··file:
151338 ····path:·/boot/efi/EFI/redhat/grub.cfg151338 ····path:·/boot/efi/EFI/redhat/grub.cfg
151339 ····group:·'0'151339 ····group:·'0'
151340 ··when:151340 ··when:
151341 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151342 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151341 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151342 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151343 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151343 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151344 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151344 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151345 ··tags:151345 ··tags:
151346 ··-·CJIS-5.5.2.2151346 ··-·CJIS-5.5.2.2
151347 ··-·NIST-800-171-3.4.5151347 ··-·NIST-800-171-3.4.5
151348 ··-·NIST-800-53-AC-6(1)151348 ··-·NIST-800-53-AC-6(1)
151349 ··-·NIST-800-53-CM-6(a)151349 ··-·NIST-800-53-CM-6(a)
Offset 151352, 15 lines modifiedOffset 151352, 15 lines modified
151352 ··-·configure_strategy151352 ··-·configure_strategy
151353 ··-·file_groupowner_efi_grub2_cfg151353 ··-·file_groupowner_efi_grub2_cfg
151354 ··-·low_complexity151354 ··-·low_complexity
151355 ··-·low_disruption151355 ··-·low_disruption
151356 ··-·medium_severity151356 ··-·medium_severity
151357 ··-·no_reboot_needed</xccdf-1.2:fix>151357 ··-·no_reboot_needed</xccdf-1.2:fix>
151358 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151358 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151359 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151359 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151360 chgrp·0·/boot/efi/EFI/redhat/grub.cfg151360 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
151361 else151361 else
151362 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151362 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151363 fi</xccdf-1.2:fix>151363 fi</xccdf-1.2:fix>
151364 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151364 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151456, 16 lines modifiedOffset 151456, 16 lines modified
151456 ··-·no_reboot_needed151456 ··-·no_reboot_needed
  
151457 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg151457 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
151458 ··stat:151458 ··stat:
151459 ····path:·/boot/efi/EFI/redhat/user.cfg151459 ····path:·/boot/efi/EFI/redhat/user.cfg
151460 ··register:·file_exists151460 ··register:·file_exists
151461 ··when:151461 ··when:
151462 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151463 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151462 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151463 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151464 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151464 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151465 ··tags:151465 ··tags:
151466 ··-·CJIS-5.5.2.2151466 ··-·CJIS-5.5.2.2
151467 ··-·NIST-800-171-3.4.5151467 ··-·NIST-800-171-3.4.5
151468 ··-·NIST-800-53-AC-6(1)151468 ··-·NIST-800-53-AC-6(1)
151469 ··-·NIST-800-53-CM-6(a)151469 ··-·NIST-800-53-CM-6(a)
151470 ··-·PCI-DSS-Req-7.1151470 ··-·PCI-DSS-Req-7.1
Offset 151477, 16 lines modifiedOffset 151477, 16 lines modified
151477 ··-·no_reboot_needed151477 ··-·no_reboot_needed
  
151478 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg151478 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
151479 ··file:151479 ··file:
151480 ····path:·/boot/efi/EFI/redhat/user.cfg151480 ····path:·/boot/efi/EFI/redhat/user.cfg
151481 ····group:·'0'151481 ····group:·'0'
151482 ··when:151482 ··when:
151483 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151484 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151483 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151484 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151485 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151485 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151486 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151486 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151487 ··tags:151487 ··tags:
151488 ··-·CJIS-5.5.2.2151488 ··-·CJIS-5.5.2.2
151489 ··-·NIST-800-171-3.4.5151489 ··-·NIST-800-171-3.4.5
151490 ··-·NIST-800-53-AC-6(1)151490 ··-·NIST-800-53-AC-6(1)
151491 ··-·NIST-800-53-CM-6(a)151491 ··-·NIST-800-53-CM-6(a)
Offset 151494, 15 lines modifiedOffset 151494, 15 lines modified
151494 ··-·configure_strategy151494 ··-·configure_strategy
151495 ··-·file_groupowner_efi_user_cfg151495 ··-·file_groupowner_efi_user_cfg
151496 ··-·low_complexity151496 ··-·low_complexity
151497 ··-·low_disruption151497 ··-·low_disruption
151498 ··-·medium_severity151498 ··-·medium_severity
151499 ··-·no_reboot_needed</xccdf-1.2:fix>151499 ··-·no_reboot_needed</xccdf-1.2:fix>
151500 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151500 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151501 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151501 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151502 chgrp·0·/boot/efi/EFI/redhat/user.cfg151502 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
151503 else151503 else
151504 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151504 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151505 fi</xccdf-1.2:fix>151505 fi</xccdf-1.2:fix>
151506 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151506 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151594, 16 lines modifiedOffset 151594, 16 lines modified
151594 ··-·no_reboot_needed151594 ··-·no_reboot_needed
  
151595 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151595 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151596 ··stat:151596 ··stat:
151597 ····path:·/boot/efi/EFI/redhat/grub.cfg151597 ····path:·/boot/efi/EFI/redhat/grub.cfg
151598 ··register:·file_exists151598 ··register:·file_exists
151599 ··when:151599 ··when:
151600 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151601 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151600 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151601 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151602 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151602 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151603 ··tags:151603 ··tags:
151604 ··-·CJIS-5.5.2.2151604 ··-·CJIS-5.5.2.2
151605 ··-·NIST-800-171-3.4.5151605 ··-·NIST-800-171-3.4.5
151606 ··-·NIST-800-53-AC-6(1)151606 ··-·NIST-800-53-AC-6(1)
151607 ··-·NIST-800-53-CM-6(a)151607 ··-·NIST-800-53-CM-6(a)
151608 ··-·PCI-DSS-Req-7.1151608 ··-·PCI-DSS-Req-7.1
Offset 151615, 16 lines modifiedOffset 151615, 16 lines modified
151615 ··-·no_reboot_needed151615 ··-·no_reboot_needed
  
