anku33/RHEL9-CIS-Audit
1
0
Fork 0
mirror of https://github.com/ansible-lockdown/RHEL9-CIS-Audit.git synced 2026-06-01 02:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed check

Browse Source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
2025-02-26 12:27:29 +00:00
parent cab806c2a7
commit 4cc722baaf
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
section_6/cis_6.3.3.x/cis_6.3.3.13.yml
+2 -2
View File
@@ -8,8 +8,8 @@ command:
exec: grep delete /etc/audit/rules.d/*.rules
exit-status: 0
stdout:
- '/[^#]-a always,exit -F arch=b32 -S rename,unlink,unlinkat,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
- '/[^#]-a always,exit -F arch=b32 -S rename,unlink,unlinkat,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
- '/[^#]-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
- '/[^#]-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k delete/'
meta:
server: 2
workstation: 2
section_6/cis_6.3.3.x/cis_6.3.3.17.yml
+1 -1
View File
@@ -27,7 +27,7 @@ command:
exec: auditctl -l | grep chacl
exit-status: 0
stdout:
- '-a always,exit -S all -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -F key=perm_chng'
- '-a always,exit -S all -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_chng'
meta:
server: 2
workstation: 2
section_6/cis_6.3.3.x/cis_6.3.3.9.yml
+1 -1
View File
@@ -11,7 +11,7 @@ command:
- '/[^#]-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
- '/[^#]-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
- '/[^#]-a always,exit -F arch=b64 -S chown,fchown,lchown,fchownat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
- '/[^#]-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
- '/[^#]-a always,exit -F arch=b32 -S chown,fchown,lchown,fchownat -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
- '/[^#]-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
- '/[^#]-a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=(unset|-1|auid!=4294967295) -k perm_mod/'
meta: