diff --git a/conf/waivers/10-unknown b/conf/waivers/10-unknown index 25d781f1..4a49a829 100644 --- a/conf/waivers/10-unknown +++ b/conf/waivers/10-unknown @@ -124,6 +124,28 @@ /hardening/host-os/oscap/.+/sysctl_net_ipv4_conf_default_log_martians Match(True, sometimes=True) +# DISA Alignment waivers +# +# https://github.com/ComplianceAsCode/content/issues/11804 +/scanning/disa-alignment/.*/harden_sshd_ciphers_openssh_conf_crypto_policy +# https://github.com/ComplianceAsCode/content/issues/11692 +/scanning/disa-alignment/.*/accounts_password_pam_pwhistory_remember_system_auth +# https://github.com/ComplianceAsCode/content/issues/11695 +/scanning/disa-alignment/.*/service_pcscd_enabled +# https://github.com/ComplianceAsCode/content/issues/11698 +/scanning/disa-alignment/.*/no_shelllogin_for_systemaccounts +# https://github.com/ComplianceAsCode/content/issues/11778 +/scanning/disa-alignment/.*/file_permission_user_init_files_root +# https://github.com/ComplianceAsCode/content/issues/11700 +/scanning/disa-alignment/.*/accounts_umask_etc_bashrc +# https://github.com/ComplianceAsCode/content/issues/11802 +/scanning/disa-alignment/.*/CCE-88173-0 +# https://github.com/ComplianceAsCode/content/issues/11703 +/scanning/disa-alignment/.*/file_permissions_library_dirs +# https://github.com/ComplianceAsCode/content/issues/11803 +/scanning/disa-alignment/.*/CCE-90811-1 + rhel == 9 + # HTML links # # https://github.com/ComplianceAsCode/content/issues/11801 diff --git a/conf/waivers/20-long-term b/conf/waivers/20-long-term index 3eaad839..09d68c40 100644 --- a/conf/waivers/20-long-term +++ b/conf/waivers/20-long-term @@ -124,11 +124,9 @@ /scanning/disa-alignment/.*/accounts_password_pam_pwhistory_remember_password_auth # https://github.com/ComplianceAsCode/content/issues/11197 (DISA issue) /scanning/disa-alignment/.*/display_login_attempts - rhel == 8 + rhel == 8 or rhel == 9 # https://github.com/ComplianceAsCode/content/issues/11649 (DISA issue) /scanning/disa-alignment/.*/installed_OS_is_vendor_supported -# https://github.com/ComplianceAsCode/content/issues/11650 -/scanning/disa-alignment/.*/kernel_module_tipc_disabled rhel == 9 # sssd_enable_pam_services is missing Ansible remediation