151616 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151616 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151617 ··file:151617 ··file:
151618 ····path:·/boot/efi/EFI/redhat/grub.cfg151618 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9972/15564 bytes (64.07%) of diff not shown.
15.4 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml
    
Offset 151316, 16 lines modifiedOffset 151316, 16 lines modified
151316 ··-·no_reboot_needed151316 ··-·no_reboot_needed
  
151317 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151317 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151318 ··stat:151318 ··stat:
151319 ····path:·/boot/efi/EFI/redhat/grub.cfg151319 ····path:·/boot/efi/EFI/redhat/grub.cfg
151320 ··register:·file_exists151320 ··register:·file_exists
151321 ··when:151321 ··when:
151322 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151323 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151322 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151323 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151324 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151324 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151325 ··tags:151325 ··tags:
151326 ··-·CJIS-5.5.2.2151326 ··-·CJIS-5.5.2.2
151327 ··-·NIST-800-171-3.4.5151327 ··-·NIST-800-171-3.4.5
151328 ··-·NIST-800-53-AC-6(1)151328 ··-·NIST-800-53-AC-6(1)
151329 ··-·NIST-800-53-CM-6(a)151329 ··-·NIST-800-53-CM-6(a)
151330 ··-·PCI-DSS-Req-7.1151330 ··-·PCI-DSS-Req-7.1
Offset 151337, 16 lines modifiedOffset 151337, 16 lines modified
151337 ··-·no_reboot_needed151337 ··-·no_reboot_needed
  
151338 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151338 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151339 ··file:151339 ··file:
151340 ····path:·/boot/efi/EFI/redhat/grub.cfg151340 ····path:·/boot/efi/EFI/redhat/grub.cfg
151341 ····group:·'0'151341 ····group:·'0'
151342 ··when:151342 ··when:
151343 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151344 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151343 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151344 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151345 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151345 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151346 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151346 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151347 ··tags:151347 ··tags:
151348 ··-·CJIS-5.5.2.2151348 ··-·CJIS-5.5.2.2
151349 ··-·NIST-800-171-3.4.5151349 ··-·NIST-800-171-3.4.5
151350 ··-·NIST-800-53-AC-6(1)151350 ··-·NIST-800-53-AC-6(1)
151351 ··-·NIST-800-53-CM-6(a)151351 ··-·NIST-800-53-CM-6(a)
Offset 151354, 15 lines modifiedOffset 151354, 15 lines modified
151354 ··-·configure_strategy151354 ··-·configure_strategy
151355 ··-·file_groupowner_efi_grub2_cfg151355 ··-·file_groupowner_efi_grub2_cfg
151356 ··-·low_complexity151356 ··-·low_complexity
151357 ··-·low_disruption151357 ··-·low_disruption
151358 ··-·medium_severity151358 ··-·medium_severity
151359 ··-·no_reboot_needed</xccdf-1.2:fix>151359 ··-·no_reboot_needed</xccdf-1.2:fix>
151360 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151360 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151361 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151361 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151362 chgrp·0·/boot/efi/EFI/redhat/grub.cfg151362 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
151363 else151363 else
151364 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151364 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151365 fi</xccdf-1.2:fix>151365 fi</xccdf-1.2:fix>
151366 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151366 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151458, 16 lines modifiedOffset 151458, 16 lines modified
151458 ··-·no_reboot_needed151458 ··-·no_reboot_needed
  
151459 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg151459 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
151460 ··stat:151460 ··stat:
151461 ····path:·/boot/efi/EFI/redhat/user.cfg151461 ····path:·/boot/efi/EFI/redhat/user.cfg
151462 ··register:·file_exists151462 ··register:·file_exists
151463 ··when:151463 ··when:
151464 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151465 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151464 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151465 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151466 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151466 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151467 ··tags:151467 ··tags:
151468 ··-·CJIS-5.5.2.2151468 ··-·CJIS-5.5.2.2
151469 ··-·NIST-800-171-3.4.5151469 ··-·NIST-800-171-3.4.5
151470 ··-·NIST-800-53-AC-6(1)151470 ··-·NIST-800-53-AC-6(1)
151471 ··-·NIST-800-53-CM-6(a)151471 ··-·NIST-800-53-CM-6(a)
151472 ··-·PCI-DSS-Req-7.1151472 ··-·PCI-DSS-Req-7.1
Offset 151479, 16 lines modifiedOffset 151479, 16 lines modified
151479 ··-·no_reboot_needed151479 ··-·no_reboot_needed
  
