Automated ingestion of profiles

Signed-off-by: MITRE SAF <[email protected]>
mitre · Oct 24, 2024 · f3bc297 · f3bc297
1 parent d5b0751
commit f3bc297
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/assets/data/baselineProfiles/redhat-enterprise-linux-8-stig-baseline.json b/src/assets/data/baselineProfiles/redhat-enterprise-linux-8-stig-baseline.json
@@ -4132,7 +4132,7 @@
         ],
         "host": null
       },
-      "code": "control 'SV-230484' do\n  title \"RHEL 8 must securely compare internal information system clocks at\nleast every 24 hours with a server synchronized to an authoritative time\nsource, such as the United States Naval Observatory (USNO) time servers, or a\ntime server designated for the appropriate DoD network (NIPRNet/SIPRNet),\nand/or the Global Positioning System (GPS).\"\n  desc 'Inaccurate time stamps make it more difficult to correlate events and\ncan lead to an inaccurate analysis. Determining the correct time a particular\nevent occurred on a system is critical when conducting forensic analysis and\ninvestigating system events. Sources outside the configured acceptable\nallowance (drift) may be inaccurate.\n\n    Synchronizing internal information system clocks provides uniformity of\ntime stamps for information systems with multiple system clocks and systems\nconnected over a network.\n\n    Organizations should consider endpoints that may not have regular access to\nthe authoritative time server (e.g., mobile, teleworking, and tactical\nendpoints).\n\n    If time stamps are not consistently applied and there is no common time\nreference, it is difficult to perform forensic analysis.\n\n    Time stamps generated by the operating system include date and time. Time\nis commonly expressed in Coordinated Universal Time (UTC), a modern\ncontinuation of Greenwich Mean Time (GMT), or local time with an offset from\nUTC.\n\n    RHEL 8 utilizes the \"timedatectl\" command to view the status of the\n\"systemd-timesyncd.service\". The \"timedatectl\" status will display the\nlocal time, UTC, and the offset from UTC.\n\n    Note that USNO offers authenticated NTP service to DoD and U.S. Government\nagencies operating on the NIPR and SIPR networks. Visit\nhttps://www.usno.navy.mil/USNO/time/ntp/dod-customers for more information.'\n  desc 'check', 'Verify RHEL 8 is securely comparing internal information system clocks at\nleast every 24 hours with an NTP server with the following commands:\n\n    $ sudo grep maxpoll /etc/chrony.conf\n\n    server 0.us.pool.ntp.mil iburst maxpoll 16\n\n    If the \"maxpoll\" option is set to a number greater than 16 or the line is\ncommented out, this is a finding.\n\n    Verify the \"chrony.conf\" file is configured to an authoritative DoD time\nsource by running the following command:\n\n    $ sudo grep -i server /etc/chrony.conf\n    server 0.us.pool.ntp.mil\n\n    If the parameter \"server\" is not set or is not set to an authoritative\nDoD time source, this is a finding.'\n  desc 'fix', \"Configure the operating system to securely compare internal information\nsystem clocks at least every 24 hours with an NTP server by adding/modifying\nthe following line in the /etc/chrony.conf file.\n\n    server [ntp.server.name] iburst maxpoll 16\"\n  impact 0.5\n  ref 'DPMS Target Red Hat Enterprise Linux 8'\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000355-GPOS-00143'\n  tag satisfies: ['SRG-OS-000355-GPOS-00143', 'SRG-OS-000356-GPOS-00144', 'SRG-OS-000359-GPOS-00146']\n  tag gid: 'V-230484'\n  tag rid: 'SV-230484r877038_rule'\n  tag stig_id: 'RHEL-08-030740'\n  tag fix_id: 'F-33128r568199_fix'\n  tag cci: ['CCI-001891']\n  tag nist: ['AU-8 (1) (a)']\n  tag 'host'\n\n  only_if('This control is Not Applicable to containers', impact: 0.0) {\n    !virtualization.system.eql?('docker')\n  }\n  # No need to provide filepath\n  time_sources = chrony_conf.server\n\n  # Cover case when a single server is defined and resource returns a string and not an array\n  time_sources = [time_sources] if time_sources.is_a? String\n\n  unless time_sources.nil?\n    max_poll_values = time_sources.map { |val|\n      val.match?(/.*maxpoll.*/) ? val.gsub(/.*maxpoll\\s+(\\d+)(\\s+.*|$)/, '\\1').to_i : 10\n    }\n  end\n\n  # Verify the \"chrony.conf\" file is configured to a time source by running the following command:\n  describe chrony_conf do\n    its('server') { should_not be_nil }\n  end\n\n  unless chrony_conf.server.nil?\n    # If there is only one server and the resource returns a string, check if the server matches the input\n    if chrony_conf.server.is_a? String\n      describe chrony_conf do\n        its('server') { should match input('authoritative_timeserver') }\n      end\n    end\n    # Check if each server in the server array exists in the input\n    if chrony_conf.server.is_a? Array\n      chrony_conf.server.each do |server|\n        describe server do\n          its('server.join') { should match input('authoritative_timeserver') }\n        end\n      end\n    end\n\n    # All time sources must contain valid maxpoll entries\n    unless time_sources.nil?\n      describe 'chronyd maxpoll values (99=maxpoll absent)' do\n        subject { max_poll_values }\n        it { should all be < 17 }\n      end\n    end\n  end\nend\n",
+      "code": "control 'SV-230484' do\n  title \"RHEL 8 must securely compare internal information system clocks at\nleast every 24 hours with a server synchronized to an authoritative time\nsource, such as the United States Naval Observatory (USNO) time servers, or a\ntime server designated for the appropriate DoD network (NIPRNet/SIPRNet),\nand/or the Global Positioning System (GPS).\"\n  desc 'Inaccurate time stamps make it more difficult to correlate events and\ncan lead to an inaccurate analysis. Determining the correct time a particular\nevent occurred on a system is critical when conducting forensic analysis and\ninvestigating system events. Sources outside the configured acceptable\nallowance (drift) may be inaccurate.\n\n    Synchronizing internal information system clocks provides uniformity of\ntime stamps for information systems with multiple system clocks and systems\nconnected over a network.\n\n    Organizations should consider endpoints that may not have regular access to\nthe authoritative time server (e.g., mobile, teleworking, and tactical\nendpoints).\n\n    If time stamps are not consistently applied and there is no common time\nreference, it is difficult to perform forensic analysis.\n\n    Time stamps generated by the operating system include date and time. Time\nis commonly expressed in Coordinated Universal Time (UTC), a modern\ncontinuation of Greenwich Mean Time (GMT), or local time with an offset from\nUTC.\n\n    RHEL 8 utilizes the \"timedatectl\" command to view the status of the\n\"systemd-timesyncd.service\". The \"timedatectl\" status will display the\nlocal time, UTC, and the offset from UTC.\n\n    Note that USNO offers authenticated NTP service to DoD and U.S. Government\nagencies operating on the NIPR and SIPR networks. Visit\nhttps://www.usno.navy.mil/USNO/time/ntp/dod-customers for more information.'\n  desc 'check', 'Verify RHEL 8 is securely comparing internal information system clocks at\nleast every 24 hours with an NTP server with the following commands:\n\n    $ sudo grep maxpoll /etc/chrony.conf\n\n    server 0.us.pool.ntp.mil iburst maxpoll 16\n\n    If the \"maxpoll\" option is set to a number greater than 16 or the line is\ncommented out, this is a finding.\n\n    Verify the \"chrony.conf\" file is configured to an authoritative DoD time\nsource by running the following command:\n\n    $ sudo grep -i server /etc/chrony.conf\n    server 0.us.pool.ntp.mil\n\n    If the parameter \"server\" is not set or is not set to an authoritative\nDoD time source, this is a finding.'\n  desc 'fix', \"Configure the operating system to securely compare internal information\nsystem clocks at least every 24 hours with an NTP server by adding/modifying\nthe following line in the /etc/chrony.conf file.\n\n    server [ntp.server.name] iburst maxpoll 16\"\n  impact 0.5\n  ref 'DPMS Target Red Hat Enterprise Linux 8'\n  tag severity: 'medium'\n  tag gtitle: 'SRG-OS-000355-GPOS-00143'\n  tag satisfies: ['SRG-OS-000355-GPOS-00143', 'SRG-OS-000356-GPOS-00144', 'SRG-OS-000359-GPOS-00146']\n  tag gid: 'V-230484'\n  tag rid: 'SV-230484r877038_rule'\n  tag stig_id: 'RHEL-08-030740'\n  tag fix_id: 'F-33128r568199_fix'\n  tag cci: ['CCI-001891']\n  tag nist: ['AU-8 (1) (a)']\n  tag 'host'\n\n  only_if('This control is Not Applicable to containers', impact: 0.0) {\n    !virtualization.system.eql?('docker')\n  }\n  # No need to provide filepath\n  time_sources = chrony_conf.server\n\n  # Cover case when a single server is defined and resource returns a string and not an array\n  time_sources = [time_sources] if time_sources.is_a? String\n\n  unless time_sources.nil?\n    max_poll_values = time_sources.map { |val|\n      val.match?(/.*maxpoll.*/) ? val.gsub(/.*maxpoll\\s+(\\d+)(\\s+.*|$)/, '\\1').to_i : 10\n    }\n  end\n\n  # Verify the \"chrony.conf\" file is configured to a time source by running the following command:\n  describe chrony_conf do\n    its('server') { should_not be_nil }\n  end\n\n  unless chrony_conf.server.nil?\n    # If there is only one server and the resource returns a string, check if the server matches the input\n    if chrony_conf.server.is_a? String\n      describe chrony_conf do\n        its('server') { should match input('authoritative_timeserver') }\n      end\n    end\n    # Check if each server in the server array exists in the input\n    if chrony_conf.server.is_a? Array\n      chrony_conf.server.each do |server|\n        describe server do\n          it { should match input('authoritative_timeserver') }\n        end\n      end\n    end\n\n    # All time sources must contain valid maxpoll entries\n    unless time_sources.nil?\n      describe 'chronyd maxpoll values (99=maxpoll absent)' do\n        subject { max_poll_values }\n        it { should all be < 17 }\n      end\n    end\n  end\nend\n",
       "source_location": {
         "ref": "./Red Hat 8 STIG/controls/SV-230484.rb",
         "line": 1
@@ -17263,7 +17263,7 @@
       "id": "controls/SV-230259.rb"
     }
   ],
-  "sha256": "4686ad0eeb79fc77d0bcd19ea35ce217aa612bd03a7a08cd2ad0cc5a66e48c2a",
+  "sha256": "eaf08a3d96a7aa5443b59ee460282f9786d4e0d7c29c497bb7f767b20c6aef05",
   "status_message": "",
   "status": "loaded",
   "generator": {