File: rule.yml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (55 lines) | stat: -rw-r--r-- 2,274 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
{{% if product in ["sle12","sle15"] %}}
{{% set package_name = "libaudit1" %}}
{{% else %}}
{{% set package_name = "audit-libs" %}}
{{% endif %}}

documentation_complete: true

title: 'Ensure the {{{ package_name }}} package as a part of audit Subsystem is Installed'


description: 'The {{{ package_name }}} package should be installed.'

rationale: 'The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.'

severity: medium

identifiers:
    cce@rhel9: CCE-86772-1
    cce@rhel10: CCE-90611-5
    cce@sle12: CCE-92320-1
    cce@sle15: CCE-92478-7
    cce@slmicro5: CCE-93872-0

references:
    cis@sle12: 4.1.1.1
    cis@sle15: 4.1.1.1
    nerc-cip: CIP-004-6 R3.3,CIP-007-3 R6.5
    nist: AC-7(a),AU-7(1),AU-7(2),AU-14,AU-12(2),AU-2(a),CM-6(a)
    nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1)
    pcidss: Req-10.2.1
    srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220

ocil_clause: 'the {{{ package_name }}} package is not installed'

{{% if product in ["sle12","sle15","slmicro5"] %}}
ocil: '{{{ ocil_package("libaudit1") }}}'
{{% else %}}
ocil: '{{{ ocil_package("audit-libs") }}}'
{{% endif %}}

fixtext: |-
    Install the {{{ package_name }}} package (if {{{ package_name }}} package is not already installed) with the following command:
{{% if product in ["sle12","sle15","slmicro5"] %}}
    {{{ package_install("libaudit1") }}}
{{% else %}}
    {{{ package_install("audit-libs") }}}
{{% endif %}}

template:
    name: package_installed
    vars:
        pkgname: audit-libs
        pkgname@sle15: libaudit1
        pkgname@slmicro5: libaudit1