151480 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg151480 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
151481 ··file:151481 ··file:
151482 ····path:·/boot/efi/EFI/redhat/user.cfg151482 ····path:·/boot/efi/EFI/redhat/user.cfg
151483 ····group:·'0'151483 ····group:·'0'
151484 ··when:151484 ··when:
151485 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151486 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151485 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151486 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151487 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151487 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151488 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151488 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151489 ··tags:151489 ··tags:
151490 ··-·CJIS-5.5.2.2151490 ··-·CJIS-5.5.2.2
151491 ··-·NIST-800-171-3.4.5151491 ··-·NIST-800-171-3.4.5
151492 ··-·NIST-800-53-AC-6(1)151492 ··-·NIST-800-53-AC-6(1)
151493 ··-·NIST-800-53-CM-6(a)151493 ··-·NIST-800-53-CM-6(a)
Offset 151496, 15 lines modifiedOffset 151496, 15 lines modified
151496 ··-·configure_strategy151496 ··-·configure_strategy
151497 ··-·file_groupowner_efi_user_cfg151497 ··-·file_groupowner_efi_user_cfg
151498 ··-·low_complexity151498 ··-·low_complexity
151499 ··-·low_disruption151499 ··-·low_disruption
151500 ··-·medium_severity151500 ··-·medium_severity
151501 ··-·no_reboot_needed</xccdf-1.2:fix>151501 ··-·no_reboot_needed</xccdf-1.2:fix>
151502 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151502 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151503 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151503 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151504 chgrp·0·/boot/efi/EFI/redhat/user.cfg151504 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
151505 else151505 else
151506 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151506 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151507 fi</xccdf-1.2:fix>151507 fi</xccdf-1.2:fix>
151508 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151508 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151596, 16 lines modifiedOffset 151596, 16 lines modified
151596 ··-·no_reboot_needed151596 ··-·no_reboot_needed
  
151597 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151597 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151598 ··stat:151598 ··stat:
151599 ····path:·/boot/efi/EFI/redhat/grub.cfg151599 ····path:·/boot/efi/EFI/redhat/grub.cfg
151600 ··register:·file_exists151600 ··register:·file_exists
151601 ··when:151601 ··when:
151602 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151603 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151602 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151603 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151604 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151604 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151605 ··tags:151605 ··tags:
151606 ··-·CJIS-5.5.2.2151606 ··-·CJIS-5.5.2.2
151607 ··-·NIST-800-171-3.4.5151607 ··-·NIST-800-171-3.4.5
151608 ··-·NIST-800-53-AC-6(1)151608 ··-·NIST-800-53-AC-6(1)
151609 ··-·NIST-800-53-CM-6(a)151609 ··-·NIST-800-53-CM-6(a)
151610 ··-·PCI-DSS-Req-7.1151610 ··-·PCI-DSS-Req-7.1
Offset 151617, 16 lines modifiedOffset 151617, 16 lines modified
151617 ··-·no_reboot_needed151617 ··-·no_reboot_needed
  
151618 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151618 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151619 ··file:151619 ··file:
151620 ····path:·/boot/efi/EFI/redhat/grub.cfg151620 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9972/15564 bytes (64.07%) of diff not shown.
15.3 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml
15.2 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml
    
Offset 151142, 16 lines modifiedOffset 151142, 16 lines modified
151142 ··-·no_reboot_needed151142 ··-·no_reboot_needed
  
151143 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151143 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151144 ··stat:151144 ··stat:
151145 ····path:·/boot/efi/EFI/redhat/grub.cfg151145 ····path:·/boot/efi/EFI/redhat/grub.cfg
151146 ··register:·file_exists151146 ··register:·file_exists
151147 ··when:151147 ··when:
151148 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151149 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151148 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151149 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151150 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151150 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151151 ··tags:151151 ··tags:
151152 ··-·CJIS-5.5.2.2151152 ··-·CJIS-5.5.2.2
151153 ··-·NIST-800-171-3.4.5151153 ··-·NIST-800-171-3.4.5
151154 ··-·NIST-800-53-AC-6(1)151154 ··-·NIST-800-53-AC-6(1)
151155 ··-·NIST-800-53-CM-6(a)151155 ··-·NIST-800-53-CM-6(a)
151156 ··-·PCI-DSS-Req-7.1151156 ··-·PCI-DSS-Req-7.1
Offset 151163, 16 lines modifiedOffset 151163, 16 lines modified
151163 ··-·no_reboot_needed151163 ··-·no_reboot_needed
  
151164 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151164 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151165 ··file:151165 ··file:
151166 ····path:·/boot/efi/EFI/redhat/grub.cfg151166 ····path:·/boot/efi/EFI/redhat/grub.cfg
151167 ····group:·'0'151167 ····group:·'0'
151168 ··when:151168 ··when:
151169 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151170 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151169 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151170 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151171 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151171 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151172 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151172 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151173 ··tags:151173 ··tags:
151174 ··-·CJIS-5.5.2.2151174 ··-·CJIS-5.5.2.2
151175 ··-·NIST-800-171-3.4.5151175 ··-·NIST-800-171-3.4.5
151176 ··-·NIST-800-53-AC-6(1)151176 ··-·NIST-800-53-AC-6(1)
151177 ··-·NIST-800-53-CM-6(a)151177 ··-·NIST-800-53-CM-6(a)
Offset 151180, 15 lines modifiedOffset 151180, 15 lines modified
151180 ··-·configure_strategy151180 ··-·configure_strategy
151181 ··-·file_groupowner_efi_grub2_cfg151181 ··-·file_groupowner_efi_grub2_cfg
151182 ··-·low_complexity151182 ··-·low_complexity
151183 ··-·low_disruption151183 ··-·low_disruption
151184 ··-·medium_severity151184 ··-·medium_severity
151185 ··-·no_reboot_needed</xccdf-1.2:fix>151185 ··-·no_reboot_needed</xccdf-1.2:fix>
151186 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151186 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151187 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151187 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151188 chgrp·0·/boot/efi/EFI/redhat/grub.cfg151188 chgrp·0·/boot/efi/EFI/redhat/grub.cfg
  
