Skip to content

Commit

Permalink
Merge pull request #12930 from vojtapolasek/rhel9_stig_add_fapolicy
Browse files Browse the repository at this point in the history 
add rule fapolicy_default_deny to rhel9 stig
  • Loading branch information
@Mab879
Mab879 authored Jan 29, 2025
2 parents dc71fb3 + cf95bf9 commit 95eed20
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 0 deletions.
8 changes: 8 additions & 0 deletions controls/stig_rhel9.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2714,6 +2714,14 @@ controls:
- service_fapolicyd_enabled
status: automated

- id: RHEL-09-433016
levels:
- medium
title: The RHEL 9 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
rules:
- fapolicy_default_deny
status: automated

- id: RHEL-09-611010
levels:
- medium
Expand Down
1 change: 1 addition & 0 deletions tests/data/profile_stability/rhel9/stig.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,7 @@ selections:
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
- ensure_redhat_gpgkey_installed
- fapolicy_default_deny
- file_audit_tools_group_ownership
- file_audit_tools_ownership
- file_audit_tools_permissions
Expand Down
1 change: 1 addition & 0 deletions tests/data/profile_stability/rhel9/stig_gui.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,7 @@ selections:
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
- ensure_redhat_gpgkey_installed
- fapolicy_default_deny
- file_audit_tools_group_ownership
- file_audit_tools_ownership
- file_audit_tools_permissions
Expand Down

0 comments on commit 95eed20

Please sign in to comment.