From 433f1f2a213a786625111d721398cfe3abea3125 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 15 Feb 2024 14:04:03 +0100 Subject: [PATCH 1/5] Use controls to generate CCN references --- controls/ccn_rhel9.yml | 2 ++ .../dns/disabling_dns_server/package_bind_removed/rule.yml | 1 - .../ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml | 1 - .../disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml | 1 - .../imap/disabling_dovecot/package_dovecot_removed/rule.yml | 1 - linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml | 1 - .../guide/services/ntp/chronyd_specify_remote_server/rule.yml | 1 - linux_os/guide/services/ntp/package_chrony_installed/rule.yml | 1 - .../obsolete/telnet/package_telnet-server_removed/rule.yml | 1 - .../services/obsolete/tftp/package_tftp-server_removed/rule.yml | 1 - .../proxy/disabling_squid/package_squid_removed/rule.yml | 1 - .../disabling_snmp_service/package_net-snmp_removed/rule.yml | 1 - .../ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml | 1 - .../services/ssh/ssh_server/sshd_limit_user_access/rule.yml | 1 - .../services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml | 1 - .../guide/services/usbguard/package_usbguard_installed/rule.yml | 1 - .../guide/services/usbguard/service_usbguard_enabled/rule.yml | 1 - .../guide/services/usbguard/usbguard_generate_policy/rule.yml | 1 - .../system/accounts/accounts-banners/banner_etc_issue/rule.yml | 1 - .../accounts/accounts-banners/banner_etc_issue_net/rule.yml | 1 - .../system/accounts/accounts-banners/banner_etc_motd/rule.yml | 1 - .../gui_login_banner/dconf_gnome_banner_enabled/rule.yml | 1 - .../gui_login_banner/dconf_gnome_login_banner_text/rule.yml | 1 - .../accounts_passwords_pam_faillock_deny/rule.yml | 1 - .../accounts_passwords_pam_faillock_unlock_time/rule.yml | 1 - .../accounts_password_pam_minclass/rule.yml | 1 - .../accounts_password_pam_minlen/rule.yml | 1 - .../accounts_password_pam_retry/rule.yml | 1 - .../set_password_hashing_algorithm_logindefs/rule.yml | 1 - .../set_password_hashing_algorithm_passwordauth/rule.yml | 1 - .../set_password_hashing_algorithm_systemauth/rule.yml | 1 - .../accounts_maximum_age_login_defs/rule.yml | 1 - .../accounts_minimum_age_login_defs/rule.yml | 1 - .../accounts_password_set_max_life_existing/rule.yml | 1 - .../accounts_password_set_min_life_existing/rule.yml | 1 - .../accounts_password_set_warn_age_existing/rule.yml | 1 - .../accounts_password_warn_age_login_defs/rule.yml | 1 - .../password_storage/no_empty_passwords_etc_shadow/rule.yml | 1 - .../root_logins/ensure_root_password_configured/rule.yml | 1 - .../root_logins/no_password_auth_for_systemaccounts/rule.yml | 1 - .../root_logins/no_shelllogin_for_systemaccounts/rule.yml | 1 - .../root_logins/use_pam_wheel_for_su/rule.yml | 1 - .../system/accounts/accounts-session/accounts_tmout/rule.yml | 1 - .../user_umask/accounts_umask_etc_bashrc/rule.yml | 1 - .../user_umask/accounts_umask_etc_login_defs/rule.yml | 1 - .../user_umask/accounts_umask_etc_profile/rule.yml | 1 - linux_os/guide/system/accounts/enable_authselect/rule.yml | 1 - .../audit_rules_dac_modification_chmod/rule.yml | 1 - .../audit_rules_dac_modification_chown/rule.yml | 1 - .../audit_rules_dac_modification_fchmod/rule.yml | 1 - .../audit_rules_dac_modification_fchmodat/rule.yml | 1 - .../audit_rules_dac_modification_fchown/rule.yml | 1 - .../audit_rules_dac_modification_fchownat/rule.yml | 1 - .../audit_rules_dac_modification_fremovexattr/rule.yml | 1 - .../audit_rules_dac_modification_fsetxattr/rule.yml | 1 - .../audit_rules_dac_modification_lchown/rule.yml | 1 - .../audit_rules_dac_modification_lremovexattr/rule.yml | 1 - .../audit_rules_dac_modification_lsetxattr/rule.yml | 1 - .../audit_rules_dac_modification_removexattr/rule.yml | 1 - .../audit_rules_dac_modification_setxattr/rule.yml | 1 - .../audit_rules_unsuccessful_file_modification_creat/rule.yml | 1 - .../rule.yml | 1 - .../audit_rules_unsuccessful_file_modification_open/rule.yml | 1 - .../audit_rules_unsuccessful_file_modification_openat/rule.yml | 1 - .../rule.yml | 1 - .../audit_rules_login_events_faillock/rule.yml | 1 - .../audit_rules_login_events_lastlog/rule.yml | 1 - .../auditd_configure_rules/audit_rules_media_export/rule.yml | 1 - .../auditd_configure_rules/audit_rules_session_events/rule.yml | 1 - .../audit_rules_sysadmin_actions/rule.yml | 1 - .../audit_rules_usergroup_modification_group/rule.yml | 1 - .../audit_rules_usergroup_modification_gshadow/rule.yml | 1 - .../audit_rules_usergroup_modification_opasswd/rule.yml | 1 - .../audit_rules_usergroup_modification_passwd/rule.yml | 1 - .../audit_rules_usergroup_modification_shadow/rule.yml | 1 - .../auditd_configure_rules/audit_sudo_log_events/rule.yml | 1 - .../directory_permissions_var_log_audit/rule.yml | 1 - .../file_group_ownership_var_log_audit/rule.yml | 1 - .../file_groupownership_audit_configuration/rule.yml | 1 - .../file_ownership_audit_configuration/rule.yml | 1 - .../file_ownership_var_log_audit/rule.yml | 1 - .../file_permissions_audit_configuration/rule.yml | 1 - .../file_permissions_var_log_audit/rule.yml | 1 - .../auditd_data_retention_max_log_file_action/rule.yml | 1 - .../non-uefi/file_groupowner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml | 1 - .../non-uefi/file_permissions_grub2_cfg/rule.yml | 1 - .../non-uefi/file_permissions_user_cfg/rule.yml | 1 - .../system/bootloader-grub2/non-uefi/grub2_password/rule.yml | 1 - .../firewalld_activation/service_firewalld_enabled/rule.yml | 1 - .../firewalld_loopback_traffic_restricted/rule.yml | 1 - .../firewalld_loopback_traffic_trusted/rule.yml | 1 - .../ruleset_modifications/set_firewalld_default_zone/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_accept_ra/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_ra/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_log_martians/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_rp_filter/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_secure_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_log_martians/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_rp_filter/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_secure_redirects/rule.yml | 1 - .../sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml | 1 - .../sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml | 1 - .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_send_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_send_redirects/rule.yml | 1 - .../network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml | 1 - .../network/network-nftables/service_nftables_disabled/rule.yml | 1 - .../mounting/kernel_module_squashfs_disabled/rule.yml | 1 - .../permissions/mounting/kernel_module_udf_disabled/rule.yml | 1 - .../mounting/kernel_module_usb-storage_disabled/rule.yml | 1 - .../restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml | 1 - linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml | 1 - .../guide/system/selinux/package_libselinux_installed/rule.yml | 1 - linux_os/guide/system/selinux/selinux_policytype/rule.yml | 1 - linux_os/guide/system/selinux/selinux_state/rule.yml | 1 - .../software/disk_partitioning/encrypt_partitions/rule.yml | 1 - .../guide/system/software/gnome/dconf_db_up_to_date/rule.yml | 1 - .../gnome_login_screen/dconf_gnome_disable_user_list/rule.yml | 1 - .../gnome_media_settings/dconf_gnome_disable_automount/rule.yml | 1 - .../dconf_gnome_disable_automount_open/rule.yml | 1 - .../gnome_media_settings/dconf_gnome_disable_autorun/rule.yml | 1 - .../dconf_gnome_screensaver_idle_delay/rule.yml | 1 - .../dconf_gnome_screensaver_lock_delay/rule.yml | 1 - .../software/integrity/crypto/configure_crypto_policy/rule.yml | 1 - .../integrity/crypto/configure_ssh_crypto_policy/rule.yml | 1 - linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml | 1 - .../system/software/sudo/sudo_require_authentication/rule.yml | 1 - .../system/software/sudo/sudo_require_reauthentication/rule.yml | 1 - .../system-tools/package_cryptsetup-luks_installed/rule.yml | 1 - 141 files changed, 2 insertions(+), 140 deletions(-) diff --git a/controls/ccn_rhel9.yml b/controls/ccn_rhel9.yml index 716b20e026f..4dba64f7a42 100644 --- a/controls/ccn_rhel9.yml +++ b/controls/ccn_rhel9.yml @@ -12,6 +12,8 @@ levels: - id: advanced inherits_from: - intermediate +reference_type: ccn +product: rhel9 controls: - id: reload_dconf_db diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml index d770f8048b4..c3090bdcedc 100644 --- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-91285-7 references: - ccn@rhel9: A.8.SEC-RHEL4 cis-csc: 11,14,3,9 cis@sle12: 2.2.9 cis@sle15: 2.2.9 diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml index cbb01d547f3..c010fc17cb3 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml @@ -19,7 +19,6 @@ identifiers: cce@sle15: CCE-85700-3 references: - ccn@rhel9: A.8.SEC-RHEL4 cis-csc: 11,14,3,9 cis@sle12: 2.2.10 cis@sle15: 2.2.10 diff --git a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml index 75589441d72..483036c146f 100644 --- a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml +++ b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml @@ -18,7 +18,6 @@ identifiers: cce@rhel9: CCE-88120-1 references: - ccn@rhel9: A.8.SEC-RHEL4 cis@ubuntu2004: 2.2.11 cis@ubuntu2204: 2.2.10 diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml index 246657b7bf8..c2ad79d8036 100644 --- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-91369-9 references: - ccn@rhel9: A.8.SEC-RHEL4 cis@sle12: 2.2.12 cis@sle15: 2.2.12 cis@ubuntu2004: 2.2.11 diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml index 34771256fb3..83f388c7f76 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml @@ -45,7 +45,6 @@ identifiers: cce@sle15: CCE-91360-8 references: - ccn@rhel9: A.3.SEC-RHEL3 cis@sle12: 2.2.1.3 cis@sle15: 2.2.1.3 cis@ubuntu2004: 2.2.1.3 diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml index 928b79aa492..7f79f8a2e54 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml @@ -28,7 +28,6 @@ identifiers: cce@sle15: CCE-85833-2 references: - ccn@rhel9: A.3.SEC-RHEL3 cis@sle12: 2.2.1.3 cis@sle15: 2.2.1.3 cis@ubuntu2004: 2.2.1.3 diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml index 8ac082c62f6..643cd8393d0 100644 --- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml +++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-91229-5 references: - ccn@rhel9: A.3.SEC-RHEL3 cis@sle12: 2.2.1.1 cis@sle15: 2.2.1.1 cis@ubuntu2004: 2.2.1.1 diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml index 432a3278f97..5b852d23cba 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@sle15: CCE-83273-3 references: - ccn@rhel9: A.8.SEC-RHEL4 cis-csc: 11,12,14,15,3,8,9 cis@sle12: 2.2.19 cis@sle15: 2.2.19 diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml index f915495ac1c..0327c45de02 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-91227-9 references: - ccn@rhel9: A.8.SEC-RHEL4 cis-csc: 11,12,14,15,3,8,9 cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06 disa: CCI-000318,CCI-000366,CCI-000368,CCI-001812,CCI-001813,CCI-001814 diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml index ab6839e6d22..315c4a92992 100644 --- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml @@ -21,7 +21,6 @@ identifiers: {{{ complete_ocil_entry_package(package="squid") }}} references: - ccn@rhel9: A.8.SEC-RHEL4 cis@sle12: 2.2.14 cis@sle15: 2.2.14 cis@ubuntu2004: 2.2.13 diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml index 10f684554b7..5bd757eb14c 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml @@ -27,7 +27,6 @@ identifiers: cce@sle15: CCE-91288-1 references: - ccn@rhel9: A.8.SEC-RHEL4 cis@sle12: 2.2.15 cis@sle15: 2.2.15 cis@ubuntu2004: 2.2.14 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml index da16b30cb44..95301fc60c7 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml @@ -28,7 +28,6 @@ identifiers: cce@rhel9: CCE-87979-1 references: - ccn@rhel9: A.11.SEC-RHEL4 cis@ubuntu2004: 5.2.18 cis@ubuntu2204: 5.2.17 cjis: 5.5.6 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml index 6d6c5730967..6933e693d72 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml @@ -51,7 +51,6 @@ identifiers: cce@sle15: CCE-91343-4 references: - ccn@rhel9: A.11.SEC-RHEL2 cis-csc: 11,12,14,15,16,18,3,5 cis@sle12: 5.2.4 cis@sle15: 5.2.4 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index 3e278af5a38..c842de8511d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -38,7 +38,6 @@ identifiers: cce@sle15: CCE-83281-6 references: - ccn@rhel9: A.5.SEC-RHEL7 cis-csc: 1,12,13,14,15,16,18,3,5,7,8 cis@sle12: 5.2.16 cis@sle15: 5.2.16 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml index 331783acde7..2005ac97a9a 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@sle15: CCE-91228-7 references: - ccn@rhel9: A.5.SEC-RHEL7 cis-csc: 1,12,13,14,15,16,18,3,5,7,8 cis@sle12: 5.2.16 cis@sle15: 5.2.16 diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml index c5b55207f54..5ab8fccc0e6 100644 --- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml @@ -44,7 +44,6 @@ identifiers: cce@rhel9: CCE-84203-9 references: - ccn@rhel9: A.23.SEC-RHEL1 disa: CCI-001958 ism: "1418" nist: CM-8(3),IA-3 diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml index bbc76cd0945..8dc752ded3d 100644 --- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml @@ -19,7 +19,6 @@ identifiers: cce@rhel9: CCE-84205-4 references: - ccn@rhel9: A.23.SEC-RHEL1 disa: CCI-000416,CCI-001958 ism: "1418" nist: CM-8(3)(a),IA-3 diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml index c762f931879..cbfaec8c2e2 100644 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml @@ -20,7 +20,6 @@ identifiers: cce@rhel9: CCE-88882-6 references: - ccn@rhel9: A.23.SEC-RHEL1 disa: CCI-000416,CCI-001958 nist: CM-8(3)(a),IA-3 ospp: FMT_SMF_EXT.1 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml index 13f71129cfa..ed07eff55e8 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml @@ -94,7 +94,6 @@ identifiers: cce@sle15: CCE-83262-6 references: - ccn@rhel9: A.11.SEC-RHEL4 cis-csc: 1,12,15,16 cis@sle12: 1.8.1.2 cis@sle15: 1.8.1.2 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml index 2493f8550f0..625f8f38fd4 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml @@ -55,7 +55,6 @@ identifiers: cce@sle15: CCE-91350-9 references: - ccn@rhel9: A.11.SEC-RHEL4 cis@sle12: 1.8.1.3 cis@sle15: 1.8.1.3 cis@ubuntu2004: 1.8.1.3 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml index 445a852bed0..3992fc2eda3 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml @@ -55,7 +55,6 @@ identifiers: cce@sle15: CCE-91349-1 references: - ccn@rhel9: A.11.SEC-RHEL4 cis@sle12: 1.8.1.1 cis@sle15: 1.8.1.1 cis@ubuntu2004: 1.8.1.1 diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml index cbcdad22627..6f24c096964 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml @@ -37,7 +37,6 @@ identifiers: cce@sle15: CCE-83265-9 references: - ccn@rhel9: A.11.SEC-RHEL4 cis-csc: 1,12,15,16 cis@sle12: "1.9" cis@sle15: "1.10" diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml index 35c4c21c14b..4ebe3c4e60e 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml @@ -41,7 +41,6 @@ identifiers: cce@sle15: CCE-83266-7 references: - ccn@rhel9: A.11.SEC-RHEL4 cis-csc: 1,12,15,16 cis@sle12: "1.10" cis@sle15: "1.10" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml index 0080295806f..12b1e50a20f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml @@ -39,7 +39,6 @@ identifiers: cce@sle15: CCE-85842-3 references: - ccn@rhel9: A.30.SEC-RHEL1 cis-csc: 1,12,15,16 cis@ubuntu2204: 5.4.2 cjis: 5.5.3 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml index b5217cd35e6..42b6c0d2835 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml @@ -41,7 +41,6 @@ identifiers: cce@sle15: CCE-85841-5 references: - ccn@rhel9: A.30.SEC-RHEL1 cis-csc: 1,12,15,16 cis@ubuntu2204: 5.4.2 cjis: 5.5.3 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml index ce34238ce64..72f3193b008 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml @@ -41,7 +41,6 @@ identifiers: cce@rhel9: CCE-83563-7 references: - ccn@rhel9: A.11.SEC-RHEL3 cis-csc: 1,12,15,16,5 cis@ubuntu2004: 5.3.1 cis@ubuntu2204: 5.4.1 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml index f95a0bd746e..fd52b1c7c9d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml @@ -29,7 +29,6 @@ identifiers: cce@sle15: CCE-85785-4 references: - ccn@rhel9: A.11.SEC-RHEL3 cis-csc: 1,12,15,16,5 cis@sle12: 5.3.1 cis@sle15: 5.3.1 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml index cc8a56c3fee..7aac73f4abb 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml @@ -33,7 +33,6 @@ identifiers: cce@rhel9: CCE-83569-4 references: - ccn@rhel9: A.11.SEC-RHEL3 cis-csc: 1,11,12,15,16,3,5,9 cis@ubuntu2004: 5.3.1 cis@ubuntu2204: 5.4.1 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml index f1c1490343b..8f7845e4e45 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-83279-0 references: - ccn@rhel9: A.19.SEC-RHEL3 cis-csc: 1,12,15,16,5 cis@sle12: 5.4.1.1 cis@sle15: 5.4.1.1 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml index 80c3add66a0..a97e9af107a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml @@ -40,7 +40,6 @@ identifiers: cce@rhel9: CCE-85946-2 references: - ccn@rhel9: A.19.SEC-RHEL3 cis-csc: 1,12,15,16,5 cjis: 5.6.2.2 cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml index a24ff81cf87..0cf1e09b65d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml @@ -50,7 +50,6 @@ identifiers: cce@sle15: CCE-85565-0 references: - ccn@rhel9: A.19.SEC-RHEL3 cis-csc: 1,12,15,16,5 cjis: 5.6.2.2 cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml index a8cc92b17c3..da6f0264956 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@sle15: CCE-85570-0 references: - ccn@rhel9: A.5.SEC-RHEL5 cis-csc: 1,12,15,16,5 cis@sle12: 5.4.1.2 cis@sle15: 5.4.1.2 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml index 7f4e0cf1947..093c4c4abf0 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@sle15: CCE-85720-1 references: - ccn@rhel9: A.5.SEC-RHEL5 cis-csc: 1,12,15,16,5 cis@sle12: 5.4.1.3 cis@sle15: 5.4.1.3 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml index 58c28272737..3deceef48e3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-85571-8 references: - ccn@rhel9: A.5.SEC-RHEL5 cis@sle12: 5.4.1.2 cis@sle15: 5.4.1.2 cis@ubuntu2004: 5.4.1.1 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml index 0f8a5bf32a7..b123f403180 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-85710-2 references: - ccn@rhel9: A.5.SEC-RHEL5 cis@sle12: 5.4.1.3 cis@sle15: 5.4.1.3 cis@ubuntu2004: 5.4.1.2 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml index 74c6c96591f..f4b4be18e10 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-92479-5 references: - ccn@rhel9: A.5.SEC-RHEL5 cis@sle12: 5.4.1.4 cis@sle15: 5.4.1.4 disa: CCI-000198 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml index 049d45cde3b..5a69a9a82f4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-91335-0 references: - ccn@rhel9: A.5.SEC-RHEL5 cis-csc: 1,12,13,14,15,16,18,3,5,7,8 cis@sle12: 5.4.1.4 cis@sle15: 5.4.1.4 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml index 2dd6b706668..a13fab629fe 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@sle15: CCE-91155-2 references: - ccn@rhel9: A.6.SEC-RHEL4 cis@ubuntu2204: 6.2.2 disa: CCI-000366 nist: CM-6(b),CM-6.1(iv) diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml index 16693f1aa39..0934d3ea3e3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml @@ -22,7 +22,6 @@ identifiers: platform: machine references: - ccn@rhel9: A.6.SEC-RHEL4 cis@ubuntu2004: 1.5.3 cis@ubuntu2204: 1.4.3 pcidss4: '2.2.2' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml index e05eb2440ca..8c437feb7a3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@rhel9: CCE-86113-8 references: - ccn@rhel9: A.6.SEC-RHEL3 nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: AC-6,CM-6(a) pcidss4: '8.2.2' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml index 50bd97b40d3..d17e6afb12b 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml @@ -29,7 +29,6 @@ identifiers: cce@sle15: CCE-85672-4 references: - ccn@rhel9: A.6.SEC-RHEL3 cis-csc: 1,12,13,14,15,16,18,3,5,7,8 cis@sle12: 5.4.2 cis@sle15: 5.4.2 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml index 1bdad1692f7..332eb5419a8 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-91336-8 references: - ccn@rhel9: A.5.SEC-RHEL1 cis@sle12: "5.6" cis@sle15: "5.6" ospp: FMT_SMF_EXT.1.1 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index 9ef5276914a..113ed8e6189 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -45,7 +45,6 @@ identifiers: cce@sle15: CCE-83269-1 references: - ccn@rhel9: A.5.SEC-RHEL8 cis-csc: 1,12,15,16 cis@sle12: 5.4.4 cis@sle15: 5.4.4 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml index 290ae7643f7..870671adfab 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@sle15: CCE-91215-4 references: - ccn@rhel9: A.6.SEC-RHEL5 cis-csc: '18' cis@sle12: 5.4.5 cis@sle15: 5.4.5 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml index 4dec7096682..da58c8cb53a 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@sle15: CCE-85659-1 references: - ccn@rhel9: A.6.SEC-RHEL5 cis-csc: 11,18,3,9 cis@sle12: 5.4.5 cis@sle15: 5.4.5 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml index 6dd11ceeaa0..ffeabbba8b1 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml @@ -27,7 +27,6 @@ identifiers: cce@sle15: CCE-91216-2 references: - ccn@rhel9: A.6.SEC-RHEL5 cis-csc: '18' cis@sle12: 5.4.5 cis@sle15: 5.4.5 diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml index b02cfd53529..8a47c524ba8 100644 --- a/linux_os/guide/system/accounts/enable_authselect/rule.yml +++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@rhel9: CCE-89732-2 references: - ccn@rhel9: A.30.SEC-RHEL1 disa: CCI-000213 hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii) # taken from require_singleuser_auth nist: AC-3 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml index 2e62f2e147b..5c94b370063 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml @@ -38,7 +38,6 @@ identifiers: cce@sle15: CCE-85693-0 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml index d54df080281..46160227083 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml @@ -38,7 +38,6 @@ identifiers: cce@sle15: CCE-85690-6 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml index c6da105bce8..05e89f86b36 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85694-8 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml index 459abcff96f..79cb8b88e5f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85695-5 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml index b4bfed7bcbc..ba1b714b349 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml @@ -38,7 +38,6 @@ identifiers: cce@sle15: CCE-85721-9 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml index 3948d454732..58a16268ca4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85692-2 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index 263a39f1991..97b9cddbed3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -52,7 +52,6 @@ identifiers: cce@sle15: CCE-85686-4 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index 267dbda7bc7..bf4d09f388d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -47,7 +47,6 @@ identifiers: cce@sle15: CCE-85688-0 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml index 57cbf72ef11..20d45d6490f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml @@ -38,7 +38,6 @@ identifiers: cce@sle15: CCE-85691-4 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml index cb9711c2988..f37fcb6c2d2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -52,7 +52,6 @@ identifiers: cce@sle15: CCE-85685-6 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index 00158874250..8f5ecb1d4f1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -47,7 +47,6 @@ identifiers: cce@sle15: CCE-85689-8 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index c95621a88d5..e321fa1b1e4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -51,7 +51,6 @@ identifiers: cce@sle15: CCE-85684-9 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 44b26480dc2..6848e420eec 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -47,7 +47,6 @@ identifiers: cce@sle15: CCE-85687-2 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.9 cis@sle15: 4.1.9 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml index e1fe76cfa68..81d6d5d61a7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml @@ -43,7 +43,6 @@ identifiers: cce@sle15: CCE-85681-5 references: - ccn@rhel9: A.3.SEC-RHEL9 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.10 cis@sle15: 4.1.10 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml index 7af4301d324..2e2d7674baa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml @@ -43,7 +43,6 @@ identifiers: cce@sle15: CCE-85696-3 references: - ccn@rhel9: A.3.SEC-RHEL9 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.10 cis@sle15: 4.1.10 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml index 1df40c373bf..5b6609c8dfa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml @@ -46,7 +46,6 @@ identifiers: cce@sle15: CCE-85680-7 references: - ccn@rhel9: A.3.SEC-RHEL9 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.10 cis@sle15: 4.1.10 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml index 945098b79a2..cfda86b153e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml @@ -43,7 +43,6 @@ identifiers: cce@sle15: CCE-85682-3 references: - ccn@rhel9: A.3.SEC-RHEL9 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.10 cis@sle15: 4.1.10 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml index 120f52dd850..8b3778d0205 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml @@ -43,7 +43,6 @@ identifiers: cce@sle15: CCE-85608-8 references: - ccn@rhel9: A.3.SEC-RHEL9 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.10 cis@sle15: 4.1.10 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index 38642af4c8a..608e0aab335 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@sle15: CCE-91449-9 references: - ccn@rhel9: A.3.SEC-RHEL1 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.7 cis@sle15: 4.1.7 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index 18083ab8f71..307d05aad01 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@sle15: CCE-85598-1 references: - ccn@rhel9: A.3.SEC-RHEL1 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.7 cis@sle15: 4.1.7 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml index 31bf371f0b6..d39349de6f0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml @@ -33,7 +33,6 @@ identifiers: cce@sle15: CCE-85718-5 references: - ccn@rhel9: A.3.SEC-RHEL10 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.12 cis@sle15: 4.1.12 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml index 4b224155882..4dfa644a782 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85829-0 references: - ccn@rhel9: A.3.SEC-RHEL1 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.8 cis@sle15: 4.1.8 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml index 1b90c90b7dd..afaa7ab2553 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@sle15: CCE-85679-9 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.14 cis@sle15: 4.1.14 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml index 68bc0cb36dd..8e723f095b6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85578-3 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.4 cis@sle15: 4.1.4 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml index 2529f925540..e82989dab64 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85580-9 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.4 cis@sle15: 4.1.4 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml index 5b97bcb1e34..31a097d1475 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85728-4 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.4 cis@sle15: 4.1.4 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml index 1ea0e6dd49b..dfb8aa5a5f1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85577-5 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.4 cis@sle15: 4.1.4 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index 43a4842c53e..3c0d7f49712 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-85579-1 references: - ccn@rhel9: A.3.SEC-RHEL7 cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 cis@sle12: 4.1.4 cis@sle15: 4.1.4 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml index 7fd5102e72e..678f409d84d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml @@ -44,7 +44,6 @@ identifiers: cce@sle15: CCE-92551-1 references: - ccn@rhel9: A.3.SEC-RHEL7 cis@sle12: 4.1.15 cis@sle15: 4.1.15 cis@ubuntu2204: 4.1.3.3 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml index b96e4cb2be3..350c9ebc7a2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml @@ -33,7 +33,6 @@ identifiers: cce@rhel9: CCE-83734-4 references: - ccn@rhel9: A.3.SEC-RHEL2 cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 cis@ubuntu2204: 4.1.4.4 cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml index 0cce15855c3..b85964c3970 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@rhel9: CCE-89603-5 references: - ccn@rhel9: A.3.SEC-RHEL2 cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 cis@ubuntu2204: 4.1.4.3 cjis: 5.4.1.1 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml index 45b17d60a6e..e7ca0307fa5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel9: CCE-86446-2 references: - ccn@rhel9: A.3.SEC-RHEL4 cis@ubuntu2204: 4.1.4.7 disa: CCI-000171 srg: SRG-OS-000063-GPOS-00032 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml index 71f476e783e..f936821975b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@rhel9: CCE-86445-4 references: - ccn@rhel9: A.3.SEC-RHEL4 cis@ubuntu2204: 4.1.4.6 disa: CCI-000171 srg: SRG-OS-000063-GPOS-00032 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml index db68bbdb537..8475c583ee0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@sle15: CCE-85810-0 references: - ccn@rhel9: A.3.SEC-RHEL2 cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 cjis: 5.4.1.1 cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml index 9187b319529..b9ea22bb4f7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel9: CCE-88002-1 references: - ccn@rhel9: A.3.SEC-RHEL4 ocil: |- {{{ describe_file_permissions(file="/etc/audit/", perms="0640") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml index dcaad3c0026..bd0b0662b63 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml @@ -34,7 +34,6 @@ identifiers: cce@sle15: CCE-85811-8 references: - ccn@rhel9: A.3.SEC-RHEL2 cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 cis@ubuntu2204: 4.1.4.1 cjis: 5.4.1.1 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml index 1f6050a4b19..38aeec9280e 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml @@ -37,7 +37,6 @@ identifiers: cce@sle15: CCE-85778-9 references: - ccn@rhel9: A.3.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8 cis@sle12: 4.1.2.2 cis@sle15: 4.1.2.2 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index 9ddc60c982b..47984f40194 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-85849-8 references: - ccn@rhel9: A.6.SEC-RHEL2 cis-csc: 12,13,14,15,16,18,3,5 cis@sle12: 1.5.2 cis@sle15: 1.5.2 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml index 9ae5abc5dd5..27aefe4a59c 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@rhel9: CCE-86010-6 references: - ccn@rhel9: A.6.SEC-RHEL2 cis-csc: 12,13,14,15,16,18,3,5 cjis: 5.5.2.2 cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index fcc1cfad1f3..2932a764aa9 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-85848-0 references: - ccn@rhel9: A.6.SEC-RHEL2 cis-csc: 12,13,14,15,16,18,3,5 cis@sle12: 1.5.2 cis@sle15: 1.5.2 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml index 751f7de7a37..f61f5eb67c0 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@rhel9: CCE-86016-3 references: - ccn@rhel9: A.6.SEC-RHEL2 cis-csc: 12,13,14,15,16,18,3,5 cjis: 5.5.2.2 cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml index a400ddee9aa..88654431603 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-91426-7 references: - ccn@rhel9: A.6.SEC-RHEL2 cis-csc: 12,13,14,15,16,18,3,5 cis@sle12: 1.5.2 cis@sle15: 1.5.2 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml index b6e786bde4e..0f499a4cd29 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml @@ -19,7 +19,6 @@ identifiers: cce@rhel9: CCE-86025-4 references: - ccn@rhel9: A.6.SEC-RHEL2 cis-csc: 12,13,14,15,16,18,3,5 cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 cui: 3.4.5 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml index de3b485f140..32cfe4b270c 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml @@ -46,7 +46,6 @@ identifiers: cce@sle15: CCE-83274-1 references: - ccn@rhel9: A.8.SEC-RHEL7 cis-csc: 1,11,12,14,15,16,18,3,5 cis@sle12: 1.5.1 cis@sle15: 1.5.1 diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml index f8ea5e72b8e..b0de9b55b64 100644 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-85751-6 references: - ccn@rhel9: A.8.SEC-RHEL3 cis-csc: 11,3,9 cis@sle15: 3.5.1.3 cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml index f86c03a4c94..bc248a4d71e 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml @@ -33,7 +33,6 @@ identifiers: cce@rhel9: CCE-86137-7 references: - ccn@rhel9: A.8.SEC-RHEL3 pcidss4: "1.4.1" ocil_clause: 'loopback traffic is not restricted' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml index 0b31e4329a1..dccb5e5f80e 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@rhel9: CCE-86116-1 references: - ccn@rhel9: A.8.SEC-RHEL3 pcidss4: "1.4.1" ocil_clause: 'loopback traffic is not trusted' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml index e69e7d8ae9d..ebfd756c477 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml @@ -28,7 +28,6 @@ identifiers: cce@sle15: CCE-91410-1 references: - ccn@rhel9: A.8.SEC-RHEL3 cis-csc: 11,14,3,9 cis@sle15: 3.5.1.4 cjis: 5.10.1 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml index 5f4d670488c..f082c13a405 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml @@ -18,7 +18,6 @@ identifiers: cce@sle15: CCE-92473-8 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 11,14,3,9 cis@sle12: 3.3.9 cis@sle15: 3.3.9 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml index a751b549b5b..9b339c4d2ec 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml @@ -18,7 +18,6 @@ identifiers: cce@sle15: CCE-85708-6 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 11,14,3,9 cis@sle12: 3.3.2 cis@sle15: 3.3.2 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml index e6700c3dbd0..eaa9594bd4c 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@sle15: CCE-85649-2 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,12,13,14,15,16,18,4,6,8,9 cis@sle12: 3.3.1 cis@sle15: 3.3.1 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml index f2e6323d829..42feb0e9781 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml @@ -18,7 +18,6 @@ identifiers: cce@sle15: CCE-92474-6 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 11,14,3,9 cis@sle12: 3.3.9 cis@sle15: 3.3.9 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml index 620bda99b77..9eaf7d50bd8 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml @@ -18,7 +18,6 @@ identifiers: cce@sle15: CCE-85722-7 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 11,14,3,9 cis@sle12: 3.3.2 cis@sle15: 3.3.2 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml index cc9138ce8de..94ccb8a9cf8 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@sle15: CCE-85653-4 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,12,13,14,15,16,18,4,6,8,9 cis@sle12: 3.3.1 cis@sle15: 3.3.1 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml index 23d10b73ed2..f0ffeff6845 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@sle15: CCE-85651-8 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 cis@sle12: 3.3.2 cis@sle15: 3.3.2 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml index 92e0b64c358..c881ccd4cc0 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@sle15: CCE-85648-4 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.3.1 cis@sle15: 3.3.1 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml index 87566b6ca95..5343178c988 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@sle15: CCE-91222-0 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 cis@sle12: 3.3.4 cis@sle15: 3.3.4 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml index 0a4a8e7e437..ea9f8fc55b5 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-91218-8 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9 cis@sle12: 3.3.7 cis@sle15: 3.3.7 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml index acfced00ff2..9e258c455dc 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-91220-4 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.3.3 cis@sle15: 3.3.3 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml index 21aa9fba3dd..dc74cd5e73e 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-85652-6 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.3.3 cis@sle15: 3.3.3 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml index 9068c381d95..f4cabfe4b9d 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@sle15: CCE-85650-0 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.3.1 cis@sle15: 3.3.1 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml index ad19d77d39b..74d1471b30a 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@sle15: CCE-92482-9 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 cis@sle12: 3.3.4 cis@sle15: 3.3.4 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml index 82f0cffa7c5..6879289c5a4 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-91219-6 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9 cis@sle12: 3.3.7 cis@sle15: 3.3.7 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml index b972e210ef7..5efdf8fb136 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-91221-2 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.3.2 cis@sle15: 3.3.2 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml index a18a1dff0fd..4fee7988b11 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-91243-6 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.3.5 cis@sle15: 3.3.5 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml index fff25323dc5..83218ee42ee 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml @@ -20,7 +20,6 @@ identifiers: cce@sle15: CCE-91224-6 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 cis@sle12: 3.3.6 cis@sle15: 3.3.6 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml index 7bb1ff115dd..032caef99ec 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-83283-2 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9 cis@sle12: 3.3.8 cis@sle15: 3.3.8 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml index 1dacaf9b0c3..609a5796911 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-85655-9 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.2.2 cis@sle15: 3.2.2 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml index dd72a870d74..6b68ebabc19 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-85654-2 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 cis@sle12: 3.2.2 cis@sle15: 3.2.2 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml index 065e6e50af7..8040dc44469 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-85709-4 references: - ccn@rhel9: A.8.SEC-RHEL6 cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 cis@sle12: 3.2.1 cis@sle15: 3.2.1 diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml index 7416db918d8..61800b809da 100644 --- a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml +++ b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@sle15: CCE-92529-7 references: - ccn@rhel9: A.8.SEC-RHEL3 cis@sle15: 3.5.1.2 cis@ubuntu2004: 3.5.3.1.2 cis@ubuntu2204: 3.5.3.1.2 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml index 7eebf6f0e3c..1d78680149b 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml @@ -29,7 +29,6 @@ identifiers: cce@sle15: CCE-92452-2 references: - ccn@rhel9: A.8.SEC-RHEL4 cis-csc: 11,14,3,9 cis@sle12: 1.1.1.1 cis@sle15: 1.1.1.1 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml index 4901b89866a..23c9387fd95 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml @@ -30,7 +30,6 @@ identifiers: cce@sle15: CCE-92453-0 references: - ccn@rhel9: A.8.SEC-RHEL4 cis-csc: 11,14,3,9 cis@sle12: 1.1.1.2 cis@sle15: 1.1.1.2 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml index 95b86092335..1ae8f9d069b 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@sle15: CCE-83294-9 references: - ccn@rhel9: A.15.SEC-RHEL1 cis-csc: 1,12,15,16,5 cis@sle12: 1.1.23 cis@sle15: 1.1.23 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml index 0e5dce8093a..bec3fc32088 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-91447-3 references: - ccn@rhel9: A.8.SEC-RHEL6 cis@sle12: 1.6.1 cis@sle15: 1.6.1 cis@ubuntu2004: 1.6.4 diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml index 85527a22524..b4d581d7d5c 100644 --- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-91443-2 references: - ccn@rhel9: A.6.SEC-RHEL1 cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9 cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01 cui: 3.1.2,3.7.2 diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml index 6fb4e863376..d5ab3d6e185 100644 --- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-92490-2 references: - ccn@rhel9: A.6.SEC-RHEL1 pcidss4: '1.2.6' ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml index d816779df29..445a9c0aa9b 100644 --- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml +++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml @@ -35,7 +35,6 @@ identifiers: cce@sle15: CCE-91445-7 references: - ccn@rhel9: A.6.SEC-RHEL1 cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9 cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01 cui: 3.1.2,3.7.2 diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml index e377ce854f9..dca1a25b762 100644 --- a/linux_os/guide/system/selinux/selinux_state/rule.yml +++ b/linux_os/guide/system/selinux/selinux_state/rule.yml @@ -28,7 +28,6 @@ identifiers: cce@sle15: CCE-91446-5 references: - ccn@rhel9: A.6.SEC-RHEL1 cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9 cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01 cui: 3.1.2,3.7.2 diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml index 3c73b4cdee9..827d015b542 100644 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml @@ -61,7 +61,6 @@ identifiers: cce@sle15: CCE-85719-3 references: - ccn@rhel9: A.25.SEC-RHEL1,A.25.SEC-RHEL2 cis-csc: 13,14 cobit5: APO01.06,BAI02.01,BAI06.01,DSS04.07,DSS05.03,DSS05.04,DSS05.07,DSS06.02,DSS06.06 cui: 3.13.16 diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml index ad75303f9d3..d65589cf779 100644 --- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml @@ -27,7 +27,6 @@ identifiers: cce@sle15: CCE-83288-1 references: - ccn@rhel9: A.11.SEC-RHEL4 cis@sle12: '1.10' cis@sle15: '1.10' hipaa: 164.308(a)(1)(ii)(B),164.308(a)(5)(ii)(A) diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml index 7e2666ce653..6436175aeb7 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml @@ -34,7 +34,6 @@ identifiers: cce@sle15: CCE-92520-6 references: - ccn@rhel9: A.11.SEC-RHEL9 cis@sle12: '1.10' cis@sle15: '1.10' cis@ubuntu2004: '1.10' diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml index f64d688dbd2..514485d99c0 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@rhel9: CCE-87734-0 references: - ccn@rhel9: A.11.SEC-RHEL12 cis-csc: 12,16 cis@ubuntu2204: 1.8.6 cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml index 407d6071ae6..b2d604f2121 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@rhel9: CCE-90128-0 references: - ccn@rhel9: A.11.SEC-RHEL12 cis-csc: 12,16 cis@ubuntu2204: 1.8.6 cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml index ada9397b113..9f3a614cb2e 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@rhel9: CCE-90257-7 references: - ccn@rhel9: A.11.SEC-RHEL12 cis-csc: 12,16 cis@ubuntu2204: 1.8.8 cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml index bdb252c75db..498dc4647f3 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml @@ -30,7 +30,6 @@ identifiers: cce@sle15: CCE-85669-0 references: - ccn@rhel9: A.11.SEC-RHEL7 cis-csc: 1,12,15,16 cjis: 5.5.5 cobit5: DSS05.04,DSS05.10,DSS06.10 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml index 5953dab9cb4..2414cf76bcc 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@rhel9: CCE-86954-5 references: - ccn@rhel9: A.11.SEC-RHEL7 cis-csc: 1,12,15,16 cis@ubuntu2204: 1.8.5 cobit5: DSS05.04,DSS05.10,DSS06.10 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml index 7effabf4a4d..caac21abd14 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml @@ -59,7 +59,6 @@ identifiers: cce@sle15: CCE-85776-3 references: - ccn@rhel9: A.5.SEC-RHEL4 hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.312(e)(1),164.312(e)(2)(ii) ism: "1446" nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml index 7653c47e2cc..f8c51cdbf7c 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-85795-3 references: - ccn@rhel9: A.5.SEC-RHEL6,A.11.SEC-RHEL6 disa: CCI-001453 hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.312(e)(1),164.312(e)(2)(ii) nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1 diff --git a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml index 0bbdcd2c1ca..c9850746f48 100644 --- a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle15: CCE-91190-9 references: - ccn@rhel9: A.5.SEC-RHEL1 cis@sle12: 1.3.2 cis@sle15: 1.3.2 cis@ubuntu2004: 1.3.2 diff --git a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml index 7df75333a6e..9e8d53d055a 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml @@ -26,7 +26,6 @@ identifiers: cce@sle15: CCE-85673-2 references: - ccn@rhel9: A.5.SEC-RHEL2 cis-csc: 1,12,15,16,5 cis@ubuntu2204: 5.3.4 cobit5: DSS05.04,DSS05.10,DSS06.03,DSS06.10 diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml index ab70616d08b..117fa7b2001 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml @@ -30,7 +30,6 @@ identifiers: cce@sle15: CCE-85764-9 references: - ccn@rhel9: A.5.SEC-RHEL2 cis@ubuntu2204: 5.3.6 disa: CCI-002038 nist: IA-11 diff --git a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml index 2eddcd547ba..6afc07efd2d 100644 --- a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@rhel9: CCE-86612-9 references: - ccn@rhel9: A.25.SEC-RHEL1,A.25.SEC-RHEL2 pcidss4: '3.5.1.2' ocil_clause: 'the package is not installed' From e4a55731d3ab8626df91c86f5369d418b94f290d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 15 Feb 2024 14:24:59 +0100 Subject: [PATCH 2/5] Use control file to generate PCI DSS 4 references --- applications/openshift/logging/audit_profile_set/rule.yml | 1 - controls/pcidss_4.yml | 1 + .../disable_avahi_group/service_avahi-daemon_disabled/rule.yml | 1 - .../guide/services/cron_and_at/file_groupowner_cron_d/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_daily/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_hourly/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_monthly/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_weekly/rule.yml | 1 - .../guide/services/cron_and_at/file_groupowner_crontab/rule.yml | 1 - linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_daily/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_hourly/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_monthly/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_weekly/rule.yml | 1 - linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml | 1 - .../guide/services/cron_and_at/file_permissions_cron_d/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_daily/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_hourly/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_monthly/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_weekly/rule.yml | 1 - .../guide/services/cron_and_at/file_permissions_crontab/rule.yml | 1 - .../restrict_at_cron_users/file_at_deny_not_exist/rule.yml | 1 - .../restrict_at_cron_users/file_cron_deny_not_exist/rule.yml | 1 - .../restrict_at_cron_users/file_groupowner_at_allow/rule.yml | 1 - .../restrict_at_cron_users/file_groupowner_cron_allow/rule.yml | 1 - .../restrict_at_cron_users/file_owner_at_allow/rule.yml | 1 - .../restrict_at_cron_users/file_permissions_at_allow/rule.yml | 1 - .../restrict_at_cron_users/file_permissions_cron_allow/rule.yml | 1 - .../guide/services/cron_and_at/service_cron_enabled/rule.yml | 1 - .../dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml | 1 - linux_os/guide/services/ftp/package_ftp_removed/rule.yml | 1 - .../postfix_client/postfix_network_listening_disabled/rule.yml | 1 - linux_os/guide/services/mask_nonessential_services/rule.yml | 1 - .../disabling_nfs_services/service_rpcbind_disabled/rule.yml | 1 - linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml | 1 - .../guide/services/ntp/chronyd_specify_remote_server/rule.yml | 1 - .../guide/services/ntp/ntpd_specify_multiple_servers/rule.yml | 1 - linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml | 1 - linux_os/guide/services/ntp/package_chrony_installed/rule.yml | 1 - .../guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml | 1 - linux_os/guide/services/ntp/service_ntp_enabled/rule.yml | 1 - linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml | 1 - .../guide/services/ntp/service_timesyncd_configured/rule.yml | 1 - linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml | 1 - .../ntp/service_timesyncd_root_distance_configured/rule.yml | 1 - .../obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml | 1 - .../guide/services/obsolete/nis/package_ypbind_removed/rule.yml | 1 - .../guide/services/obsolete/nis/package_ypserv_removed/rule.yml | 1 - .../obsolete/r_services/package_rsh-server_removed/rule.yml | 1 - .../services/obsolete/r_services/package_rsh_removed/rule.yml | 1 - .../guide/services/obsolete/service_rsyncd_disabled/rule.yml | 1 - .../services/obsolete/talk/package_talk-server_removed/rule.yml | 1 - .../guide/services/obsolete/talk/package_talk_removed/rule.yml | 1 - .../obsolete/telnet/package_telnet-server_removed/rule.yml | 1 - .../services/obsolete/telnet/package_telnet_removed/rule.yml | 1 - .../services/obsolete/tftp/package_tftp-server_removed/rule.yml | 1 - .../guide/services/obsolete/tftp/package_tftp_removed/rule.yml | 1 - .../disabling_snmp_service/package_net-snmp_removed/rule.yml | 1 - .../guide/services/ssh/file_permissions_sshd_config/rule.yml | 1 - .../services/ssh/file_permissions_sshd_private_key/rule.yml | 1 - .../guide/services/ssh/file_permissions_sshd_pub_key/rule.yml | 1 - .../guide/services/ssh/ssh_server/disable_host_auth/rule.yml | 1 - .../ssh/ssh_server/sshd_disable_empty_passwords/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_root_login/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml | 1 - .../services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml | 1 - linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml | 1 - .../services/ssh/ssh_server/sshd_limit_user_access/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml | 1 - .../services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml | 1 - .../services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml | 1 - .../services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml | 1 - .../services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml | 1 - .../services/ssh/ssh_server/sshd_use_approved_macs/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml | 1 - linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml | 1 - .../accounts-banners/file_groupowner_etc_issue_net/rule.yml | 1 - .../accounts/accounts-banners/file_owner_etc_issue_net/rule.yml | 1 - .../accounts-banners/file_permissions_etc_issue_net/rule.yml | 1 - .../system/accounts/accounts-pam/display_login_attempts/rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../accounts_password_pam_unix_remember/rule.yml | 1 - .../accounts_passwords_pam_faillock_deny/rule.yml | 1 - .../accounts_passwords_pam_faillock_unlock_time/rule.yml | 1 - .../accounts_passwords_pam_tally2/rule.yml | 1 - .../accounts_passwords_pam_tally2_unlock_time/rule.yml | 1 - .../cracklib_accounts_password_pam_dcredit/rule.yml | 1 - .../cracklib_accounts_password_pam_lcredit/rule.yml | 1 - .../cracklib_accounts_password_pam_minlen/rule.yml | 1 - .../cracklib_accounts_password_pam_retry/rule.yml | 1 - .../accounts_password_pam_dcredit/rule.yml | 1 - .../accounts_password_pam_lcredit/rule.yml | 1 - .../accounts_password_pam_minlen/rule.yml | 1 - .../set_password_hashing_algorithm_commonauth/rule.yml | 1 - .../set_password_hashing_algorithm_libuserconf/rule.yml | 1 - .../set_password_hashing_algorithm_logindefs/rule.yml | 1 - .../set_password_hashing_algorithm_systemauth/rule.yml | 1 - .../account_disable_post_pw_expiration/rule.yml | 1 - .../account_expiration/account_unique_name/rule.yml | 1 - .../account_expiration/ensure_shadow_group_empty/rule.yml | 1 - .../accounts/accounts-restrictions/account_unique_id/rule.yml | 1 - .../accounts/accounts-restrictions/group_unique_id/rule.yml | 1 - .../accounts/accounts-restrictions/group_unique_name/rule.yml | 1 - .../password_expiration/accounts_maximum_age_login_defs/rule.yml | 1 - .../accounts_password_set_max_life_existing/rule.yml | 1 - .../accounts_password_set_warn_age_existing/rule.yml | 1 - .../accounts_password_warn_age_login_defs/rule.yml | 1 - .../password_expiration/accounts_set_post_pw_existing/rule.yml | 1 - .../password_storage/accounts_password_all_shadowed/rule.yml | 1 - .../accounts_password_last_change_is_in_past/rule.yml | 1 - .../password_storage/gid_passwd_group_same/rule.yml | 1 - .../password_storage/no_empty_passwords/rule.yml | 1 - .../password_storage/no_empty_passwords_etc_shadow/rule.yml | 1 - .../root_logins/accounts_no_uid_except_zero/rule.yml | 1 - .../root_logins/accounts_root_gid_zero/rule.yml | 1 - .../root_logins/ensure_pam_wheel_group_empty/rule.yml | 1 - .../root_logins/ensure_root_password_configured/rule.yml | 1 - .../root_logins/no_direct_root_logins/rule.yml | 1 - .../root_logins/no_password_auth_for_systemaccounts/rule.yml | 1 - .../root_logins/no_shelllogin_for_systemaccounts/rule.yml | 1 - .../root_logins/securetty_root_login_console_only/rule.yml | 1 - .../root_logins/use_pam_wheel_group_for_su/rule.yml | 1 - .../system/accounts/accounts-session/accounts_tmout/rule.yml | 1 - .../audit_rules_dac_modification_chmod/rule.yml | 1 - .../audit_rules_dac_modification_chown/rule.yml | 1 - .../audit_rules_dac_modification_fchmod/rule.yml | 1 - .../audit_rules_dac_modification_fchmodat/rule.yml | 1 - .../audit_rules_dac_modification_fchown/rule.yml | 1 - .../audit_rules_dac_modification_fchownat/rule.yml | 1 - .../audit_rules_dac_modification_fremovexattr/rule.yml | 1 - .../audit_rules_dac_modification_fsetxattr/rule.yml | 1 - .../audit_rules_dac_modification_lchown/rule.yml | 1 - .../audit_rules_dac_modification_lremovexattr/rule.yml | 1 - .../audit_rules_dac_modification_lsetxattr/rule.yml | 1 - .../audit_rules_dac_modification_removexattr/rule.yml | 1 - .../audit_rules_dac_modification_setxattr/rule.yml | 1 - .../audit_rules_file_deletion_events_rename/rule.yml | 1 - .../audit_rules_file_deletion_events_renameat/rule.yml | 1 - .../audit_rules_file_deletion_events_rmdir/rule.yml | 1 - .../audit_rules_file_deletion_events_unlink/rule.yml | 1 - .../audit_rules_file_deletion_events_unlinkat/rule.yml | 1 - .../audit_rules_login_events_faillock/rule.yml | 1 - .../audit_login_events/audit_rules_login_events_lastlog/rule.yml | 1 - .../audit_rules_login_events_tallylog/rule.yml | 1 - .../auditd_configure_rules/audit_rules_immutable/rule.yml | 1 - .../auditd_configure_rules/audit_rules_mac_modification/rule.yml | 1 - .../auditd_configure_rules/audit_rules_media_export/rule.yml | 1 - .../audit_rules_networkconfig_modification/rule.yml | 1 - .../auditd_configure_rules/audit_rules_session_events/rule.yml | 1 - .../audit_rules_suid_privilege_function/rule.yml | 1 - .../auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml | 1 - .../audit_rules_usergroup_modification_group/rule.yml | 1 - .../audit_rules_usergroup_modification_gshadow/rule.yml | 1 - .../audit_rules_usergroup_modification_opasswd/rule.yml | 1 - .../audit_rules_usergroup_modification_passwd/rule.yml | 1 - .../audit_rules_usergroup_modification_shadow/rule.yml | 1 - .../auditd_configure_rules/audit_sudo_log_events/rule.yml | 1 - .../audit_time_rules/audit_rules_time_adjtimex/rule.yml | 1 - .../audit_time_rules/audit_rules_time_clock_settime/rule.yml | 1 - .../audit_time_rules/audit_rules_time_settimeofday/rule.yml | 1 - .../audit_time_rules/audit_rules_time_stime/rule.yml | 1 - .../audit_time_rules/audit_rules_time_watch_localtime/rule.yml | 1 - .../directory_access_var_log_audit/rule.yml | 1 - .../file_group_ownership_var_log_audit/rule.yml | 1 - .../auditd_configure_rules/file_ownership_var_log_audit/rule.yml | 1 - .../file_permissions_var_log_audit/rule.yml | 1 - .../auditd_audispd_syslog_plugin_activated/rule.yml | 1 - .../auditd_data_retention_admin_space_left_action/rule.yml | 1 - .../auditd_data_retention_space_left/rule.yml | 1 - .../auditd_data_retention_space_left_action/rule.yml | 1 - linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 1 - .../system/auditing/grub2_audit_backlog_limit_argument/rule.yml | 1 - .../system/auditing/package_audispd-plugins_installed/rule.yml | 1 - .../auditing/package_audit-audispd-plugins_installed/rule.yml | 1 - linux_os/guide/system/auditing/package_audit_installed/rule.yml | 1 - linux_os/guide/system/auditing/service_auditd_enabled/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml | 1 - .../non-uefi/file_permissions_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml | 1 - .../rsyslog_files_groupownership/rule.yml | 1 - .../rsyslog_files_ownership/rule.yml | 1 - .../rsyslog_files_permissions/rule.yml | 1 - .../logging/log_rotation/package_logrotate_installed/rule.yml | 1 - .../system/logging/log_rotation/timer_logrotate_enabled/rule.yml | 1 - .../firewalld_activation/service_firewalld_enabled/rule.yml | 1 - .../ruleset_modifications/configure_firewalld_ports/rule.yml | 1 - .../ensure_firewall_rules_for_open_ports/rule.yml | 1 - .../firewalld_loopback_traffic_restricted/rule.yml | 1 - .../firewalld_loopback_traffic_trusted/rule.yml | 1 - .../ruleset_modifications/set_firewalld_default_zone/rule.yml | 1 - .../iptables_activation/set_ip6tables_default_rule/rule.yml | 1 - .../iptables_activation/set_ipv6_loopback_traffic/rule.yml | 1 - .../iptables_activation/set_loopback_traffic/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_rp_filter/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_secure_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml | 1 - .../sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml | 1 - .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_send_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_send_redirects/rule.yml | 1 - .../network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml | 1 - .../nftables_ensure_default_deny_policy/rule.yml | 1 - .../network/network-nftables/package_nftables_installed/rule.yml | 1 - .../network/network-nftables/service_nftables_disabled/rule.yml | 1 - .../network-uncommon/kernel_module_dccp_disabled/rule.yml | 1 - .../network-uncommon/kernel_module_sctp_disabled/rule.yml | 1 - .../wireless_software/wireless_disable_interfaces/rule.yml | 1 - linux_os/guide/system/network/network_nmcli_permissions/rule.yml | 1 - linux_os/guide/system/network/network_sniffer_disabled/rule.yml | 1 - .../files/dir_perms_world_writable_sticky_bits/rule.yml | 1 - .../files/file_permissions_unauthorized_world_writable/rule.yml | 1 - .../permissions/files/file_permissions_ungroupowned/rule.yml | 1 - .../system/permissions/files/no_files_unowned_by_user/rule.yml | 1 - .../file_groupowner_backup_etc_group/rule.yml | 1 - .../file_groupowner_backup_etc_gshadow/rule.yml | 1 - .../file_groupowner_backup_etc_passwd/rule.yml | 1 - .../file_groupowner_backup_etc_shadow/rule.yml | 1 - .../file_groupowner_etc_group/rule.yml | 1 - .../file_groupowner_etc_passwd/rule.yml | 1 - .../file_groupowner_etc_shadow/rule.yml | 1 - .../file_owner_backup_etc_group/rule.yml | 1 - .../file_owner_backup_etc_gshadow/rule.yml | 1 - .../file_owner_backup_etc_passwd/rule.yml | 1 - .../file_owner_backup_etc_shadow/rule.yml | 1 - .../file_owner_etc_group/rule.yml | 1 - .../file_owner_etc_passwd/rule.yml | 1 - .../file_owner_etc_shadow/rule.yml | 1 - .../file_permissions_backup_etc_group/rule.yml | 1 - .../file_permissions_backup_etc_passwd/rule.yml | 1 - .../file_permissions_backup_etc_shadow/rule.yml | 1 - .../file_permissions_etc_group/rule.yml | 1 - .../file_permissions_etc_passwd/rule.yml | 1 - .../file_permissions_etc_shadow/rule.yml | 1 - .../system/permissions/files/permissions_local_var_log/rule.yml | 1 - .../mounting/kernel_module_usb-storage_disabled/rule.yml | 1 - .../restrictions/coredumps/coredump_disable_backtraces/rule.yml | 1 - .../restrictions/coredumps/coredump_disable_storage/rule.yml | 1 - .../restrictions/coredumps/disable_users_coredumps/rule.yml | 1 - .../restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml | 1 - .../sysctl_kernel_randomize_va_space/rule.yml | 1 - .../enable_nx/bios_enable_execution_restrictions/rule.yml | 1 - .../restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml | 1 - .../permissions/restrictions/sysctl_kernel_core_pattern/rule.yml | 1 - linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml | 1 - .../guide/system/selinux/package_libselinux_installed/rule.yml | 1 - .../guide/system/selinux/selinux_confinement_of_daemons/rule.yml | 1 - linux_os/guide/system/selinux/selinux_policytype/rule.yml | 1 - .../guide/system/software/gnome/dconf_db_up_to_date/rule.yml | 1 - .../gnome_gdm_disable_automatic_login/rule.yml | 1 - .../gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml | 1 - .../gnome_gdm_disable_unattended_automatic_login/rule.yml | 1 - .../gnome_media_settings/dconf_gnome_disable_automount/rule.yml | 1 - .../dconf_gnome_disable_automount_open/rule.yml | 1 - .../dconf_gnome_screensaver_idle_activation_enabled/rule.yml | 1 - .../dconf_gnome_screensaver_idle_delay/rule.yml | 1 - .../dconf_gnome_screensaver_lock_delay/rule.yml | 1 - .../dconf_gnome_screensaver_lock_enabled/rule.yml | 1 - .../dconf_gnome_screensaver_mode_blank/rule.yml | 1 - .../dconf_gnome_session_idle_user_locks/rule.yml | 1 - .../software/integrity/crypto/configure_crypto_policy/rule.yml | 1 - .../integrity/crypto/configure_ssh_crypto_policy/rule.yml | 1 - .../software-integrity/aide/aide_build_database/rule.yml | 1 - .../aide/aide_periodic_checking_systemd_timer/rule.yml | 1 - .../software-integrity/aide/aide_periodic_cron_checking/rule.yml | 1 - .../software-integrity/aide/package_aide_installed/rule.yml | 1 - .../rpm_verification/rpm_verify_hashes/rule.yml | 1 - .../rpm_verification/rpm_verify_ownership/rule.yml | 1 - .../rpm_verification/rpm_verify_permissions/rule.yml | 1 - .../guide/system/software/sudo/package_sudo_installed/rule.yml | 1 - linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml | 1 - linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml | 1 - .../system/software/sudo/sudo_require_authentication/rule.yml | 1 - .../system/software/sudo/sudo_require_reauthentication/rule.yml | 1 - .../system-tools/package_cryptsetup-luks_installed/rule.yml | 1 - .../updating/ensure_gpgcheck_globally_activated/rule.yml | 1 - .../software/updating/ensure_gpgcheck_never_disabled/rule.yml | 1 - .../software/updating/ensure_redhat_gpgkey_installed/rule.yml | 1 - .../software/updating/ensure_suse_gpgkey_installed/rule.yml | 1 - .../software/updating/security_patches_up_to_date/rule.yml | 1 - 290 files changed, 1 insertion(+), 289 deletions(-) diff --git a/applications/openshift/logging/audit_profile_set/rule.yml b/applications/openshift/logging/audit_profile_set/rule.yml index 8f06eaa7abe..98c6c527c6f 100644 --- a/applications/openshift/logging/audit_profile_set/rule.yml +++ b/applications/openshift/logging/audit_profile_set/rule.yml @@ -57,7 +57,6 @@ references: nerc-cip: CIP-003-8 R4,CIP-003-8 R4.1,CIP-003-8 R4.2,CIP-003-8 R5.2,CIP-003-8 R6,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5 nist: AU-2,AU-3,AU-3(1),AU-6,AU-6(1),AU-7,AU-7(1),AU-8,AU-8(1),AU-9,AU-12,AU-12(1),AU-12(3),CM-5(1),SI-11,SI-12,SI-4(20),SI-4(23) pcidss: Req-2.2,Req-12.5.5 - pcidss4: '10.2.2' srg: SRG-APP-000089-CTR-000150,SRG-APP-000090-CTR-000155,SRG-APP-000101-CTR-000205 ocil_clause: 'The proper audit profile is not set' diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml index eb942fe1100..1905a924367 100644 --- a/controls/pcidss_4.yml +++ b/controls/pcidss_4.yml @@ -5,6 +5,7 @@ version: '4.0' source: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf levels: - id: base +reference_type: pcidss4 controls: - id: '1.1' diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml index 39941135670..2747e7470e9 100644 --- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml @@ -34,7 +34,6 @@ references: iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.IP-1,PR.PT-3 - pcidss4: "2.2.4" ocil_clause: |- {{{ ocil_clause_service_disabled(service="avahi-daemon") }}} diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml index 4266fc52e66..807eea27cc9 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232235 diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml index 544b5c14d2d..ef2e0c8dd0a 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232235 diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml index db0822f363f..d2e84af9e7a 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232235 diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml index b14857d5a70..9d6abf78f87 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232235 diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml index bc7d8afc4c2..f58ae7afb1a 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232235 diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml index 99a060ed355..291aa284d8e 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232235 diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml index 916b2ac640f..170cb5e6e69 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232230 diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml index 4f942c80e55..bd6ce65e8a2 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232230 diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml index e4bd7193469..d34274f4c23 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232230 diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml index 100f361853c..90ac284266d 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232230 diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml index 513d1e8ba8b..1b083263cb1 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232230 diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml index 017762dce9a..39085eaa83f 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232230 diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml index 6a829f9b308..d9353418e0a 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232040 diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml index dd66cee2159..bd47f9302bc 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232040 diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml index dc100913b7b..22f2ef052f3 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232040 diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml index 4aa2f7130c2..e47e398ee1c 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232040 diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml index 5cebffd96a1..fca98264817 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232040 diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml index 218e4d9ba4f..865ed0581c2 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232265 diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml index fa647f39b57..3b4fa70ba85 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml @@ -24,7 +24,6 @@ references: cis@sle12: 5.1.9 cis@sle15: 5.1.9 cis@ubuntu2204: 5.1.9 - pcidss4: "2.2.6" ocil_clause: 'the file /etc/at.deny exists' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml index 4d4884b7b9f..c8f347ceb30 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml @@ -25,7 +25,6 @@ references: cis@sle12: 5.1.8 cis@sle15: 5.1.8 cis@ubuntu2204: 5.1.8 - pcidss4: "2.2.6" ocil_clause: 'the file /etc/cron.deny exists' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml index 3889917ad57..9f59839ca4b 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml @@ -24,7 +24,6 @@ references: cis@sle15: 5.1.9 cis@ubuntu2004: 5.1.9 cis@ubuntu2204: 5.1.9 - pcidss4: "2.2.6" ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/at.allow", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml index 07d1bea6b6b..d7ba7b7b18b 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml @@ -33,7 +33,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-021120 stigid@rhel7: RHEL-07-021120 diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml index b3eac89941a..c9cdded1ab1 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml @@ -25,7 +25,6 @@ references: cis@sle15: 5.1.9 cis@ubuntu2004: 5.1.9 cis@ubuntu2204: 5.1.9 - pcidss4: "2.2.6" ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/at.allow", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml index f3dfc376034..a53cc7e2514 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml @@ -34,7 +34,6 @@ references: cis@sle15: 5.1.9 cis@ubuntu2004: 5.1.9 cis@ubuntu2204: 5.1.9 - pcidss4: "2.2.6" ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/at.allow", perms=target_perms) }}}' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml index 1f76fea48d1..e0dc09ca19b 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml @@ -35,7 +35,6 @@ references: cis@sle15: 5.1.8 cis@ubuntu2004: 5.1.8 cis@ubuntu2204: 5.1.8 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.allow", perms=target_perms) }}}' diff --git a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml index 2c2653a66aa..7464cd5ffdb 100644 --- a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml @@ -31,7 +31,6 @@ references: iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 nist: CM-6(a) nist-csf: PR.IP-1,PR.PT-3 - pcidss4: "2.2.6" ocil: |- {{{ ocil_service_enabled(service="cron") }}} diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml index 4706e9217c9..41a92670a0d 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml @@ -40,7 +40,6 @@ references: iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.IP-1,PR.PT-3 - pcidss4: "2.2.4" {{% if 'ubuntu' in product %}} {{{ complete_ocil_entry_package(package="isc-dhcp-server") }}} diff --git a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml index 5dcb35b0896..d0dcc2c8b9c 100644 --- a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml +++ b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@rhel9: CCE-86075-9 references: - pcidss4: '2.2.4' ocil: '{{{ describe_package_remove(package="ftp") }}}' diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml index c2663d9eaca..690c57319fc 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml @@ -35,7 +35,6 @@ references: iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.IP-1,PR.PT-3 - pcidss4: "1.4.2" ocil_clause: 'it does not' diff --git a/linux_os/guide/services/mask_nonessential_services/rule.yml b/linux_os/guide/services/mask_nonessential_services/rule.yml index 0c1817126cd..bf40400f24b 100644 --- a/linux_os/guide/services/mask_nonessential_services/rule.yml +++ b/linux_os/guide/services/mask_nonessential_services/rule.yml @@ -28,7 +28,6 @@ identifiers: references: cis@sle12: "2.4" cis@sle15: "2.4" - pcidss4: "2.2.4" ocil_clause: 'nonessential service is present and unmasked' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml index 62fa2153426..9829263e230 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml @@ -28,7 +28,6 @@ identifiers: references: cis@sle12: 2.2.8 cis@sle15: 2.2.8 - pcidss4: "2.2.4" template: name: service_disabled diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml index 83f388c7f76..b8e74433f6e 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml @@ -49,7 +49,6 @@ references: cis@sle15: 2.2.1.3 cis@ubuntu2004: 2.2.1.3 cis@ubuntu2204: 2.1.2.2 - pcidss4: '10.6.3' ocil_clause: 'chronyd is not running under chrony user account' diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml index 7f79f8a2e54..858ac80237b 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml @@ -35,7 +35,6 @@ references: ism: 0988,1405 nist: CM-6(a),AU-8(1)(a) pcidss: Req-10.4.3 - pcidss4: "10.6.2" srg: SRG-OS-000355-GPOS-00143 stigid@rhel8: RHEL-08-030740 stigid@rhel9: RHEL-09-252020 diff --git a/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml index 895ed26f14a..6f1399b3e77 100644 --- a/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml +++ b/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml @@ -33,4 +33,3 @@ references: nist: CM-6(a),AU-8(1)(a),AU-8(2) nist-csf: PR.PT-1 pcidss: Req-10.4.3 - pcidss4: "10.6.2" diff --git a/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml index d50e8558572..7a95b5772fb 100644 --- a/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml +++ b/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml @@ -34,7 +34,6 @@ references: nist: CM-6(a),AU-8(1)(a) nist-csf: PR.PT-1 pcidss: Req-10.4.1,Req-10.4.3 - pcidss4: '10.6.2' ocil_clause: 'this is not the case' diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml index 643cd8393d0..0c29466fdd7 100644 --- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml +++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml @@ -32,7 +32,6 @@ references: ism: 0988,1405 ospp: FMT_SMF_EXT.1 pcidss: Req-10.4 - pcidss4: "10.6.1" srg: SRG-OS-000355-GPOS-00143 stigid@rhel9: RHEL-09-252010 stigid@ubuntu2004: UBTU-20-010435 diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml index a3f9228a624..8833d723508 100644 --- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml @@ -57,7 +57,6 @@ references: nist: CM-6(a),AU-8(1)(a),AU-12(1) nist-csf: PR.PT-1 pcidss: Req-10.4.1 - pcidss4: "10.6.1" srg: SRG-APP-000116-CTR-000235 ocil: |- diff --git a/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml index c375c0f2509..bb3ac288b36 100644 --- a/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml @@ -38,7 +38,6 @@ references: nist: CM-6(a),AU-8(1)(a) nist-csf: PR.PT-1 pcidss: Req-10.4 - pcidss4: 10.6.1 ocil: |- {{{ ocil_service_enabled(service="ntp") }}} diff --git a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml index a54c9257bb6..3cfd6d06708 100644 --- a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-6(a),AU-8(1)(a) nist-csf: PR.PT-1 pcidss: Req-10.4 - pcidss4: '10.6.1' ocil: |- {{{ ocil_service_enabled(service="ntpd") }}} diff --git a/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml index fed83cde68e..f5afd4ef6b0 100644 --- a/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml +++ b/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml @@ -30,7 +30,6 @@ references: cis@sle15: 2.2.1.2 disa: CCI-001891 pcidss: Req-10.4.3 - pcidss4: Req-10.6.2 ocil_clause: 'a remote time server is not configured' diff --git a/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml index faf50cd6d1d..7e2ee284164 100644 --- a/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml @@ -39,7 +39,6 @@ references: nist: CM-6(a),AU-8(1)(a) nist-csf: PR.PT-1 pcidss: Req-10.4 - pcidss4: "10.6.1" ocil: |- {{{ ocil_service_enabled(service="systemd_timesyncd") }}} diff --git a/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml index 6df2c99acb3..4d32b6db732 100644 --- a/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml +++ b/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml @@ -25,7 +25,6 @@ references: cis@sle15: 2.2.1.2 disa: CCI-001891 pcidss: Req-10.4.3 - pcidss4: Req-10.6.2 ocil_clause: 'a remote time server RootDistanceMaxSec is not configured' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml index a7fe34a1bfd..ba96f00d559 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml @@ -33,7 +33,6 @@ references: iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 - pcidss4: "2.2.4" ocil: |- If network services are using the xinetd service, this is not applicable. diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml index 831cc834f0a..10bac615f95 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml @@ -29,7 +29,6 @@ references: cis@sle12: 2.3.1 cis@sle15: 2.3.1 hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii) - pcidss4: "2.2.4" ocil: '{{{ describe_package_remove(package="ypbind") }}}' diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml index f91d7fa8dd4..0dc14758e55 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml @@ -36,7 +36,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),IA-5(1)(c) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 pcidss: Req-2.2.2 - pcidss4: "2.2.4" srg: SRG-OS-000095-GPOS-00049 stigid@ol7: OL07-00-020010 stigid@rhel7: RHEL-07-020010 diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml index b59efff1672..31e19a13ba1 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml @@ -33,7 +33,6 @@ references: iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 nist: CM-7(a),CM-7(b),CM-6(a),IA-5(1)(c) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 - pcidss4: '2.2.4' srg: SRG-OS-000095-GPOS-00049 stigid@ol7: OL07-00-020000 stigid@ol8: OL08-00-040010 diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml index 5cb8908377c..bf34d21069f 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml @@ -40,7 +40,6 @@ references: cui: 3.1.13 hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii) iso27001-2013: A.8.2.3,A.13.1.1,A.13.2.1,A.13.2.3,A.14.1.2,A.14.1.3 - pcidss4: "2.2.4" {{% if 'ubuntu' not in product %}} ocil: '{{{ describe_package_remove(package="rsh") }}}' diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml index 39af03d946d..cf2c7464eda 100644 --- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml @@ -24,7 +24,6 @@ identifiers: references: cis@sle12: 2.2.17 cis@sle15: 2.2.17 - pcidss4: "2.2.4" ocil_clause: |- {{{ ocil_clause_service_disabled(service="rsyncd") }}} diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml index 57372d8fce4..e5ebfb14030 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml @@ -21,7 +21,6 @@ identifiers: references: hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii) - pcidss4: '2.2.4' {{{ complete_ocil_entry_package(package="talk-server") }}} diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml index 7747aee79d7..9990302beb7 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml @@ -30,7 +30,6 @@ references: cis@ubuntu2004: 2.3.3 cis@ubuntu2204: 2.3.3 hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii) - pcidss4: "2.2.4" {{{ complete_ocil_entry_package(package="talk") }}} diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml index 5b852d23cba..101c1838a54 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml @@ -43,7 +43,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 pcidss: Req-2.2.2 - pcidss4: "2.2.4" srg: SRG-OS-000095-GPOS-00049 stigid@ol7: OL07-00-021710 stigid@ol8: OL08-00-040000 diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml index a52e6ee1793..a16fee71835 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml @@ -30,7 +30,6 @@ references: cui: 3.1.13 hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii) iso27001-2013: A.8.2.3,A.13.1.1,A.13.2.1,A.13.2.3,A.14.1.2,A.14.1.3 - pcidss4: "2.2.4" ocil: '{{{ describe_package_remove(package="telnet") }}}' diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml index 0327c45de02..f106b3dfbc2 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml @@ -32,7 +32,6 @@ references: iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 - pcidss4: '2.2.4' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040700 stigid@ol8: OL08-00-040190 diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml index 6181a830978..2a51b0eed74 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@sle15: CCE-91158-6 references: - pcidss4: '2.2.4' ocil: '{{{ describe_package_remove(package="tftp") }}}' diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml index 5bd757eb14c..0d71bcc5efe 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml @@ -31,7 +31,6 @@ references: cis@sle15: 2.2.15 cis@ubuntu2004: 2.2.14 cis@ubuntu2204: 2.2.13 - pcidss4: "2.2.4" {{% if pkg_manager != "apt_get" %}} {{{ complete_ocil_entry_package(package="net-snmp") }}} diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml index 45b7a0771b4..3a92bc246fd 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml @@ -34,7 +34,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: AC-17(a),CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-255115 diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml index 74ee8d00c1b..b1b5831d572 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml @@ -49,7 +49,6 @@ references: nist: AC-17(a),CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-2.2.4 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040420 stigid@ol8: OL08-00-010490 diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml index 7fec2a42a90..eb5f177d073 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml @@ -33,7 +33,6 @@ references: nist: AC-17(a),CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-2.2.4 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040410 stigid@ol8: OL08-00-010480 diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml index 67acbd27e37..a1ac6040311 100644 --- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml @@ -48,7 +48,6 @@ references: nist: AC-3,AC-17(a),CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-4,PR.AC-6,PR.IP-1,PR.PT-3 ospp: FIA_UAU.1 - pcidss4: "8.3.1" srg: SRG-OS-000480-GPOS-00229 stigid@ol7: OL07-00-010470 stigid@rhel7: RHEL-07-010470 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml index 42e0684eb69..a4e08e33636 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml @@ -48,7 +48,6 @@ references: nist@sle15: CM-6(b),CM-6.1(iv) ospp: FIA_UAU.1 pcidss: Req-2.2.4 - pcidss4: "2.2.6" srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229,SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-010300 stigid@ol8: OL08-00-020330 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml index 11c0f817792..92c757e9145 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml @@ -44,7 +44,6 @@ references: nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-4,PR.AC-6,PR.IP-1,PR.PT-3 ospp: FIA_UAU.1 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040350 stigid@rhel7: RHEL-07-040350 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml index 2c475553de2..051736648c5 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml @@ -45,7 +45,6 @@ references: nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5,PR.PT-3 ospp: FAU_GEN.1 pcidss: Req-2.2.4 - pcidss4: "2.2.6" srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227,SRG-APP-000148-CTR-000335,SRG-APP-000190-CTR-000500 stigid@ol7: OL07-00-040370 stigid@ol8: OL08-00-010550 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml index 1452ccc28a3..efb75a79139 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml @@ -25,7 +25,6 @@ references: cis@sle15: 5.2.20 cis@ubuntu2004: 5.2.20 cis@ubuntu2204: 5.2.16 - pcidss4: "2.2.6" ocil_clause: "The AllowTcpForwarding option exists and is disabled" diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml index 7861ecc62d4..2fad69b8d68 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml @@ -39,7 +39,6 @@ references: disa: CCI-000366 nist: CM-6(b) nist@sle15: CM-6.1(iv) - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040710 stigid@ol8: OL08-00-040340 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml index b3b1d7448d7..536e771a04c 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml @@ -43,7 +43,6 @@ references: nist-csf: PR.IP-1 nist@sle15: CM-6(b),CM-6.1(iv) pcidss: Req-2.2.4 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00229 stigid@ol7: OL07-00-010460 stigid@ol8: OL08-00-010830 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml index d6015c36e3f..750285df0f1 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml @@ -33,7 +33,6 @@ references: cis@ubuntu2004: 5.2.19 cis@ubuntu2204: 5.2.6 disa: CCI-000877 - pcidss4: '2.2.6' srg: SRG-OS-000125-GPOS-00065 stigid@rhel9: RHEL-09-255050 stigid@ubuntu2004: UBTU-20-010035 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml index 6933e693d72..02bee6dbe5b 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml @@ -65,7 +65,6 @@ references: nist: AC-3,CM-6(a) nist-csf: PR.AC-4,PR.AC-6,PR.PT-3 pcidss: Req-2.2.4 - pcidss4: "2.2.6" warnings: - general: |- diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index c842de8511d..fcfb3637b97 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -54,7 +54,6 @@ references: nist: CM-6(a),AC-17(a),AC-2(5),AC-12,AC-17(a),SC-10,CM-6(a) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-2 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000126-GPOS-00066,SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109,SRG-OS-000395-GPOS-00175 stigid@ol7: OL07-00-040320 stigid@ol8: OL08-00-010201 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml index 2005ac97a9a..70c5d2a14ee 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml @@ -49,7 +49,6 @@ references: nist: AC-2(5),AC-12,AC-17(a),SC-10,CM-6(a) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-2 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109 stigid@rhel8: RHEL-08-010200 stigid@rhel9: RHEL-09-255095 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml index 6522cf3e0f5..11cf26a5375 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml @@ -27,7 +27,6 @@ references: cis@sle15: 5.2.17 cis@ubuntu2004: 5.2.16 cis@ubuntu2204: 5.2.21 - pcidss4: '2.2.6' ocil_clause: 'it is commented out or not configured properly' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml index a0e19632052..cd32901b58d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml @@ -34,7 +34,6 @@ references: nerc-cip: CIP-007-3 R7.1 nist: AC-17(a),AC-17(1),CM-6(a) pcidss: Req-2.2.4 - pcidss4: "2.2.6" srg: SRG-OS-000032-GPOS-00013 stigid@rhel9: RHEL-09-255030 stigid@sle12: SLES-12-030110 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml index 83190a2da30..595a6684e30 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml @@ -28,7 +28,6 @@ references: cis@ubuntu2004: 5.2.6 cis@ubuntu2204: 5.2.18 ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 - pcidss4: "2.2.6" ocil_clause: 'it is commented out or not configured properly' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml index ab8fb218970..d48f00f942d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml @@ -26,7 +26,6 @@ references: cis@sle15: 5.2.22 cis@ubuntu2004: 5.2.22 cis@ubuntu2204: 5.2.20 - pcidss4: "2.2.6" ocil_clause: "MaxSessions is not configured or not configured correctly" diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml index d6e3a71ccbd..0fe0bffb3bb 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml @@ -32,7 +32,6 @@ references: cis@sle15: 5.2.21 cis@ubuntu2004: 5.2.21 cis@ubuntu2204: 5.2.19 - pcidss4: "2.2.6" ocil_clause: 'maxstartups is not configured' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml index 48134579cb5..2801ac8511f 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml @@ -66,7 +66,6 @@ references: iso27001-2013: A.11.2.6,A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.5.1,A.12.6.2,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.18.1.4,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-17(a),AC-17(2),SC-13,MA-4(6),IA-5(1)(c),SC-12(2),SC-12(3) nist-csf: PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-1,PR.PT-1,PR.PT-3,PR.PT-4 - pcidss4: "2.2.7" srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174 stigid@sle12: SLES-12-030170 stigid@sle15: SLES-15-010160 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml index 3e15c017d82..db30ff8d061 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml @@ -59,7 +59,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.11.2.6,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-17(a),AC-17(2),SC-13,MA-4(6),SC-12(2),SC-12(3) nist-csf: PR.AC-1,PR.AC-3,PR.DS-5,PR.PT-4 - pcidss4: "2.2.7" srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174 stigid@sle12: SLES-12-030180 stigid@sle15: SLES-15-010270 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml index 0f1fe8be89f..a2ffc8f02e1 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml @@ -29,7 +29,6 @@ references: cis@ubuntu2004: 5.2.14 cis@ubuntu2204: 5.2.15 pcidss: Req-2.3 - pcidss4: "2.2.7" ocil_clause: 'KexAlgorithms option is commented out or not using strong hash algorithms' diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml index b4d3143745b..7e2dad1d2fa 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml @@ -48,7 +48,6 @@ references: disa: CCI-001954,CCI-000765,CCI-000766,CCI-000767,CCI-000768 ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 pcidss: Req-8.3 - pcidss4: "8.4" srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055 stigid@ol8: OL08-00-020250 stigid@rhel8: RHEL-08-020250 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml index 6be8214512f..34a6edf1bdb 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml @@ -27,7 +27,6 @@ references: cis@sle15: 1.8.1.6 cis@ubuntu2004: 1.8.1.6 cis@ubuntu2204: 1.7.6 - pcidss4: '1.2.8' ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/issue.net", group="root") }}}' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml index afd1d71ba57..c1a771b5fe2 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml @@ -27,7 +27,6 @@ references: cis@sle15: 1.8.1.6 cis@ubuntu2004: 1.8.1.6 cis@ubuntu2204: 1.7.6 - pcidss4: '1.2.8' ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/issue.net", owner="root") }}}' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml index 6ec5240ec24..a2a284ce24d 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml @@ -27,7 +27,6 @@ references: cis@sle15: 1.8.1.6 cis@ubuntu2004: 1.8.1.6 cis@ubuntu2204: 1.7.6 - pcidss4: '1.2.8' ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/issue.net", perms="-rw-r--r--") }}}' diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml index b96e9f3dbf1..8aea88ba711 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml @@ -50,7 +50,6 @@ references: nist: AC-9,AC-9(1) nist-csf: PR.AC-7 pcidss: Req-10.2.4 - pcidss4: "10.2.1.4" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040530 stigid@ol8: OL08-00-020340 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml index ec69ff97c25..887c459282f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 nist@sle15: IA-5(1)(e),IA-5(1).1(v) pcidss: Req-8.2.5 - pcidss4: '8.3.7' srg: SRG-OS-000077-GPOS-00045 stigid@ol7: OL07-00-010270 stigid@ol8: OL08-00-020220 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml index 031ae0c708b..22fb4bda0e6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 nist@sle15: IA-5(1)(e),IA-5(1).1(v) pcidss: Req-8.2.5 - pcidss4: '8.3.7' srg: SRG-OS-000077-GPOS-00045 stigid@ol7: OL07-00-010270 stigid@ol8: OL08-00-020221 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml index cd53ced8fc1..3a23940ea7c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml @@ -40,7 +40,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 nist@sle15: IA-5(1)(e),IA-5(1).1(v) pcidss: Req-8.2.5 - pcidss4: "8.3.7" srg: SRG-OS-000077-GPOS-00045 stigid@sle15: SLES-15-020250 stigid@ubuntu2004: UBTU-20-010070 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml index 12b1e50a20f..26a40045386 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: PR.AC-7 ospp: FIA_AFL.1 pcidss: Req-8.1.6 - pcidss4: "8.3.4" srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 stigid@ol7: OL07-00-010320 stigid@ol8: OL08-00-020010,OL08-00-020011 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml index 42b6c0d2835..2b9fe475ba3 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml @@ -55,7 +55,6 @@ references: nist-csf: PR.AC-7 ospp: FIA_AFL.1 pcidss: Req-8.1.7 - pcidss4: "8.3.4" srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 stigid@ol7: OL07-00-010320 stigid@ol8: OL08-00-020014,OL08-00-020015 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml index 923ec836f0f..d68d6d3190d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml @@ -46,7 +46,6 @@ references: disa: CCI-000044 nist@sle12: AC-7(a) pcidss: Req-8.1.6 - pcidss4: "8.3.4" srg: SRG-OS-000021-GPOS-00005 stigid@sle12: SLES-12-010130 stigid@sle15: SLES-15-020010 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml index 87ab1f1fe4f..c20124b7404 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml @@ -32,7 +32,6 @@ references: nist-csf: PR.AC-7 ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.7 - pcidss4: "8.3.4" srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 ocil_clause: 'unlock_time is less than the expected value' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml index cf71d3539fc..972c2eba75d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml @@ -27,7 +27,6 @@ references: disa: CCI-000194 nist@sle12: IA-5(a),IA-5(v) pcidss: Req-8.2.3 - pcidss4: "8.3.6" srg: SRG-OS-000071-GPOS-00039 stigid@sle12: SLES-12-010170 stigid@sle15: SLES-15-020150 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml index e540fd31f44..1ffde434e25 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml @@ -29,7 +29,6 @@ references: nist@sle12: IA-5(a),IA-5(v) nist@sle15: IA-5(1)(a),IA-5(1).1(v) pcidss: Req-8.2.3 - pcidss4: "8.3.6" srg: SRG-OS-000070-GPOS-00038 stigid@sle12: SLES-12-010160 stigid@sle15: SLES-15-020140 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml index ebdd32dd5af..94cc54e44e6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-000205 nist@sle12: IA-5(1)(a) pcidss: Req-8.2.3 - pcidss4: "8.3.6" srg: SRG-OS-000078-GPOS-00046 stigid@sle12: SLES-12-010250 stigid@sle15: SLES-15-020260 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml index ae26b4b37db..c64de3eb65d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml @@ -24,7 +24,6 @@ references: disa: CCI-000366 nist@sle12: CM-6(b),CM-6.1 pcidss: Req-8.1.6,Req-8.1.7 - pcidss4: "8.3.4" srg: SRG-OS-000480-GPOS-00225 stigid@sle12: SLES-12-010320 stigid@sle15: SLES-15-020290 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml index 8748ff95a59..11a7b29a372 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml @@ -45,7 +45,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 ospp: FMT_SMF_EXT.1 pcidss: Req-8.2.3 - pcidss4: '8.3.6' srg: SRG-OS-000071-GPOS-00039 stigid@ol7: OL07-00-010140 stigid@ol8: OL08-00-020130 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml index c2036b86833..b500b331ede 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml @@ -45,7 +45,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 ospp: FMT_SMF_EXT.1 pcidss: Req-8.2.3 - pcidss4: '8.3.6' srg: SRG-OS-000070-GPOS-00038 stigid@ol7: OL07-00-010130 stigid@ol8: OL08-00-020120 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml index fd52b1c7c9d..7369e0a0765 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml @@ -45,7 +45,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 ospp: FMT_SMF_EXT.1 pcidss: Req-8.2.3 - pcidss4: '8.3.6' srg: SRG-OS-000078-GPOS-00046 stigid@ol7: OL07-00-010280 stigid@ol8: OL08-00-020230 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml index 55a11eeb697..fb1865b041e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml @@ -39,7 +39,6 @@ references: disa: CCI-000803 nist: IA-7,IA-7.1 pcidss: Req-8.2.1 - pcidss4: "8.3.2" srg: SRG-OS-000120-GPOS-00061 ocil_clause: 'it does not' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml index 6dd7943941f..c6ed463cd4d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml @@ -44,7 +44,6 @@ references: nist: IA-5(c),IA-5(1)(c),CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.2.1 - pcidss4: "8.3.2" srg: SRG-OS-000073-GPOS-00041 stigid@ol7: OL07-00-010220 stigid@rhel7: RHEL-07-010220 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml index 8f7845e4e45..45166cbeda4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml @@ -40,7 +40,6 @@ references: nist: IA-5(c),IA-5(1)(c),CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.2.1 - pcidss4: "8.3.2" srg: SRG-OS-000073-GPOS-00041 stigid@ol7: OL07-00-010210 stigid@ol8: OL08-00-010110 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml index 0cf1e09b65d..7fae090d474 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml @@ -62,7 +62,6 @@ references: nist: IA-5(c),IA-5(1)(c),CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.2.1 - pcidss4: "8.3.2" srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061 stigid@ol7: OL07-00-010200 stigid@ol8: OL08-00-010159 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml index 3db519ffc02..b82f7215d16 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml @@ -48,7 +48,6 @@ references: nist: IA-4(e),AC-2(3),CM-6(a) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7 pcidss: Req-8.1.4 - pcidss4: "8.2.6" srg: SRG-OS-000118-GPOS-00060 stigid@ol7: OL07-00-010310 stigid@ol8: OL08-00-020260 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml index 38f3436d603..6c4767341af 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml @@ -28,7 +28,6 @@ references: cjis: 5.5.2 disa: CCI-000770,CCI-000804 pcidss: Req-8.1.1 - pcidss4: "8.2.1" ocil_clause: 'a line is returned' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml index 76434116f66..cad3ab87e25 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml @@ -28,7 +28,6 @@ references: cis@ubuntu2004: 6.2.17 cis@ubuntu2204: 6.2.4 pcidss: Req-8.2.1 - pcidss4: 8.3.2 ocil_clause: 'shadow group is not empty' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml index 5353a4e9447..6ce7aa23e2d 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml @@ -24,7 +24,6 @@ references: disa: CCI-000135,CCI-000764,CCI-000804 nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1 pcidss: Req-8.1.1 - pcidss4: "8.2.1" srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020 stigid@ol8: OL08-00-020240 stigid@rhel8: RHEL-08-020240 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml index a13a58cc88d..2a992c0a3cf 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml @@ -22,7 +22,6 @@ references: cis@ubuntu2004: 6.2.14 cis@ubuntu2204: 6.2.6 disa: CCI-000764 - pcidss4: "8.2.1" srg: SRG-OS-000104-GPOS-00051 stigid@rhel9: RHEL-09-411110 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml index a0f19b0533a..f7b6f14ccb3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml @@ -20,7 +20,6 @@ references: cis@sle15: 6.2.17 cis@ubuntu2004: 6.2.16 cis@ubuntu2204: 6.2.8 - pcidss4: "8.2.1" ocil_clause: 'has duplicate group names' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml index da6f0264956..b3b1e61bd5f 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml @@ -48,7 +48,6 @@ references: nist: IA-5(f),IA-5(1)(d),CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.2.4 - pcidss4: '8.3.9' srg: SRG-OS-000076-GPOS-00044 stigid@ol7: OL07-00-010250 stigid@ol8: OL08-00-020200 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml index 3deceef48e3..62663dce2ac 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml @@ -31,7 +31,6 @@ references: cis@ubuntu2204: 5.5.1.2 disa: CCI-000199 nist: IA-5(f),IA-5(1)(d),CM-6(a) - pcidss4: '8.3.9' srg: SRG-OS-000076-GPOS-00044 stigid@ol7: OL07-00-010260 stigid@ol8: OL08-00-020210 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml index f4b4be18e10..55bbe1902ac 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml @@ -30,7 +30,6 @@ references: disa: CCI-000198 nist: IA-5(f),IA-5(1)(d),CM-6(a) nist@sle15: IA-5(1).1(v) - pcidss4: '8.3.9' ocil_clause: 'any results are returned that are not associated with a system account' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml index 5a69a9a82f4..06bd9323632 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml @@ -39,7 +39,6 @@ references: nist: IA-5(f),IA-5(1)(d),CM-6(a) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7 pcidss: Req-8.2.4 - pcidss4: "8.3.9" ocil_clause: 'it is not set to the required value' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml index f934b886d66..b5f65cd9113 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml @@ -34,7 +34,6 @@ references: nist: IA-4(e),AC-2(3),CM-6(a) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7 pcidss: Req-8.1.4 - pcidss4: '8.2.6' srg: SRG-OS-000118-GPOS-00060 ocil_clause: 'the value of INACTIVE is greater than the expected value or is -1' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml index f593046a232..9d0e198b8d4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml @@ -37,7 +37,6 @@ references: nist: IA-5(h),CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.2.1 - pcidss4: "8.3.2" # The rule check uses password probe, which doesn't support offline mode platform: machine diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml index 5add42f6341..b50c6a68819 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml @@ -25,7 +25,6 @@ references: cis@sle15: 5.4.1.6 cis@ubuntu2004: 5.4.1.5 cis@ubuntu2204: 5.5.1.5 - pcidss4: '8.3.5' ocil_clause: 'any interactive user password that has last change time in the future' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml index 5a3518235ae..9ebcb4f0805 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml @@ -34,7 +34,6 @@ references: nist: IA-2,CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.5.a - pcidss4: "8.2.2" srg: SRG-OS-000104-GPOS-00051 stigid@ol7: OL07-00-020300 stigid@rhel7: RHEL-07-020300 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml index 09f17eebeba..9b71b764952 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml @@ -49,7 +49,6 @@ references: nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5 ospp: FIA_UAU.1 pcidss: Req-8.2.3 - pcidss4: '8.3.1' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-010290 stigid@ol8: OL08-00-020331,OL08-00-020332 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml index a13fab629fe..73e4c6ed2f1 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml @@ -34,7 +34,6 @@ references: cis@ubuntu2204: 6.2.2 disa: CCI-000366 nist: CM-6(b),CM-6.1(iv) - pcidss4: '2.2.2' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-010291 stigid@ol8: OL08-00-010121 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml index 4dd38b1f26b..179c8197c5d 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml @@ -47,7 +47,6 @@ references: nist@sle12: CM-6(b),CM-6.1(iv) nist@sle15: CM-6(b),CM-6.1(iv) pcidss: Req-8.5 - pcidss4: '8.2.1' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020310 stigid@ol8: OL08-00-040200 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml index 50cffff79ca..b8420dd527f 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml @@ -23,7 +23,6 @@ references: cis@ubuntu2004: 5.4.3 cis@ubuntu2204: 5.5.3 pcidss: Req-8.1.1 - pcidss4: "8.2.1" ocil_clause: 'root has a primary gid not equal to zero' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml index 1d3ab46941b..e399f479ca4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml @@ -29,7 +29,6 @@ references: cis@sle15: '5.6' cis@ubuntu2004: '5.6' cis@ubuntu2204: 5.3.7 - pcidss4: '2.2.6' platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml index 0934d3ea3e3..61862a92554 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml @@ -24,7 +24,6 @@ platform: machine references: cis@ubuntu2004: 1.5.3 cis@ubuntu2204: 1.4.3 - pcidss4: '2.2.2' ocil: 'root password is not set' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml index 95c78513d83..861d620d0df 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml @@ -47,7 +47,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3 nist: IA-2,CM-6(a) nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 - pcidss4: "8.6.1" ocil_clause: 'the /etc/securetty file is not empty' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml index 8c437feb7a3..426dfffdc12 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml @@ -26,7 +26,6 @@ identifiers: references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: AC-6,CM-6(a) - pcidss4: '8.2.2' ocil_clause: 'system accounts are not locked' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml index d17e6afb12b..cb8b76335f6 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml @@ -42,7 +42,6 @@ references: iso27001-2013: A.12.4.1,A.12.4.3,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 nist: AC-6,CM-6(a),CM-6(b),CM-6.1(iv) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6 - pcidss4: '8.2.2' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-411035 stigid@sle12: SLES-12-010631 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml index f9309ea5343..cc0f9837f2e 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml @@ -38,7 +38,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: AC-6,CM-6(a) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "8.6.1" srg: SRG-OS-000324-GPOS-00125 ocil_clause: 'root login over virtual console devices is permitted' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml index 7b88d86d8ad..7ae02056973 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml @@ -28,7 +28,6 @@ references: cis@sle15: '5.6' cis@ubuntu2004: '5.6' cis@ubuntu2204: 5.3.7 - pcidss4: '2.2.6' platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index 113ed8e6189..3323dc141bf 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -61,7 +61,6 @@ references: nist-csf: PR.AC-7 nist@sle12: AC-11(a) ospp: FMT_MOF_EXT.1 - pcidss4: "8.6.1" srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010 stigid@ol7: OL07-00-040160 stigid@rhel7: RHEL-07-040160 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml index 5c94b370063..c0fac1867ef 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml @@ -56,7 +56,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml index 46160227083..375a6b2d844 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml @@ -56,7 +56,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml index 05e89f86b36..92a261948e3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml @@ -53,7 +53,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml index 79cb8b88e5f..53bb8475f71 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml @@ -53,7 +53,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml index ba1b714b349..20447db1cac 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml @@ -56,7 +56,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml index 58a16268ca4..026974ec826 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml @@ -53,7 +53,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index 97b9cddbed3..5eebdbba4b6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -70,7 +70,6 @@ references: nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index bf4d09f388d..1146b3c5728 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -65,7 +65,6 @@ references: nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml index 20d45d6490f..8bb85b0c830 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml @@ -56,7 +56,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml index f37fcb6c2d2..d1b4c259424 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -70,7 +70,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index 8f5ecb1d4f1..ae31b307988 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -65,7 +65,6 @@ references: nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index e321fa1b1e4..4311f965716 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -69,7 +69,6 @@ references: nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 6848e420eec..5d574ec4648 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -65,7 +65,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000466-GPOS-00210,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235 stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml index 594389ab3a1..b11d55b5a66 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml @@ -51,7 +51,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.7 - pcidss4: "10.2.1.7" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030361 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml index bf5d598fc0a..402d76d4939 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml @@ -48,7 +48,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.7 - pcidss4: "10.2.1.7" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030361 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml index 1ca39cd2151..cdd1ae2e396 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml @@ -47,7 +47,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.7 - pcidss4: "10.2.1.7" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030361 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml index ac14a20e471..25e465a76f4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml @@ -51,7 +51,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.7 - pcidss4: "10.2.1.7" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030361 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml index c29226f7f87..97886db4b47 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml @@ -48,7 +48,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.7 - pcidss4: "10.2.1.7" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030361 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index 608e0aab335..de686fe0e24 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -46,7 +46,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.3 - pcidss4: "10.2.1.3" srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275,SRG-APP-000506-CTR-001290 stigid@ol7: OL07-00-030610 stigid@ol8: OL08-00-030590 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index 307d05aad01..bdc6cc9b701 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -48,7 +48,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.3 - pcidss4: "10.2.1.3" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000470-GPOS-00214,SRG-APP-000495-CTR-001235,SRG-APP-000503-CTR-001275,SRG-APP-000506-CTR-001290 stigid@ol7: OL07-00-030620 stigid@ol8: OL08-00-030600 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml index db1dfdb13ee..b95d141e15e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml @@ -48,7 +48,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.3 - pcidss4: "10.2.1.3" srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275 stigid@rhel7: RHEL-07-030600 stigid@rhel9: RHEL-09-654260 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml index fc92ce87367..1234239bdf3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml @@ -49,7 +49,6 @@ references: nist: AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,ID.SC-4,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.5.2 - pcidss4: "10.3.2" srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000119-CTR-000245,SRG-APP-000120-CTR-000250 stigid@ol8: OL08-00-030121 stigid@rhel8: RHEL-08-030121 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml index ee70519c97b..f0f2927b785 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml @@ -44,7 +44,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.5.5 - pcidss4: "10.3.4" ocil_clause: 'the system is not configured to audit attempts to change the MAC policy' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml index d39349de6f0..765a8d29e02 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml @@ -48,7 +48,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.2.7 - pcidss4: "10.2.1.7" srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@ol7: OL07-00-030740 stigid@ol8: OL08-00-030302 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml index 6303f36ee55..63fbf9d7ffd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml @@ -64,7 +64,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.5.5 - pcidss4: "10.3.4" ocil_clause: 'the system is not configured to audit changes of the network configuration' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml index 4dfa644a782..b8653738381 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml @@ -52,6 +52,5 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.3 - pcidss4: "10.2.1.3" srg: SRG-APP-000505-CTR-001285 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml index 9973488bd93..0c03c2610a5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml @@ -52,7 +52,6 @@ references: cis@ubuntu2204: 4.1.3.2 disa: CCI-001814,CCI-001882,CCI-001889,CCI-001880,CCI-001881,CCI-001878,CCI-001879,CCI-001875,CCI-001877,CCI-001914,CCI-002233,CCI-002234 nist: CM-5(1),AU-7(a),AU-7(b),AU-8(b),AU-12(3),AC-6(9) - pcidss4: '10.2.1.2' srg: SRG-OS-000326-GPOS-00126,SRG-OS-000327-GPOS-00127,SRG-APP-000343-CTR-000780,SRG-APP-000381-CTR-000905 stigid@ol7: OL07-00-030360 stigid@ol8: OL08-00-030000 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml index afaa7ab2553..33a6bc9c580 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml @@ -49,7 +49,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a) ospp: FAU_GEN.1.1.c pcidss: Req-10.2.2,Req-10.2.5.b - pcidss4: '10.2.1.5' srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000026-CTR-000070,SRG-APP-000027-CTR-000075,SRG-APP-000028-CTR-000080,SRG-APP-000291-CTR-000675,SRG-APP-000292-CTR-000680,SRG-APP-000293-CTR-000685,SRG-APP-000294-CTR-000690,SRG-APP-000319-CTR-000745,SRG-APP-000320-CTR-000750,SRG-APP-000509-CTR-001305 stigid@ol7: OL07-00-030700 stigid@rhel7: RHEL-07-030700 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml index 8e723f095b6..35bcc0c52d3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.5 - pcidss4: "10.2.1.5" srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol7: OL07-00-030871 stigid@ol8: OL08-00-030170 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml index e82989dab64..bee9db8c1e3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.5 - pcidss4: "10.2.1.5" srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol7: OL07-00-030872 stigid@ol8: OL08-00-030160 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml index 31a097d1475..0f9eb176961 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml @@ -54,7 +54,6 @@ references: nist@sle15: AC-2(4).1(i&ii),AU-12.1(iv) ospp: FAU_GEN.1.1.c pcidss: Req-10.2.5 - pcidss4: "10.2.1.5" srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000503-CTR-001275 stigid@ol7: OL07-00-030874 stigid@ol8: OL08-00-030140 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml index dfb8aa5a5f1..dcf46cd9910 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.5 - pcidss4: "10.2.1.5" srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-OS-000274-GPOS-00104,SRG-OS-000275-GPOS-00105,SRG-OS-000276-GPOS-00106,SRG-OS-000277-GPOS-00107,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol7: OL07-00-030870 stigid@ol8: OL08-00-030150 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index 3c0d7f49712..d87af4112a2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -53,7 +53,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.2.5 - pcidss4: "10.2.1.5" srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol7: OL07-00-030873 stigid@ol8: OL08-00-030130 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml index 678f409d84d..5be73335924 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml @@ -49,7 +49,6 @@ references: cis@ubuntu2204: 4.1.3.3 disa: CCI-000172,CCI-002884 pcidss: Req-10.2.2,Req-10.2.5.b - pcidss4: '10.2.1.4' srg: SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215 stigid@ubuntu2004: UBTU-20-010244 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml index 519d4d053f1..5fcd1182c53 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml @@ -55,7 +55,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.4.2.b - pcidss4: "10.6.3" ocil_clause: 'the system is not configured to audit time changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml index ad397daa89a..6ccba7a3e8b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml @@ -53,7 +53,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.4.2.b - pcidss4: "10.6.3" ocil_clause: 'the system is not configured to audit time changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml index 70875007338..c7a4f2d2b0a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml @@ -55,7 +55,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.4.2.b - pcidss4: "10.6.3" ocil_clause: 'the system is not configured to audit time changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml index 0588660592e..8182a10698e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml @@ -62,7 +62,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.4.2.b - pcidss4: "10.6.3" ocil_clause: 'the system is not configured to audit time changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml index e339de4f749..9cc6e4fbc35 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml @@ -49,7 +49,6 @@ references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 pcidss: Req-10.4.2.b - pcidss4: "10.6.3,10.6.3" ocil_clause: 'the system is not configured to audit time changes' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml index a3215f3178f..ffcfbc5d9d4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml @@ -31,7 +31,6 @@ identifiers: references: nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a) ospp: FAU_GEN.1.1.c - pcidss4: "10.3.1" ocil_clause: "no line is returned" diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml index b85964c3970..869679c2a14 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml @@ -38,7 +38,6 @@ references: nist: CM-6(a),AC-6(1),AU-9(4) nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.5.1 - pcidss4: '10.3.2' srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030090 stigid@rhel8: RHEL-08-030090 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml index 8475c583ee0..b8d1c508b94 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml @@ -34,7 +34,6 @@ references: nist: CM-6(a),AC-6(1),AU-9(4) nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.5.1 - pcidss4: "10.3.2" srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000118-CTR-000240 stigid@ol7: OL07-00-910055 stigid@rhel7: RHEL-07-910055 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml index bd0b0662b63..0fb0f9e3766 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml @@ -47,7 +47,6 @@ references: nist: CM-6(a),AC-6(1),AU-9(4) nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.5 - pcidss4: "10.3.1" srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240 stigid@ol7: OL07-00-910055 stigid@ol8: OL08-00-030070 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml index d58488fe8da..2202642d266 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml @@ -38,7 +38,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.PT-1,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1.1.c pcidss: Req-10.5.3 - pcidss4: "10.3.3" srg: SRG-OS-000479-GPOS-00224,SRG-OS-000342-GPOS-00133 stigid@rhel9: RHEL-09-652035 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml index c5cf57021cc..ade03945fc9 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml @@ -47,7 +47,6 @@ references: nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.7 - pcidss4: "10.5.1" srg: SRG-OS-000343-GPOS-00134 stigid@rhel9: RHEL-09-653050 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml index 1a079ece7b5..ad161d87678 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml @@ -37,7 +37,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 nist@sle12: AU-5(1) pcidss: Req-10.7 - pcidss4: "10.5.1" srg: SRG-OS-000343-GPOS-00134 stigid@sle12: SLES-12-020030 stigid@sle15: SLES-15-030700 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml index 7d19c383e36..3335ad92989 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml @@ -53,7 +53,6 @@ references: nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.7 - pcidss4: "10.5.1" srg: SRG-OS-000343-GPOS-00134 stigid@ol7: OL07-00-030340 stigid@ol8: OL08-00-030731 diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml index afdb6e2263d..2fda8623220 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml @@ -42,7 +42,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4 ospp: FAU_GEN.1 pcidss: Req-10.3 - pcidss4: '10.7.3' srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095 stigid@ol8: OL08-00-030601 stigid@rhel8: RHEL-08-030601 diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml index bc980c7dbd5..40062061860 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml @@ -32,7 +32,6 @@ references: disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-001849,CCI-002884 nist: CM-6(a) ospp: FAU_STG.1,FAU_STG.3 - pcidss4: '10.7.2' srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030602 stigid@rhel8: RHEL-08-030602 diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml index 0dc13302051..8dc9b6468b8 100644 --- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml @@ -20,7 +20,6 @@ identifiers: references: ospp: FMT_SMF_EXT.1 - pcidss4: '10.3.3' srg: SRG-OS-000342-GPOS-00133 stigid@rhel9: RHEL-09-653130 diff --git a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml index 4b0d0affc0a..0a8e8663912 100644 --- a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml @@ -21,7 +21,6 @@ references: hipaa: 164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b) nist@sle12: AU-4(1) pcidss: Req-10.5.3 - pcidss4: "10.3.3" srg: SRG-OS-000342-GPOS-00133 stigid@sle12: SLES-12-020070 stigid@sle15: SLES-15-030670 diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml index a6e155fc53e..e305b5b54b6 100644 --- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml @@ -28,7 +28,6 @@ references: nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1) ospp: FAU_GEN.1 pcidss: Req-10.1 - pcidss4: "10.2.1" srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220 stigid@ol8: OL08-00-030180 stigid@rhel8: RHEL-08-030180 diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml index 58c751bbdbb..0bc8eb3feb2 100644 --- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml +++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml @@ -51,7 +51,6 @@ references: nist@sle12: AU-3,AU-3(1),AU-3(1).1(ii),AU-3.1,AU-6(4),AU-6(4).1,AU-7(1),AU-7(1).1,AU-7(a),AU-14(1),AU-14(1).1,CM-6(b),CM-6.1(iv),MA-4(1)(a) ospp: FAU_GEN.1 pcidss: Req-10.1 - pcidss4: "10.2.1" srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220,SRG-APP-000095-CTR-000170,SRG-APP-000409-CTR-000990,SRG-APP-000508-CTR-001300,SRG-APP-000510-CTR-001310 stigid@ol7: OL07-00-030000 stigid@ol8: OL08-00-030181 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index 47984f40194..c71e132ad02 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-7.1 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-212025 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml index 27aefe4a59c..7bb957b1c07 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-7.1 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 ocil_clause: '{{{ ocil_clause_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }}}' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index 2932a764aa9..ef88d3bc376 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-7.1 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-212030 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml index f61f5eb67c0..0995f1872ee 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-7.1 - pcidss4: '2.2.6' ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/user.cfg", owner="root") }}}' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml index 88654431603..5ca63cc2961 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml @@ -35,7 +35,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' ocil_clause: 'it does not' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml index 0f499a4cd29..3b9734c3227 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml @@ -29,7 +29,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_boot_path ~ "/user.cfg", perms="-rw-------") }}}' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml index 8505af61923..147a9e532de 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml @@ -49,7 +49,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-10.5.1,Req-10.5.2 - pcidss4: '10.3.2' ocil_clause: 'the group-owner is not correct' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml index abceb6f0a82..80183e5f259 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml @@ -63,7 +63,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-10.5.1,Req-10.5.2 - pcidss4: '10.3.2' ocil_clause: 'the owner is not correct' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml index 59a3efaf622..2ca3df575fa 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml @@ -36,7 +36,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: CM-6(a),AC-6(1) pcidss: Req-10.5.1,Req-10.5.2 - pcidss4: '10.3.1' ocil_clause: 'the permissions are not correct' diff --git a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml index 6c048112023..555492ed288 100644 --- a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml +++ b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml @@ -28,7 +28,6 @@ references: nist: CM-6(a) nist-csf: PR.PT-1 pcidss: Req-10.7 - pcidss4: '10.5.1' ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml index 7daa1fdd027..dc43eb78357 100644 --- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml +++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml @@ -38,7 +38,6 @@ references: nist: CM-6(a) nist-csf: PR.PT-1 pcidss: Req-10.7 - pcidss4: '10.5.1' ocil_clause: 'logrotate timer is not enabled' diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml index b0de9b55b64..8c233a96587 100644 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml @@ -37,7 +37,6 @@ references: nist-csf: PR.IP-1 nist@sle15: CM-7,CM-7.1(iii),CM-7(b),AC-17(1) ospp: FMT_SMF_EXT.1 - pcidss4: "1.2.1" srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232 stigid@ol7: OL07-00-040520 stigid@ol8: OL08-00-040101 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml index 99585778306..b7958bfcd65 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml @@ -46,7 +46,6 @@ references: iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 nist: AC-4,CM-7(b),CA-3(5),SC-7(21),CM-6(a) nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 - pcidss4: "1.3.1" srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115 stigid@ol7: OL07-00-040100 stigid@ol8: OL08-00-040030 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml index b71fbf8bae0..83acc2c5e01 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml @@ -19,7 +19,6 @@ identifiers: references: cis@sle15: 3.5.3.2.4,3.5.3.3.4 pcidss: Req-1.4 - pcidss4: '1.3.1,1.5.1' ocil_clause: 'Verify all open ports listening on non-localhost addresses have at least one firewall rule.' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml index bc248a4d71e..af18c87998b 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml @@ -33,7 +33,6 @@ identifiers: cce@rhel9: CCE-86137-7 references: - pcidss4: "1.4.1" ocil_clause: 'loopback traffic is not restricted' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml index dccb5e5f80e..6d4f54ec5fe 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@rhel9: CCE-86116-1 references: - pcidss4: "1.4.1" ocil_clause: 'loopback traffic is not trusted' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml index ebfd756c477..9df0c120881 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml @@ -42,7 +42,6 @@ references: nist-csf: PR.IP-1,PR.PT-3 ospp: FMT_MOF_EXT.1 pcidss: Req-1.4 - pcidss4: '1.3.1,1.5.1' srg: SRG-OS-000480-GPOS-00227 stigid@rhel7: RHEL-07-040810 stigid@rhel8: RHEL-08-040090 diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml index 6157a1f1b65..b331ec4376f 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml @@ -42,7 +42,6 @@ references: nerc-cip: CIP-003-8 R4,CIP-003-8 R5,CIP-004-6 R3 nist: AC-4,CM-7(b),CA-3(5),SC-7(21),CM-6(a) nist-csf: PR.IP-1,PR.PT-3 - pcidss4: "1.4.1" ocil_clause: 'the default policy for the INPUT chain is not set to DROP' diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml index 16c1c2426b0..0b732522102 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml @@ -29,7 +29,6 @@ references: cis@ubuntu2004: 3.5.3.3.2 cis@ubuntu2204: 3.5.3.3.2 pcidss: Req-1.3 - pcidss4: "1.4.1" warnings: - general: |- diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml index afd765829b1..70138e6da14 100644 --- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml +++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml @@ -30,7 +30,6 @@ references: cis@ubuntu2004: 3.5.3.2.2 cis@ubuntu2204: 3.5.3.2.2 pcidss: Req-1.3 - pcidss4: "1.4.1" warnings: - general: |- diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml index 94ccb8a9cf8..ca119d3dc06 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml @@ -40,7 +40,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),CM-6(b),CM-6.1(iv) nist-csf: DE.AE-1,ID.AM-3,PR.AC-5,PR.DS-5,PR.PT-4 pcidss: Req-1.4.3 - pcidss4: '1.4.2' srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040250 stigid@rhel8: RHEL-08-040250 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml index ea9f8fc55b5..caf7ec1e53d 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),SC-7(a) nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.PT-4 pcidss: Req-1.4.3 - pcidss4: '1.4.3' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040611 stigid@ol8: OL08-00-040285 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml index 9e258c455dc..c6b7678fac6 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml @@ -35,7 +35,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),SC-7(a) nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4 pcidss: Req-1.4.3 - pcidss4: '1.4.3' srg: SRG-OS-000480-GPOS-00227 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.secure_redirects", value="0") }}} diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml index dc74cd5e73e..7d0f9d4b6cb 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml @@ -39,7 +39,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),SC-7(a) nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4 pcidss: Req-1.4.3 - pcidss4: '1.4.3' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040640 stigid@ol8: OL08-00-040209 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml index 4fee7988b11..4417554fe08 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml @@ -39,7 +39,6 @@ references: nist: CM-7(a),CM-7(b),SC-5 nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4 pcidss: Req-1.4.3 - pcidss4: '1.4.2' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040630 stigid@ol8: OL08-00-040230 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml index 83218ee42ee..cc2e98ef0b9 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml @@ -34,7 +34,6 @@ references: nist: CM-7(a),CM-7(b),SC-5 nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3 pcidss: Req-1.4.3 - pcidss4: '1.4.2' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-253060 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml index 032caef99ec..06a75085311 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml @@ -39,7 +39,6 @@ references: nist: CM-7(a),CM-7(b),SC-5(1),SC-5(2),SC-5(3)(a),CM-6(a) nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.PT-4 pcidss: Req-1.4.1 - pcidss4: '1.4.3' srg: SRG-OS-000480-GPOS-00227,SRG-OS-000420-GPOS-00186,SRG-OS-000142-GPOS-00071 stigid@rhel9: RHEL-09-253010 stigid@sle12: SLES-12-030350 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml index 609a5796911..c39eac48b63 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml @@ -38,7 +38,6 @@ references: nerc-cip: CIP-007-3 R4,CIP-007-3 R4.1,CIP-007-3 R4.2,CIP-007-3 R5.1 nist: CM-7(a),CM-7(b),SC-5,CM-6(a),SC-7(a) nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4 - pcidss4: '1.4.5' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040660 stigid@ol8: OL08-00-040220 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml index 6b68ebabc19..6b360c28ad8 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml @@ -38,7 +38,6 @@ references: nerc-cip: CIP-007-3 R4,CIP-007-3 R4.1,CIP-007-3 R4.2,CIP-007-3 R5.1 nist: CM-7(a),CM-7(b),SC-5,CM-6(a),SC-7(a) nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4 - pcidss4: '1.4.5' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040650 stigid@ol8: OL08-00-040270 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml index 8040dc44469..ab8da70351d 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml @@ -37,7 +37,6 @@ references: nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4 nist@sle15: CM-6(b),CM-6.1(iv) pcidss: Req-1.3.1,Req-1.3.2 - pcidss4: '1.4.3' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040740 stigid@rhel7: RHEL-07-040740 diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml index 73943f83c0a..0dd58d347f0 100644 --- a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml +++ b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml @@ -24,7 +24,6 @@ references: cis@sle15: 3.5.2.8 cis@ubuntu2004: 3.5.2.8 cis@ubuntu2204: 3.5.2.8 - pcidss4: '1.3.1' ocil_clause: 'default policy is not set for nftables rules' diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml index 43923b93615..b6c0f0bef6d 100644 --- a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml +++ b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml @@ -27,7 +27,6 @@ references: cis@sle15: 3.5.2.1 cis@ubuntu2004: 3.5.2.1 cis@ubuntu2204: 3.5.2.1 - pcidss4: '1.2.1' ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml index 61800b809da..34a1e50700b 100644 --- a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml +++ b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml @@ -25,7 +25,6 @@ references: cis@sle15: 3.5.1.2 cis@ubuntu2004: 3.5.3.1.2 cis@ubuntu2204: 3.5.3.1.2 - pcidss4: "1.2.1" ocil_clause: |- {{{ ocil_clause_service_disabled(service="nftables") }}} diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml index 1424e8f8da4..34fe0539f7c 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml @@ -38,7 +38,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.IP-1,PR.PT-3 pcidss: Req-1.4.2 - pcidss4: "1.4.2" srg: SRG-OS-000096-GPOS-00050,SRG-OS-000378-GPOS-00163 stigid@ol7: OL07-00-020101 stigid@rhel7: RHEL-07-020101 diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml index 754077258c5..5096d776fc7 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml @@ -40,7 +40,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.IP-1,PR.PT-3 pcidss: Req-1.4.2 - pcidss4: "1.4.2" srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040023 stigid@rhel8: RHEL-08-040023 diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml index 637b5520559..578fe6fd6bf 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml @@ -55,7 +55,6 @@ references: nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4 nist@sle12: AC-18(1),SC-8 pcidss: Req-1.3.3 - pcidss4: '1.3.3,2.3' srg: SRG-OS-000299-GPOS-00117,SRG-OS-000300-GPOS-00118,SRG-OS-000424-GPOS-00188,SRG-OS-000481-GPOS-000481 stigid@ol7: OL07-00-041010 stigid@ol8: OL08-00-040110 diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml index beedd4e54cb..885f14bbec7 100644 --- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml +++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml @@ -39,7 +39,6 @@ references: cui: 3.1.16 ism: 0418,1055,1402 nist: AC-18(4),CM-6(a) - pcidss4: '1.2.8' ocil_clause: 'non-privileged users can modify or change network settings' diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml index 08e686c80cb..c07a805bbc5 100644 --- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml @@ -42,7 +42,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),CM-7(2),MA-3 nist-csf: DE.DP-5,ID.AM-1,PR.IP-1,PR.MA-1,PR.PT-3 nist@sle12: CM-6(b) - pcidss4: '1.4.5' srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040670 stigid@ol8: OL08-00-040330 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml index f4e5bc2a2ae..678ec9c123a 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml @@ -48,7 +48,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '2.2.6' srg: SRG-OS-000138-GPOS-00069 stigid@ol8: OL08-00-010190 stigid@rhel8: RHEL-08-010190 diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml index fa28982f37a..cf955e077ff 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml @@ -36,7 +36,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: "2.2.6" ocil_clause: 'there is output' diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml index 3f4a30d6bcd..b85feff1449 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml @@ -44,7 +44,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.18.1.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5,PR.PT-3 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020330 stigid@ol8: OL08-00-010790 diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml index 55f2bbb07eb..2be9e9a5a40 100644 --- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml @@ -43,7 +43,6 @@ references: iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.AC-6,PR.DS-5,PR.IP-1,PR.PT-3 - pcidss4: "2.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020320 stigid@ol8: OL08-00-010780 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml index 051e5876c89..a98e10e14b2 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232105 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml index 31120343e1b..3a3889923be 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml @@ -31,7 +31,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7 - pcidss4: "7.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232125 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml index 109592bf25b..5350ce285e3 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232145 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml index 6976b23b061..95dfd24a3f8 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml @@ -30,7 +30,6 @@ references: cis@ubuntu2004: 6.1.7 cis@ubuntu2204: 6.1.6 pcidss: Req-8.7 - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232165 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml index 19d6fa658f7..f83482995bc 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml @@ -32,7 +32,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232095 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml index 22ff0058762..aab598951d4 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml @@ -32,7 +32,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232135 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml index cd387b2e381..c46b30b6993 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml @@ -38,7 +38,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232155 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml index 45b372001c2..20077b28a4c 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232100 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml index 9eea3bd88fa..d02c9a0cd6f 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml @@ -25,7 +25,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7 - pcidss4: "7.2.6" srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232120 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml index 02dbc6b10d2..96e2f1027b8 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232140 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml index 3c307286939..827a1b6f949 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232160 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml index 1134fb66744..023c24b3efc 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232090 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml index 07cc30a9699..0e813ccabb9 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232130 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml index bc4fe7959b9..55c2001897d 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml @@ -36,7 +36,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232150 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml index 3e397232548..a6618623e35 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml @@ -27,7 +27,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232060 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml index 3118c1e6f93..fa9b1cda467 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml @@ -27,7 +27,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232080 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml index 565f0245089..d029a5d3569 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml @@ -35,7 +35,6 @@ references: disa: CCI-002223 nist: AC-6 (1) pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232085 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml index 84dd2a775b1..2f9c4cb97d0 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml @@ -34,7 +34,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232055 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml index 330c34bfd1a..30e0e4d22a6 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml @@ -36,7 +36,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232075 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml index ec264f4e898..87f6c260f63 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml @@ -45,7 +45,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c - pcidss4: '2.2.6' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-232270 diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml index be02278c915..ad4a197cfec 100644 --- a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml @@ -37,7 +37,6 @@ references: disa: CCI-001312 nist: SI-11(a),SI-11(b),SI-11.1(iii) nist-csf: PR.AC-4,PR.DS-5 - pcidss4: '10.3.1' srg: SRG-OS-000205-GPOS-00083 stigid@sle15: SLES-15-010340 stigid@ubuntu2004: UBTU-20-010416 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml index 1ae8f9d069b..51db2e94a71 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml @@ -40,7 +40,6 @@ references: iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.18.1.4,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 nist: CM-7(a),CM-7(b),CM-6(a),MP-7 nist-csf: PR.AC-1,PR.AC-3,PR.AC-6,PR.AC-7 - pcidss4: '3.4.2' srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227,SRG-APP-000141-CTR-000315 stigid@ol7: OL07-00-020100 stigid@ol8: OL08-00-040080 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml index 117cf17b532..8e6478a1066 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-6 ospp: FMT_SMF_EXT.1 pcidss: Req-3.2 - pcidss4: '3.3.1' srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010675 stigid@rhel8: RHEL-08-010675 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml index d00c15ccd90..654d1b0acd9 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-6 ospp: FMT_SMF_EXT.1 pcidss: Req-3.2 - pcidss4: '3.3.1' srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010674 stigid@rhel8: RHEL-08-010674 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml index 1babd37b333..83b76ed28f0 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml @@ -36,7 +36,6 @@ references: iso27001-2013: A.12.1.3,A.17.2.1 nist: CM-6,SC-7(10) nist-csf: DE.CM-1,PR.DS-4 - pcidss4: '3.3.1' srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010673 stigid@rhel8: RHEL-08-010673 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml index bec3fc32088..5a66c9530c5 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml @@ -27,7 +27,6 @@ references: cis@ubuntu2204: 1.5.4 hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e) nist: SI-11(a),SI-11(b) - pcidss4: '3.3.1' {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.suid_dumpable", value="0") }}} diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml index e932da894b6..dccda6d585e 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml @@ -33,7 +33,6 @@ references: nerc-cip: CIP-002-5 R1.1,CIP-002-5 R1.2,CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 4.1,CIP-004-6 4.2,CIP-004-6 R2.2.3,CIP-004-6 R2.2.4,CIP-004-6 R2.3,CIP-004-6 R4,CIP-005-6 R1,CIP-005-6 R1.1,CIP-005-6 R1.2,CIP-007-3 R3,CIP-007-3 R3.1,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.1.3,CIP-007-3 R5.2.1,CIP-007-3 R5.2.3,CIP-007-3 R8.4,CIP-009-6 R.1.1,CIP-009-6 R4 nist: SC-30,SC-30(2),CM-6(a) pcidss: Req-2.2.1 - pcidss4: '3.3.1' srg: SRG-OS-000433-GPOS-00193,SRG-OS-000480-GPOS-00227,SRG-APP-000450-CTR-001105 stigid@ol7: OL07-00-040201 stigid@ol8: OL08-00-010430 diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml index 0c078dd88c0..74f85aafdfa 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml @@ -35,7 +35,6 @@ references: iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 nist: SC-39,CM-6(a) nist-csf: PR.IP-1 - pcidss4: "2.2.1" srg: SRG-OS-000433-GPOS-00192,SRG-APP-000450-CTR-001105 stigid@ol8: OL08-00-010420 stigid@rhel8: RHEL-08-010420 diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml index ff1cd725f1b..a8624717ad0 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml @@ -38,7 +38,6 @@ references: iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 nist: CM-6(a) nist-csf: PR.IP-1 - pcidss4: "2.2.1" warnings: - hardware: |- diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml index abcf132fd2a..37ca6ba7a58 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-000366 nist: SC-7(10) ospp: FMT_SMF_EXT.1 - pcidss4: '3.3.1' srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010671 stigid@rhel8: RHEL-08-010671 diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml index b4d581d7d5c..4570d970ad9 100644 --- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml @@ -35,7 +35,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3 nist: AC-3,AC-3(3)(a) nist-csf: DE.AE-1,ID.AM-3,PR.AC-4,PR.AC-5,PR.AC-6,PR.DS-5,PR.PT-1,PR.PT-3,PR.PT-4 - pcidss4: '1.2.6' platform: grub2 diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml index d5ab3d6e185..232439dfcf1 100644 --- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@sle15: CCE-92490-2 references: - pcidss4: '1.2.6' ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml index a2b929732a8..d59d090adcb 100644 --- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml @@ -37,7 +37,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2 nist: CM-7(a),CM-7(b),CM-6(a),AC-3(3)(a),AC-6 nist-csf: PR.AC-4,PR.DS-5,PR.IP-1,PR.PT-1,PR.PT-3 - pcidss4: '1.2.6' ocil_clause: 'There are unconfined daemons running on the system' diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml index 445a9c0aa9b..d5cb03d9f15 100644 --- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml +++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml @@ -46,7 +46,6 @@ references: nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.2,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-004-6 R3.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5 nist: AC-3,AC-3(3)(a),AU-9,SC-7(21) nist-csf: DE.AE-1,ID.AM-3,PR.AC-4,PR.AC-5,PR.AC-6,PR.DS-5,PR.PT-1,PR.PT-3,PR.PT-4 - pcidss4: '1.2.6' srg: SRG-OS-000445-GPOS-00199,SRG-APP-000233-CTR-000585 stigid@ol7: OL07-00-020220 stigid@ol8: OL08-00-010450 diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml index d65589cf779..0531f9f0150 100644 --- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml @@ -31,7 +31,6 @@ references: cis@sle15: '1.10' hipaa: 164.308(a)(1)(ii)(B),164.308(a)(5)(ii)(A) pcidss: Req-6.2 - pcidss4: '8.2.8' srg: SRG-OS-000480-GPOS-00227 stigid@rhel9: RHEL-09-271090 stigid@sle12: SLES-12-010040 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml index 99bc0c87881..7743322648e 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml @@ -34,7 +34,6 @@ references: nist: CM-6(a),AC-6(1),CM-7(b) nist-csf: PR.IP-1 ospp: FIA_UAU.1 - pcidss4: '8.3.1' srg: SRG-OS-000480-GPOS-00229 stigid@ol7: OL07-00-010440 stigid@ol8: OL08-00-010820 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml index 455ad18e563..a014c8053ad 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),IA-2 nist-csf: PR.IP-1 ospp: FIA_UAU.1 - pcidss4: '8.3.1' srg: SRG-OS-000480-GPOS-00229 stigid@ol7: OL07-00-010450 stigid@rhel7: RHEL-07-010450 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml index d9541dd63c6..641b4aa3fdb 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml @@ -26,7 +26,6 @@ identifiers: references: disa: CCI-000366 nist: CM-6(b),CM-6.1(iv) - pcidss4: '8.3.1' srg: SRG-OS-000480-GPOS-00229 stigid@sle12: SLES-12-010380 stigid@sle15: SLES-15-040430 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml index 514485d99c0..16b727a34c5 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml @@ -41,7 +41,6 @@ references: iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.AC-6 - pcidss4: '3.4.2' srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020111 stigid@rhel7: RHEL-07-020111 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml index b2d604f2121..3ec633da2eb 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml @@ -42,7 +42,6 @@ references: iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1 nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.AC-6 - pcidss4: '3.4.2' srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020111 stigid@rhel7: RHEL-07-020111 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml index 04327029bdb..a3fa8f1b0db 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml @@ -50,7 +50,6 @@ references: nist-csf: PR.AC-7 ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000029-GPOS-00010 stigid@ol7: OL07-00-010100 stigid@rhel7: RHEL-07-010100 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml index 498dc4647f3..9f881a4f689 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml @@ -44,7 +44,6 @@ references: nist@sle15: AC-11(a),AC-11.1 (ii) ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012 stigid@ol7: OL07-00-010070 stigid@ol8: OL08-00-020060 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml index 2414cf76bcc..4638aa591b1 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml @@ -36,7 +36,6 @@ references: nist-csf: PR.AC-7 ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 - pcidss4: '8.2.8' srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012 stigid@ol7: OL07-00-010110 stigid@ol8: OL08-00-020031 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml index 7281b71929b..5bf03b57f98 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml @@ -52,7 +52,6 @@ references: nist@sle12: AC-11(b),AC-11(a),AC-11(1),AC-11(1).1,AC-11.1(iii),AC-11 ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011 stigid@ol7: OL07-00-010060 stigid@ol8: OL08-00-020030,OL08-00-020082 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml index 6cc58ceae10..6a6fca980d9 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml @@ -65,7 +65,6 @@ references: nist-csf: PR.AC-7 ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000031-GPOS-00012 stigid@rhel9: RHEL-09-271085 stigid@sle12: SLES-12-010100 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml index 81869ce795e..361dc9500a6 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml @@ -39,7 +39,6 @@ references: nist-csf: PR.AC-7 ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 - pcidss4: "8.2.8" srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012 stigid@ol7: OL07-00-010082 stigid@ol8: OL08-00-020081 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml index caac21abd14..009ff86b94e 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml @@ -64,7 +64,6 @@ references: nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1 nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3) ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1 - pcidss4: '2.2.7' srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml index f8c51cdbf7c..b3eb10fb75f 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml @@ -30,7 +30,6 @@ references: nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13 ospp: FCS_SSH_EXT.1,FCS_SSHS_EXT.1,FCS_SSHC_EXT.1 pcidss: Req-2.2 - pcidss4: '2.2.7' srg: SRG-OS-000250-GPOS-00093 stigid@ol8: OL08-00-010287 stigid@rhel8: RHEL-08-010287 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml index 6bdd197e9d8..30854edba95 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml @@ -56,7 +56,6 @@ references: nist: CM-6(a) nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3 pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000445-GPOS-00199 stigid@ol7: OL07-00-020029 stigid@ol8: OL08-00-010359 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml index ef6e164614c..fc22aa9a34d 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml @@ -37,7 +37,6 @@ references: nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3 nist@sle15: SI-6(d) pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201 stigid@ol7: OL07-00-020030 stigid@rhel7: RHEL-07-020030 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml index 9248e9068dd..001338c543b 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml @@ -57,7 +57,6 @@ references: nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3 nist@sle15: SI-6(d) pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201 stigid@ol7: OL07-00-020030 stigid@rhel7: RHEL-07-020030 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml index a3d9d828285..d5097308426 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a) nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3 pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000445-GPOS-00199 stigid@ol7: OL07-00-020029 stigid@ol8: OL08-00-010359 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml index 979532c1111..a2acae9724c 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml @@ -51,7 +51,6 @@ references: nist: CM-6(d),CM-6(c),SI-7,SI-7(1),SI-7(6),AU-9(3) nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-010020 stigid@rhel7: RHEL-07-010020 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml index d16dc022cc1..47646e3c81f 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml @@ -43,7 +43,6 @@ references: nist: CM-6(d),CM-6(c),SI-7,SI-7(1),SI-7(6),AU-9(3) nist-csf: PR.AC-4,PR.DS-5,PR.IP-1,PR.PT-1 pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000278-GPOS-00108 stigid@ol7: OL07-00-010010 stigid@rhel7: RHEL-07-010010 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml index a4e1dfd4af2..2a9626ae8de 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml @@ -49,7 +49,6 @@ references: nist: CM-6(d),CM-6(c),SI-7,SI-7(1),SI-7(6),AU-9(3),CM-6(a) nist-csf: PR.AC-4,PR.DS-5,PR.IP-1,PR.PT-1 pcidss: Req-11.5 - pcidss4: "11.5.2" srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099,SRG-OS-000278-GPOS-00108 stigid@ol7: OL07-00-010010 stigid@rhel7: RHEL-07-010010 diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml index cb1547e1493..b5970d6af8a 100644 --- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml @@ -30,7 +30,6 @@ references: ism: 1382,1384,1386 nist: CM-6(a) ospp: FMT_MOF_EXT.1 - pcidss4: '2.2.6' srg: SRG-OS-000324-GPOS-00125 stigid@rhel9: RHEL-09-432010 diff --git a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml index c9850746f48..2f739880bd8 100644 --- a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml @@ -28,7 +28,6 @@ references: cis@ubuntu2004: 1.3.2 cis@ubuntu2204: 5.3.2 pcidss: Req-10.2.5 - pcidss4: '2.2.6' ocil_clause: 'use_pty is not enabled in sudo' diff --git a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml index 228c6900ea1..ec5617631d0 100644 --- a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml @@ -25,7 +25,6 @@ references: cis@ubuntu2004: 1.3.3 cis@ubuntu2204: 5.3.3 pcidss: Req-10.2.5 - pcidss4: '2.2.6' ocil_clause: 'logfile is not enabled in sudo' diff --git a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml index 9e8d53d055a..009e15eab1f 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml @@ -35,7 +35,6 @@ references: iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 nist: IA-11,CM-6(a) nist-csf: PR.AC-1,PR.AC-7 - pcidss4: '2.2.6' srg: SRG-OS-000373-GPOS-00156 stigid@sle15: SLES-15-010450 stigid@ubuntu2004: UBTU-20-010014 diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml index 117fa7b2001..7397fbf08a1 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml @@ -33,7 +33,6 @@ references: cis@ubuntu2204: 5.3.6 disa: CCI-002038 nist: IA-11 - pcidss4: '2.2.6' srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158 stigid@ol7: OL07-00-010343 stigid@ol8: OL08-00-010384 diff --git a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml index 6afc07efd2d..15c0b81e41c 100644 --- a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@rhel9: CCE-86612-9 references: - pcidss4: '3.5.1.2' ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml index 24bc9b221f9..493a7e194b7 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml @@ -52,7 +52,6 @@ references: nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2 pcidss: Req-6.2 - pcidss4: "6.3.3" srg: SRG-OS-000366-GPOS-00153 stigid@ol7: OL07-00-020050 stigid@ol8: OL08-00-010370 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml index e51906ebbbf..092cae2e041 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml @@ -41,7 +41,6 @@ references: nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2 pcidss: Req-6.2 - pcidss4: "6.3.3" srg: SRG-OS-000366-GPOS-00153 stigid@ol8: OL08-00-010370 stigid@rhel8: RHEL-08-010370 diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml index b1b396aa052..8a0d94cc4df 100644 --- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml @@ -52,7 +52,6 @@ references: nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2 pcidss: Req-6.2 - pcidss4: '6.3.3' srg: SRG-OS-000366-GPOS-00153 stigid@rhel7: RHEL-07-010019 stigid@rhel8: RHEL-08-010019 diff --git a/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml index 84a37e42529..dc96d66758d 100644 --- a/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml @@ -52,7 +52,6 @@ references: nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2 pcidss: Req-6.2 - pcidss4: "6.3.3" srg: SRG-OS-000366-GPOS-00153 ocil_clause: 'the SUSE GPG Key is not installed' diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml index 8d30bfca29f..975805df1cf 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml @@ -57,7 +57,6 @@ references: nist-csf: ID.RA-1,PR.IP-12 ospp: FMT_MOF_EXT.1 pcidss: Req-6.2 - pcidss4: "6.3.3" srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020260 stigid@ol8: OL08-00-010010 From ac9647966dba4017e3e39295be900f61ef620945 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 15 Feb 2024 14:34:44 +0100 Subject: [PATCH 3/5] Use controls to generate RHEL 9 STIG references --- controls/stig_rhel9.yml | 2 ++ linux_os/guide/services/base/service_kdump_disabled/rule.yml | 1 - .../guide/services/cron_and_at/file_groupowner_cron_d/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_daily/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_deny/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_hourly/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_monthly/rule.yml | 1 - .../services/cron_and_at/file_groupowner_cron_weekly/rule.yml | 1 - .../services/cron_and_at/file_groupowner_crontab/rule.yml | 1 - linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_daily/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_deny/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_hourly/rule.yml | 1 - .../services/cron_and_at/file_owner_cron_monthly/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_cron_weekly/rule.yml | 1 - .../guide/services/cron_and_at/file_owner_crontab/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_d/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_daily/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_hourly/rule.yml | 1 - .../cron_and_at/file_permissions_cron_monthly/rule.yml | 1 - .../services/cron_and_at/file_permissions_cron_weekly/rule.yml | 1 - .../services/cron_and_at/file_permissions_crontab/rule.yml | 1 - .../services/fapolicyd/package_fapolicyd_installed/rule.yml | 1 - .../services/fapolicyd/service_fapolicyd_enabled/rule.yml | 1 - .../ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml | 1 - .../http/securing_httpd/httpd_configure_log_format/rule.yml | 1 - .../httpd_configure_max_keepalive_requests/rule.yml | 1 - .../httpd_antivirus_scan_uploads/rule.yml | 3 --- .../httpd_configure_firewall/rule.yml | 3 --- .../httpd_configure_remote_session_encryption/rule.yml | 3 --- .../http_configure_log_file_ownership/rule.yml | 3 --- .../httpd_configure_perl_taint/rule.yml | 1 - .../httpd_anonymous_content_sharing/rule.yml | 1 - .../httpd_configure_script_permissions/rule.yml | 1 - .../httpd_disable_anonymous_ftp_access/rule.yml | 1 - .../httpd_ignore_htaccess_files/rule.yml | 1 - .../http/securing_httpd/httpd_disable_mime_types/rule.yml | 1 - .../http/securing_httpd/httpd_enable_error_logging/rule.yml | 1 - .../http/securing_httpd/httpd_enable_loglevel/rule.yml | 1 - .../http/securing_httpd/httpd_enable_system_logging/rule.yml | 1 - .../http/securing_httpd/httpd_entrust_passwords/rule.yml | 1 - .../httpd_core_modules/httpd_enable_log_config/rule.yml | 1 - .../httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml | 1 - .../httpd_configure_valid_server_cert/rule.yml | 1 - .../httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml | 1 - .../http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml | 1 - .../http/securing_httpd/httpd_no_compilers_in_prod/rule.yml | 1 - .../httpd_private_server_on_separate_subnet/rule.yml | 1 - .../securing_httpd/httpd_public_resources_not_shared/rule.yml | 1 - .../services/http/securing_httpd/httpd_remove_backups/rule.yml | 1 - .../httpd_secure_content/httpd_configure_banner_page/rule.yml | 1 - .../httpd_secure_content/httpd_configure_documentroot/rule.yml | 1 - .../httpd_disable_content_symlinks/rule.yml | 1 - .../httpd_secure_content/httpd_encrypt_file_uploads/rule.yml | 1 - .../httpd_secure_content/httpd_limit_java_files/rule.yml | 1 - .../httpd_secure_content/httpd_remove_robots_file/rule.yml | 1 - .../httpd_secure_content/partition_for_web_content/rule.yml | 1 - .../services/kerberos/kerberos_disable_no_keytab/rule.yml | 1 - linux_os/guide/services/mail/package_s-nail_installed/rule.yml | 1 - linux_os/guide/services/mail/package_sendmail_removed/rule.yml | 1 - .../postfix_client_configure_mail_alias/rule.yml | 1 - .../postfix_client_configure_mail_alias_postmaster/rule.yml | 1 - .../postfix_prevent_unrestricted_relay/rule.yml | 1 - .../mount_option_krb_sec_remote_filesystems/rule.yml | 1 - .../mount_option_nodev_remote_filesystems/rule.yml | 1 - .../mount_option_noexec_remote_filesystems/rule.yml | 1 - .../mount_option_nosuid_remote_filesystems/rule.yml | 1 - .../services/nfs_and_rpc/package_nfs-utils_removed/rule.yml | 1 - linux_os/guide/services/ntp/chronyd_client_only/rule.yml | 1 - .../guide/services/ntp/chronyd_no_chronyc_network/rule.yml | 1 - .../guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml | 1 - linux_os/guide/services/ntp/chronyd_server_directive/rule.yml | 1 - .../guide/services/ntp/chronyd_specify_remote_server/rule.yml | 1 - linux_os/guide/services/ntp/package_chrony_installed/rule.yml | 1 - linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml | 1 - .../services/obsolete/nis/package_ypserv_removed/rule.yml | 1 - .../services/obsolete/r_services/no_host_based_files/rule.yml | 1 - .../obsolete/r_services/no_user_host_based_files/rule.yml | 1 - .../obsolete/r_services/package_rsh-server_removed/rule.yml | 1 - .../obsolete/telnet/package_telnet-server_removed/rule.yml | 1 - .../obsolete/tftp/package_tftp-server_removed/rule.yml | 1 - .../services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml | 1 - linux_os/guide/services/rng/service_rngd_enabled/rule.yml | 1 - .../routing/disabling_quagga/package_quagga_removed/rule.yml | 1 - .../guide/services/ssh/file_groupowner_sshd_config/rule.yml | 1 - linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml | 1 - .../guide/services/ssh/file_permissions_sshd_config/rule.yml | 1 - .../services/ssh/file_permissions_sshd_private_key/rule.yml | 1 - .../guide/services/ssh/file_permissions_sshd_pub_key/rule.yml | 1 - .../services/ssh/package_openssh-clients_installed/rule.yml | 1 - .../services/ssh/package_openssh-server_installed/rule.yml | 1 - linux_os/guide/services/ssh/service_sshd_enabled/rule.yml | 1 - .../ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml | 1 - .../guide/services/ssh/ssh_server/disable_host_auth/rule.yml | 1 - .../ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_compression/rule.yml | 1 - .../ssh/ssh_server/sshd_disable_empty_passwords/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml | 1 - .../services/ssh/ssh_server/sshd_disable_root_login/rule.yml | 1 - .../ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml | 1 - .