151189 else151189 else
151190 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151190 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151191 fi</xccdf-1.2:fix>151191 fi</xccdf-1.2:fix>
151192 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151192 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151284, 16 lines modifiedOffset 151284, 16 lines modified
151284 ··-·no_reboot_needed151284 ··-·no_reboot_needed
  
151285 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg151285 -·name:·Test·for·existence·/boot/efi/EFI/redhat/user.cfg
151286 ··stat:151286 ··stat:
151287 ····path:·/boot/efi/EFI/redhat/user.cfg151287 ····path:·/boot/efi/EFI/redhat/user.cfg
151288 ··register:·file_exists151288 ··register:·file_exists
151289 ··when:151289 ··when:
151290 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151291 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151290 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151291 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151292 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151292 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151293 ··tags:151293 ··tags:
151294 ··-·CJIS-5.5.2.2151294 ··-·CJIS-5.5.2.2
151295 ··-·NIST-800-171-3.4.5151295 ··-·NIST-800-171-3.4.5
151296 ··-·NIST-800-53-AC-6(1)151296 ··-·NIST-800-53-AC-6(1)
151297 ··-·NIST-800-53-CM-6(a)151297 ··-·NIST-800-53-CM-6(a)
151298 ··-·PCI-DSS-Req-7.1151298 ··-·PCI-DSS-Req-7.1
Offset 151305, 16 lines modifiedOffset 151305, 16 lines modified
151305 ··-·no_reboot_needed151305 ··-·no_reboot_needed
  
151306 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg151306 -·name:·Ensure·group·owner·0·on·/boot/efi/EFI/redhat/user.cfg
151307 ··file:151307 ··file:
151308 ····path:·/boot/efi/EFI/redhat/user.cfg151308 ····path:·/boot/efi/EFI/redhat/user.cfg
151309 ····group:·'0'151309 ····group:·'0'
151310 ··when:151310 ··when:
151311 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151312 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151311 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151312 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151313 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151313 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151314 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists151314 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
151315 ··tags:151315 ··tags:
151316 ··-·CJIS-5.5.2.2151316 ··-·CJIS-5.5.2.2
151317 ··-·NIST-800-171-3.4.5151317 ··-·NIST-800-171-3.4.5
151318 ··-·NIST-800-53-AC-6(1)151318 ··-·NIST-800-53-AC-6(1)
151319 ··-·NIST-800-53-CM-6(a)151319 ··-·NIST-800-53-CM-6(a)
Offset 151322, 15 lines modifiedOffset 151322, 15 lines modified
151322 ··-·configure_strategy151322 ··-·configure_strategy
151323 ··-·file_groupowner_efi_user_cfg151323 ··-·file_groupowner_efi_user_cfg
151324 ··-·low_complexity151324 ··-·low_complexity
151325 ··-·low_disruption151325 ··-·low_disruption
151326 ··-·medium_severity151326 ··-·medium_severity
151327 ··-·no_reboot_needed</xccdf-1.2:fix>151327 ··-·no_reboot_needed</xccdf-1.2:fix>
151328 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms151328 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
151329 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then151329 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
151330 chgrp·0·/boot/efi/EFI/redhat/user.cfg151330 chgrp·0·/boot/efi/EFI/redhat/user.cfg
  
151331 else151331 else
151332 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'151332 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151333 fi</xccdf-1.2:fix>151333 fi</xccdf-1.2:fix>
151334 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">151334 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 151422, 16 lines modifiedOffset 151422, 16 lines modified
151422 ··-·no_reboot_needed151422 ··-·no_reboot_needed
  
151423 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg151423 -·name:·Test·for·existence·/boot/efi/EFI/redhat/grub.cfg
151424 ··stat:151424 ··stat:
151425 ····path:·/boot/efi/EFI/redhat/grub.cfg151425 ····path:·/boot/efi/EFI/redhat/grub.cfg
151426 ··register:·file_exists151426 ··register:·file_exists
151427 ··when:151427 ··when:
151428 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
151429 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'151428 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 151429 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
151430 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]151430 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
151431 ··tags:151431 ··tags:
151432 ··-·CJIS-5.5.2.2151432 ··-·CJIS-5.5.2.2
151433 ··-·NIST-800-171-3.4.5151433 ··-·NIST-800-171-3.4.5
151434 ··-·NIST-800-53-AC-6(1)151434 ··-·NIST-800-53-AC-6(1)
151435 ··-·NIST-800-53-CM-6(a)151435 ··-·NIST-800-53-CM-6(a)
151436 ··-·PCI-DSS-Req-7.1151436 ··-·PCI-DSS-Req-7.1
Offset 151443, 16 lines modifiedOffset 151443, 16 lines modified
151443 ··-·no_reboot_needed151443 ··-·no_reboot_needed
  
151444 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg151444 -·name:·Ensure·owner·0·on·/boot/efi/EFI/redhat/grub.cfg
151445 ··file:151445 ··file:
151446 ····path:·/boot/efi/EFI/redhat/grub.cfg151446 ····path:·/boot/efi/EFI/redhat/grub.cfg
Max diff block lines reached; 9936/15512 bytes (64.05%) of diff not shown.
6.93 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml
6.83 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml
    
Offset 122486, 16 lines modifiedOffset 122486, 16 lines modified
122486 ··-·no_reboot_needed122486 ··-·no_reboot_needed
  
