diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d1c6bc05..43c555acb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## [Unreleased] +* Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R9: [#1179](https://github.com/microsoft/PowerStig/issues/1179) * Upgrade AccessControlDSC to Version 1.4.3 [#1151](https://github.com/microsoft/PowerStig/issues/1153) * Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R7: [#1175](https://github.com/microsoft/PowerStig/issues/1175) * Update PowerSTIG to Parse/Apply Google_Chrome_V2R7_STIG: [#1160](https://github.com/microsoft/PowerStig/issues/1160) diff --git a/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R7_Manual-xccdf.log b/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R9_Manual-xccdf.log similarity index 92% rename from source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R7_Manual-xccdf.log rename to source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R9_Manual-xccdf.log index c90de8407..effabf0f9 100644 --- a/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R7_Manual-xccdf.log +++ b/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R9_Manual-xccdf.log @@ -22,7 +22,7 @@ V-204511::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; Contains V-204512::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audisp/audisp-remote.conf'; OrganizationValueTestString = 'the "network_failure_action" option is set to "SYSLOG", "SINGLE", or "HALT"; i.e.: "network_failure_action = syslog" '} V-204515::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audit/auditd.conf'; OrganizationValueTestString = 'the value of the "action_mail_acct" keyword is set to "root" and/or other accounts for security personnel; i.e.: "action_mail_acct = root" '} V-204576::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null; FilePath = '/etc/security/limits.d/204576-powerstig.conf'; OrganizationValueTestString = 'the "maxlogins" value is set to "10" or less '} -V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'} +V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/bashrc'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'} V-204584::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'kernel.randomize_va_space = 2'; FilePath = '/etc/sysctl.d/204584-powerstig.conf'} V-204609::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.accept_source_route = 0'; FilePath = '/etc/sysctl.d/204609-powerstig.conf'} V-204610::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.rp_filter = 1'; FilePath = '/etc/sysctl.d/204610-powerstig.conf'} @@ -40,3 +40,4 @@ V-237635::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null V-244557::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/grub2/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/grub2/grub.cfg'} V-244558::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/efi/EFI/redhat/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg'} V-250314::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL'; FilePath = '/etc/sudoers.d/250314-powerstig.conf'} +V-251704::*::. diff --git a/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R7_Manual-xccdf.xml b/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R9_Manual-xccdf.xml similarity index 87% rename from source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R7_Manual-xccdf.xml rename to source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R9_Manual-xccdf.xml index e73a36c0d..0697e57af 100644 --- a/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R7_Manual-xccdf.xml +++ b/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R9_Manual-xccdf.xml @@ -1,4 +1,4 @@ -acceptedRed Hat Enterprise Linux 7 Security Technical Implementation GuideThis Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.DISASTIG.DOD.MILRelease: 7 Benchmark Date: 27 Apr 20223.3.0.273751.10.03I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Public<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Classified<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>II - Mission Support Sensitive<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Public<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>SRG-OS-000257-GPOS-00098<GroupDescription></GroupDescription>RHEL-07-010010The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.<VulnDiscussion>Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default. +acceptedRed Hat Enterprise Linux 7 Security Technical Implementation GuideThis Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.DISASTIG.DOD.MILRelease: 9 Benchmark Date: 27 Oct 20223.4.0.342221.10.03I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>