Skip to content

Commit

Permalink
Merge pull request #10155 from vojtapolasek/fix_rhel8_cis_levels_stab
Browse files Browse the repository at this point in the history
stabilization: Update levels of some rules in RHEL8 CIS
  • Loading branch information
mildas authored Feb 1, 2023
2 parents 506aa71 + 4dd7984 commit dac8184
Showing 1 changed file with 29 additions and 29 deletions.
58 changes: 29 additions & 29 deletions controls/cis_rhel8.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ controls:
- id: 1.1.1.3
title: Ensure mounting of udf filesystems is disabled (Automated)
levels:
- l1_server
- l1_workstation
- l2_server
- l2_workstation
status: automated
rules:
- kernel_module_udf_disabled
Expand Down Expand Up @@ -456,26 +456,26 @@ controls:
- id: 1.6.1.1
title: Ensure SELinux is installed (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: automated
rules:
- package_libselinux_installed

- id: 1.6.1.2
title: Ensure SELinux is not disabled in bootloader configuration (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: automated
rules:
- grub2_enable_selinux

- id: 1.6.1.3
title: Ensure SELinux policy is configured (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: automated
rules:
- var_selinux_policy_name=targeted
Expand All @@ -485,8 +485,8 @@ controls:
- id: 1.6.1.4
title: Ensure the SELinux mode is not disabled (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: planned

- id: 1.6.1.5
Expand All @@ -502,25 +502,25 @@ controls:
- id: 1.6.1.6
title: Ensure no unconfined services exist (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: automated
rules:
- selinux_confinement_of_daemons

- id: 1.6.1.7
title: Ensure SETroubleshoot is not installed (Automated)
levels:
- l2_server
- l1_server
status: automated
rules:
- package_setroubleshoot_removed

- id: 1.6.1.8
title: Ensure the MCS Translation Service (mcstrans) is not installed (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: automated
rules:
- package_mcstrans_removed
Expand Down Expand Up @@ -1736,8 +1736,8 @@ controls:
- id: 4.2.1.7
title: Ensure rsyslog is not configured to recieve logs from a remote client (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: partial
rules:
- rsyslog_nolisten
Expand All @@ -1746,37 +1746,37 @@ controls:
- id: 4.2.2.1.1
title: Ensure systemd-journal-remote is installed (Manual)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: manual

- id: 4.2.2.1.2
title: Ensure systemd-journal-remote is configured (Manual)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: manual

- id: 4.2.2.1.3
title: Ensure systemd-journal-remote is enabled (Manual)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: manual

# NEEDS RULE
- id: 4.2.2.1.4
title: Ensure journald is not configured to recieve logs from a remote client (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: planned

- id: 4.2.2.2
title: Ensure journald service is enabled (Automated)
levels:
- l2_server
- l2_workstation
- l1_server
- l1_workstation
status: automated
rules:
- service_systemd-journald_enabled
Expand Down Expand Up @@ -2383,8 +2383,8 @@ controls:
- id: 6.1.1
title: Audit system file permissions (Manual)
levels:
- l1_server
- l1_workstation
- l2_server
- l2_workstation
status: manual
related_rules:
- rpm_verify_permissions
Expand Down

0 comments on commit dac8184

Please sign in to comment.