122487 -·name:·Test·for·existence·/boot/grub2/grub.cfg122487 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122488 ··stat:122488 ··stat:
122489 ····path:·/boot/grub2/grub.cfg122489 ····path:·/boot/grub2/grub.cfg
122490 ··register:·file_exists122490 ··register:·file_exists
122491 ··when:122491 ··when:
122492 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122493 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122492 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122493 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122494 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122494 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122495 ··tags:122495 ··tags:
122496 ··-·CCE-85849-8122496 ··-·CCE-85849-8
122497 ··-·CJIS-5.5.2.2122497 ··-·CJIS-5.5.2.2
122498 ··-·NIST-800-171-3.4.5122498 ··-·NIST-800-171-3.4.5
122499 ··-·NIST-800-53-AC-6(1)122499 ··-·NIST-800-53-AC-6(1)
122500 ··-·NIST-800-53-CM-6(a)122500 ··-·NIST-800-53-CM-6(a)
Offset 122508, 16 lines modifiedOffset 122508, 16 lines modified
122508 ··-·no_reboot_needed122508 ··-·no_reboot_needed
  
122509 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg122509 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
122510 ··file:122510 ··file:
122511 ····path:·/boot/grub2/grub.cfg122511 ····path:·/boot/grub2/grub.cfg
122512 ····group:·'0'122512 ····group:·'0'
122513 ··when:122513 ··when:
122514 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122515 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122514 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122515 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122516 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122516 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122517 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122517 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122518 ··tags:122518 ··tags:
122519 ··-·CCE-85849-8122519 ··-·CCE-85849-8
122520 ··-·CJIS-5.5.2.2122520 ··-·CJIS-5.5.2.2
122521 ··-·NIST-800-171-3.4.5122521 ··-·NIST-800-171-3.4.5
122522 ··-·NIST-800-53-AC-6(1)122522 ··-·NIST-800-53-AC-6(1)
Offset 122526, 15 lines modifiedOffset 122526, 15 lines modified
122526 ··-·configure_strategy122526 ··-·configure_strategy
122527 ··-·file_groupowner_grub2_cfg122527 ··-·file_groupowner_grub2_cfg
122528 ··-·low_complexity122528 ··-·low_complexity
122529 ··-·low_disruption122529 ··-·low_disruption
122530 ··-·medium_severity122530 ··-·medium_severity
122531 ··-·no_reboot_needed</xccdf-1.2:fix>122531 ··-·no_reboot_needed</xccdf-1.2:fix>
122532 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122532 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122533 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122533 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122534 chgrp·0·/boot/grub2/grub.cfg122534 chgrp·0·/boot/grub2/grub.cfg
  
122535 else122535 else
122536 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122536 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122537 fi</xccdf-1.2:fix>122537 fi</xccdf-1.2:fix>
122538 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122538 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122639, 16 lines modifiedOffset 122639, 16 lines modified
122639 ··-·no_reboot_needed122639 ··-·no_reboot_needed
  
122640 -·name:·Test·for·existence·/boot/grub2/grub.cfg122640 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122641 ··stat:122641 ··stat:
122642 ····path:·/boot/grub2/grub.cfg122642 ····path:·/boot/grub2/grub.cfg
122643 ··register:·file_exists122643 ··register:·file_exists
122644 ··when:122644 ··when:
122645 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122646 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122645 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122646 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122647 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122647 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122648 ··tags:122648 ··tags:
122649 ··-·CCE-85848-0122649 ··-·CCE-85848-0
122650 ··-·CJIS-5.5.2.2122650 ··-·CJIS-5.5.2.2
122651 ··-·NIST-800-171-3.4.5122651 ··-·NIST-800-171-3.4.5
122652 ··-·NIST-800-53-AC-6(1)122652 ··-·NIST-800-53-AC-6(1)
122653 ··-·NIST-800-53-CM-6(a)122653 ··-·NIST-800-53-CM-6(a)
Offset 122661, 16 lines modifiedOffset 122661, 16 lines modified
122661 ··-·no_reboot_needed122661 ··-·no_reboot_needed
  
122662 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg122662 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
122663 ··file:122663 ··file:
122664 ····path:·/boot/grub2/grub.cfg122664 ····path:·/boot/grub2/grub.cfg
122665 ····owner:·'0'122665 ····owner:·'0'
122666 ··when:122666 ··when:
122667 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122668 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122667 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122668 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122669 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122669 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122670 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122670 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122671 ··tags:122671 ··tags:
122672 ··-·CCE-85848-0122672 ··-·CCE-85848-0
122673 ··-·CJIS-5.5.2.2122673 ··-·CJIS-5.5.2.2
122674 ··-·NIST-800-171-3.4.5122674 ··-·NIST-800-171-3.4.5
122675 ··-·NIST-800-53-AC-6(1)122675 ··-·NIST-800-53-AC-6(1)
Offset 122679, 15 lines modifiedOffset 122679, 15 lines modified
122679 ··-·configure_strategy122679 ··-·configure_strategy
122680 ··-·file_owner_grub2_cfg122680 ··-·file_owner_grub2_cfg
122681 ··-·low_complexity122681 ··-·low_complexity
122682 ··-·low_disruption122682 ··-·low_disruption
122683 ··-·medium_severity122683 ··-·medium_severity
122684 ··-·no_reboot_needed</xccdf-1.2:fix>122684 ··-·no_reboot_needed</xccdf-1.2:fix>
122685 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122685 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122686 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122686 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122687 chown·0·/boot/grub2/grub.cfg122687 chown·0·/boot/grub2/grub.cfg
  