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml | 1 - .../ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml | 1 - .../services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml | 1 - .../services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml | 1 - .../ssh/ssh_server/sshd_enable_warning_banner/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml | 1 - .../services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml | 1 - .../guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml | 1 - .../services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml | 1 - .../services/ssh/ssh_server/sshd_use_priv_separation/rule.yml | 1 - .../services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml | 1 - .../guide/services/sssd/sssd_certificate_verification/rule.yml | 1 - linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml | 1 - linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml | 1 - linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml | 1 - .../guide/services/sssd/sssd_offline_cred_expiration/rule.yml | 1 - .../services/usbguard/configure_usbguard_auditbackend/rule.yml | 1 - .../services/usbguard/package_usbguard_installed/rule.yml | 1 - .../guide/services/usbguard/service_usbguard_enabled/rule.yml | 1 - .../guide/services/usbguard/usbguard_generate_policy/rule.yml | 1 - .../disabling_xwindows/xwindows_remove_packages/rule.yml | 1 - .../disabling_xwindows/xwindows_runlevel_target/rule.yml | 1 - .../system/accounts/accounts-banners/banner_etc_issue/rule.yml | 1 - .../gui_login_banner/dconf_gnome_banner_enabled/rule.yml | 1 - .../accounts-pam/disallow_bypass_password_sudo/rule.yml | 1 - .../accounts/accounts-pam/display_login_attempts/rule.yml | 1 - .../account_password_pam_faillock_password_auth/rule.yml | 1 - .../account_password_pam_faillock_system_auth/rule.yml | 1 - .../account_password_selinux_faillock_dir/rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../accounts_passwords_pam_faillock_audit/rule.yml | 1 - .../accounts_passwords_pam_faillock_deny/rule.yml | 1 - .../accounts_passwords_pam_faillock_deny_root/rule.yml | 1 - .../accounts_passwords_pam_faillock_dir/rule.yml | 1 - .../accounts_passwords_pam_faillock_interval/rule.yml | 1 - .../accounts_passwords_pam_faillock_unlock_time/rule.yml | 1 - .../accounts_password_pam_dcredit/rule.yml | 1 - .../accounts_password_pam_dictcheck/rule.yml | 1 - .../accounts_password_pam_difok/rule.yml | 1 - .../accounts_password_pam_enforce_root/rule.yml | 1 - .../accounts_password_pam_lcredit/rule.yml | 1 - .../accounts_password_pam_maxclassrepeat/rule.yml | 1 - .../accounts_password_pam_maxrepeat/rule.yml | 1 - .../accounts_password_pam_minclass/rule.yml | 1 - .../accounts_password_pam_minlen/rule.yml | 1 - .../accounts_password_pam_ocredit/rule.yml | 1 - .../accounts_password_pam_pwquality_password_auth/rule.yml | 1 - .../accounts_password_pam_pwquality_system_auth/rule.yml | 1 - .../accounts_password_pam_retry/rule.yml | 1 - .../accounts_password_pam_ucredit/rule.yml | 1 - .../set_password_hashing_algorithm_libuserconf/rule.yml | 1 - .../set_password_hashing_algorithm_logindefs/rule.yml | 1 - .../set_password_hashing_algorithm_passwordauth/rule.yml | 1 - .../set_password_hashing_min_rounds_logindefs/rule.yml | 1 - .../accounts-physical/disable_ctrlaltdel_burstaction/rule.yml | 1 - .../accounts-physical/disable_ctrlaltdel_reboot/rule.yml | 1 - .../accounts-physical/grub2_disable_interactive_boot/rule.yml | 1 - .../accounts/accounts-physical/logind_session_timeout/rule.yml | 1 - .../accounts-physical/require_emergency_target_auth/rule.yml | 1 - .../accounts-physical/require_singleuser_auth/rule.yml | 1 - .../console_screen_locking/configure_bashrc_tmux/rule.yml | 1 - .../configure_tmux_lock_after_time/rule.yml | 1 - .../configure_tmux_lock_command/rule.yml | 1 - .../configure_tmux_lock_keybinding/rule.yml | 1 - .../console_screen_locking/no_tmux_in_shells/rule.yml | 1 - .../console_screen_locking/package_tmux_installed/rule.yml | 1 - .../smart_card_login/configure_opensc_card_drivers/rule.yml | 1 - .../smart_card_login/install_smartcard_packages/rule.yml | 1 - .../smart_card_login/package_opensc_installed/rule.yml | 1 - .../smart_card_login/package_pcsc-lite_installed/rule.yml | 1 - .../smart_card_login/service_pcscd_enabled/rule.yml | 1 - .../accounts-physical/service_debug-shell_disabled/rule.yml | 1 - .../account_disable_post_pw_expiration/rule.yml | 1 - .../account_expiration/account_temp_expire_date/rule.yml | 1 - .../accounts/accounts-restrictions/account_unique_id/rule.yml | 1 - .../accounts_authorized_local_users/rule.yml | 1 - .../accounts/accounts-restrictions/group_unique_id/rule.yml | 1 - .../accounts_maximum_age_login_defs/rule.yml | 1 - .../accounts_minimum_age_login_defs/rule.yml | 1 - .../accounts_password_minlen_login_defs/rule.yml | 1 - .../accounts_password_set_max_life_existing/rule.yml | 1 - .../accounts_password_set_min_life_existing/rule.yml | 1 - .../accounts_password_all_shadowed_sha512/rule.yml | 1 - .../accounts_password_pam_unix_rounds_password_auth/rule.yml | 1 - .../accounts_password_pam_unix_rounds_system_auth/rule.yml | 1 - .../password_storage/gid_passwd_group_same/rule.yml | 1 - .../password_storage/no_empty_passwords/rule.yml | 1 - .../password_storage/no_empty_passwords_etc_shadow/rule.yml | 1 - .../root_logins/accounts_no_uid_except_zero/rule.yml | 1 - .../root_logins/no_shelllogin_for_systemaccounts/rule.yml | 1 - .../root_logins/use_pam_wheel_for_su/rule.yml | 1 - .../accounts-session/accounts_have_homedir_login_defs/rule.yml | 1 - .../accounts-session/accounts_logon_fail_delay/rule.yml | 1 - .../accounts_max_concurrent_login_sessions/rule.yml | 1 - .../system/accounts/accounts-session/accounts_tmout/rule.yml | 1 - .../accounts_user_dot_no_world_writable_programs/rule.yml | 1 - .../accounts-session/accounts_user_home_paths_only/rule.yml | 1 - .../accounts_user_interactive_home_directory_defined/rule.yml | 1 - .../accounts_user_interactive_home_directory_exists/rule.yml | 1 - .../file_groupownership_home_directories/rule.yml | 1 - .../accounts-session/file_permission_user_init_files/rule.yml | 1 - .../file_permissions_home_directories/rule.yml | 1 - .../user_umask/accounts_umask_etc_bashrc/rule.yml | 1 - .../user_umask/accounts_umask_etc_csh_cshrc/rule.yml | 1 - .../user_umask/accounts_umask_etc_login_defs/rule.yml | 1 - .../user_umask/accounts_umask_etc_profile/rule.yml | 1 - .../user_umask/accounts_umask_interactive_users/rule.yml | 1 - .../audit_rules_dac_modification_chmod/rule.yml | 1 - .../audit_rules_dac_modification_chown/rule.yml | 1 - .../audit_rules_dac_modification_fchmod/rule.yml | 1 - .../audit_rules_dac_modification_fchmodat/rule.yml | 1 - .../audit_rules_dac_modification_fchown/rule.yml | 1 - .../audit_rules_dac_modification_fchownat/rule.yml | 1 - .../audit_rules_dac_modification_fremovexattr/rule.yml | 1 - .../audit_rules_dac_modification_fsetxattr/rule.yml | 1 - .../audit_rules_dac_modification_lchown/rule.yml | 1 - .../audit_rules_dac_modification_lremovexattr/rule.yml | 1 - .../audit_rules_dac_modification_lsetxattr/rule.yml | 1 - .../audit_rules_dac_modification_removexattr/rule.yml | 1 - .../audit_rules_dac_modification_setxattr/rule.yml | 1 - .../audit_rules_dac_modification_umount/rule.yml | 1 - .../audit_rules_dac_modification_umount2/rule.yml | 1 - .../audit_rules_execution_chacl/rule.yml | 1 - .../audit_rules_execution_setfacl/rule.yml | 1 - .../audit_rules_execution_chcon/rule.yml | 1 - .../audit_rules_execution_semanage/rule.yml | 1 - .../audit_rules_execution_setfiles/rule.yml | 1 - .../audit_rules_execution_setsebool/rule.yml | 1 - .../audit_rules_file_deletion_events_rename/rule.yml | 1 - .../audit_rules_file_deletion_events_renameat/rule.yml | 1 - .../audit_rules_file_deletion_events_rmdir/rule.yml | 1 - .../audit_rules_file_deletion_events_unlink/rule.yml | 1 - .../audit_rules_file_deletion_events_unlinkat/rule.yml | 1 - .../audit_rules_unsuccessful_file_modification_creat/rule.yml | 1 - .../rule.yml | 1 - .../audit_rules_unsuccessful_file_modification_open/rule.yml | 1 - .../rule.yml | 1 - .../audit_rules_unsuccessful_file_modification_openat/rule.yml | 1 - .../rule.yml | 1 - .../audit_rules_kernel_module_loading_delete/rule.yml | 1 - .../audit_rules_kernel_module_loading_finit/rule.yml | 1 - .../audit_rules_kernel_module_loading_init/rule.yml | 1 - .../audit_rules_login_events_faillock/rule.yml | 1 - .../audit_rules_login_events_lastlog/rule.yml | 1 - .../audit_rules_login_events_tallylog/rule.yml | 1 - .../audit_privileged_commands_init/rule.yml | 1 - .../audit_privileged_commands_poweroff/rule.yml | 1 - .../audit_privileged_commands_reboot/rule.yml | 1 - .../audit_privileged_commands_shutdown/rule.yml | 1 - .../audit_rules_privileged_commands_chage/rule.yml | 1 - .../audit_rules_privileged_commands_chsh/rule.yml | 1 - .../audit_rules_privileged_commands_crontab/rule.yml | 1 - .../audit_rules_privileged_commands_gpasswd/rule.yml | 1 - .../audit_rules_privileged_commands_kmod/rule.yml | 1 - .../audit_rules_privileged_commands_mount/rule.yml | 1 - .../audit_rules_privileged_commands_newgrp/rule.yml | 1 - .../rule.yml | 1 - .../audit_rules_privileged_commands_passwd/rule.yml | 1 - .../audit_rules_privileged_commands_postdrop/rule.yml | 1 - .../audit_rules_privileged_commands_postqueue/rule.yml | 1 - .../audit_rules_privileged_commands_ssh_agent/rule.yml | 1 - .../audit_rules_privileged_commands_ssh_keysign/rule.yml | 1 - .../audit_rules_privileged_commands_su/rule.yml | 1 - .../audit_rules_privileged_commands_sudo/rule.yml | 1 - .../audit_rules_privileged_commands_sudoedit/rule.yml | 1 - .../audit_rules_privileged_commands_umount/rule.yml | 1 - .../audit_rules_privileged_commands_unix_chkpwd/rule.yml | 1 - .../audit_rules_privileged_commands_unix_update/rule.yml | 1 - .../audit_rules_privileged_commands_userhelper/rule.yml | 1 - .../audit_rules_privileged_commands_usermod/rule.yml | 1 - .../auditd_configure_rules/audit_rules_immutable/rule.yml | 1 - .../audit_rules_immutable_login_uids/rule.yml | 1 - .../auditd_configure_rules/audit_rules_sudoers/rule.yml | 1 - .../auditd_configure_rules/audit_rules_sudoers_d/rule.yml | 1 - .../audit_rules_suid_privilege_function/rule.yml | 1 - .../audit_rules_system_shutdown/rule.yml | 1 - .../audit_rules_usergroup_modification_group/rule.yml | 1 - .../audit_rules_usergroup_modification_gshadow/rule.yml | 1 - .../audit_rules_usergroup_modification_opasswd/rule.yml | 1 - .../audit_rules_usergroup_modification_passwd/rule.yml | 1 - .../audit_rules_usergroup_modification_shadow/rule.yml | 1 - .../directory_group_ownership_var_log_audit/rule.yml | 1 - .../directory_ownership_var_log_audit/rule.yml | 1 - .../file_permissions_var_log_audit/rule.yml | 1 - .../rule.yml | 1 - .../auditd_audispd_syslog_plugin_activated/rule.yml | 1 - .../auditd_data_disk_error_action_stig/rule.yml | 1 - .../auditd_data_disk_full_action_stig/rule.yml | 1 - .../auditd_data_retention_action_mail_acct/rule.yml | 1 - .../auditd_data_retention_admin_space_left_action/rule.yml | 1 - .../auditd_data_retention_admin_space_left_percentage/rule.yml | 1 - .../auditd_data_retention_max_log_file_action_stig/rule.yml | 1 - .../auditd_data_retention_space_left_action/rule.yml | 1 - .../auditd_data_retention_space_left_percentage/rule.yml | 1 - .../configure_auditd_data_retention/auditd_freq/rule.yml | 1 - .../auditd_local_events/rule.yml | 1 - .../configure_auditd_data_retention/auditd_log_format/rule.yml | 1 - .../auditd_name_format/rule.yml | 1 - .../auditd_overflow_action/rule.yml | 1 - .../configure_auditd_data_retention/auditd_write_logs/rule.yml | 1 - linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 1 - .../auditing/grub2_audit_backlog_limit_argument/rule.yml | 1 - .../system/auditing/package_audispd-plugins_installed/rule.yml | 1 - .../guide/system/auditing/package_audit_installed/rule.yml | 1 - linux_os/guide/system/auditing/service_auditd_enabled/rule.yml | 1 - .../guide/system/bootloader-grub2/grub2_pti_argument/rule.yml | 1 - .../system/bootloader-grub2/grub2_vsyscall_argument/rule.yml | 1 - .../non-uefi/file_groupowner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 1 - .../bootloader-grub2/non-uefi/grub2_admin_username/rule.yml | 1 - .../system/bootloader-grub2/non-uefi/grub2_password/rule.yml | 1 - .../rsyslog_cron_logging/rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml | 1 - .../rsyslog_remote_access_monitoring/rule.yml | 1 - .../logging/journald/service_systemd-journald_enabled/rule.yml | 1 - .../system/logging/package_rsyslog-gnutls_installed/rule.yml | 1 - .../guide/system/logging/package_rsyslog_installed/rule.yml | 1 - .../rsyslog_nolisten/rule.yml | 1 - .../rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml | 1 - linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml | 1 - .../network/network-firewalld/firewalld-backend/rule.yml | 1 - .../firewalld_activation/package_firewalld_installed/rule.yml | 1 - .../firewalld_activation/service_firewalld_enabled/rule.yml | 1 - .../ruleset_modifications/configure_firewalld_ports/rule.yml | 1 - .../configured_firewalld_default_deny/rule.yml | 1 - .../network/network-ipsec/libreswan_approved_tunnels/rule.yml | 1 - .../network/network-ipsec/package_libreswan_installed/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_accept_ra/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv6_conf_all_forwarding/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_ra/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv6_conf_default_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_forwarding/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_log_martians/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_rp_filter/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_accept_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_accept_source_route/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_log_martians/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_rp_filter/rule.yml | 1 - .../sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml | 1 - .../sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml | 1 - .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 1 - .../sysctl_net_ipv4_conf_all_send_redirects/rule.yml | 1 - .../sysctl_net_ipv4_conf_default_send_redirects/rule.yml | 1 - .../network-uncommon/kernel_module_atm_disabled/rule.yml | 1 - .../network-uncommon/kernel_module_can_disabled/rule.yml | 1 - .../kernel_module_firewire-core_disabled/rule.yml | 1 - .../network-uncommon/kernel_module_sctp_disabled/rule.yml | 1 - .../network-uncommon/kernel_module_tipc_disabled/rule.yml | 1 - .../kernel_module_bluetooth_disabled/rule.yml | 1 - .../wireless_software/wireless_disable_interfaces/rule.yml | 1 - .../system/network/network_configure_name_resolution/rule.yml | 1 - .../guide/system/network/network_sniffer_disabled/rule.yml | 1 - .../network/networkmanager/networkmanager_dns_mode/rule.yml | 1 - .../files/dir_perms_world_writable_root_owned/rule.yml | 1 - .../files/dir_perms_world_writable_sticky_bits/rule.yml | 1 - .../files/file_permissions_etc_audit_auditd/rule.yml | 1 - .../files/file_permissions_etc_audit_rulesd/rule.yml | 1 - .../permissions/files/file_permissions_ungroupowned/rule.yml | 1 - .../system/permissions/files/no_files_unowned_by_user/rule.yml | 1 - .../file_groupowner_backup_etc_group/rule.yml | 1 - .../file_groupowner_backup_etc_gshadow/rule.yml | 1 - .../file_groupowner_backup_etc_passwd/rule.yml | 1 - .../file_groupowner_backup_etc_shadow/rule.yml | 1 - .../file_groupowner_etc_group/rule.yml | 1 - .../file_groupowner_etc_gshadow/rule.yml | 1 - .../file_groupowner_etc_passwd/rule.yml | 1 - .../file_groupowner_etc_shadow/rule.yml | 1 - .../file_owner_backup_etc_group/rule.yml | 1 - .../file_owner_backup_etc_gshadow/rule.yml | 1 - .../file_owner_backup_etc_passwd/rule.yml | 1 - .../file_owner_backup_etc_shadow/rule.yml | 1 - .../file_owner_etc_group/rule.yml | 1 - .../file_owner_etc_gshadow/rule.yml | 1 - .../file_owner_etc_passwd/rule.yml | 1 - .../file_owner_etc_shadow/rule.yml | 1 - .../file_permissions_backup_etc_group/rule.yml | 1 - .../file_permissions_backup_etc_gshadow/rule.yml | 1 - .../file_permissions_backup_etc_passwd/rule.yml | 1 - .../file_permissions_backup_etc_shadow/rule.yml | 1 - .../file_permissions_etc_group/rule.yml | 1 - .../file_permissions_etc_gshadow/rule.yml | 1 - .../file_permissions_etc_passwd/rule.yml | 1 - .../file_permissions_etc_shadow/rule.yml | 1 - .../permissions_var_log_dir/file_groupowner_var_log/rule.yml | 1 - .../file_groupowner_var_log_messages/rule.yml | 1 - .../files/permissions_var_log_dir/file_owner_var_log/rule.yml | 1 - .../file_owner_var_log_messages/rule.yml | 1 - .../permissions_var_log_dir/file_permissions_var_log/rule.yml | 1 - .../file_permissions_var_log_messages/rule.yml | 1 - .../dir_group_ownership_library_dirs/rule.yml | 1 - .../dir_ownership_library_dirs/rule.yml | 1 - .../dir_permissions_library_dirs/rule.yml | 1 - .../file_groupownership_system_commands_dirs/rule.yml | 1 - .../file_ownership_binary_dirs/rule.yml | 1 - .../file_ownership_library_dirs/rule.yml | 1 - .../file_permissions_binary_dirs/rule.yml | 1 - .../file_permissions_library_dirs/rule.yml | 1 - .../root_permissions_syslibrary_files/rule.yml | 1 - .../permissions/files/sysctl_fs_protected_hardlinks/rule.yml | 1 - .../permissions/files/sysctl_fs_protected_symlinks/rule.yml | 1 - .../mounting/kernel_module_cramfs_disabled/rule.yml | 1 - .../mounting/kernel_module_usb-storage_disabled/rule.yml | 1 - .../permissions/mounting/service_autofs_disabled/rule.yml | 1 - .../partitions/mount_option_boot_efi_nosuid/rule.yml | 1 - .../permissions/partitions/mount_option_boot_nodev/rule.yml | 1 - .../permissions/partitions/mount_option_boot_nosuid/rule.yml | 1 - .../permissions/partitions/mount_option_dev_shm_nodev/rule.yml | 1 - .../partitions/mount_option_dev_shm_noexec/rule.yml | 1 - .../partitions/mount_option_dev_shm_nosuid/rule.yml | 1 - .../permissions/partitions/mount_option_home_nodev/rule.yml | 1 - .../permissions/partitions/mount_option_home_noexec/rule.yml | 1 - .../permissions/partitions/mount_option_home_nosuid/rule.yml | 1 - .../mount_option_nodev_nonroot_local_partitions/rule.yml | 1 - .../mount_option_nodev_removable_partitions/rule.yml | 1 - .../mount_option_noexec_removable_partitions/rule.yml | 1 - .../mount_option_nosuid_removable_partitions/rule.yml | 1 - .../permissions/partitions/mount_option_tmp_nodev/rule.yml | 1 - .../permissions/partitions/mount_option_tmp_noexec/rule.yml | 1 - .../permissions/partitions/mount_option_tmp_nosuid/rule.yml | 1 - .../partitions/mount_option_var_log_audit_nodev/rule.yml | 1 - .../partitions/mount_option_var_log_audit_noexec/rule.yml | 1 - .../partitions/mount_option_var_log_audit_nosuid/rule.yml | 1 - .../permissions/partitions/mount_option_var_log_nodev/rule.yml | 1 - .../partitions/mount_option_var_log_noexec/rule.yml | 1 - .../partitions/mount_option_var_log_nosuid/rule.yml | 1 - .../permissions/partitions/mount_option_var_nodev/rule.yml | 1 - .../permissions/partitions/mount_option_var_tmp_nodev/rule.yml | 1 - .../partitions/mount_option_var_tmp_noexec/rule.yml | 1 - .../partitions/mount_option_var_tmp_nosuid/rule.yml | 1 - .../coredumps/coredump_disable_backtraces/rule.yml | 1 - .../restrictions/coredumps/coredump_disable_storage/rule.yml | 1 - .../restrictions/coredumps/disable_users_coredumps/rule.yml | 1 - .../coredumps/service_systemd-coredump_disabled/rule.yml | 1 - .../sysctl_kernel_exec_shield/rule.yml | 1 - .../sysctl_kernel_kptr_restrict/rule.yml | 1 - .../sysctl_kernel_randomize_va_space/rule.yml | 1 - .../restrictions/poisoning/grub2_page_poison_argument/rule.yml | 1 - .../restrictions/poisoning/grub2_slub_debug_argument/rule.yml | 1 - .../restrictions/sysctl_kernel_core_pattern/rule.yml | 1 - .../restrictions/sysctl_kernel_dmesg_restrict/rule.yml | 1 - .../restrictions/sysctl_kernel_kexec_load_disabled/rule.yml | 1 - .../restrictions/sysctl_kernel_perf_event_paranoid/rule.yml | 1 - .../sysctl_kernel_unprivileged_bpf_disabled/rule.yml | 1 - .../restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml | 1 - .../restrictions/sysctl_net_core_bpf_jit_harden/rule.yml | 1 - .../restrictions/sysctl_user_max_user_namespaces/rule.yml | 1 - .../package_policycoreutils-python-utils_installed/rule.yml | 1 - .../system/selinux/package_policycoreutils_installed/rule.yml | 1 - .../system/selinux/selinux_all_devicefiles_labeled/rule.yml | 1 - linux_os/guide/system/selinux/selinux_policytype/rule.yml | 1 - linux_os/guide/system/selinux/selinux_state/rule.yml | 1 - .../software/disk_partitioning/encrypt_partitions/rule.yml | 1 - .../software/disk_partitioning/partition_for_home/rule.yml | 1 - .../software/disk_partitioning/partition_for_tmp/rule.yml | 1 - .../software/disk_partitioning/partition_for_var/rule.yml | 1 - .../software/disk_partitioning/partition_for_var_log/rule.yml | 1 - .../disk_partitioning/partition_for_var_log_audit/rule.yml | 1 - .../software/disk_partitioning/partition_for_var_tmp/rule.yml | 1 - .../guide/system/software/gnome/dconf_db_up_to_date/rule.yml | 1 - .../dconf_gnome_disable_restart_shutdown/rule.yml | 1 - .../gnome_login_screen/dconf_gnome_disable_user_list/rule.yml | 1 - .../dconf_gnome_lock_screen_on_smartcard_removal/rule.yml | 1 - .../gnome_gdm_disable_automatic_login/rule.yml | 1 - .../dconf_gnome_disable_automount_open/rule.yml | 1 - .../gnome_media_settings/dconf_gnome_disable_autorun/rule.yml | 1 - .../dconf_gnome_screensaver_idle_delay/rule.yml | 1 - .../dconf_gnome_screensaver_lock_delay/rule.yml | 1 - .../dconf_gnome_screensaver_lock_enabled/rule.yml | 1 - .../dconf_gnome_screensaver_mode_blank/rule.yml | 1 - .../dconf_gnome_screensaver_user_locks/rule.yml | 1 - .../dconf_gnome_session_idle_user_locks/rule.yml | 1 - .../dconf_gnome_disable_ctrlaltdel_reboot/rule.yml | 1 - .../certified-vendor/installed_OS_is_vendor_supported/rule.yml | 1 - .../integrity/crypto/configure_bind_crypto_policy/rule.yml | 1 - .../software/integrity/crypto/configure_crypto_policy/rule.yml | 1 - .../integrity/crypto/configure_kerberos_crypto_policy/rule.yml | 1 - .../crypto/configure_libreswan_crypto_policy/rule.yml | 1 - .../integrity/crypto/configure_openssl_crypto_policy/rule.yml | 1 - .../crypto/configure_openssl_tls_crypto_policy/rule.yml | 1 - .../integrity/crypto/configure_ssh_crypto_policy/rule.yml | 1 - .../harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml | 1 - .../rule.yml | 1 - .../crypto/package_crypto-policies_installed/rule.yml | 1 - .../agent_mfetpd_running/rule.yml | 1 - .../package_mcafeetp_installed/rule.yml | 1 - .../software/integrity/fips/enable_dracut_fips_module/rule.yml | 1 - .../system/software/integrity/fips/enable_fips_mode/rule.yml | 1 - .../integrity/fips/sysctl_crypto_fips_enabled/rule.yml | 1 - .../software-integrity/aide/aide_check_audit_tools/rule.yml | 1 - .../aide/aide_periodic_cron_checking/rule.yml | 1 - .../software-integrity/aide/aide_scan_notification/rule.yml | 1 - .../software-integrity/aide/aide_use_fips_hashes/rule.yml | 1 - .../software-integrity/aide/aide_verify_acls/rule.yml | 1 - .../aide/aide_verify_ext_attributes/rule.yml | 1 - .../aide/file_audit_tools_group_ownership/rule.yml | 1 - .../aide/file_audit_tools_ownership/rule.yml | 1 - .../aide/file_audit_tools_permissions/rule.yml | 1 - .../software-integrity/aide/package_aide_installed/rule.yml | 1 - .../rpm_verification/rpm_verify_hashes/rule.yml | 1 - .../guide/system/software/sudo/package_sudo_installed/rule.yml | 1 - .../system/software/sudo/sudo_remove_no_authenticate/rule.yml | 1 - .../guide/system/software/sudo/sudo_remove_nopasswd/rule.yml | 1 - .../software/sudo/sudo_require_reauthentication/rule.yml | 1 - .../sudo_restrict_privilege_elevation_to_authorized/rule.yml | 1 - .../system/software/sudo/sudoers_validate_passwd/rule.yml | 1 - .../system-tools/package_gnutls-utils_installed/rule.yml | 1 - .../software/system-tools/package_gssproxy_removed/rule.yml | 1 - .../software/system-tools/package_iprutils_removed/rule.yml | 1 - .../software/system-tools/package_nss-tools_installed/rule.yml | 1 - .../software/system-tools/package_rng-tools_installed/rule.yml | 1 - .../package_subscription-manager_installed/rule.yml | 1 - .../software/system-tools/package_tuned_removed/rule.yml | 1 - .../software/updating/clean_components_post_updating/rule.yml | 1 - .../updating/ensure_gpgcheck_globally_activated/rule.yml | 1 - .../software/updating/ensure_gpgcheck_local_packages/rule.yml | 1 - .../software/updating/ensure_gpgcheck_never_disabled/rule.yml | 1 - .../software/updating/ensure_redhat_gpgkey_installed/rule.yml | 1 - .../software/updating/security_patches_up_to_date/rule.yml | 1 - 530 files changed, 2 insertions(+), 537 deletions(-) diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml index 33f815ff59f..bad97d2752e 100644 --- a/controls/stig_rhel9.yml +++ b/controls/stig_rhel9.yml @@ -3,6 +3,8 @@ title: 'Red Hat Enterprise Linux 9 Security Technical Implementation Guide' id: stig_rhel9 source: https://public.cyber.mil/stigs/downloads/ version: V1R2 +reference_type: stigid +product: rhel9 levels: - id: high - id: medium diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml index 45a7019bff7..43abd89064f 100644 --- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml +++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml @@ -41,7 +41,6 @@ references: stigid@ol8: OL08-00-010670 stigid@rhel7: RHEL-07-021300 stigid@rhel8: RHEL-08-010670 - stigid@rhel9: RHEL-09-213115 stigid@sle12: SLES-12-010840 stigid@sle15: SLES-15-040190 stigid@ubuntu2004: UBTU-20-010413 diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml index 807eea27cc9..7b496326c80 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.d", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml index ef2e0c8dd0a..29333f5d5eb 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.daily", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml index 0698582d0ce..e9537e2f7fe 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml @@ -21,7 +21,6 @@ references: disa: CCI-000366 nist: CM-6 b srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.deny", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml index d2e84af9e7a..e6f13be150e 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.hourly", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml index 9d6abf78f87..e3d661078b1 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.monthly", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml index f58ae7afb1a..03724238c10 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.weekly", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml index 291aa284d8e..6d07c8a6c84 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232235 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/crontab", group="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml index 170cb5e6e69..b78cd0f1e5a 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.d", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml index bd6ce65e8a2..c4c4e76455d 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.daily", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml index 1ee1c19ca33..f14726e4227 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml @@ -21,7 +21,6 @@ references: disa: CCI-000366 nist: CM-6 b srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.deny", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml index d34274f4c23..d29abfc01dc 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.hourly", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml index 90ac284266d..f7649ff2689 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.monthly", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml index 1b083263cb1..1d938a1e312 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.weekly", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml index 39085eaa83f..0c4e1b952a6 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232230 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/crontab", owner="root") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml index d9353418e0a..358d24db3f8 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232040 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.d", perms="-rwx------") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml index bd47f9302bc..761f1432b17 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232040 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.daily", perms="-rwx------") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml index 22f2ef052f3..a0480835e1e 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232040 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.hourly", perms="-rwx------") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml index e47e398ee1c..827de1a5f8a 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232040 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.monthly", perms="-rwx------") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml index fca98264817..607955f7d34 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232040 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.weekly", perms="-rwx------") }}}' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml index 865ed0581c2..4e00aa78143 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml @@ -33,7 +33,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232265 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/crontab", perms="-rw-------") }}}' diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml index 52fc6fe6983..9638b09639f 100644 --- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml @@ -23,7 +23,6 @@ references: srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230 stigid@ol8: OL08-00-040135 stigid@rhel8: RHEL-08-040135 - stigid@rhel9: RHEL-09-433010 ocil_clause: 'the fapolicyd package is not installed' diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml index d7dd2954b8c..73abf83e0b0 100644 --- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml @@ -25,7 +25,6 @@ references: srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230 stigid@ol8: OL08-00-040136 stigid@rhel8: RHEL-08-040136 - stigid@rhel9: RHEL-09-433015 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml index c010fc17cb3..615a5cbc906 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml @@ -36,7 +36,6 @@ references: stigid@ol8: OL08-00-040360 stigid@rhel7: RHEL-07-040690 stigid@rhel8: RHEL-08-040360 - stigid@rhel9: RHEL-09-215015 stigid@sle12: SLES-12-030011 stigid@sle15: SLES-15-010030 diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml index 088e2450a41..1c83f4f1dcd 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80548-1 references: - stigid: WA00612 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml index d6021c0a30b..2d3d1d7106a 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80551-5 references: - stigid: WG110 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml index 7ee5c36e19f..235a2a6bf0f 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml @@ -23,9 +23,6 @@ severity: medium identifiers: cce@rhel7: CCE-80561-4 -references: - stigid: WG237 - ocil_clause: 'it is not' ocil: |- diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml index 73d7d332b5b..4da7b09ef66 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml @@ -23,9 +23,6 @@ rationale: |- severity: low -references: - stigid: WG610 - ocil_clause: 'it is not' ocil: |- diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml index 3fb175dc09c..f4fbeaafd62 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml @@ -20,8 +20,5 @@ rationale: |- severity: high -references: - stigid: WG230 - ocil: |- {{{ ocil_service_enabled(service="sshd") }}} diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml index a2505705fee..5a475fef79c 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml @@ -21,9 +21,6 @@ severity: medium identifiers: cce@rhel7: CCE-80562-2 -references: - stigid: WG255 - ocil: |- {{{ describe_file_owner(file="/var/log/httpd", owner="root") }}} {{{ describe_file_owner(file="/var/log/httpd/*", owner="root") }}} diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml index a63c3a05ced..707de67cce6 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml @@ -31,7 +31,6 @@ identifiers: cce@rhel7: CCE-80560-6 references: - stigid: WG460 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml index 052cfe635c2..e486d490892 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@rhel7: CCE-80555-6 references: - stigid: WG210 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml index ad91dff5e9c..7844f57eab1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80556-4 references: - stigid: WG290 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml index 84790f2a1fe..f783b2791d5 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80553-1 references: - stigid: WG430 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml index de22d2de072..6094e449f4c 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80554-9 references: - stigid: WG400 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml index 1358d90f6d3..aa6b7a9f7cd 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml @@ -17,7 +17,6 @@ rationale: |- severity: medium references: - stigid: "WG370" ocil_clause: 'either of these exist and they configure csh, or any other shell as a viewer for documents' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml index a5cc250135e..38dc0e3fccc 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@rhel7: CCE-81130-7 references: - stigid: WA00605 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml index 08db5e03d92..a6ac357d4ab 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@rhel7: CCE-80550-7 references: - stigid: WA00620 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml index dc7a29bc334..b66cd27cafc 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80549-9 references: - stigid: WA00615 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml index 3938ee99b82..b29d507c1b3 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml @@ -18,7 +18,6 @@ rationale: |- severity: medium references: - stigid: "WG050" ocil_clause: 'the web server password(s) are not entrusted to the SA or Web Manager' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml index 8cb744c11ea..1230f23b527 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80552-3 references: - stigid: WG240 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml index 38e8fa02dfd..e194dab145f 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml @@ -25,7 +25,6 @@ identifiers: cce@rhel7: CCE-80557-2 references: - stigid: WG340 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml index ccd9284f196..2dabb04aa38 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@rhel7: CCE-80559-8 references: - stigid: WG350 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml index a6303e7c96b..34e04796490 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml @@ -21,7 +21,6 @@ identifiers: cce@rhel7: CCE-80558-0 references: - stigid: WG140 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml index 28db5719e5b..cda70b4834e 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml @@ -27,7 +27,6 @@ rationale: |- severity: medium references: - stigid: "WA060" ocil_clause: 'the web server is not isolated in an accredited DoD DMZ Extension' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml index 6b101c7a961..7832027aca1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml @@ -15,7 +15,6 @@ rationale: |- severity: medium references: - stigid: "WG080" ocil_clause: |- the web server is part of an application suite and a comiler is needed diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml index 3beea540604..3b8bbec310f 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml @@ -21,7 +21,6 @@ rationale: |- severity: medium references: - stigid: "WA070" ocil_clause: 'the private web server is not on a separate controlled access subnet' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml index 27023ede790..8b0aaa0c6a1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml @@ -22,7 +22,6 @@ rationale: |- severity: medium references: - stigid: "WG040" ocil_clause: |- sharing is selected for any web folder, this is a finding. diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml index 48acab856ae..932fed535ff 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml @@ -25,7 +25,6 @@ rationale: |- severity: medium references: - stigid: "WG420" ocil_clause: |- If fileos with these extensions have no relationship with web activity, diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml index 4fad9ed43a8..b9f6b53c898 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml @@ -23,7 +23,6 @@ rationale: |- severity: low references: - stigid: WG265 ocil_clause: 'it is not display the required banner' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml index f44e9c692f4..eac9a859ff3 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml @@ -22,7 +22,6 @@ rationale: |- severity: low references: - stigid: WG170 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml index aefc58fd840..686e11dea18 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml @@ -20,7 +20,6 @@ rationale: |- severity: high references: - stigid: WG360 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml index 76cbb66052c..3e4fab8e511 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml @@ -16,7 +16,6 @@ rationale: |- severity: high references: - stigid: WG235 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml index 75fc2eecab3..e4c709ca98c 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml @@ -19,7 +19,6 @@ rationale: |- severity: low references: - stigid: WG490 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml index ef062c1bc3a..4e021b753c0 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml @@ -29,7 +29,6 @@ rationale: |- severity: medium references: - stigid: WG310 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml index 0a75e26b87e..644ed051c13 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml @@ -20,7 +20,6 @@ rationale: |- severity: medium references: - stigid: WG205 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml index 13751ebbd36..9326eac2165 100644 --- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml +++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-010161 stigid@rhel8: RHEL-08-010161 - stigid@rhel9: RHEL-09-611205 platforms: - krb5_server_older_than_1_17-18 and krb5_workstation_older_than_1_17-18 diff --git a/linux_os/guide/services/mail/package_s-nail_installed/rule.yml b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml index ecc270b9e8a..e8def29b95a 100644 --- a/linux_os/guide/services/mail/package_s-nail_installed/rule.yml +++ b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml @@ -20,7 +20,6 @@ references: disa: CCI-001744 nist: CM-3(5) srg: SRG-OS-000363-GPOS-00150 - stigid@rhel9: RHEL-09-215095 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml index 7849c3ab338..4daf930b402 100644 --- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040002 stigid@rhel8: RHEL-08-040002 - stigid@rhel9: RHEL-09-215020 {{{ complete_ocil_entry_package(package="sendmail") }}} diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml index d05f18b7193..587786ee71e 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml @@ -30,7 +30,6 @@ references: nist: CM-6(a) nist@sle12: AU-5(a),AU-5.1(ii) srg: SRG-OS-000046-GPOS-00022 - stigid@rhel9: RHEL-09-653125 stigid@sle12: SLES-12-020050 stigid@sle15: SLES-15-030580 diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml index d81aa3e4112..1f8ff583121 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml @@ -30,7 +30,6 @@ references: srg: SRG-OS-000046-GPOS-00022 stigid@ol8: OL08-00-030030 stigid@rhel8: RHEL-08-030030 - stigid@rhel9: RHEL-09-252060 ocil_clause: 'the alias is not set or is not root' diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml index 4f38c42c808..8cf59a2ed64 100644 --- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml @@ -27,7 +27,6 @@ references: stigid@ol8: OL08-00-040290 stigid@rhel7: RHEL-07-040680 stigid@rhel8: RHEL-08-040290 - stigid@rhel9: RHEL-09-252050 ocil_clause: 'the "smtpd_client_restrictions" parameter contains any entries other than "permit_mynetworks" and "reject"' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml index 405848a23ca..23749e1c84f 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040750 stigid@rhel7: RHEL-07-040750 - stigid@rhel9: RHEL-09-231060 ocil_clause: 'the setting is not configured, has the ''sys'' option added, or does not have all Kerberos options added' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml index 0b3c6a1a17a..4ee195ec1c2 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010640 stigid@rhel8: RHEL-08-010640 - stigid@rhel9: RHEL-09-231065 ocil_clause: 'the setting does not show' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml index c8da85560e9..12a587730cc 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml @@ -34,7 +34,6 @@ references: stigid@ol8: OL08-00-010630 stigid@rhel7: RHEL-07-021021 stigid@rhel8: RHEL-08-010630 - stigid@rhel9: RHEL-09-231070 stigid@sle12: SLES-12-010820 stigid@sle15: SLES-15-040170 diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml index 96ef1d137be..ad0f9666986 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml @@ -32,7 +32,6 @@ references: stigid@ol8: OL08-00-010650 stigid@rhel7: RHEL-07-021020 stigid@rhel8: RHEL-08-010650 - stigid@rhel9: RHEL-09-231075 stigid@sle12: SLES-12-010810 stigid@sle15: SLES-15-040160 diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml index 978370fe7bf..b81fb5425c2 100644 --- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml @@ -27,7 +27,6 @@ references: cis@sle12: 2.2.7 cis@sle15: 2.2.7 srg: SRG-OS-000095-GPOS-00049 - stigid@rhel9: RHEL-09-215025 {{{ complete_ocil_entry_package(package="nfs-utils") }}} diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml index 87f4bbaddd9..eebe0fe1e00 100644 --- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-030741 stigid@rhel8: RHEL-08-030741 - stigid@rhel9: RHEL-09-252025 ocil_clause: 'the "port" option is not set to "0", is commented out, or is missing' diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml index 7384d0e0edd..d2606da14c4 100644 --- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-030742 stigid@rhel8: RHEL-08-030742 - stigid@rhel9: RHEL-09-252030 ocil_clause: 'the "cmdport" option is not set to "0", is commented out, or is missing' diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml index 03acce7563f..0a25263b6ac 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml @@ -95,7 +95,6 @@ references: stigid@ol8: OL08-00-030740 stigid@rhel7: RHEL-07-040500 stigid@rhel8: RHEL-08-030740 - stigid@rhel9: RHEL-09-252020 stigid@sle12: SLES-12-030300 stigid@sle15: SLES-15-010400 stigid@ubuntu2004: UBTU-20-010435 diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml index 556495bccfe..0b386f6bcb9 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146 stigid@ol8: OL08-00-030740 stigid@rhel8: RHEL-08-030740 - stigid@rhel9: RHEL-09-252020 ocil_clause: 'an authoritative remote time server is not configured or configured with pool directive' diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml index 858ac80237b..914dcf059b4 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml @@ -37,7 +37,6 @@ references: pcidss: Req-10.4.3 srg: SRG-OS-000355-GPOS-00143 stigid@rhel8: RHEL-08-030740 - stigid@rhel9: RHEL-09-252020 ocil_clause: 'a remote time server is not configured' diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml index 0c29466fdd7..70d2084d15d 100644 --- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml +++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml @@ -33,7 +33,6 @@ references: ospp: FMT_SMF_EXT.1 pcidss: Req-10.4 srg: SRG-OS-000355-GPOS-00143 - stigid@rhel9: RHEL-09-252010 stigid@ubuntu2004: UBTU-20-010435 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml index 45486e82b9c..59a1be32b73 100644 --- a/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml @@ -30,7 +30,6 @@ references: cis@ubuntu2204: 2.1.2.3 ism: 0988,1405 srg: SRG-OS-000355-GPOS-00143 - stigid@rhel9: RHEL-09-252015 ocil_clause: 'the chronyd process is not running' diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml index 0dc14758e55..0414eabc785 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000095-GPOS-00049 stigid@ol7: OL07-00-020010 stigid@rhel7: RHEL-07-020010 - stigid@rhel9: RHEL-09-215030 {{{ complete_ocil_entry_package(package="ypserv") }}} diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml index ec023c1632a..a0e4996aa53 100644 --- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml @@ -30,7 +30,6 @@ references: stigid@ol8: OL08-00-010460 stigid@rhel7: RHEL-07-040550 stigid@rhel8: RHEL-08-010460 - stigid@rhel9: RHEL-09-252070 stigid@sle12: SLES-12-010410 stigid@sle15: SLES-15-040030 diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml index 15af7c1696b..6240cdc305d 100644 --- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml @@ -33,7 +33,6 @@ references: stigid@ol8: OL08-00-010470 stigid@rhel7: RHEL-07-040540 stigid@rhel8: RHEL-08-010470 - stigid@rhel9: RHEL-09-252075 stigid@sle12: SLES-12-010400 stigid@sle15: SLES-15-040020 diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml index 31e19a13ba1..a6bf08a6813 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-040010 stigid@rhel7: RHEL-07-020000 stigid@rhel8: RHEL-08-040010 - stigid@rhel9: RHEL-09-215035 stigid@ubuntu2004: UBTU-20-010406 {{{ complete_ocil_entry_package(package="rsh-server") }}} diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml index 101c1838a54..8e2e184509a 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml @@ -48,7 +48,6 @@ references: stigid@ol8: OL08-00-040000 stigid@rhel7: RHEL-07-021710 stigid@rhel8: RHEL-08-040000 - stigid@rhel9: RHEL-09-215040 stigid@sle12: SLES-12-030000 stigid@sle15: SLES-15-010180 diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml index f106b3dfbc2..6b97936e7e6 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml @@ -37,7 +37,6 @@ references: stigid@ol8: OL08-00-040190 stigid@rhel7: RHEL-07-040700 stigid@rhel8: RHEL-08-040190 - stigid@rhel9: RHEL-09-215060 {{{ complete_ocil_entry_package(package="tftp-server") }}} diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml index 10ca185266d..6e5cedf703b 100644 --- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-040350 stigid@rhel7: RHEL-07-040720 stigid@rhel8: RHEL-08-040350 - stigid@rhel9: