Skip to content

Commit

Permalink
add file_permission_user_init_files_root and associated variable to R…
Browse files Browse the repository at this point in the history 
…HEL 8 STIG profile
  • Loading branch information
@vojtapolasek
vojtapolasek committed Jun 20, 2024
1 parent 51001b1 commit 93e5bbe
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 3 deletions.
2 changes: 2 additions & 0 deletions ...x_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,13 @@ rationale: |-
severity: medium

identifiers:
cce@rhel8: CCE-86101-3
cce@rhel9: CCE-87087-3

references:
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227
stigid@rhel8: RHEL-08-010770

ocil_clause: 'they are not 0740 or more permissive'

Expand Down
3 changes: 2 additions & 1 deletion products/rhel8/profiles/stig.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -480,7 +480,8 @@ selections:
- accounts_have_homedir_login_defs

# RHEL-08-010770
- file_permission_user_init_files
- file_permission_user_init_files_root
- var_user_initialization_files_regex=all_dotfiles

# RHEL-08-010780
- no_files_unowned_by_user
Expand Down
3 changes: 2 additions & 1 deletion tests/data/profile_stability/rhel8/stig.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ selections:
- installed_OS_is_vendor_supported
- package_postfix_installed
- account_password_pam_faillock_system_auth
- file_permission_user_init_files
- file_permission_user_init_files_root
- audit_rules_privileged_commands_ssh_keysign
- sysctl_fs_protected_hardlinks
- sshd_enable_strictmodes
Expand Down Expand Up @@ -492,6 +492,7 @@ selections:
- var_screensaver_lock_delay=5_seconds
- var_logind_session_timeout=15_minutes
- var_auditd_name_format=stig
- var_user_initialization_files_regex=all_dotfiles
unselected_groups: []
platforms: !!set {}
cpe_names: !!set {}
Expand Down
3 changes: 2 additions & 1 deletion tests/data/profile_stability/rhel8/stig_gui.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ selections:
- audit_rules_usergroup_modification_group
- kernel_module_atm_disabled
- audit_rules_unsuccessful_file_modification_open
- file_permission_user_init_files
- file_permission_user_init_files_root
- configure_ssh_crypto_policy
- dir_ownership_library_dirs
- package_rsyslog_installed
Expand Down Expand Up @@ -499,6 +499,7 @@ selections:
- var_screensaver_lock_delay=5_seconds
- var_logind_session_timeout=15_minutes
- var_auditd_name_format=stig
- var_user_initialization_files_regex=all_dotfiles
unselected_groups: []
platforms: !!set {}
cpe_names: !!set {}
Expand Down

0 comments on commit 93e5bbe

Please sign in to comment.