122688 else122688 else
122689 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122689 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122690 fi</xccdf-1.2:fix>122690 fi</xccdf-1.2:fix>
122691 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122691 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122785, 16 lines modifiedOffset 122785, 16 lines modified
122785 ··-·no_reboot_needed122785 ··-·no_reboot_needed
  
122786 -·name:·Test·for·existence·/boot/grub2/grub.cfg122786 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122787 ··stat:122787 ··stat:
122788 ····path:·/boot/grub2/grub.cfg122788 ····path:·/boot/grub2/grub.cfg
122789 ··register:·file_exists122789 ··register:·file_exists
122790 ··when:122790 ··when:
122791 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122792 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122791 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122792 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122793 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122793 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122794 ··tags:122794 ··tags:
122795 ··-·CCE-91426-7122795 ··-·CCE-91426-7
122796 ··-·NIST-800-171-3.4.5122796 ··-·NIST-800-171-3.4.5
122797 ··-·NIST-800-53-AC-6(1)122797 ··-·NIST-800-53-AC-6(1)
122798 ··-·NIST-800-53-CM-6(a)122798 ··-·NIST-800-53-CM-6(a)
122799 ··-·configure_strategy122799 ··-·configure_strategy
Offset 122805, 31 lines modifiedOffset 122805, 31 lines modified
122805 ··-·no_reboot_needed122805 ··-·no_reboot_needed
  
122806 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg122806 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
122807 ··file:122807 ··file:
122808 ····path:·/boot/grub2/grub.cfg122808 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1453/6888 bytes (21.09%) of diff not shown.
6.92 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml
6.82 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml
    
Offset 122488, 16 lines modifiedOffset 122488, 16 lines modified
122488 ··-·no_reboot_needed122488 ··-·no_reboot_needed
  
122489 -·name:·Test·for·existence·/boot/grub2/grub.cfg122489 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122490 ··stat:122490 ··stat:
122491 ····path:·/boot/grub2/grub.cfg122491 ····path:·/boot/grub2/grub.cfg
122492 ··register:·file_exists122492 ··register:·file_exists
122493 ··when:122493 ··when:
122494 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122495 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122494 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122495 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122496 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122496 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122497 ··tags:122497 ··tags:
122498 ··-·CCE-85849-8122498 ··-·CCE-85849-8
122499 ··-·CJIS-5.5.2.2122499 ··-·CJIS-5.5.2.2
122500 ··-·NIST-800-171-3.4.5122500 ··-·NIST-800-171-3.4.5
122501 ··-·NIST-800-53-AC-6(1)122501 ··-·NIST-800-53-AC-6(1)
122502 ··-·NIST-800-53-CM-6(a)122502 ··-·NIST-800-53-CM-6(a)
Offset 122510, 16 lines modifiedOffset 122510, 16 lines modified
122510 ··-·no_reboot_needed122510 ··-·no_reboot_needed
  
122511 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg122511 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
122512 ··file:122512 ··file:
122513 ····path:·/boot/grub2/grub.cfg122513 ····path:·/boot/grub2/grub.cfg
122514 ····group:·'0'122514 ····group:·'0'
122515 ··when:122515 ··when:
122516 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122517 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122516 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122517 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122518 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122518 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122519 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122519 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122520 ··tags:122520 ··tags:
122521 ··-·CCE-85849-8122521 ··-·CCE-85849-8
122522 ··-·CJIS-5.5.2.2122522 ··-·CJIS-5.5.2.2
122523 ··-·NIST-800-171-3.4.5122523 ··-·NIST-800-171-3.4.5
122524 ··-·NIST-800-53-AC-6(1)122524 ··-·NIST-800-53-AC-6(1)
Offset 122528, 15 lines modifiedOffset 122528, 15 lines modified
122528 ··-·configure_strategy122528 ··-·configure_strategy
122529 ··-·file_groupowner_grub2_cfg122529 ··-·file_groupowner_grub2_cfg
122530 ··-·low_complexity122530 ··-·low_complexity
122531 ··-·low_disruption122531 ··-·low_disruption
122532 ··-·medium_severity122532 ··-·medium_severity
122533 ··-·no_reboot_needed</xccdf-1.2:fix>122533 ··-·no_reboot_needed</xccdf-1.2:fix>
122534 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122534 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122535 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122535 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122536 chgrp·0·/boot/grub2/grub.cfg122536 chgrp·0·/boot/grub2/grub.cfg
  
122537 else122537 else
122538 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122538 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122539 fi</xccdf-1.2:fix>122539 fi</xccdf-1.2:fix>
122540 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122540 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122641, 16 lines modifiedOffset 122641, 16 lines modified
122641 ··-·no_reboot_needed122641 ··-·no_reboot_needed
  
122642 -·name:·Test·for·existence·/boot/grub2/grub.cfg122642 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122643 ··stat:122643 ··stat:
122644 ····path:·/boot/grub2/grub.cfg122644 ····path:·/boot/grub2/grub.cfg
122645 ··register:·file_exists122645 ··register:·file_exists
122646 ··when:122646 ··when:
122647 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122648 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122647 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122648 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122649 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122649 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122650 ··tags:122650 ··tags:
122651 ··-·CCE-85848-0122651 ··-·CCE-85848-0
122652 ··-·CJIS-5.5.2.2122652 ··-·CJIS-5.5.2.2
122653 ··-·NIST-800-171-3.4.5122653 ··-·NIST-800-171-3.4.5
122654 ··-·NIST-800-53-AC-6(1)122654 ··-·NIST-800-53-AC-6(1)
122655 ··-·NIST-800-53-CM-6(a)122655 ··-·NIST-800-53-CM-6(a)
Offset 122663, 16 lines modifiedOffset 122663, 16 lines modified
122663 ··-·no_reboot_needed122663 ··-·no_reboot_needed
  
