From b6ec983b79c7030e180901b9af1cc648e2e88885 Mon Sep 17 00:00:00 2001 From: yasin-cs-ko-ak Date: Mon, 30 Jan 2023 17:54:55 +0530 Subject: [PATCH] generic systems meta updated Signed-off-by: yasin-cs-ko-ak --- MySQL/system/metadata.yaml | 2 +- elastic/system/metadata.yaml | 2 +- ...ecute-package-management-process-in-container.yaml | 1 + generic/system/metadata.yaml | 11 ++--------- kibana/system/metadata.yaml | 2 +- redis/system/metadata.yaml | 2 +- 6 files changed, 7 insertions(+), 13 deletions(-) diff --git a/MySQL/system/metadata.yaml b/MySQL/system/metadata.yaml index 5a79b07c..b5132693 100644 --- a/MySQL/system/metadata.yaml +++ b/MySQL/system/metadata.yaml @@ -1,4 +1,4 @@ -version: v0.1.8 +version: v0.1.9 policyRules: - name: user-grp-mod precondition: diff --git a/elastic/system/metadata.yaml b/elastic/system/metadata.yaml index adab61a9..b4df9d19 100644 --- a/elastic/system/metadata.yaml +++ b/elastic/system/metadata.yaml @@ -1,4 +1,4 @@ -version: v0.1.8 +version: v0.1.9 policyRules: - name: elasticsearch-indices-dir precondition: diff --git a/generic/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml b/generic/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml index 6e9b0d6a..8bdb673a 100644 --- a/generic/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml +++ b/generic/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml @@ -19,6 +19,7 @@ spec: - path: /usr/bin/apt - path: /usr/bin/apt-get - path: /bin/apt-get + - path: /sbin/apk - path: /bin/apt - path: /usr/bin/dpkg - path: /bin/dpkg diff --git a/generic/system/metadata.yaml b/generic/system/metadata.yaml index 9c3fce2b..8f0f6be7 100644 --- a/generic/system/metadata.yaml +++ b/generic/system/metadata.yaml @@ -1,4 +1,4 @@ -version: v0.1.8 +version: v0.1.9 policyRules: - name: maint-tools-access precondition: @@ -118,6 +118,7 @@ policyRules: - name: k8s-client-tool-exec precondition: - /usr/local/bin/kubectl + - OPTSCAN description: refs: - name: MITRE_T1609_container_administration_command @@ -177,7 +178,6 @@ policyRules: - name: file-system-mounts precondition: - /bin/mount - - OPTSCAN description: refs: - name: CIS_4.1.14_file_system_mount @@ -199,7 +199,6 @@ policyRules: - name: cis-commandline-warning-banner precondition: - /etc/motd - - OPTSCAN description: refs: - name: CIS_1.7.1_Command_Line_Warning_Banners @@ -212,7 +211,6 @@ policyRules: - name: access-ctrl-permission-mod precondition: - /bin/chmod - - OPTSCAN description: refs: - name: CIS_4.1.11_system_access_control_permission @@ -233,7 +231,6 @@ policyRules: - name: sys-admin-scope-mod precondition: - /etc/sudoers - - OPTSCAN description: refs: - name: CIS_4.1.16_system_administration_scope @@ -250,7 +247,6 @@ policyRules: - name: system-files-mod precondition: - /etc/sudoers - - OPTSCAN description: refs: - name: CIS_6.1_System_File_Permissions @@ -265,7 +261,6 @@ policyRules: - name: system-mandatory-access-ctrl-mod precondition: - /etc/selinux/ - - OPTSCAN description: refs: - name: CIS_4.1.8_system_mandatory_access_controls @@ -281,7 +276,6 @@ policyRules: - name: system-network-env-mod precondition: - /etc/issue - - OPTSCAN description: refs: - name: CIS_4.1.7_system_network_environment @@ -298,7 +292,6 @@ policyRules: - name: service-clients-exec precondition: - /usr/bin/telnet - - OPTSCAN description: refs: - name: CIS_2.3_Service_Clients diff --git a/kibana/system/metadata.yaml b/kibana/system/metadata.yaml index aafc9b6d..cd01283f 100644 --- a/kibana/system/metadata.yaml +++ b/kibana/system/metadata.yaml @@ -1,4 +1,4 @@ -version: v0.1.8 +version: v0.1.9 policyRules: - name: kibana-panel precondition: diff --git a/redis/system/metadata.yaml b/redis/system/metadata.yaml index da2d6681..cf32c8b3 100644 --- a/redis/system/metadata.yaml +++ b/redis/system/metadata.yaml @@ -1,4 +1,4 @@ -version: v0.1.8 +version: v0.1.9 policyRules: - name: redis-sys-path precondition: