File: rule.yml

package info (click to toggle)
scap-security-guide 0.1.78-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,600 kB
  • sloc: xml: 245,305; sh: 84,381; python: 33,093; makefile: 27
file content (58 lines) | stat: -rw-r--r-- 2,408 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
documentation_complete: true

title: 'Ensure the audit Subsystem is Installed'

description: 'The audit package should be installed.'

rationale: 'The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.'

severity: medium

identifiers:
    cce@rhcos4: CCE-82669-3
    cce@rhel8: CCE-81043-2
    cce@rhel9: CCE-83649-4
    cce@rhel10: CCE-88240-7
    cce@sle12: CCE-83023-2
    cce@sle15: CCE-85612-0
    cce@slmicro5: CCE-93756-5
    cce@slmicro6: CCE-94705-1

references:
    cis@sle12: 4.1.1.1
    cis@sle15: 4.1.1.1
    hipaa: 164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b)
    nerc-cip: CIP-004-6 R3.3,CIP-007-3 R6.5
    nist: AC-7(a),AU-7(1),AU-7(2),AU-14,AU-12(2),AU-2(a),CM-6(a)
    nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1)
    ospp: FAU_GEN.1
    pcidss: Req-10.1
    srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
    stigid@ol8: OL08-00-030180
    stigid@sle12: SLES-12-020000
    stigid@sle15: SLES-15-030650

ocil_clause: 'the audit package is not installed'

ocil: '{{{ ocil_package("audit") }}}'

fixtext: |-
    Install the audit service (if the audit service is not already installed) with the following command:

    {{{ package_install("audit") }}}

{{% if 'ubuntu' not in product and 'debian' not in product %}}
srg_requirement: '{{{ srg_requirement_package_installed("audit") }}}'
{{% else %}}
srg_requirement: '{{{ srg_requirement_package_installed("auditd") }}}'
{{% endif %}}

template:
    name: package_installed
    vars:
        pkgname: audit
        pkgname@ubuntu2204: auditd
        pkgname@ubuntu2404: auditd
        pkgname@debian11: auditd
        pkgname@debian12: auditd
        pkgname@debian13: auditd