122664 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg122664 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
122665 ··file:122665 ··file:
122666 ····path:·/boot/grub2/grub.cfg122666 ····path:·/boot/grub2/grub.cfg
122667 ····owner:·'0'122667 ····owner:·'0'
122668 ··when:122668 ··when:
122669 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122670 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122669 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122670 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122671 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122671 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122672 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122672 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122673 ··tags:122673 ··tags:
122674 ··-·CCE-85848-0122674 ··-·CCE-85848-0
122675 ··-·CJIS-5.5.2.2122675 ··-·CJIS-5.5.2.2
122676 ··-·NIST-800-171-3.4.5122676 ··-·NIST-800-171-3.4.5
122677 ··-·NIST-800-53-AC-6(1)122677 ··-·NIST-800-53-AC-6(1)
Offset 122681, 15 lines modifiedOffset 122681, 15 lines modified
122681 ··-·configure_strategy122681 ··-·configure_strategy
122682 ··-·file_owner_grub2_cfg122682 ··-·file_owner_grub2_cfg
122683 ··-·low_complexity122683 ··-·low_complexity
122684 ··-·low_disruption122684 ··-·low_disruption
122685 ··-·medium_severity122685 ··-·medium_severity
122686 ··-·no_reboot_needed</xccdf-1.2:fix>122686 ··-·no_reboot_needed</xccdf-1.2:fix>
122687 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122687 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122688 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122688 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122689 chown·0·/boot/grub2/grub.cfg122689 chown·0·/boot/grub2/grub.cfg
  
122690 else122690 else
122691 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122691 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122692 fi</xccdf-1.2:fix>122692 fi</xccdf-1.2:fix>
122693 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122693 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122787, 16 lines modifiedOffset 122787, 16 lines modified
122787 ··-·no_reboot_needed122787 ··-·no_reboot_needed
  
122788 -·name:·Test·for·existence·/boot/grub2/grub.cfg122788 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122789 ··stat:122789 ··stat:
122790 ····path:·/boot/grub2/grub.cfg122790 ····path:·/boot/grub2/grub.cfg
122791 ··register:·file_exists122791 ··register:·file_exists
122792 ··when:122792 ··when:
122793 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122794 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122793 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122794 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122795 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122795 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122796 ··tags:122796 ··tags:
122797 ··-·CCE-91426-7122797 ··-·CCE-91426-7
122798 ··-·NIST-800-171-3.4.5122798 ··-·NIST-800-171-3.4.5
122799 ··-·NIST-800-53-AC-6(1)122799 ··-·NIST-800-53-AC-6(1)
122800 ··-·NIST-800-53-CM-6(a)122800 ··-·NIST-800-53-CM-6(a)
122801 ··-·configure_strategy122801 ··-·configure_strategy
Offset 122807, 31 lines modifiedOffset 122807, 31 lines modified
122807 ··-·no_reboot_needed122807 ··-·no_reboot_needed
  
122808 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg122808 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
122809 ··file:122809 ··file:
122810 ····path:·/boot/grub2/grub.cfg122810 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1453/6888 bytes (21.09%) of diff not shown.
6.91 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml
6.8 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml
    
Offset 122358, 16 lines modifiedOffset 122358, 16 lines modified
122358 ··-·no_reboot_needed122358 ··-·no_reboot_needed
  
122359 -·name:·Test·for·existence·/boot/grub2/grub.cfg122359 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122360 ··stat:122360 ··stat:
122361 ····path:·/boot/grub2/grub.cfg122361 ····path:·/boot/grub2/grub.cfg
122362 ··register:·file_exists122362 ··register:·file_exists
122363 ··when:122363 ··when:
122364 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122365 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122364 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122365 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122366 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122366 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122367 ··tags:122367 ··tags:
122368 ··-·CCE-85849-8122368 ··-·CCE-85849-8
122369 ··-·CJIS-5.5.2.2122369 ··-·CJIS-5.5.2.2
122370 ··-·NIST-800-171-3.4.5122370 ··-·NIST-800-171-3.4.5
122371 ··-·NIST-800-53-AC-6(1)122371 ··-·NIST-800-53-AC-6(1)
122372 ··-·NIST-800-53-CM-6(a)122372 ··-·NIST-800-53-CM-6(a)
Offset 122380, 16 lines modifiedOffset 122380, 16 lines modified
122380 ··-·no_reboot_needed122380 ··-·no_reboot_needed
  