RHEL-09-252055 ocil_clause: |- {{%- if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}} diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml index 2764446e310..4c675f52ca0 100644 --- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010473 stigid@rhel8: RHEL-08-010471 - stigid@rhel9: RHEL-09-211035 {{% if product == "ol8" %}} platform: os_linux[ol]<8.4 or not runtime_kernel_fips_enabled diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml index 22104a80780..4f27df32398 100644 --- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml @@ -29,7 +29,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.PT-4 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-215065 {{{ complete_ocil_entry_package(package="quagga") }}} diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml index 8bd7a74a6d5..08641d27527 100644 --- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml @@ -35,7 +35,6 @@ references: nist: AC-17(a),CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-255105 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}' diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml index 8e8aafecccd..7920293cacd 100644 --- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml @@ -35,7 +35,6 @@ references: nist: AC-17(a),CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-255110 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/ssh/sshd_config", owner="root") }}}' diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml index 3a92bc246fd..9bff1ca8798 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml @@ -35,7 +35,6 @@ references: nist: AC-17(a),CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-255115 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/sshd_config", perms="-rw-------") }}}' diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml index b1b5831d572..e4f1b1363e3 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml @@ -54,7 +54,6 @@ references: stigid@ol8: OL08-00-010490 stigid@rhel7: RHEL-07-040420 stigid@rhel8: RHEL-08-010490 - stigid@rhel9: RHEL-09-255120 stigid@sle12: SLES-12-030220 stigid@sle15: SLES-15-040250 diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml index eb5f177d073..695fd89eed4 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-010480 stigid@rhel7: RHEL-07-040410 stigid@rhel8: RHEL-08-010480 - stigid@rhel9: RHEL-09-255125 stigid@sle12: SLES-12-030210 stigid@sle15: SLES-15-040240 diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml index b20463434b8..22deb295567 100644 --- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml @@ -19,7 +19,6 @@ identifiers: references: ospp: FIA_UAU.5,FTP_ITC_EXT.1,FCS_SSH_EXT.1,FCS_SSHC_EXT.1 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-255020 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml index 2a665e70edd..98477336174 100644 --- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml @@ -32,7 +32,6 @@ references: stigid@ol8: OL08-00-040159 stigid@rhel7: RHEL-07-040300 stigid@rhel8: RHEL-08-040159 - stigid@rhel9: RHEL-09-255010 stigid@ubuntu2004: UBTU-20-010042 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml index ba53a8c3dbb..2f20d7736f9 100644 --- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml @@ -41,7 +41,6 @@ references: stigid@ol8: OL08-00-040160 stigid@rhel7: RHEL-07-040310 stigid@rhel8: RHEL-08-040160 - stigid@rhel9: RHEL-09-255015 stigid@sle12: SLES-12-030100 stigid@sle15: SLES-15-010530 stigid@ubuntu2004: UBTU-20-010042 diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml index e886b61d99c..1d3d5d859df 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml @@ -24,7 +24,6 @@ identifiers: references: srg: SRG-OS-000067-GPOS-00035 stigid@rhel8: RHEL-08-010100 - stigid@rhel9: RHEL-09-611190 ocil_clause: 'no ssh private key is accessible without a passcode' diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml index a1ac6040311..5463354fea0 100644 --- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml @@ -51,7 +51,6 @@ references: srg: SRG-OS-000480-GPOS-00229 stigid@ol7: OL07-00-010470 stigid@rhel7: RHEL-07-010470 - stigid@rhel9: RHEL-09-255080 {{{ complete_ocil_entry_sshd_option(default="yes", option="HostbasedAuthentication", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml index 6e6b8e16eb9..ba7033a1fab 100644 --- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml @@ -26,7 +26,6 @@ references: ism: "1416" nist: AC-17(a),CM-6(b),CM-7(a),CM-7(b) srg: SRG-OS-000096-GPOS-00050 - stigid@rhel9: RHEL-09-251035 platform: machine diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml index c1d415513e5..184502a043c 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040470 stigid@rhel7: RHEL-07-040470 - stigid@rhel9: RHEL-09-255130 stigid@sle12: SLES-12-030250 ocil_clause: 'it is commented out, or is not set to no or delayed' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml index a4e08e33636..26e35c7c5b0 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-020330 stigid@rhel7: RHEL-07-010300 stigid@rhel8: RHEL-08-020330 - stigid@rhel9: RHEL-09-255040 stigid@sle12: SLES-12-030150 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml index 8fc2c97356d..84e5d497fa2 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-010522 stigid@rhel7: RHEL-07-040430 stigid@rhel8: RHEL-08-010522 - stigid@rhel9: RHEL-09-255135 {{{ complete_ocil_entry_sshd_option(default="yes", option="GSSAPIAuthentication", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml index 969e5a708e8..05de4709b64 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml @@ -45,7 +45,6 @@ references: stigid@ol8: OL08-00-010521 stigid@rhel7: RHEL-07-040440 stigid@rhel8: RHEL-08-010521 - stigid@rhel9: RHEL-09-255140 {{{ complete_ocil_entry_sshd_option(default="yes", option="KerberosAuthentication", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml index 92c757e9145..6bd14d991b1 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml @@ -47,7 +47,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040350 stigid@rhel7: RHEL-07-040350 - stigid@rhel9: RHEL-09-255145 {{{ complete_ocil_entry_sshd_option(default="yes", option="IgnoreRhosts", value="yes") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml index 051736648c5..c4b786ae9be 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml @@ -50,7 +50,6 @@ references: stigid@ol8: OL08-00-010550 stigid@rhel7: RHEL-07-040370 stigid@rhel8: RHEL-08-010550 - stigid@rhel9: RHEL-09-255045 stigid@sle12: SLES-12-030140 stigid@sle15: SLES-15-020040 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml index 780b846b0a9..0bb62b7c93c 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml @@ -41,7 +41,6 @@ references: stigid@ol8: OL08-00-010520 stigid@rhel7: RHEL-07-040380 stigid@rhel8: RHEL-08-010520 - stigid@rhel9: RHEL-09-255150 stigid@sle12: SLES-12-030200 stigid@sle15: SLES-15-040230 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml index 2fad69b8d68..8728eeb0874 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040340 stigid@rhel7: RHEL-07-040710 stigid@rhel8: RHEL-08-040340 - stigid@rhel9: RHEL-09-255155 stigid@sle15: SLES-15-040290 stigid@ubuntu2004: UBTU-20-010048 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml index 536e771a04c..c29598260d9 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml @@ -48,7 +48,6 @@ references: stigid@ol8: OL08-00-010830 stigid@rhel7: RHEL-07-010460 stigid@rhel8: RHEL-08-010830 - stigid@rhel9: RHEL-09-255085 stigid@sle12: SLES-12-030151 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml index 750285df0f1..080e05beaee 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml @@ -34,7 +34,6 @@ references: cis@ubuntu2204: 5.2.6 disa: CCI-000877 srg: SRG-OS-000125-GPOS-00065 - stigid@rhel9: RHEL-09-255050 stigid@ubuntu2004: UBTU-20-010035 {{{ complete_ocil_entry_sshd_option(default="no", option="UsePAM", value="yes") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml index 8aea15b7dc7..23654a9d081 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml @@ -29,7 +29,6 @@ identifiers: references: disa: CCI-000765,CCI-000766,CCI-000767,CCI-000768 srg: SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055 - stigid@rhel9: RHEL-09-255035 stigid@ubuntu2004: UBTU-20-010033 {{{ complete_ocil_entry_sshd_option(default="no", option="PubkeyAuthentication", value="yes") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml index 65cf32d3ce7..32289015478 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-010500 stigid@rhel7: RHEL-07-040450 stigid@rhel8: RHEL-08-010500 - stigid@rhel9: RHEL-09-255160 stigid@sle12: SLES-12-030230 stigid@sle15: SLES-15-040260 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml index 66fe150a7aa..2ac928bb65c 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml @@ -46,7 +46,6 @@ references: stigid@ol8: OL08-00-010040 stigid@rhel7: RHEL-07-040170 stigid@rhel8: RHEL-08-010040 - stigid@rhel9: RHEL-09-255025 stigid@sle12: SLES-12-030050 stigid@sle15: SLES-15-010040 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml index 59b6850a0c3..68550406122 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-020350 stigid@rhel7: RHEL-07-040360 stigid@rhel8: RHEL-08-020350 - stigid@rhel9: RHEL-09-255165 stigid@sle12: SLES-12-030130 stigid@sle15: SLES-15-020120 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml index 8cb93257c70..9b1f144d7e1 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000033-GPOS-00014 stigid@ol8: OL08-00-040161 stigid@rhel8: RHEL-08-040161 - stigid@rhel9: RHEL-09-255090 ocil_clause: 'it is commented out or is not set' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index fcfb3637b97..9e9dca3e22f 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -59,7 +59,6 @@ references: stigid@ol8: OL08-00-010201 stigid@rhel7: RHEL-07-040320 stigid@rhel8: RHEL-08-010201 - stigid@rhel9: RHEL-09-255100 stigid@sle12: SLES-12-030190 stigid@sle15: SLES-15-010280 stigid@ubuntu2004: UBTU-20-010037 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml index 70c5d2a14ee..e94e8a6bc74 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml @@ -51,7 +51,6 @@ references: pcidss: Req-8.1.8 srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109 stigid@rhel8: RHEL-08-010200 - stigid@rhel9: RHEL-09-255095 stigid@sle12: SLES-12-030191 stigid@sle15: SLES-15-010320 stigid@ubuntu2004: UBTU-20-010036 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml index cd32901b58d..7b6f37fabbb 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml @@ -35,7 +35,6 @@ references: nist: AC-17(a),AC-17(1),CM-6(a) pcidss: Req-2.2.4 srg: SRG-OS-000032-GPOS-00013 - stigid@rhel9: RHEL-09-255030 stigid@sle12: SLES-12-030110 stigid@sle15: SLES-15-010150 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml index 50c5ef57ac1..8fef777e753 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml @@ -37,7 +37,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040460 stigid@rhel7: RHEL-07-040460 - stigid@rhel9: RHEL-09-255170 stigid@sle12: SLES-12-030240 stigid@sle15: SLES-15-040270 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml index c3694805ca2..509de2a3000 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-040341 stigid@rhel7: RHEL-07-040711 stigid@rhel8: RHEL-08-040341 - stigid@rhel9: RHEL-09-255175 stigid@sle12: SLES-12-030261 stigid@ubuntu2004: UBTU-20-010049 diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml index df4e1980787..7ed2eede257 100644 --- a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml +++ b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml @@ -25,7 +25,6 @@ references: srg: SRG-OS-000375-GPOS-00160,SRG-OS-000377-GPOS-00162 stigid@ol8: OL08-00-010400 stigid@rhel8: RHEL-08-010400 - stigid@rhel9: RHEL-09-611170 ocil_clause: 'certificate_verification in sssd is not configured' diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml index 6791df75f50..c633d6f9fab 100644 --- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000068-GPOS-00036 stigid@ol8: OL08-00-020090 stigid@rhel8: RHEL-08-020090 - stigid@rhel9: RHEL-09-631015 warnings: - general: |- diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml index 7e2dad1d2fa..bb15da50b7b 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml @@ -51,7 +51,6 @@ references: srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055 stigid@ol8: OL08-00-020250 stigid@rhel8: RHEL-08-020250 - stigid@rhel9: RHEL-09-611165 ocil_clause: 'smart cards are not enabled in SSSD' diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml index 65eb8d8b33f..7c5b263209a 100644 --- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml +++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml @@ -37,7 +37,6 @@ references: srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167 stigid@ol8: OL08-00-010090 stigid@rhel8: RHEL-08-010090 - stigid@rhel9: RHEL-09-631010 warnings: - general: |- diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml index c889c63bfc5..97bb894c981 100644 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml @@ -47,7 +47,6 @@ references: srg: SRG-OS-000383-GPOS-00166 stigid@ol8: OL08-00-020290 stigid@rhel8: RHEL-08-020290 - stigid@rhel9: RHEL-09-631020 stigid@sle12: SLES-12-010680 stigid@sle15: SLES-15-010500 stigid@ubuntu2004: UBTU-20-010441 diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml index 70864f734ed..e0cbdd9ac97 100644 --- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215,SRG-APP-000141-CTR-000315 stigid@ol8: OL08-00-030603 stigid@rhel8: RHEL-08-030603 - stigid@rhel9: RHEL-09-291025 platform: package[usbguard] diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml index 5ab8fccc0e6..fdfbf27e7ce 100644 --- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml @@ -50,7 +50,6 @@ references: srg: SRG-OS-000378-GPOS-00163,SRG-APP-000141-CTR-000315 stigid@ol8: OL08-00-040139 stigid@rhel8: RHEL-08-040139 - stigid@rhel9: RHEL-09-291015 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml index 8dc752ded3d..c3131c2aedb 100644 --- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000378-GPOS-00163,SRG-APP-000141-CTR-000315 stigid@ol8: OL08-00-040141 stigid@rhel8: RHEL-08-040141 - stigid@rhel9: RHEL-09-291020 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml index cbfaec8c2e2..46c7d024b1e 100644 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000378-GPOS-00163 stigid@ol8: OL08-00-040140 stigid@rhel8: RHEL-08-040140 - stigid@rhel9: RHEL-09-291030 ocil_clause: 'there is no evidence that unauthorized peripherals are being blocked before establishing a connection' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml index 55ecb9f2e86..f6c16152982 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-040320 stigid@rhel7: RHEL-07-040730 stigid@rhel8: RHEL-08-040320 - stigid@rhel9: RHEL-09-215070 ocil_clause: 'xorg related packages are not removed and run level is not correctly configured' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml index 6fcfe575dd2..fc3356a15bb 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml @@ -38,7 +38,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040321 stigid@rhel8: RHEL-08-040321 - stigid@rhel9: RHEL-09-211030 ocil_clause: 'the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface' diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml index ed07eff55e8..4c3071d6a7a 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml @@ -114,7 +114,6 @@ references: stigid@ol8: OL08-00-010060 stigid@rhel7: RHEL-07-010050 stigid@rhel8: RHEL-08-010060 - stigid@rhel9: RHEL-09-211020 stigid@sle12: SLES-12-010030 stigid@sle15: SLES-15-010020 diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml index 6f24c096964..330a62f9743 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol8: OL08-00-010049 stigid@rhel7: RHEL-07-010030 stigid@rhel8: RHEL-08-010049 - stigid@rhel9: RHEL-09-271010,RHEL-09-271015 stigid@sle12: SLES-12-010040 stigid@sle15: SLES-15-010080 stigid@ubuntu2004: UBTU-20-010002 diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml index 0859ad2d59c..2c5fbef58f3 100644 --- a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml @@ -31,7 +31,6 @@ references: stigid@ol8: OL08-00-010385 stigid@rhel7: RHEL-07-010344 stigid@rhel8: RHEL-08-010385 - stigid@rhel9: RHEL-09-611145 stigid@sle12: SLES-12-010114 stigid@sle15: SLES-15-020104 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml index 8aea88ba711..de75b66b2c6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml @@ -55,7 +55,6 @@ references: stigid@ol8: OL08-00-020340 stigid@rhel7: RHEL-07-040530 stigid@rhel8: RHEL-08-020340 - stigid@rhel9: RHEL-09-412075 stigid@sle12: SLES-12-010390 stigid@sle15: SLES-15-020080 stigid@ubuntu2004: UBTU-20-010453 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml index 8df3cf84bda..49dad8c557b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml @@ -21,7 +21,6 @@ references: srg: SRG-OS-000021-GPOS-00005 stigid@ol8: OL08-00-020026 stigid@rhel8: RHEL-08-020026 - stigid@rhel9: RHEL-09-611035 ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/password-auth" file with the "preauth" line listed before pam_unix.so' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml index 100446aba60..acc86a1ba15 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml @@ -21,7 +21,6 @@ references: srg: SRG-OS-000021-GPOS-00005 stigid@ol8: OL08-00-020025 stigid@rhel8: RHEL-08-020025 - stigid@rhel9: RHEL-09-611030 ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/system-auth" file with the "preauth" line listed before pam_unix.so' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml index 680a2f5202d..c3cd0386b42 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml @@ -23,7 +23,6 @@ references: srg: SRG-OS-000021-GPOS-00005 stigid@ol8: OL08-00-020027,OL08-00-020028 stigid@rhel8: RHEL-08-020027,RHEL-08-020028 - stigid@rhel9: RHEL-09-431020 platform: machine diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml index 887c459282f..20835ee9b59 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-020220 stigid@rhel7: RHEL-07-010270 stigid@rhel8: RHEL-08-020220 - stigid@rhel9: RHEL-09-611015 ocil_clause: |- the pam_pwhistory.so module is not used, the "remember" module option is not set in diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml index 22fb4bda0e6..83841d1421d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-020221 stigid@rhel7: RHEL-07-010270 stigid@rhel8: RHEL-08-020221 - stigid@rhel9: RHEL-09-611020 ocil_clause: |- the pam_pwhistory.so module is not used, the "remember" module option is not set in diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml index 1bce7f622c6..b52b585b4ed 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml @@ -20,7 +20,6 @@ references: srg: SRG-OS-000021-GPOS-00005 stigid@ol8: OL08-00-020020,OL08-00-020021 stigid@rhel8: RHEL-08-020021 - stigid@rhel9: RHEL-09-412045 stigid@ubuntu2004: UBTU-20-010072 {{% if product == "rhel8" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml index 26a40045386..9569c5a0057 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-020010,OL08-00-020011 stigid@rhel7: RHEL-07-010320 stigid@rhel8: RHEL-08-020011 - stigid@rhel9: RHEL-09-411075 stigid@ubuntu2004: UBTU-20-010072 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml index 77498714e3e..b744f39bef0 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-020022,OL08-00-020023 stigid@rhel7: RHEL-07-010330 stigid@rhel8: RHEL-08-020023 - stigid@rhel9: RHEL-09-411080 {{% if product == "rhel8" %}} platform: os_linux[rhel]>=8.2 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml index e199c9f99c3..76c632b16fb 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000021-GPOS-00005,SRG-OS-000329-GPOS-00128 stigid@ol8: OL08-00-020016,OL08-00-020017 stigid@rhel8: RHEL-08-020016,RHEL-08-020017 - stigid@rhel9: RHEL-09-411105 ocil_clause: 'the "dir" option is not set to a non-default documented tally log directory, is missing or commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml index 9b6a6a055e5..d7b53022470 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-020012,OL08-00-020013 stigid@rhel7: RHEL-07-010320 stigid@rhel8: RHEL-08-020012,RHEL-08-020013 - stigid@rhel9: RHEL-09-411085 stigid@ubuntu2004: UBTU-20-010072 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml index 2b9fe475ba3..914fe30aa02 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml @@ -60,7 +60,6 @@ references: stigid@ol8: OL08-00-020014,OL08-00-020015 stigid@rhel7: RHEL-07-010320 stigid@rhel8: RHEL-08-020014,RHEL-08-020015 - stigid@rhel9: RHEL-09-411090 stigid@ubuntu2004: UBTU-20-010072 platform: package[pam] diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml index 11a7b29a372..3e473f85e85 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml @@ -50,7 +50,6 @@ references: stigid@ol8: OL08-00-020130 stigid@rhel7: RHEL-07-010140 stigid@rhel8: RHEL-08-020130 - stigid@rhel9: RHEL-09-611070 stigid@ubuntu2004: UBTU-20-010052 ocil_clause: 'the value of "dcredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml index 06ea46df758..e052504e069 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000480-GPOS-00225 stigid@ol8: OL08-00-020300 stigid@rhel8: RHEL-08-020300 - stigid@rhel9: RHEL-09-611105 stigid@ubuntu2004: UBTU-20-010056 ocil_clause: '"dictcheck" does not have a value other than "0", or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml index a520828ec50..1a5c40bb4c0 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml @@ -48,7 +48,6 @@ references: stigid@ol8: OL08-00-020170 stigid@rhel7: RHEL-07-010160 stigid@rhel8: RHEL-08-020170 - stigid@rhel9: RHEL-09-611115 stigid@ubuntu2004: UBTU-20-010053 ocil_clause: 'the value of "difok" is set to less than "{{{ xccdf_value("var_password_pam_difok") }}}", or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml index 73115f0361f..d47ea551ea1 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml @@ -28,7 +28,6 @@ references: disa: CCI-000194,CCI-000193,CCI-001619,CCI-000205,CCI-000195,CCI-000192,CCI-000366 nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4) srg: SRG-OS-000072-GPOS-00040,SRG-OS-000071-GPOS-00039,SRG-OS-000070-GPOS-00038,SRG-OS-000266-GPOS-00101,SRG-OS-000078-GPOS-00046,SRG-OS-000480-GPOS-00225,SRG-OS-000069-GPOS-00037 - stigid@rhel9: RHEL-09-611060 ocil_clause: '"enforce_for_root" is commented or missing' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml index b500b331ede..c3a1e6c6d09 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml @@ -50,7 +50,6 @@ references: stigid@ol8: OL08-00-020120 stigid@rhel7: RHEL-07-010130 stigid@rhel8: RHEL-08-020120 - stigid@rhel9: RHEL-09-611065 stigid@ubuntu2004: UBTU-20-010051 ocil_clause: 'the value of "lcredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml index 12a53da3386..97e0e2da970 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml @@ -40,7 +40,6 @@ references: stigid@ol8: OL08-00-020140 stigid@rhel7: RHEL-07-010190 stigid@rhel8: RHEL-08-020140 - stigid@rhel9: RHEL-09-611120 ocil_clause: the value of "maxclassrepeat" is set to "0", more than "{{{ xccdf_value("var_password_pam_maxclassrepeat") }}}" or is commented out diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml index 34cfba37540..b9967a53c2d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-020150 stigid@rhel7: RHEL-07-010180 stigid@rhel8: RHEL-08-020150 - stigid@rhel9: RHEL-09-611125 ocil_clause: the value of "maxrepeat" is set to more than "{{{ xccdf_value("var_password_pam_maxrepeat") }}}" or is commented out diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml index 72f3193b008..aff25f1399f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-020160 stigid@rhel7: RHEL-07-010170 stigid@rhel8: RHEL-08-020160 - stigid@rhel9: RHEL-09-611130 ocil_clause: the value of "minclass" is set to less than "{{{ xccdf_value("var_password_pam_minclass") }}}" or is commented out diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml index 7369e0a0765..a96628d62ec 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml @@ -50,7 +50,6 @@ references: stigid@ol8: OL08-00-020230 stigid@rhel7: RHEL-07-010280 stigid@rhel8: RHEL-08-020230 - stigid@rhel9: RHEL-09-611090 stigid@ubuntu2004: UBTU-20-010054 ocil_clause: 'the command does not return a "minlen" value of "{{{ xccdf_value("var_password_pam_minlen") }}}" or greater, does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml index 7b7d0702d15..65e3b071510 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml @@ -51,7 +51,6 @@ references: stigid@ol8: OL08-00-020280 stigid@rhel7: RHEL-07-010150 stigid@rhel8: RHEL-08-020280 - stigid@rhel9: RHEL-09-611100 stigid@ubuntu2004: UBTU-20-010055 ocil_clause: 'value of "ocredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml index 90a06a460eb..aa2834ad996 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml @@ -25,7 +25,6 @@ references: srg: SRG-OS-000069-GPOS-00037,SRG-OS-000070-GPOS-00038,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-020100 stigid@rhel8: RHEL-08-020100 - stigid@rhel9: RHEL-09-611040 ocil_clause: 'pam_pwquality.so is not enabled in password-auth' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml index c7c408229b0..c66283c1812 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml @@ -25,7 +25,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-020101 stigid@rhel8: RHEL-08-020101 - stigid@rhel9: RHEL-09-611045 ocil_clause: 'pam_pwquality.so is not enabled in system-auth' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml index 7aac73f4abb..1a64bc73be7 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml @@ -50,7 +50,6 @@ references: stigid@ol8: OL08-00-020102,OL08-00-020103,OL08-00-020104 stigid@rhel7: RHEL-07-010119 stigid@rhel8: RHEL-08-020104 - stigid@rhel9: RHEL-09-611010 stigid@ubuntu2004: UBTU-20-010057 ocil_clause: 'the value of "retry" is set to "0" or greater than "{{{ xccdf_value("var_password_pam_retry") }}}", or is missing' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml index 862b3222be3..124bfe82256 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-020110 stigid@rhel7: RHEL-07-010120 stigid@rhel8: RHEL-08-020110 - stigid@rhel9: RHEL-09-611110 stigid@ubuntu2004: UBTU-20-010050 ocil_clause: 'the value of "ucredit" is a positive number or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml index c6ed463cd4d..06a863378f3 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml @@ -47,7 +47,6 @@ references: srg: SRG-OS-000073-GPOS-00041 stigid@ol7: OL07-00-010220 stigid@rhel7: RHEL-07-010220 - stigid@rhel9: RHEL-09-611135 ocil_clause: crypt_style is not set to sha512 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml index 45166cbeda4..57888da0373 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml @@ -45,7 +45,6 @@ references: stigid@ol8: OL08-00-010110 stigid@rhel7: RHEL-07-010210 stigid@rhel8: RHEL-08-010110 - stigid@rhel9: RHEL-09-611140 stigid@sle12: SLES-12-010210 stigid@sle15: SLES-15-010260 stigid@ubuntu2004: UBTU-20-010404 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml index a97e9af107a..902998cf3bf 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-010160 stigid@rhel7: RHEL-07-010200 stigid@rhel8: RHEL-08-010160 - stigid@rhel9: RHEL-09-671025 ocil_clause: 'it does not' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml index ff59cf9ba8d..7dc77eef14c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-010130 stigid@rhel8: RHEL-08-010130 - stigid@rhel9: RHEL-09-611150 stigid@sle12: SLES-12-010240 stigid@sle15: SLES-15-020190 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml index e5b165ba3f0..690c52aa04a 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml @@ -72,7 +72,6 @@ references: srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040172 stigid@rhel8: RHEL-08-040172 - stigid@rhel9: RHEL-09-211045 stigid@sle15: SLES-15-040062 stigid@ubuntu2004: UBTU-20-010460 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml index 19920708bbc..51c13e050da 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml @@ -77,7 +77,6 @@ references: stigid@ol8: OL08-00-040170 stigid@rhel7: RHEL-07-020230 stigid@rhel8: RHEL-08-040170 - stigid@rhel9: RHEL-09-211050 stigid@sle12: SLES-12-010610 stigid@sle15: SLES-15-040060 stigid@ubuntu2004: UBTU-20-010460 diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml index 09c4d6591ac..428cea61df1 100644 --- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml @@ -47,7 +47,6 @@ references: nist-csf: PR.AC-4,PR.AC-6,PR.PT-3 ospp: FIA_UAU.1 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-212015 ocil_clause: 'Interactive boot is enabled at boot time' diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml index 7dc87e626bb..35220b4d267 100644 --- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml @@ -41,7 +41,6 @@ references: srg: SRG-OS-000163-GPOS-00072 stigid@ol8: OL08-00-020035 stigid@rhel8: RHEL-08-020035 - stigid@rhel9: RHEL-09-412080 ocil_clause: "the option is not configured" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml index 7cc8aa2100c..3366217dda3 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol7: OL07-00-010481 stigid@ol8: OL08-00-010152 stigid@rhel8: RHEL-08-010152 - stigid@rhel9: RHEL-09-611195 ocil_clause: 'the output is different' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml index 1dc9c636681..121c8f619c6 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-010151 stigid@rhel7: RHEL-07-010481 stigid@rhel8: RHEL-08-010151 - stigid@rhel9: RHEL-09-611200 ocil_clause: 'the output is different' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml index 80bdc7a3c8e..066a8b09abc 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011 stigid@ol8: OL08-00-020041 stigid@rhel8: RHEL-08-020041 - stigid@rhel9: RHEL-09-412015 platform: package[tmux] diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml index 7dc00349c72..64a5fe4fe38 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml @@ -25,7 +25,6 @@ references: srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012 stigid@ol8: OL08-00-020070 stigid@rhel8: RHEL-08-020070 - stigid@rhel9: RHEL-09-412025 platform: package[tmux] diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml index ca1def0cde0..18cc6fac544 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml @@ -30,7 +30,6 @@ references: srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011 stigid@ol8: OL08-00-020040 stigid@rhel8: RHEL-08-020040 - stigid@rhel9: RHEL-09-412020 platform: package[tmux] diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml index 60f91e405cc..b0baa5b6ba8 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011 stigid@ol8: OL08-00-020040 stigid@rhel8: RHEL-08-020040 - stigid@rhel9: RHEL-09-412020 platform: package[tmux] diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml index 7273c0e035e..21d0295bade 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000324-GPOS-00125,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011 stigid@ol8: OL08-00-020042 stigid@rhel8: RHEL-08-020042 - stigid@rhel9: RHEL-09-412030 ocil_clause: 'tmux is listed in /etc/shells' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml index db6774627b3..de5155c3d05 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000030-GPOS-00011,SRG-OS-000028-GPOS-00009 stigid@ol8: OL08-00-020039 stigid@rhel8: RHEL-08-020039 - stigid@rhel9: RHEL-09-412010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml index 9a8bdcb7961..1fe7d2299f9 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml @@ -47,7 +47,6 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 pcidss: Req-8.3 srg: SRG-OS-000104-GPOS-00051,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000109-GPOS-00056,SRG-OS-000108-GPOS-00055,SRG-OS-000108-GPOS-00057,SRG-OS-000108-GPOS-00058 - stigid@rhel9: RHEL-09-611160 ocil_clause: '"{{{ xccdf_value("var_smartcard_drivers") }}}" is not listed as a card driver, or there is no line returned for "card_drivers"' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml index 036d0faf907..4a588977f83 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml @@ -54,7 +54,6 @@ references: stigid@ol8: OL08-00-010390 stigid@rhel7: RHEL-07-041001 stigid@rhel8: RHEL-08-010390 - stigid@rhel9: RHEL-09-215075 stigid@sle12: SLES-12-030500 stigid@sle15: SLES-15-010460 stigid@ubuntu2004: UBTU-20-010063 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml index 4da85dda72c..dc7ab761ac1 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml @@ -36,7 +36,6 @@ references: srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161 stigid@ol8: OL08-00-010410 stigid@rhel8: RHEL-08-010410 - stigid@rhel9: RHEL-09-611185 stigid@ubuntu2004: UBTU-20-010064 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml index 395914cb9b0..5ab5b292ce1 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml @@ -22,7 +22,6 @@ references: ism: 1382,1384,1386 nist: CM-6(a) srg: SRG-OS-000375-GPOS-00160 - stigid@rhel9: RHEL-09-611175 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml index 85495b3b114..13e9c9b9d56 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml @@ -33,7 +33,6 @@ references: nist: IA-2(1),IA-2(2),IA-2(3),IA-2(4),IA-2(6),IA-2(7),IA-2(11),CM-6(a) pcidss: Req-8.3 srg: SRG-OS-000375-GPOS-00160 - stigid@rhel9: RHEL-09-611180 ocil_clause: 'the pcscd service is not enabled' diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml index b2121a96681..6fefab28a0d 100644 --- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml @@ -38,7 +38,6 @@ references: srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040180 stigid@rhel8: RHEL-08-040180 - stigid@rhel9: RHEL-09-211055 ocil_clause: |- {{{ ocil_clause_service_disabled(service="debug-shell") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml index b82f7215d16..4b17ec21627 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-020260 stigid@rhel7: RHEL-07-010310 stigid@rhel8: RHEL-08-020260 - stigid@rhel9: RHEL-09-411050 stigid@sle12: SLES-12-010340 stigid@sle15: SLES-15-020050 stigid@ubuntu2004: UBTU-20-010409 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml index 8391e50315f..7cee18af92c 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml @@ -46,7 +46,6 @@ references: stigid@ol8: OL08-00-020000 stigid@rhel7: RHEL-07-010271 stigid@rhel8: RHEL-08-020000,RHEL-08-020270 - stigid@rhel9: RHEL-09-411040 stigid@sle12: SLES-12-010360 stigid@sle15: SLES-15-020000 stigid@ubuntu2004: UBTU-20-010000 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml index 6ce7aa23e2d..93b1213c1c2 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020 stigid@ol8: OL08-00-020240 stigid@rhel8: RHEL-08-020240 - stigid@rhel9: RHEL-09-411030 stigid@sle12: SLES-12-010640 stigid@sle15: SLES-15-010230 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml index 6961aae7755..a33e5f3d4b4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-020320 stigid@rhel7: RHEL-07-020270 stigid@rhel8: RHEL-08-020320 - stigid@rhel9: RHEL-09-411095 stigid@sle12: SLES-12-010630 stigid@sle15: SLES-15-020090 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml index 2a992c0a3cf..c3b5c920340 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml @@ -23,7 +23,6 @@ references: cis@ubuntu2204: 6.2.6 disa: CCI-000764 srg: SRG-OS-000104-GPOS-00051 - stigid@rhel9: RHEL-09-411110 ocil_clause: 'the system has duplicate group ids' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml index b3b1e61bd5f..ad3af5b010e 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-020200 stigid@rhel7: RHEL-07-010250 stigid@rhel8: RHEL-08-020200 - stigid@rhel9: RHEL-09-411010 stigid@sle12: SLES-12-010280 stigid@sle15: SLES-15-020220 stigid@ubuntu2004: UBTU-20-010008 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml index 093c4c4abf0..5c4a7524815 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml @@ -52,7 +52,6 @@ references: stigid@ol8: OL08-00-020190 stigid@rhel7: RHEL-07-010230 stigid@rhel8: RHEL-08-020190 - stigid@rhel9: RHEL-09-611075 stigid@sle12: SLES-12-010260 stigid@sle15: SLES-15-020200 stigid@ubuntu2004: UBTU-20-010007 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml index 6a7c5da04c6..10a4ef23c17 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml @@ -47,7 +47,6 @@ references: srg: SRG-OS-000078-GPOS-00046 stigid@ol8: OL08-00-020231 stigid@rhel8: RHEL-08-020231 - stigid@rhel9: RHEL-09-611095 ocil_clause: 'it is not set to the required value' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml index 62663dce2ac..3f23b472a2c 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml @@ -36,7 +36,6 @@ references: stigid@ol8: OL08-00-020210 stigid@rhel7: RHEL-07-010260 stigid@rhel8: RHEL-08-020210 - stigid@rhel9: RHEL-09-411015 stigid@sle12: SLES-12-010290 stigid@sle15: SLES-15-020230 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml index b123f403180..da2beb59e20 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml @@ -37,7 +37,6 @@ references: stigid@ol8: OL08-00-020180 stigid@rhel7: RHEL-07-010240 stigid@rhel8: RHEL-08-020180 - stigid@rhel9: RHEL-09-611080 stigid@sle12: SLES-12-010270 stigid@sle15: SLES-15-020210 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml index de8560f12f0..0d769323ca3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml @@ -38,7 +38,6 @@ references: srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-010120 stigid@rhel8: RHEL-08-010120 - stigid@rhel9: RHEL-09-671015 stigid@sle12: SLES-12-010220 stigid@sle15: SLES-15-020180 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml index 43b07dcb329..f454d4ef615 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml @@ -38,7 +38,6 @@ identifiers: references: disa: CCI-000196 srg: SRG-OS-000073-GPOS-00041 - stigid@rhel9: RHEL-09-611050 ocil_clause: 'rounds is not set to {{{ xccdf_value("var_password_pam_unix_rounds") }}} or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml index 7d3795797e4..2bb6c95f1fe 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml @@ -32,7 +32,6 @@ identifiers: references: disa: CCI-000196 srg: SRG-OS-000073-GPOS-00041 - stigid@rhel9: RHEL-09-611055 ocil_clause: 'rounds is not set to {{{ xccdf_value("var_password_pam_unix_rounds") }}} or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml index 9ebcb4f0805..f1365e65ecb 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml @@ -37,7 +37,6 @@ references: srg: SRG-OS-000104-GPOS-00051 stigid@ol7: OL07-00-020300 stigid@rhel7: RHEL-07-020300 - stigid@rhel9: RHEL-09-411045 ocil_clause: 'GIDs referenced in /etc/passwd are returned as not defined in /etc/group' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml index 9b71b764952..67e71a6d943 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml @@ -54,7 +54,6 @@ references: stigid@ol8: OL08-00-020331,OL08-00-020332 stigid@rhel7: RHEL-07-010290 stigid@rhel8: RHEL-08-020331,RHEL-08-020332 - stigid@rhel9: RHEL-09-611025 stigid@sle12: SLES-12-010231 stigid@sle15: SLES-15-020300 stigid@ubuntu2004: UBTU-20-010463 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml index 73e4c6ed2f1..524bcbf8a7f 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-010121 stigid@rhel7: RHEL-07-010291 stigid@rhel8: RHEL-08-010121 - stigid@rhel9: RHEL-09-611155 stigid@sle12: SLES-12-010221 stigid@sle15: SLES-15-020181 stigid@ubuntu2004: UBTU-20-010462 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml index 179c8197c5d..dcc311d46bc 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml @@ -52,7 +52,6 @@ references: stigid@ol8: OL08-00-040200 stigid@rhel7: RHEL-07-020310 stigid@rhel8: RHEL-08-040200 - stigid@rhel9: RHEL-09-411100 stigid@sle12: SLES-12-010650 stigid@sle15: SLES-15-020100 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml index cb8b76335f6..ebdb96bd5a9 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml @@ -43,7 +43,6 @@ references: nist: AC-6,CM-6(a),CM-6(b),CM-6.1(iv) nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-411035 stigid@sle12: SLES-12-010631 stigid@sle15: SLES-15-020091 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml index 332eb5419a8..ef54967d283 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml @@ -28,7 +28,6 @@ references: cis@sle15: "5.6" ospp: FMT_SMF_EXT.1.1 srg: 'SRG-OS-000373-GPOS-00156,SRG-OS-000312-GPOS-00123' - stigid@rhel9: RHEL-09-432035 ocil_clause: 'the line is not in the file or it is commented' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml index 05db805a950..e2f036e157f 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml @@ -31,7 +31,6 @@ references: stigid@ol8: OL08-00-010760 stigid@rhel7: RHEL-07-020610 stigid@rhel8: RHEL-08-010760 - stigid@rhel9: RHEL-09-411020 stigid@sle12: SLES-12-010720 stigid@sle15: SLES-15-020110 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml index ff6e6b0e0e6..d224b894f81 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml @@ -33,7 +33,6 @@ references: stigid@ol8: OL08-00-020310 stigid@rhel7: RHEL-07-010430 stigid@rhel8: RHEL-08-020310 - stigid@rhel9: RHEL-09-412050 stigid@sle12: SLES-12-010140 ocil_clause: 'the value of "FAIL_DELAY" is not set to "{{{ xccdf_value("var_accounts_fail_delay") }}}" or greater, or the line is commented out' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml index 3242bb77ee3..238a4c35bc1 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml @@ -40,7 +40,6 @@ references: stigid@ol8: OL08-00-020024 stigid@rhel7: RHEL-07-040000 stigid@rhel8: RHEL-08-020024 - stigid@rhel9: RHEL-09-412040 stigid@sle12: SLES-12-010120 stigid@sle15: SLES-15-020020 stigid@ubuntu2004: UBTU-20-010400 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index 3323dc141bf..760a61e5eb5 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -64,7 +64,6 @@ references: srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010 stigid@ol7: OL07-00-040160 stigid@rhel7: RHEL-07-040160 - stigid@rhel9: RHEL-09-412035 stigid@sle12: SLES-12-010090 stigid@sle15: SLES-15-010130 stigid@ubuntu2004: UBTU-20-010013 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml index b677251c766..5bbf11aadc6 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml @@ -34,7 +34,6 @@ references: stigid@ol8: OL08-00-010660 stigid@rhel7: RHEL-07-020730 stigid@rhel8: RHEL-08-010660 - stigid@rhel9: RHEL-09-411115 stigid@sle12: SLES-12-010780 stigid@sle15: SLES-15-040130 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml index 3cad08ecd0b..6afe058cf7e 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml @@ -35,7 +35,6 @@ references: stigid@ol8: OL08-00-010690 stigid@rhel7: RHEL-07-020720 stigid@rhel8: RHEL-08-010690 - stigid@rhel9: RHEL-09-411055 