-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create auditd rules #158
base: master
Are you sure you want to change the base?
Create auditd rules #158
Conversation
and add NOTICE file for code reuse Signed-off-by: Maik Stuebner <[email protected]>
Signed-off-by: Maik Stuebner <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be very beneficial to split this one control into multiple separate controlls.
A good approach for this may be CIS DIL Benchmark, this way we could get meaningful descriptions, explaining the wy and what, and also reference the IDs there for further reading.
its(:stdout) { should match '-w /var/log/audit/audit.log' } | ||
its(:stdout) { should match '-w /etc/hosts -p wa -k system-locale' } | ||
its(:stdout) { should match '-w /etc/ssh/sshd_config' } | ||
if os.redhat? || os.name == 'amazon' || os.name == 'fedora' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you please change this to use only_if
, like
linux-baseline/controls/os_spec.rb
Lines 153 to 167 in 91a0aa9
control 'os-05b' do | |
impact 1.0 | |
title 'Check login.defs - RedHat specific' | |
desc 'Check owner and permissions for login.defs. Also check the configured PATH variable and umask in login.defs' | |
describe file('/etc/login.defs') do | |
it { should_not be_writable } | |
end | |
describe login_defs do | |
its('SYS_UID_MIN') { should eq '201' } | |
its('SYS_UID_MAX') { should eq '999' } | |
its('SYS_GID_MIN') { should eq '201' } | |
its('SYS_GID_MAX') { should eq '999' } | |
end | |
only_if { os.redhat? } | |
end |
@@ -282,3 +282,43 @@ | |||
end | |||
end | |||
end | |||
|
|||
control 'os-15' do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think audit is large enough to start an extra file for all the checks and maybe split this up a bit to give it usefull names and descriptions.
Hi schurzi, Should I copy them to a new file in this repo an change the the tests to the things I configure in dev-sec/ansible-collection-hardening#468 ? |
see Telekom 2021.07-01 SoC 3.65 Req32-37
Public Telekom Security - Requirements