122381 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg122381 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
122382 ··file:122382 ··file:
122383 ····path:·/boot/grub2/grub.cfg122383 ····path:·/boot/grub2/grub.cfg
122384 ····group:·'0'122384 ····group:·'0'
122385 ··when:122385 ··when:
122386 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122387 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122386 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122387 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122388 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122388 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122389 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122389 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122390 ··tags:122390 ··tags:
122391 ··-·CCE-85849-8122391 ··-·CCE-85849-8
122392 ··-·CJIS-5.5.2.2122392 ··-·CJIS-5.5.2.2
122393 ··-·NIST-800-171-3.4.5122393 ··-·NIST-800-171-3.4.5
122394 ··-·NIST-800-53-AC-6(1)122394 ··-·NIST-800-53-AC-6(1)
Offset 122398, 15 lines modifiedOffset 122398, 15 lines modified
122398 ··-·configure_strategy122398 ··-·configure_strategy
122399 ··-·file_groupowner_grub2_cfg122399 ··-·file_groupowner_grub2_cfg
122400 ··-·low_complexity122400 ··-·low_complexity
122401 ··-·low_disruption122401 ··-·low_disruption
122402 ··-·medium_severity122402 ··-·medium_severity
122403 ··-·no_reboot_needed</xccdf-1.2:fix>122403 ··-·no_reboot_needed</xccdf-1.2:fix>
122404 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122404 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122405 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122405 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122406 chgrp·0·/boot/grub2/grub.cfg122406 chgrp·0·/boot/grub2/grub.cfg
  
122407 else122407 else
122408 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122408 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122409 fi</xccdf-1.2:fix>122409 fi</xccdf-1.2:fix>
122410 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122410 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122511, 16 lines modifiedOffset 122511, 16 lines modified
122511 ··-·no_reboot_needed122511 ··-·no_reboot_needed
  
122512 -·name:·Test·for·existence·/boot/grub2/grub.cfg122512 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122513 ··stat:122513 ··stat:
122514 ····path:·/boot/grub2/grub.cfg122514 ····path:·/boot/grub2/grub.cfg
122515 ··register:·file_exists122515 ··register:·file_exists
122516 ··when:122516 ··when:
122517 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122518 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122517 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122518 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122519 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122519 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122520 ··tags:122520 ··tags:
122521 ··-·CCE-85848-0122521 ··-·CCE-85848-0
122522 ··-·CJIS-5.5.2.2122522 ··-·CJIS-5.5.2.2
122523 ··-·NIST-800-171-3.4.5122523 ··-·NIST-800-171-3.4.5
122524 ··-·NIST-800-53-AC-6(1)122524 ··-·NIST-800-53-AC-6(1)
122525 ··-·NIST-800-53-CM-6(a)122525 ··-·NIST-800-53-CM-6(a)
Offset 122533, 16 lines modifiedOffset 122533, 16 lines modified
122533 ··-·no_reboot_needed122533 ··-·no_reboot_needed
  
122534 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg122534 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
122535 ··file:122535 ··file:
122536 ····path:·/boot/grub2/grub.cfg122536 ····path:·/boot/grub2/grub.cfg
122537 ····owner:·'0'122537 ····owner:·'0'
122538 ··when:122538 ··when:
122539 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122540 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122539 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122540 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122541 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122541 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122542 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122542 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122543 ··tags:122543 ··tags:
122544 ··-·CCE-85848-0122544 ··-·CCE-85848-0
122545 ··-·CJIS-5.5.2.2122545 ··-·CJIS-5.5.2.2
122546 ··-·NIST-800-171-3.4.5122546 ··-·NIST-800-171-3.4.5
122547 ··-·NIST-800-53-AC-6(1)122547 ··-·NIST-800-53-AC-6(1)
Offset 122551, 15 lines modifiedOffset 122551, 15 lines modified
122551 ··-·configure_strategy122551 ··-·configure_strategy
122552 ··-·file_owner_grub2_cfg122552 ··-·file_owner_grub2_cfg
122553 ··-·low_complexity122553 ··-·low_complexity
122554 ··-·low_disruption122554 ··-·low_disruption
122555 ··-·medium_severity122555 ··-·medium_severity
122556 ··-·no_reboot_needed</xccdf-1.2:fix>122556 ··-·no_reboot_needed</xccdf-1.2:fix>
122557 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122557 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122558 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122558 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122559 chown·0·/boot/grub2/grub.cfg122559 chown·0·/boot/grub2/grub.cfg
  
122560 else122560 else
122561 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122561 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122562 fi</xccdf-1.2:fix>122562 fi</xccdf-1.2:fix>
122563 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122563 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122657, 16 lines modifiedOffset 122657, 16 lines modified
122657 ··-·no_reboot_needed122657 ··-·no_reboot_needed
  
122658 -·name:·Test·for·existence·/boot/grub2/grub.cfg122658 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122659 ··stat:122659 ··stat:
122660 ····path:·/boot/grub2/grub.cfg122660 ····path:·/boot/grub2/grub.cfg
122661 ··register:·file_exists122661 ··register:·file_exists
122662 ··when:122662 ··when:
122663 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
122664 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'122663 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
 122664 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
122665 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122665 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122666 ··tags:122666 ··tags:
122667 ··-·CCE-91426-7122667 ··-·CCE-91426-7
122668 ··-·NIST-800-171-3.4.5122668 ··-·NIST-800-171-3.4.5
122669 ··-·NIST-800-53-AC-6(1)122669 ··-·NIST-800-53-AC-6(1)
122670 ··-·NIST-800-53-CM-6(a)122670 ··-·NIST-800-53-CM-6(a)
122671 ··-·configure_strategy122671 ··-·configure_strategy
Offset 122677, 31 lines modifiedOffset 122677, 31 lines modified
122677 ··-·no_reboot_needed122677 ··-·no_reboot_needed
  
122678 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg122678 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
122679 ··file:122679 ··file:
122680 ····path:·/boot/grub2/grub.cfg122680 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1445/6864 bytes (21.05%) of diff not shown.
Generated by diffoscope 240