stigid@sle12: SLES-12-010770 stigid@sle15: SLES-15-040120 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml index 6c4ebf5a6a3..a76ca547a3b 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml @@ -31,7 +31,6 @@ references: stigid@ol8: OL08-00-010720 stigid@rhel7: RHEL-07-020600 stigid@rhel8: RHEL-08-010720 - stigid@rhel9: RHEL-09-411060 stigid@sle12: SLES-12-010710 stigid@sle15: SLES-15-040070 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml index 6d6ed2326e2..997f43257e1 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml @@ -36,7 +36,6 @@ references: stigid@ol8: OL08-00-010750 stigid@rhel7: RHEL-07-020620 stigid@rhel8: RHEL-08-010750 - stigid@rhel9: RHEL-09-411065 stigid@sle12: SLES-12-010730 stigid@sle15: SLES-15-040080 diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml index 06bdf97c33c..1d0733c97fd 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml @@ -40,7 +40,6 @@ references: stigid@ol8: OL08-00-010740 stigid@rhel7: RHEL-07-020650 stigid@rhel8: RHEL-08-010740 - stigid@rhel9: RHEL-09-411070 stigid@sle12: SLES-12-010750 stigid@sle15: SLES-15-040100 diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml index c4f916cffd1..74f5f022319 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml @@ -29,7 +29,6 @@ references: stigid@ol8: OL08-00-010770 stigid@rhel7: RHEL-07-020710 stigid@rhel8: RHEL-08-010770 - stigid@rhel9: RHEL-09-232045 stigid@sle12: SLES-12-010760 stigid@sle15: SLES-15-040110 diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml index 1b2a0e82d55..2719dae2979 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml @@ -33,7 +33,6 @@ references: stigid@ol8: OL08-00-010730 stigid@rhel7: RHEL-07-020630 stigid@rhel8: RHEL-08-010730 - stigid@rhel9: RHEL-09-232050 stigid@sle12: SLES-12-010740 stigid@sle15: SLES-15-040090 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml index 870671adfab..37b322c3c89 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml @@ -46,7 +46,6 @@ references: srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-020353 stigid@rhel8: RHEL-08-020353 - stigid@rhel9: RHEL-09-412055 platform: package[bash] diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml index 66dd2ac5218..23273c85550 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-020353 stigid@rhel8: RHEL-08-020353 - stigid@rhel9: RHEL-09-412060 ocil_clause: 'the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", or the "umask" parameter is missing or is commented out' diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml index da58c8cb53a..9cf8c4c2033 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml @@ -40,7 +40,6 @@ references: stigid@ol8: OL08-00-020351 stigid@rhel7: RHEL-07-020240 stigid@rhel8: RHEL-08-020351 - stigid@rhel9: RHEL-09-412065 stigid@sle12: SLES-12-010620 stigid@sle15: SLES-15-040420 stigid@ubuntu2004: UBTU-20-010016 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml index ffeabbba8b1..ef85c30c923 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml @@ -42,7 +42,6 @@ references: srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-020353 stigid@rhel8: RHEL-08-020353 - stigid@rhel9: RHEL-09-412070 ocil_clause: |- the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml index 57e1907d49c..da7594ebcd7 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml @@ -29,7 +29,6 @@ references: stigid@ol8: OL08-00-020352 stigid@rhel7: RHEL-07-021040 stigid@rhel8: RHEL-08-020352 - stigid@rhel9: RHEL-09-411025 ocil_clause: 'any local interactive user initialization files are found to have a umask statement that sets a value less restrictive than "077"' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml index c0fac1867ef..34c180fd0b8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030490 stigid@rhel7: RHEL-07-030410 stigid@rhel8: RHEL-08-030490 - stigid@rhel9: RHEL-09-654015 stigid@sle12: SLES-12-020460 stigid@sle15: SLES-15-030290 stigid@ubuntu2004: UBTU-20-010152 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml index 375a6b2d844..7cc808a5c3b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030480 stigid@rhel7: RHEL-07-030370 stigid@rhel8: RHEL-08-030480 - stigid@rhel9: RHEL-09-654020 stigid@sle12: SLES-12-020420 stigid@sle15: SLES-15-030250 stigid@ubuntu2004: UBTU-20-010148 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml index 92a261948e3..b680a142575 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030490 stigid@rhel7: RHEL-07-030410 stigid@rhel8: RHEL-08-030490 - stigid@rhel9: RHEL-09-654015 stigid@sle12: SLES-12-020460 stigid@sle15: SLES-15-030290 stigid@ubuntu2004: UBTU-20-010153 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml index 53bb8475f71..a7e9e260f26 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030490 stigid@rhel7: RHEL-07-030410 stigid@rhel8: RHEL-08-030490 - stigid@rhel9: RHEL-09-654015 stigid@sle12: SLES-12-020460 stigid@sle15: SLES-15-030290 stigid@ubuntu2004: UBTU-20-010154 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml index 20447db1cac..9d05087518a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030480 stigid@rhel7: RHEL-07-030370 stigid@rhel8: RHEL-08-030480 - stigid@rhel9: RHEL-09-654020 stigid@sle12: SLES-12-020420 stigid@sle15: SLES-15-030250 stigid@ubuntu2004: UBTU-20-010149 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml index 026974ec826..53ff8f91b84 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030480 stigid@rhel7: RHEL-07-030370 stigid@rhel8: RHEL-08-030480 - stigid@rhel9: RHEL-09-654020 stigid@sle12: SLES-12-020420 stigid@sle15: SLES-15-030250 stigid@ubuntu2004: UBTU-20-010150 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index 5eebdbba4b6..47d373ac319 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -75,7 +75,6 @@ references: stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030440 stigid@rhel8: RHEL-08-030200 - stigid@rhel9: RHEL-09-654025 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010147 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index 1146b3c5728..95271f7f7fa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -70,7 +70,6 @@ references: stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030440 stigid@rhel8: RHEL-08-030200 - stigid@rhel9: RHEL-09-654025 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010144 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml index 8bb85b0c830..5a5d9ed6908 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030480 stigid@rhel7: RHEL-07-030370 stigid@rhel8: RHEL-08-030480 - stigid@rhel9: RHEL-09-654020 stigid@sle12: SLES-12-020420 stigid@sle15: SLES-15-030250 stigid@ubuntu2004: UBTU-20-010151 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml index d1b4c259424..3e671303b5c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -75,7 +75,6 @@ references: stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030440 stigid@rhel8: RHEL-08-030200 - stigid@rhel9: RHEL-09-654025 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010146 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index ae31b307988..446d7bd3cfd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -70,7 +70,6 @@ references: stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030440 stigid@rhel8: RHEL-08-030200 - stigid@rhel9: RHEL-09-654025 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010143 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index 4311f965716..a83fb513f4c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -74,7 +74,6 @@ references: stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030440 stigid@rhel8: RHEL-08-030200 - stigid@rhel9: RHEL-09-654025 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010145 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 5d574ec4648..335f15e7968 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -70,7 +70,6 @@ references: stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030440 stigid@rhel8: RHEL-08-030200 - stigid@rhel9: RHEL-09-654025 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010142 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml index 89e2ad67fb8..746c0a3d4f3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml @@ -34,7 +34,6 @@ references: disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884 nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 - stigid@rhel9: RHEL-09-654205 stigid@sle12: SLES-12-020300 stigid@sle15: SLES-15-030360 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml index 5d76fa2bd3a..16da550386c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml @@ -37,7 +37,6 @@ references: disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884 nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 - stigid@rhel9: RHEL-09-654210 stigid@sle12: SLES-12-020300 stigid@sle15: SLES-15-030360 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml index 945c54414f7..2eff921f000 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol8: OL08-00-030570 stigid@rhel8: RHEL-08-030570 - stigid@rhel9: RHEL-09-654035 stigid@sle12: SLES-12-020620 stigid@sle15: SLES-15-030440 stigid@ubuntu2004: UBTU-20-010168 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml index 16526ed8fca..7ef8c41133c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml @@ -38,7 +38,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@ol8: OL08-00-030330 stigid@rhel8: RHEL-08-030330 - stigid@rhel9: RHEL-09-654040 stigid@sle12: SLES-12-020610 stigid@sle15: SLES-15-030430 stigid@ubuntu2004: UBTU-20-010167 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml index c47edec09e9..f7b9d43a09a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030260 stigid@rhel7: RHEL-07-030580 stigid@rhel8: RHEL-08-030260 - stigid@rhel9: RHEL-09-654045 stigid@sle12: SLES-12-020630 stigid@sle15: SLES-15-030450 stigid@ubuntu2004: UBTU-20-010165 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml index 698a94308ce..5f9cad67946 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030313 stigid@rhel7: RHEL-07-030560 stigid@rhel8: RHEL-08-030313 - stigid@rhel9: RHEL-09-654050 {{{ ocil_fix_srg_privileged_command("semanage", "/usr/sbin/", "privileged-unix-update") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml index b8e7c350284..24b33335244 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-030314 stigid@rhel7: RHEL-07-030590 stigid@rhel8: RHEL-08-030314 - stigid@rhel9: RHEL-09-654055 {{{ ocil_fix_srg_privileged_command("setfiles", "/usr/sbin/", "privileged-unix-update") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml index 0a9b6c0d10a..3ecdebdb584 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-030316 stigid@rhel7: RHEL-07-030570 stigid@rhel8: RHEL-08-030316 - stigid@rhel9: RHEL-09-654060 {{{ ocil_fix_srg_privileged_command("setsebool", "/usr/sbin/", "privileged") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml index b11d55b5a66..52fedb30cd2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol8: OL08-00-030361 stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 - stigid@rhel9: RHEL-09-654065 stigid@ubuntu2004: UBTU-20-010267 {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml index 402d76d4939..d82ff5fa4b6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-030361 stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 - stigid@rhel9: RHEL-09-654065 stigid@ubuntu2004: UBTU-20-010267 {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml index cdd1ae2e396..a6f1fc6deb1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml @@ -52,7 +52,6 @@ references: stigid@ol8: OL08-00-030361 stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 - stigid@rhel9: RHEL-09-654065 stigid@ubuntu2004: UBTU-20-010267 {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml index 25e465a76f4..e2de0922294 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol8: OL08-00-030361 stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 - stigid@rhel9: RHEL-09-654065 stigid@ubuntu2004: UBTU-20-010267 {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml index 97886db4b47..a29461c03f6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-030361 stigid@rhel7: RHEL-07-030910 stigid@rhel8: RHEL-08-030361 - stigid@rhel9: RHEL-09-654065 stigid@ubuntu2004: UBTU-20-010267 {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml index 81d6d5d61a7..b97dc5e35a5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml @@ -65,7 +65,6 @@ references: stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030510 stigid@rhel8: RHEL-08-030420 - stigid@rhel9: RHEL-09-654070 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010158 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml index 2e2d7674baa..b39aca91389 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml @@ -65,7 +65,6 @@ references: stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030510 stigid@rhel8: RHEL-08-030420 - stigid@rhel9: RHEL-09-654070 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010157 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml index 5b6609c8dfa..995220254f0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml @@ -68,7 +68,6 @@ references: stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030510 stigid@rhel8: RHEL-08-030420 - stigid@rhel9: RHEL-09-654070 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010155 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml index 6e706de37dc..c15f79f546b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030510 stigid@rhel8: RHEL-08-030420 - stigid@rhel9: RHEL-09-654070 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010160 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml index cfda86b153e..782f603ae71 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml @@ -65,7 +65,6 @@ references: stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030510 stigid@rhel8: RHEL-08-030420 - stigid@rhel9: RHEL-09-654070 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010159 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml index 8b3778d0205..e2889ab479b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml @@ -64,7 +64,6 @@ references: stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030510 stigid@rhel8: RHEL-08-030420 - stigid@rhel9: RHEL-09-654070 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010156 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml index 95b2183d116..53ff9fbccf7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-030390 stigid@rhel7: RHEL-07-030830 stigid@rhel8: RHEL-08-030390 - stigid@rhel9: RHEL-09-654075 stigid@sle12: SLES-12-020730 stigid@sle15: SLES-15-030520 stigid@ubuntu2004: UBTU-20-010181 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml index 53cf20e4f45..8dbb2d738ce 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol8: OL08-00-030360 stigid@rhel7: RHEL-07-030820 stigid@rhel8: RHEL-08-030360 - stigid@rhel9: RHEL-09-654080 stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010179 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml index c1b9ca7219d..16041016c57 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-030360 stigid@rhel7: RHEL-07-030820 stigid@rhel8: RHEL-08-030360 - stigid@rhel9: RHEL-09-654080 stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010179 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index de686fe0e24..1f892b60375 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -51,7 +51,6 @@ references: stigid@ol8: OL08-00-030590 stigid@rhel7: RHEL-07-030610 stigid@rhel8: RHEL-08-030590 - stigid@rhel9: RHEL-09-654250 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index bdc6cc9b701..1f76c138c17 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol8: OL08-00-030600 stigid@rhel7: RHEL-07-030620 stigid@rhel8: RHEL-08-030600 - stigid@rhel9: RHEL-09-654255 stigid@sle12: SLES-12-020660 stigid@sle15: SLES-15-030480 stigid@ubuntu2004: UBTU-20-010171 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml index b95d141e15e..3e51a3aa9e2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml @@ -50,7 +50,6 @@ references: pcidss: Req-10.2.3 srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275 stigid@rhel7: RHEL-07-030600 - stigid@rhel9: RHEL-09-654260 stigid@sle12: SLES-12-020650 stigid@sle15: SLES-15-030470 stigid@ubuntu2004: UBTU-20-010169 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml index 0630c7201af..c66ed5fcd65 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml @@ -32,7 +32,6 @@ references: disa: CCI-000172 nist: AU-12(c) srg: SRG-OS-000477-GPOS-00222 - stigid@rhel9: RHEL-09-654185 {{{ ocil_fix_srg_privileged_command("init","{{{ path }}}/") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml index edb63d1f46c..3a4f1fead9e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml @@ -32,7 +32,6 @@ references: disa: CCI-000172 nist: AU-12(c) srg: SRG-OS-000477-GPOS-00222 - stigid@rhel9: RHEL-09-654190 {{{ ocil_fix_srg_privileged_command("poweroff","{{{ path }}}/") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml index 19419ece489..deb4f602c88 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml @@ -32,7 +32,6 @@ references: disa: CCI-000172 nist: AU-12(c) srg: SRG-OS-000477-GPOS-00222 - stigid@rhel9: RHEL-09-654195 {{{ ocil_fix_srg_privileged_command("reboot","{{{ path }}}/") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml index 7f62af5ecb8..a1448481653 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml @@ -32,7 +32,6 @@ references: disa: CCI-000172 nist: AU-12(c) srg: SRG-OS-000477-GPOS-00222 - stigid@rhel9: RHEL-09-654200 {{{ ocil_fix_srg_privileged_command("shutdown","{{{ path }}}/") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml index b628567bcbd..97636e95d1c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml @@ -60,7 +60,6 @@ references: stigid@ol8: OL08-00-030250 stigid@rhel7: RHEL-07-030660 stigid@rhel8: RHEL-08-030250 - stigid@rhel9: RHEL-09-654085 stigid@sle12: SLES-12-020690 stigid@sle15: SLES-15-030120 stigid@ubuntu2004: UBTU-20-010175 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml index 7515a6681d7..e9872e8a3c4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml @@ -60,7 +60,6 @@ references: stigid@ol8: OL08-00-030410 stigid@rhel7: RHEL-07-030720 stigid@rhel8: RHEL-08-030410 - stigid@rhel9: RHEL-09-654090 stigid@sle12: SLES-12-020580 stigid@sle15: SLES-15-030100 stigid@ubuntu2004: UBTU-20-010163 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml index 8ef1fdf41cf..6ea9eeed7f6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml @@ -59,7 +59,6 @@ references: stigid@ol8: OL08-00-030400 stigid@rhel7: RHEL-07-030800 stigid@rhel8: RHEL-08-030400 - stigid@rhel9: RHEL-09-654095 stigid@sle12: SLES-12-020710 stigid@sle15: SLES-15-030130 stigid@ubuntu2004: UBTU-20-010177 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml index 18a97ba77a7..d51a5ba639d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030370 stigid@rhel7: RHEL-07-030650 stigid@rhel8: RHEL-08-030370 - stigid@rhel9: RHEL-09-654100 stigid@sle12: SLES-12-020560 stigid@sle15: SLES-15-030080 stigid@ubuntu2004: UBTU-20-010174 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml index 9a964e4bdad..4c1d8125a46 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-030580 stigid@rhel7: RHEL-07-030840 stigid@rhel8: RHEL-08-030580 - stigid@rhel9: RHEL-09-654105 stigid@sle12: SLES-12-020360 stigid@sle15: SLES-15-030410 stigid@ubuntu2004: UBTU-20-010297 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml index 817ec3f12c0..9925cf2f535 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml @@ -51,7 +51,6 @@ references: stigid@ol8: OL08-00-030300 stigid@rhel7: RHEL-07-030740 stigid@rhel8: RHEL-08-030300 - stigid@rhel9: RHEL-09-654180 stigid@sle12: SLES-12-020290 stigid@ubuntu2004: UBTU-20-010138 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml index c1ffea143b4..21fdc14f08f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030350 stigid@rhel7: RHEL-07-030710 stigid@rhel8: RHEL-08-030350 - stigid@rhel9: RHEL-09-654110 stigid@sle12: SLES-12-020570 stigid@sle15: SLES-15-030090 stigid@ubuntu2004: UBTU-20-010164 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml index 1a09558ece5..5f1eeb2de38 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml @@ -65,7 +65,6 @@ references: stigid@ol8: OL08-00-030340 stigid@rhel7: RHEL-07-030810 stigid@rhel8: RHEL-08-030340 - stigid@rhel9: RHEL-09-654115 stigid@sle12: SLES-12-020720 stigid@sle15: SLES-15-030510 stigid@ubuntu2004: UBTU-20-010178 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml index 25bfa1d0006..d7318cbab04 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml @@ -59,7 +59,6 @@ references: stigid@ol8: OL08-00-030290 stigid@rhel7: RHEL-07-030630 stigid@rhel8: RHEL-08-030290 - stigid@rhel9: RHEL-09-654120 stigid@sle12: SLES-12-020550 stigid@sle15: SLES-15-030070 stigid@ubuntu2004: UBTU-20-010172 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml index ffa07f18f3a..c3cfc617b08 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030311 stigid@rhel7: RHEL-07-030760 stigid@rhel8: RHEL-08-030311 - stigid@rhel9: RHEL-09-654125 {{{ ocil_fix_srg_privileged_command("postdrop") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml index 0abec84ef9e..33490fcf5a7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030312 stigid@rhel7: RHEL-07-030770 stigid@rhel8: RHEL-08-030312 - stigid@rhel9: RHEL-09-654130 {{{ ocil_fix_srg_privileged_command("postqueue") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml index c6faead32ed..4b0ac341497 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml @@ -40,7 +40,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@ol8: OL08-00-030280 stigid@rhel8: RHEL-08-030280 - stigid@rhel9: RHEL-09-654135 stigid@sle12: SLES-12-020310 stigid@sle15: SLES-15-030370 stigid@ubuntu2004: UBTU-20-010140 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml index a6241129703..92d86ba5a51 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml @@ -68,7 +68,6 @@ references: stigid@ol8: OL08-00-030320 stigid@rhel7: RHEL-07-030780 stigid@rhel8: RHEL-08-030320 - stigid@rhel9: RHEL-09-654140 stigid@sle12: SLES-12-020320 stigid@sle15: SLES-15-030060 stigid@ubuntu2004: UBTU-20-010141 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml index 1b4f74df502..2cab4c12ac2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml @@ -60,7 +60,6 @@ references: stigid@ol8: OL08-00-030190 stigid@rhel7: RHEL-07-030680 stigid@rhel8: RHEL-08-030190 - stigid@rhel9: RHEL-09-654145 stigid@sle12: SLES-12-020250 stigid@sle15: SLES-15-030550 stigid@ubuntu2004: UBTU-20-010136 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml index 536fa541835..51db71f981e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml @@ -60,7 +60,6 @@ references: stigid@ol8: OL08-00-030550 stigid@rhel7: RHEL-07-030690 stigid@rhel8: RHEL-08-030550 - stigid@rhel9: RHEL-09-654150 stigid@sle12: SLES-12-020260 stigid@sle15: SLES-15-030560 stigid@ubuntu2004: UBTU-20-010161 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml index f9af68594ed..4f58c77d546 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml @@ -56,7 +56,6 @@ references: nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv) ospp: FAU_GEN.1.1.c srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 - stigid@rhel9: RHEL-09-654155 stigid@sle15: SLES-15-030330 stigid@ubuntu2004: UBTU-20-010162 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml index 3cc45096890..bde7ca4d9f5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml @@ -59,7 +59,6 @@ references: stigid@ol8: OL08-00-030301 stigid@rhel7: RHEL-07-030750 stigid@rhel8: RHEL-08-030301 - stigid@rhel9: RHEL-09-654030 stigid@sle12: SLES-12-020300 stigid@ubuntu2004: UBTU-20-010139 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml index 8caef5913a2..7a160905bf3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml @@ -61,7 +61,6 @@ references: stigid@ol8: OL08-00-030317 stigid@rhel7: RHEL-07-030640 stigid@rhel8: RHEL-08-030317 - stigid@rhel9: RHEL-09-654160 stigid@sle12: SLES-12-020680 stigid@sle15: SLES-15-030110 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml index 3b477a26b88..321018655a3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml @@ -38,7 +38,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@ol8: OL08-00-030310 stigid@rhel8: RHEL-08-030310 - stigid@rhel9: RHEL-09-654165 stigid@ubuntu2004: UBTU-20-010173 {{{ ocil_fix_srg_privileged_command("unix_update") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml index f61686df733..bda6d3239ff 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-030315 stigid@rhel7: RHEL-07-030670 stigid@rhel8: RHEL-08-030315 - stigid@rhel9: RHEL-09-654170 {{{ ocil_fix_srg_privileged_command("userhelper") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml index af9cfac7a5c..0ba3ab59df7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol8: OL08-00-030560 stigid@rhel8: RHEL-08-030560 - stigid@rhel9: RHEL-09-654175 stigid@sle12: SLES-12-020700 stigid@sle15: SLES-15-030500 stigid@ubuntu2004: UBTU-20-010176 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml index 1234239bdf3..242a3f69ed5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml @@ -52,7 +52,6 @@ references: srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000119-CTR-000245,SRG-APP-000120-CTR-000250 stigid@ol8: OL08-00-030121 stigid@rhel8: RHEL-08-030121 - stigid@rhel9: RHEL-09-654275 ocil_clause: 'the audit system is not set to be immutable by adding the "-e 2" option to the end of "/etc/audit/audit.rules"' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml index 15519eec3c2..349d4ecd77d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml @@ -32,7 +32,6 @@ references: disa: CCI-000162,CCI-000163,CCI-000164 srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@rhel8: RHEL-08-030122 - stigid@rhel9: RHEL-09-654270 ocil_clause: 'the system is not configured to make login UIDs immutable' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml index 72245ee7937..acb8b30bc0b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol8: OL08-00-030171 stigid@rhel8: RHEL-08-030171 - stigid@rhel9: RHEL-09-654215 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml index dd9b966dd59..a78cc4d0bf4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 stigid@ol8: OL08-00-030172 stigid@rhel8: RHEL-08-030172 - stigid@rhel9: RHEL-09-654220 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml index 0c03c2610a5..945f1417247 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-030000 stigid@rhel7: RHEL-07-030360 stigid@rhel8: RHEL-08-030000 - stigid@rhel9: RHEL-09-654010 stigid@sle12: SLES-12-020240 stigid@sle15: SLES-15-030640 stigid@ubuntu2004: UBTU-20-010211 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml index 13e21cb4fd1..3f2a116775f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml @@ -46,7 +46,6 @@ references: srg: SRG-OS-000046-GPOS-00022,SRG-OS-000047-GPOS-00023 stigid@ol7: OL07-00-030010 stigid@rhel7: RHEL-07-030010 - stigid@rhel9: RHEL-09-654265 ocil_clause: 'the system is not configured to shutdown on auditd failures' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml index 35bcc0c52d3..7df7ae8e324 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030170 stigid@rhel7: RHEL-07-030871 stigid@rhel8: RHEL-08-030170 - stigid@rhel9: RHEL-09-654225 stigid@sle12: SLES-12-020210 stigid@sle15: SLES-15-030010 stigid@ubuntu2004: UBTU-20-010101 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml index bee9db8c1e3..8b62926773c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030160 stigid@rhel7: RHEL-07-030872 stigid@rhel8: RHEL-08-030160 - stigid@rhel9: RHEL-09-654230 stigid@sle12: SLES-12-020590 stigid@sle15: SLES-15-030040 stigid@ubuntu2004: UBTU-20-010103 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml index 0f9eb176961..c7d3a45b20a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml @@ -59,7 +59,6 @@ references: stigid@ol8: OL08-00-030140 stigid@rhel7: RHEL-07-030874 stigid@rhel8: RHEL-08-030140 - stigid@rhel9: RHEL-09-654235 stigid@sle12: SLES-12-020230 stigid@sle15: SLES-15-030030 stigid@ubuntu2004: UBTU-20-010104 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml index dcf46cd9910..625da6853a1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030150 stigid@rhel7: RHEL-07-030870 stigid@rhel8: RHEL-08-030150 - stigid@rhel9: RHEL-09-654240 stigid@sle12: SLES-12-020200 stigid@sle15: SLES-15-030000 stigid@ubuntu2004: UBTU-20-010100 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index d87af4112a2..678fcc02caa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030130 stigid@rhel7: RHEL-07-030873 stigid@rhel8: RHEL-08-030130 - stigid@rhel9: RHEL-09-654245 stigid@sle12: SLES-12-020220 stigid@sle15: SLES-15-030020 stigid@ubuntu2004: UBTU-20-010102 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml index 743a1642348..4a9a0a15d6f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml @@ -36,7 +36,6 @@ references: srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030110 stigid@rhel8: RHEL-08-030110 - stigid@rhel9: RHEL-09-653080 ocil: |- {{% if product =="ol8" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml index 301bd5e5735..0fcc645925f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030100 stigid@rhel8: RHEL-08-030100 - stigid@rhel9: RHEL-09-653085 ocil_clause: the directory is not owned by root diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml index 0fb0f9e3766..b6097cbf025 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml @@ -52,7 +52,6 @@ references: stigid@ol8: OL08-00-030070 stigid@rhel7: RHEL-07-910055 stigid@rhel8: RHEL-08-030070 - stigid@rhel9: RHEL-09-653090 stigid@ubuntu2004: UBTU-20-010122 ocil_clause: 'any permissions are more permissive' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml index f902ce228d9..80a09e844a6 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133 stigid@ol8: OL08-00-030660 stigid@rhel8: RHEL-08-030660 - stigid@rhel9: RHEL-09-653030 stigid@sle12: SLES-12-020020 stigid@sle15: SLES-15-030660 stigid@ubuntu2004: UBTU-20-010215 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml index 2202642d266..df32a0d96b3 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml @@ -39,7 +39,6 @@ references: ospp: FAU_GEN.1.1.c pcidss: Req-10.5.3 srg: SRG-OS-000479-GPOS-00224,SRG-OS-000342-GPOS-00133 - stigid@rhel9: RHEL-09-652035 ocil_clause: 'it is not activated' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml index 5452ddf4de4..6fb1ec38e97 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml @@ -34,7 +34,6 @@ references: nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 srg: SRG-OS-000047-GPOS-00023 - stigid@rhel9: RHEL-09-653020 ocil_clause: 'there is no evidence of appropriate action' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml index 8183e132124..966797ef186 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml @@ -34,7 +34,6 @@ references: nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a) nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 srg: SRG-OS-000047-GPOS-00023 - stigid@rhel9: RHEL-09-653025 ocil_clause: there is no evidence of appropriate action diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml index 4fead191369..ea1c7f871d3 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-030020 stigid@rhel7: RHEL-07-030350 stigid@rhel8: RHEL-08-030020 - stigid@rhel9: RHEL-09-653070 stigid@sle12: SLES-12-020040 stigid@sle15: SLES-15-030570 stigid@ubuntu2004: UBTU-20-010117 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml index ade03945fc9..2a2097fbb1e 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml @@ -48,7 +48,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.7 srg: SRG-OS-000343-GPOS-00134 - stigid@rhel9: RHEL-09-653050 ocil_clause: 'there is no evidence that real-time alerts are configured on the system' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml index 24c91de5a6e..55b39657b8d 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml @@ -32,7 +32,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.7 srg: SRG-OS-000343-GPOS-00134 - stigid@rhel9: RHEL-09-653045 ocil_clause: 'the "admin_space_left" value is not configured to the correct value' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml index 867765232c2..33936903102 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml @@ -45,7 +45,6 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 pcidss: Req-10.7 srg: SRG-OS-000047-GPOS-00023,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800 - stigid@rhel9: RHEL-09-653055 ocil_clause: 'the value of the "max_log_file_action" option is not "ROTATE", "SINGLE", or the line is commented out, ask the system administrator to indicate how the system takes appropriate action when an audit storage volume is full. If there is no evidence of appropriate action' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml index 3335ad92989..50554322285 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol8: OL08-00-030731 stigid@rhel7: RHEL-07-030340 stigid@rhel8: RHEL-08-030731 - stigid@rhel9: RHEL-09-653040 stigid@ubuntu2004: UBTU-20-010217 ocil_clause: 'there is no evidence that real-time alerts are configured on the system' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml index 2b6acf03452..e0c0995e436 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-030730 stigid@rhel7: RHEL-07-030330 stigid@rhel8: RHEL-08-030730 - stigid@rhel9: RHEL-09-653035 stigid@ubuntu2004: UBTU-20-010217 ocil_clause: 'the value of the "space_left" keyword is not set to {{{ xccdf_value("var_auditd_space_left_percentage") }}}% of the storage volume allocated to audit logs, or if the line is commented out, ask the System Administrator to indicate how the system is providing real-time alerts to the SA and ISSO. If the "space_left" value is not configured to the correct value' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml index 21d9b8d5f85..e21dfbacf29 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml @@ -24,7 +24,6 @@ references: nist: CM-6 ospp: FAU_GEN.1 srg: SRG-OS-000051-GPOS-00024 - stigid@rhel9: RHEL-09-653095 ocil_clause: freq isn't set to {{{ xccdf_value("var_auditd_freq") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml index e3a34e25b14..75590e720e2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-030061 stigid@rhel8: RHEL-08-030061 - stigid@rhel9: RHEL-09-653075 ocil_clause: local_events isn't set to yes diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml index 9d19776db05..ef1666af111 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227,SRG-APP-000096-CTR-000175,SRG-APP-000097-CTR-000180,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800 stigid@ol8: OL08-00-030063 stigid@rhel8: RHEL-08-030063 - stigid@rhel9: RHEL-09-653100 ocil_clause: log_format isn't set to ENRICHED diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml index 1806a3c3e67..45245f92352 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml @@ -31,7 +31,6 @@ references: stigid@ol8: OL08-00-030062 stigid@rhel7: RHEL-07-030211 stigid@rhel8: RHEL-08-030062 - stigid@rhel9: RHEL-09-653060 ocil_clause: name_format isn't set to {{{ xccdf_value("var_auditd_name_format") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml index bd0205d1fd8..a058b881c18 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml @@ -33,7 +33,6 @@ references: stigid@ol8: OL08-00-030700 stigid@rhel7: RHEL-07-030210 stigid@rhel8: RHEL-08-030700 - stigid@rhel9: RHEL-09-653065 ocil_clause: 'auditd overflow action is not set correctly' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml index 064e9ff3e3c..a095a5ae4fd 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml @@ -23,7 +23,6 @@ references: nist: CM-6 ospp: FAU_STG.1 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-653105 ocil_clause: write_logs isn't set to yes diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml index 2fda8623220..916ba405fff 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095 stigid@ol8: OL08-00-030601 stigid@rhel8: RHEL-08-030601 - stigid@rhel9: RHEL-09-212055 stigid@ubuntu2004: UBTU-20-010198 ocil_clause: 'auditing is not enabled at boot time' diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml index 40062061860..f725ae136a4 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030602 stigid@rhel8: RHEL-08-030602 - stigid@rhel9: RHEL-09-653120 ocil_clause: 'audit backlog limit is not configured' diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml index 8dc9b6468b8..876abce51df 100644 --- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml @@ -21,7 +21,6 @@ identifiers: references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000342-GPOS-00133 - stigid@rhel9: RHEL-09-653130 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml index e305b5b54b6..1ca0b823376 100644 --- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220 stigid@ol8: OL08-00-030180 stigid@rhel8: RHEL-08-030180 - stigid@rhel9: RHEL-09-653010 stigid@sle12: SLES-12-020000 stigid@sle15: SLES-15-030650 stigid@ubuntu2004: UBTU-20-010182 diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml index 0bc8eb3feb2..8b64da094d3 100644 --- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml +++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol8: OL08-00-030181 stigid@rhel7: RHEL-07-030000 stigid@rhel8: RHEL-08-030181 - stigid@rhel9: RHEL-09-653015 stigid@sle12: SLES-12-020010 stigid@sle15: SLES-15-030050 diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml index bddcae5d039..b825403d18a 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040004 stigid@rhel8: RHEL-08-040004 - stigid@rhel9: RHEL-09-212050 ocil_clause: 'Kernel page-table isolation is not enabled' diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml index 925e7a74ad8..4efcbd136ff 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068 stigid@ol8: OL08-00-010422 stigid@rhel8: RHEL-08-010422 - stigid@rhel9: RHEL-09-212035 ocil_clause: 'vsyscalls are enabled' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index c71e132ad02..298ce4dc4e1 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -38,7 +38,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-7.1 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-212025 ocil_clause: '{{{ ocil_clause_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}}' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index ef88d3bc376..7c23cb63185 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -38,7 +38,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-7.1 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-212030 ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/grub.cfg", owner="root") }}}' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml index 1465a362513..f88ad2fb7da 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml @@ -49,7 +49,6 @@ references: stigid@ol8: OL08-00-010149 stigid@rhel7: RHEL-07-010483 stigid@rhel8: RHEL-08-010149 - stigid@rhel9: RHEL-09-212020 ocil_clause: 'superuser account is not set or is set to root, admin, administrator or any other existing user name' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml index 32cfe4b270c..c44db2f4462 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml @@ -66,7 +66,6 @@ references: stigid@ol8: OL08-00-010150 stigid@rhel7: RHEL-07-010482 stigid@rhel8: RHEL-08-010150 - stigid@rhel9: RHEL-09-212010 stigid@sle12: SLES-12-010430 stigid@sle15: SLES-15-010190 stigid@ubuntu2004: UBTU-20-010009 diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml index 923a9096d29..50ddd825a0b 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-030010 stigid@rhel7: RHEL-07-021100 stigid@rhel8: RHEL-08-030010 - stigid@rhel9: RHEL-09-652060 ocil_clause: 'cron is not logging to rsyslog' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml index fe5623311fa..fa127e79c7c 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 stigid@ol8: OL08-00-030720 stigid@rhel8: RHEL-08-030720 - stigid@rhel9: RHEL-09-652040 ocil_clause: '$ActionSendStreamDriverAuthMode in /etc/rsyslog.conf is not set to x509/name' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml index 7fb97b65f34..d15f2d79242 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 stigid@ol8: OL08-00-030710 stigid@rhel8: RHEL-08-030710 - stigid@rhel9: RHEL-09-652045 ocil_clause: 'rsyslogd ActionSendStreamDriverMode is not set to 1' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml index 12c43f3dbc3..ba1095929be 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 stigid@ol8: OL08-00-030710 stigid@rhel8: RHEL-08-030710 - stigid@rhel9: RHEL-09-652050 ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls' diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml index 9db602a15c3..65bc51dfe91 100644 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000032-GPOS-00013 stigid@ol8: OL08-00-010070 stigid@rhel8: RHEL-08-010070 - stigid@rhel9: RHEL-09-652030 stigid@ubuntu2004: UBTU-20-010403 ocil_clause: 'remote access methods are not logging to rsyslog' diff --git a/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml b/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml index 1db36875805..a5c8927b332 100644 --- a/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml +++ b/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml @@ -22,7 +22,6 @@ references: disa: CCI-001665 nist: SC-24 srg: SRG-OS-000269-GPOS-00103 - stigid@rhel9: RHEL-09-211040 ocil_clause: 'the systemd-journald service is not running' diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml index 76f6e3d4364..a4f49a04874 100644 --- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml +++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml @@ -30,7 +30,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-030680 stigid@rhel8: RHEL-08-030680 - stigid@rhel9: RHEL-09-652015 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml index bafa8a0dd2b..8f4b817e8aa 100644 --- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml +++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-030670 stigid@rhel8: RHEL-08-030670 - stigid@rhel9: RHEL-09-652010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml index 17fb2bae0bd..a944ca50ec9 100644 --- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml +++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml @@ -53,7 +53,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-031010 stigid@rhel7: RHEL-07-031010 - stigid@rhel9: RHEL-09-652025 ocil_clause: "rsyslog accepts remote messages and is not documented as a log aggregation system" diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml index ad4ac8b894f..6a872bb2514 100644 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml @@ -64,7 +64,6 @@ references: stigid@ol8: OL08-00-030690 stigid@rhel7: RHEL-07-031000 stigid@rhel8: RHEL-08-030690 - stigid@rhel9: RHEL-09-652055 stigid@sle12: SLES-12-030340 stigid@sle15: SLES-15-010580 diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml index 0723ac5e713..ead08e7cb68 100644 --- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml +++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml @@ -36,7 +36,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010561 stigid@rhel8: RHEL-08-010561 - stigid@rhel9: RHEL-09-652020 stigid@ubuntu2004: UBTU-20-010432 ocil_clause: '{{{ ocil_clause_service_enabled(service="rsyslog") }}}' diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml index 23204bae40e..c18b89c9eef 100644 --- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000420-GPOS-00186 stigid@ol8: OL08-00-040150 stigid@rhel8: RHEL-08-040150 - stigid@rhel9: RHEL-09-251030 ocil_clause: 'the "nftables" is not set as the "firewallbackend"' diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml index 9981fb8e109..36b27e13c72 100644 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml @@ -36,7 +36,6 @@ references: stigid@ol7: OL07-00-040520 stigid@ol8: OL08-00-040100 stigid@rhel8: RHEL-08-040100 - stigid@rhel9: RHEL-09-251010 stigid@sle15: SLES-15-010220 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml index 8c233a96587..f58c612c12b 100644 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-040101 stigid@rhel7: RHEL-07-040520 stigid@rhel8: RHEL-08-040101 - stigid@rhel9: RHEL-09-251015 stigid@sle15: SLES-15-010220 ocil_clause: '{{{ ocil_clause_service_enabled("firewalld") }}}' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml index b7958bfcd65..dd1d523c3d8 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml @@ -51,7 +51,6 @@ references: stigid@ol8: OL08-00-040030 stigid@rhel7: RHEL-07-040100 stigid@rhel8: RHEL-08-040030 - stigid@rhel9: RHEL-09-251025 ocil_clause: 'there are additional ports, protocols, or services that are not in the PPSM CLSA, or there are ports, protocols, or services that are prohibited by the PPSM Category Assurance List (CAL), or there are no firewall rules configured' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml index 4553964d247..2e4fa037203 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000297-GPOS-00115 stigid@ol8: OL08-00-040090 stigid@rhel8: RHEL-08-040090 - stigid@rhel9: RHEL-09-251020 ocil_clause: 'no zones are active on the interfaces or if the target is set to a different option other than "DROP"' diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml index d62cbd26b50..2cf33a51a8a 100644 --- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml +++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040820 stigid@rhel7: RHEL-07-040820 - stigid@rhel9: RHEL-09-252045 ocil_clause: 'the IPSec tunnels are not approved' diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml index 3c8b52e7b2f..69011ceaa82 100644 --- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml @@ -35,7 +35,6 @@ references: nist-csf: PR.AC-3,PR.MA-2,PR.PT-4 pcidss: Req-4.1 srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061 - stigid@rhel9: RHEL-09-252065 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml index f082c13a405..91c89e48440 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040261 stigid@rhel8: RHEL-08-040261 - stigid@rhel9: RHEL-09-254010 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}} diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml index 9b339c4d2ec..ab1b748a328 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040280 stigid@rhel8: RHEL-08-040280 - stigid@rhel9: RHEL-09-254015 stigid@sle12: SLES-12-030363 stigid@sle15: SLES-15-040341 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml index eaa9594bd4c..e72a5746c2e 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040240 stigid@rhel7: RHEL-07-040830 stigid@rhel8: RHEL-08-040240 - stigid@rhel9: RHEL-09-254020 stigid@sle12: SLES-12-030361 stigid@sle15: SLES-15-040310 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml index 0672bb8cca4..4e4740d6e45 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040260 stigid@rhel8: RHEL-08-040260 - stigid@rhel9: RHEL-09-254025 stigid@sle12: SLES-12-030364 stigid@sle15: SLES-15-040381 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml index 42feb0e9781..10322ea8a5d 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040262 stigid@rhel8: RHEL-08-040262 - stigid@rhel9: RHEL-09-254030 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}} diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml index 9eaf7d50bd8..ba7b1168a7c 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml @@ -36,7 +36,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040210 stigid@rhel8: RHEL-08-040210 - stigid@rhel9: RHEL-09-254035 stigid@sle12: SLES-12-030401 stigid@sle15: SLES-15-040350 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml index ca119d3dc06..5ead947297d 100644 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040250 stigid@rhel8: RHEL-08-040250 - stigid@rhel9: RHEL-09-254040 stigid@sle12: SLES-12-030362 stigid@sle15: SLES-15-040321 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml index f0ffeff6845..9791720a502 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040279 stigid@rhel7: RHEL-07-040641 stigid@rhel8: RHEL-08-040279 - stigid@rhel9: RHEL-09-253015 stigid@sle12: SLES-12-030390 stigid@sle15: SLES-15-040330 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml index c881ccd4cc0..65aa94003f0 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml @@ -45,7 +45,6 @@ references: stigid@ol8: OL08-00-040239 stigid@rhel7: RHEL-07-040610 stigid@rhel8: RHEL-08-040239 - stigid@rhel9: RHEL-09-253020 stigid@sle12: SLES-12-030360 stigid@sle15: SLES-15-040300 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml index 5e49b1e1e3e..6f852e5e80e 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml @@ -23,7 +23,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040259 stigid@rhel8: RHEL-08-040259 - stigid@rhel9: RHEL-09-253075 ocil_clause: 'IP forwarding value is "1" and the system is not router' diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml index 5343178c988..7ccfaf9eb6c 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml @@ -36,7 +36,6 @@ references: nist: CM-7(a),CM-7(b),SC-5(3)(a) nist-csf: DE.CM-1,PR.AC-3,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-253025 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.log_martians", value="1") }}} diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml index caf7ec1e53d..ba98de5617a 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-040285 stigid@rhel7: RHEL-07-040611 stigid@rhel8: RHEL-08-040285 - stigid@rhel9: RHEL-09-253035 ocil: |- The runtime status of the net.ipv4.conf.all.rp_filter parameter can be queried diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml index 7d0f9d4b6cb..682de458fb6 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040209 stigid@rhel7: RHEL-07-040640 stigid@rhel8: RHEL-08-040209 - stigid@rhel9: RHEL-09-253040 stigid@sle12: SLES-12-030400 stigid@sle15: SLES-15-040340 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml index f4cabfe4b9d..798295502a1 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml @@ -46,7 +46,6 @@ references: stigid@ol8: OL08-00-040249 stigid@rhel7: RHEL-07-040620 stigid@rhel8: RHEL-08-040249 - stigid@rhel9: RHEL-09-253045 stigid@sle12: SLES-12-030370 stigid@sle15: SLES-15-040320 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml index 74d1471b30a..1e1a4fc2c06 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml @@ -36,7 +36,6 @@ references: nist: CM-7(a),CM-7(b),SC-5(3)(a) nist-csf: DE.CM-1,PR.AC-3,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-253030 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.log_martians", value="1") }}} diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml index 6879289c5a4..52dea2c2977 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-040612 stigid@rhel7: RHEL-07-040612 - stigid@rhel9: RHEL-09-253050 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.rp_filter", value="1") }}} diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml index 4417554fe08..cff52565387 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040230 stigid@rhel7: RHEL-07-040630 stigid@rhel8: RHEL-08-040230 - stigid@rhel9: RHEL-09-253055 stigid@sle12: SLES-12-030380 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}} diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml index cc2e98ef0b9..0974540f72d 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml @@ -35,7 +35,6 @@ references: nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3 pcidss: Req-1.4.3 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-253060 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_ignore_bogus_error_responses", value="1") }}} diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml index 06a75085311..fa092923274 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml @@ -40,7 +40,6 @@ references: nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.PT-4 pcidss: Req-1.4.1 srg: SRG-OS-000480-GPOS-00227,SRG-OS-000420-GPOS-00186,SRG-OS-000142-GPOS-00071 - stigid@rhel9: RHEL-09-253010 stigid@sle12: SLES-12-030350 stigid@sle15: SLES-15-010310 stigid@ubuntu2004: UBTU-20-010412 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml index c39eac48b63..a8b11cd1a68 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml @@ -43,7 +43,6 @@ references: stigid@ol8: OL08-00-040220 stigid@rhel7: RHEL-07-040660 stigid@rhel8: RHEL-08-040220 - stigid@rhel9: RHEL-09-253065 stigid@sle12: SLES-12-030420 stigid@sle15: SLES-15-040370 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml index 6b360c28ad8..4eb52cc769b 100644 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml @@ -43,7 +43,6 @@ references: stigid@ol8: OL08-00-040270 stigid@rhel7: RHEL-07-040650 stigid@rhel8: RHEL-08-040270 - stigid@rhel9: RHEL-09-253070 stigid@sle12: SLES-12-030410 stigid@sle15: SLES-15-040360 diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml index 5bf60eb1205..9e964b77084 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040021 stigid@rhel8: RHEL-08-040021 - stigid@rhel9: RHEL-09-213045 {{{ complete_ocil_entry_module_disable(module="atm") }}} diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml index 7f951a26939..9e67a0f529c 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040022 stigid@rhel8: RHEL-08-040022 - stigid@rhel9: RHEL-09-213050 {{{ complete_ocil_entry_module_disable(module="can") }}} diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml index 2af5055af39..2d88048319d 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040026 stigid@rhel8: RHEL-08-040026 - stigid@rhel9: RHEL-09-213055 {{{ complete_ocil_entry_module_disable(module="firewire-core") }}} diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml index 5096d776fc7..4a07631b4c9 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040023 stigid@rhel8: RHEL-08-040023 - stigid@rhel9: RHEL-09-213060 {{{ complete_ocil_entry_module_disable(module="sctp") }}} diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml index 6f11ed5a363..8dc3c982ff7 100644 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml @@ -42,7 +42,6 @@ references: srg: SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040024 stigid@rhel8: RHEL-08-040024 - stigid@rhel9: RHEL-09-213065 {{{ complete_ocil_entry_module_disable(module="tipc") }}} diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml index ebeb377a94a..18eb627e6c4 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml +++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml @@ -37,7 +37,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118 stigid@ol8: OL08-00-040111 stigid@rhel8: RHEL-08-040111 - stigid@rhel9: RHEL-09-291035 {{{ complete_ocil_entry_module_disable(module="bluetooth") }}} diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml index 578fe6fd6bf..32675c9769e 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml @@ -60,7 +60,6 @@ references: stigid@ol8: OL08-00-040110 stigid@rhel7: RHEL-07-041010 stigid@rhel8: RHEL-08-040110 - stigid@rhel9: RHEL-09-291040 stigid@sle12: SLES-12-030450 stigid@sle15: SLES-15-010380 stigid@ubuntu2004: UBTU-20-010455 diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml index a9dc1b633c7..93db24be0c3 100644 --- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml +++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml @@ -54,7 +54,6 @@ references: stigid@ol8: OL08-00-010680 stigid@rhel7: RHEL-07-040600 stigid@rhel8: RHEL-08-010680 - stigid@rhel9: RHEL-09-252035 ocil_clause: 'less than two lines are returned that are not commented out' diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml index c07a805bbc5..ff68190cb6c 100644 --- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-040330 stigid@rhel7: RHEL-07-040670 stigid@rhel8: RHEL-08-040330 - stigid@rhel9: RHEL-09-251040 stigid@sle12: SLES-12-030440 stigid@sle15: SLES-15-040390 diff --git a/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml b/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml index 8f315f73059..ad0aa4c963d 100644 --- a/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml +++ b/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml @@ -19,7 +19,6 @@ references: disa: CCI-000366 nist: CM-6(b) srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-252040 ocil_clause: 'the dns key under main does not exist or is not set to "none" or "default"' diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml index aba6965df5b..db3b86f2f21 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml @@ -26,7 +26,6 @@ references: disa: CCI-000366 srg: SRG-OS-000480-GPOS-00227,SRG-OS-000138-GPOS-00069 stigid@rhel8: RHEL-08-010700 - stigid@rhel9: RHEL-09-232240 ocil_clause: 'there are world-writable directories not owned by root' diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml index 678ec9c123a..03d331b1437 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml @@ -51,7 +51,6 @@ references: srg: SRG-OS-000138-GPOS-00069 stigid@ol8: OL08-00-010190 stigid@rhel8: RHEL-08-010190 - stigid@rhel9: RHEL-09-232245 stigid@sle12: SLES-12-010460 stigid@sle15: SLES-15-010300 stigid@ubuntu2004: UBTU-20-010411 diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml index d692cae8084..962ab360e44 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000063-GPOS-00032 stigid@ol8: OL08-00-030610 stigid@rhel8: RHEL-08-030610 - stigid@rhel9: RHEL-09-653115 stigid@ubuntu2004: UBTU-20-010133 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/auditd.conf", perms="-rw-r-----") }}}' diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml index 19606408d96..4947980be18 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000063-GPOS-00032 stigid@ol8: OL08-00-030610 stigid@rhel8: RHEL-08-030610 - stigid@rhel9: RHEL-09-653110 stigid@ubuntu2004: UBTU-20-010133 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/rules.d/*.rules", perms="-rw-r-----") }}}' diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml index b85feff1449..1e2f7f2b017 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml @@ -49,7 +49,6 @@ references: stigid@ol8: OL08-00-010790 stigid@rhel7: RHEL-07-020330 stigid@rhel8: RHEL-08-010790 - stigid@rhel9: RHEL-09-232250 stigid@sle12: SLES-12-010700 stigid@sle15: SLES-15-040410 diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml index 2be9e9a5a40..93ec22b3556 100644 --- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml @@ -48,7 +48,6 @@ references: stigid@ol8: OL08-00-010780 stigid@rhel7: RHEL-07-020320 stigid@rhel8: RHEL-08-010780 - stigid@rhel9: RHEL-09-232255 stigid@sle12: SLES-12-010690 stigid@sle15: SLES-15-040400 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml index a98e10e14b2..5b38b6f00e8 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml @@ -27,7 +27,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232105 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/group-", group="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml index 3a3889923be..3a02ed25de7 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml @@ -32,7 +32,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232125 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/gshadow-", group=target_group) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml index 5350ce285e3..197ba4f8e30 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml @@ -27,7 +27,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232145 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/passwd-", group="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml index 95dfd24a3f8..98cfa55fefd 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml @@ -31,7 +31,6 @@ references: cis@ubuntu2204: 6.1.6 pcidss: Req-8.7 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232165 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/shadow-", group=target_group) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml index f83482995bc..35df43fbd21 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml @@ -33,7 +33,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232095 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/group", group="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml index 1ae9417abc4..4ac15c18868 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml @@ -37,7 +37,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232115 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/gshadow", group=target_group) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml index aab598951d4..8fcb22c7c16 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml @@ -33,7 +33,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232135 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/passwd", group="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml index c46b30b6993..20532dc4a6b 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml @@ -39,7 +39,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232155 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/shadow", group=target_group) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml index 20077b28a4c..c1fcf40cf9b 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml @@ -27,7 +27,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232100 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/group-", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml index d02c9a0cd6f..f811c1d4ba0 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml @@ -26,7 +26,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232120 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/gshadow-", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml index 96e2f1027b8..65d5b9497a9 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml @@ -27,7 +27,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232140 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/passwd-", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml index 827a1b6f949..9014961478b 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml @@ -27,7 +27,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232160 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/shadow-", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml index 023c24b3efc..fa791f7dd31 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml @@ -34,7 +34,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232090 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/group", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml index 5db3f8cc2cf..6bcf5e4247d 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml @@ -32,7 +32,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232110 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/gshadow", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml index 0e813ccabb9..818b30b2b62 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml @@ -34,7 +34,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232130 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/passwd", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml index 55c2001897d..b796ed2bc76 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml @@ -37,7 +37,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232150 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/shadow", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml index a6618623e35..536cb651c6a 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml @@ -28,7 +28,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232060 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/group-", perms="-rw-r--r--") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml index 215cf550dcf..81e55625b87 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml @@ -34,7 +34,6 @@ references: disa: CCI-002223 nist: AC-6 (1) srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232070 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/gshadow-", perms=target_perms) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml index fa9b1cda467..046f971d48d 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml @@ -28,7 +28,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232080 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/passwd-", perms="-rw-r--r--") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml index d029a5d3569..a36b7e267ad 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml @@ -36,7 +36,6 @@ references: nist: AC-6 (1) pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232085 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/shadow-", perms=target_perms) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml index 2f9c4cb97d0..8ff1e74e79c 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml @@ -35,7 +35,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232055 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/group", perms="-rw-r--r--") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml index c4c1afeb654..69061c28bca 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml @@ -41,7 +41,6 @@ references: nist: CM-6(a),AC-6(1) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232065 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/gshadow", perms=target_perms) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml index 30e0e4d22a6..37da6682147 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml @@ -37,7 +37,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232075 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/passwd", perms="-rw-r--r--") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml index 87f6c260f63..15e54252086 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml @@ -46,7 +46,6 @@ references: nist-csf: PR.AC-4,PR.DS-5 pcidss: Req-8.7.c srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-232270 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/shadow", perms=target_perms) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml index 8c520480664..aff9b4912e2 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240 stigid@ol8: OL08-00-010260 stigid@rhel8: RHEL-08-010260 - stigid@rhel9: RHEL-09-232175 stigid@ubuntu2004: UBTU-20-010417 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group=gid) }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml index 8e4b7d00c53..797bfafc393 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml @@ -19,7 +19,6 @@ references: srg: SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-010230 stigid@rhel8: RHEL-08-010230 - stigid@rhel9: RHEL-09-232185 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml index 5870e7e270c..f81fce93ec7 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml @@ -21,7 +21,6 @@ references: srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240 stigid@ol8: OL08-00-010250 stigid@rhel8: RHEL-08-010250 - stigid@rhel9: RHEL-09-232170 stigid@ubuntu2004: UBTU-20-010418 ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml index a286eff798e..f0d63e3617d 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml @@ -19,7 +19,6 @@ references: srg: SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-010220 stigid@rhel8: RHEL-08-010220 - stigid@rhel9: RHEL-09-232180 ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml index abf9a202e49..d410e306421 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml @@ -22,7 +22,6 @@ references: srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240 stigid@ol8: OL08-00-010240 stigid@rhel8: RHEL-08-010240 - stigid@rhel9: RHEL-09-232025 stigid@ubuntu2004: UBTU-20-010419 ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log", perms="drwxr-xr-x") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml index b92a282820a..d0cded9af7a 100644 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml @@ -20,7 +20,6 @@ references: srg: SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-010210 stigid@rhel8: RHEL-08-010210 - stigid@rhel9: RHEL-09-232030 ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml index 6b98f1d5137..024cba28940 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010351 stigid@rhel8: RHEL-08-010351 - stigid@rhel9: RHEL-09-232215 stigid@sle12: SLES-12-010876 stigid@sle15: SLES-15-010356 stigid@ubuntu2004: UBTU-20-010431 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml index d69dcf07e9e..c5d67497f83 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml @@ -38,7 +38,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010341 stigid@rhel8: RHEL-08-010341 - stigid@rhel9: RHEL-09-232210 stigid@sle12: SLES-12-010874 stigid@sle15: SLES-15-010354 stigid@ubuntu2004: UBTU-20-010429 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml index 5e9aeae2b8e..68230eb4b07 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010331 stigid@rhel8: RHEL-08-010331 - stigid@rhel9: RHEL-09-232015 stigid@sle12: SLES-12-010872 stigid@sle15: SLES-15-010352 stigid@ubuntu2004: UBTU-20-010427 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml index 57435e380b8..e05290f46f2 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010320 stigid@rhel8: RHEL-08-010320 - stigid@rhel9: RHEL-09-232195 stigid@sle12: SLES-12-010882 stigid@sle15: SLES-15-010361 stigid@ubuntu2004: UBTU-20-010458 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml index 7350927874e..5854f5308ff 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml @@ -44,7 +44,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010310 stigid@rhel8: RHEL-08-010310 - stigid@rhel9: RHEL-09-232190 stigid@sle12: SLES-12-010879 stigid@sle15: SLES-15-010359 stigid@ubuntu2004: UBTU-20-010457 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml index c02b4c8964e..bc1f3caff06 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010340 stigid@rhel8: RHEL-08-010340 - stigid@rhel9: RHEL-09-232200 stigid@sle12: SLES-12-010873 stigid@sle15: SLES-15-010353 stigid@ubuntu2004: UBTU-20-010428 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml index 2a3e521fa79..aed33a4940c 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml @@ -44,7 +44,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010300 stigid@rhel8: RHEL-08-010300 - stigid@rhel9: RHEL-09-232010 stigid@sle12: SLES-12-010878 stigid@sle15: SLES-15-010358 stigid@ubuntu2004: UBTU-20-010456 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml index 12d8448a772..f497a602af1 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010330 stigid@rhel8: RHEL-08-010330 - stigid@rhel9: RHEL-09-232020 stigid@sle12: SLES-12-010871 stigid@sle15: SLES-15-010351 stigid@ubuntu2004: UBTU-20-010426 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml index db7cf42de40..1a618dbd5e8 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010350 stigid@rhel8: RHEL-08-010350 - stigid@rhel9: RHEL-09-232205 stigid@sle12: SLES-12-010875 stigid@sle15: SLES-15-010355 stigid@ubuntu2004: UBTU-20-010430 diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml index 6a00d4426f5..700a0395c98 100644 --- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml +++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125 stigid@ol8: OL08-00-010374 stigid@rhel8: RHEL-08-010374 - stigid@rhel9: RHEL-09-213030 {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}} diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml index 83114ea9f86..71e64e91ad0 100644 --- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml +++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125 stigid@ol8: OL08-00-010373 stigid@rhel8: RHEL-08-010373 - stigid@rhel9: RHEL-09-213035 {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}} diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml index b9ecec35c82..bf2db68f442 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml @@ -46,7 +46,6 @@ references: srg: SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040025 stigid@rhel8: RHEL-08-040025 - stigid@rhel9: RHEL-09-231195 {{{ complete_ocil_entry_module_disable(module="cramfs") }}} diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml index 51db2e94a71..be55b136b64 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml @@ -45,7 +45,6 @@ references: stigid@ol8: OL08-00-040080 stigid@rhel7: RHEL-07-020100 stigid@rhel8: RHEL-08-040080 - stigid@rhel9: RHEL-09-291010 stigid@sle12: SLES-12-010580 stigid@sle15: SLES-15-010480 stigid@ubuntu2004: UBTU-20-010461 diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml index 2578199ee00..1c010dfcdbf 100644 --- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml @@ -52,7 +52,6 @@ references: stigid@ol8: OL08-00-040070 stigid@rhel7: RHEL-07-020110 stigid@rhel8: RHEL-08-040070 - stigid@rhel9: RHEL-09-231040 stigid@sle12: SLES-12-010590 stigid@sle15: SLES-15-010240 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml index 1142ad726db..d9662e1ea0c 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010572 stigid@rhel8: RHEL-08-010572 - stigid@rhel9: RHEL-09-231105 platform: machine and uefi diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml index c02e68ebd76..72b0ff46d54 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml @@ -29,7 +29,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7 nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 srg: SRG-OS-000368-GPOS-00154 - stigid@rhel9: RHEL-09-231095 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml index fa707e3a0b5..1bb39096e5d 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010571 stigid@rhel8: RHEL-08-010571 - stigid@rhel9: RHEL-09-231100 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml index a0d81048675..8f73d51d706 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040120 stigid@rhel7: RHEL-07-021024 stigid@rhel8: RHEL-08-040120 - stigid@rhel9: RHEL-09-231110 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml index 98180e5f405..03bc693177d 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml @@ -46,7 +46,6 @@ references: stigid@ol8: OL08-00-040122 stigid@rhel7: RHEL-07-021024 stigid@rhel8: RHEL-08-040122 - stigid@rhel9: RHEL-09-231115 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml index 5a59ba11010..c3c461062f9 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-040121 stigid@rhel7: RHEL-07-021024 stigid@rhel8: RHEL-08-040121 - stigid@rhel9: RHEL-09-231120 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml index 4643938de12..4eeeeb70171 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml @@ -34,7 +34,6 @@ references: cis@ubuntu2004: 1.1.18 cis@ubuntu2204: 1.1.7.2 srg: SRG-OS-000368-GPOS-00154 - stigid@rhel9: RHEL-09-231045 platform: machine and mount[home] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml index 168a9d9ccf5..1e498336154 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010590 stigid@rhel8: RHEL-08-010590 - stigid@rhel9: RHEL-09-231055 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml index bd6bbce219f..459a0e374ad 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-010570 stigid@rhel7: RHEL-07-021000 stigid@rhel8: RHEL-08-010570 - stigid@rhel9: RHEL-09-231050 stigid@sle12: SLES-12-010790 stigid@sle15: SLES-15-040140 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml index fca19b0e23d..3726a39ace8 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml @@ -46,7 +46,6 @@ references: srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010580 stigid@rhel8: RHEL-08-010580 - stigid@rhel9: RHEL-09-231200 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml index 0953a8494a2..af40d2c2b86 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010600 stigid@rhel8: RHEL-08-010600 - stigid@rhel9: RHEL-09-231085 platform: machine diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml index 96823f8b672..dac1e7d7957 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml @@ -40,7 +40,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010610 stigid@rhel8: RHEL-08-010610 - stigid@rhel9: RHEL-09-231080 ocil_clause: 'removable media partitions are present' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml index 19fc990dbb9..8b2c88bfffc 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-010620 stigid@rhel7: RHEL-07-021010 stigid@rhel8: RHEL-08-010620 - stigid@rhel9: RHEL-09-231090 stigid@sle12: SLES-12-010800 stigid@sle15: SLES-15-040150 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml index c88a840ad83..9338aedd271 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml @@ -42,7 +42,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040123 stigid@rhel8: RHEL-08-040123 - stigid@rhel9: RHEL-09-231125 platform: machine and mount[tmp] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml index db7201585ec..56c79354da5 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml @@ -41,7 +41,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040125 stigid@rhel8: RHEL-08-040125 - stigid@rhel9: RHEL-09-231130 platform: machine and mount[tmp] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml index ed62bd1ea9e..08290929120 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml @@ -42,7 +42,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040124 stigid@rhel8: RHEL-08-040124 - stigid@rhel9: RHEL-09-231135 platform: machine and mount[tmp] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml index ca149e388b0..ea4dd8c7416 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040129 stigid@rhel8: RHEL-08-040129 - stigid@rhel9: RHEL-09-231160 platform: machine and mount[var-log-audit] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml index ee508b497ad..fce0aef7c4d 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040131 stigid@rhel8: RHEL-08-040131 - stigid@rhel9: RHEL-09-231165 platform: machine and mount[var-log-audit] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml index db1c800b376..e891b54f6ac 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040130 stigid@rhel8: RHEL-08-040130 - stigid@rhel9: RHEL-09-231170 platform: machine and mount[var-log-audit] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml index 387f69fae24..ecd4d94eb32 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040126 stigid@rhel8: RHEL-08-040126 - stigid@rhel9: RHEL-09-231145 platform: machine and mount[var-log] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml index 46a2fc28040..6aa87c2ac05 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040128 stigid@rhel8: RHEL-08-040128 - stigid@rhel9: RHEL-09-231150 platform: machine and mount[var-log] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml index 5b172b6e281..488af6a67b8 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml @@ -34,7 +34,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040127 stigid@rhel8: RHEL-08-040127 - stigid@rhel9: RHEL-09-231155 platform: machine and mount[var-log] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml index a900a1d6923..76d0efeb960 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml @@ -30,7 +30,6 @@ references: nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7 nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 srg: SRG-OS-000368-GPOS-00154 - stigid@rhel9: RHEL-09-231140 platform: machine and mount[var] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml index 3ddc9b4fbfc..ea4ee4dec99 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040132 stigid@rhel8: RHEL-08-040132 - stigid@rhel9: RHEL-09-231175 platforms: - machine and mount[var-tmp] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml index 1ff95747d3e..d0bf35fb921 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040134 stigid@rhel8: RHEL-08-040134 - stigid@rhel9: RHEL-09-231180 platform: machine and mount[var-tmp] diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml index 3241cc5ac00..13f644ccc9d 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040133 stigid@rhel8: RHEL-08-040133 - stigid@rhel9: RHEL-09-231185 platform: machine and mount[var-tmp] diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml index 8e6478a1066..c1cc421f4a3 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml @@ -40,7 +40,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010675 stigid@rhel8: RHEL-08-010675 - stigid@rhel9: RHEL-09-213085 ocil_clause: 'the "ProcessSizeMax" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned' diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml index 654d1b0acd9..c025dcf1f8f 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml @@ -40,7 +40,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010674 stigid@rhel8: RHEL-08-010674 - stigid@rhel9: RHEL-09-213090 ocil_clause: Storage is not set to none or is commented out and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml index 83b76ed28f0..92b9cc0040d 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010673 stigid@rhel8: RHEL-08-010673 - stigid@rhel9: RHEL-09-213095 ocil_clause: 'the "core" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core"' diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml index 5f34c7ff963..ce94d2c8f1c 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010672 stigid@rhel8: RHEL-08-010672 - stigid@rhel9: RHEL-09-213100 ocil_clause: unit systemd-coredump.socket is not masked or running diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml index 7baf9312564..92dc9907df0 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml @@ -45,7 +45,6 @@ references: nist: SC-39,CM-6(a) nist-csf: PR.PT-4 srg: SRG-OS-000433-GPOS-00192 - stigid@rhel9: RHEL-09-213110 ocil_clause: 'ExecShield is not supported by the hardware, is not enabled, or has been disabled by the kernel configuration.' diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml index 9a8a45e5d33..5c72d139fd2 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml @@ -28,7 +28,6 @@ references: srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040283 stigid@rhel8: RHEL-08-040283 - stigid@rhel9: RHEL-09-213025 stigid@sle12: SLES-12-030320 stigid@sle15: SLES-15-010540 diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml index dccda6d585e..0c11fb5073e 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-010430 stigid@rhel7: RHEL-07-040201 stigid@rhel8: RHEL-08-010430 - stigid@rhel9: RHEL-09-213070 stigid@sle12: SLES-12-030330 stigid@sle15: SLES-15-010550 stigid@ubuntu2004: UBTU-20-010448 diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml index c714236de24..19d939209a5 100644 --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068 stigid@ol8: OL08-00-010421 stigid@rhel8: RHEL-08-010421 - stigid@rhel9: RHEL-09-212040 ocil_clause: 'page allocator poisoning is not enabled' diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml index b06a8795be9..2908f92129f 100644 --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068 stigid@ol8: OL08-00-010423 stigid@rhel8: RHEL-08-010423 - stigid@rhel9: RHEL-09-212045 ocil_clause: 'SLUB/SLAB poisoning is not enabled' diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml index 37ca6ba7a58..ebebdebb1ce 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010671 stigid@rhel8: RHEL-08-010671 - stigid@rhel9: RHEL-09-213040 ocil_clause: |- the returned line does not have a value of "|/bin/false", or a line is not diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml index 8b1982ce3b3..bbdc36a61f1 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml @@ -29,7 +29,6 @@ references: stigid@ol8: OL08-00-010375 stigid@rhel7: RHEL-07-010375 stigid@rhel8: RHEL-08-010375 - stigid@rhel9: RHEL-09-213010 stigid@sle12: SLES-12-010375 stigid@sle15: SLES-15-010375 stigid@ubuntu2004: UBTU-20-010401 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml index d666f6ad1d3..7950162d8f5 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml @@ -23,7 +23,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153 stigid@ol8: OL08-00-010372 stigid@rhel8: RHEL-08-010372 - stigid@rhel9: RHEL-09-213020 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}} diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml index aad9da84e64..a35a76356f6 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml @@ -25,7 +25,6 @@ references: srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069,SRG-APP-000243-CTR-000600 stigid@ol8: OL08-00-010376 stigid@rhel8: RHEL-08-010376 - stigid@rhel9: RHEL-09-213015 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}} diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml index e71cfe687e9..7fe35df14a5 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040281 stigid@rhel8: RHEL-08-040281 - stigid@rhel9: RHEL-09-213075 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}} diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml index 4ae9d356187..5e169c50500 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml @@ -27,7 +27,6 @@ references: srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040282 stigid@rhel8: RHEL-08-040282 - stigid@rhel9: RHEL-09-213080 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}} diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml index 868a57710b1..8b23c9a3ea5 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040286 stigid@rhel8: RHEL-08-040286 - stigid@rhel9: RHEL-09-251045 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}} diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml index 5e2508b9d18..d1af3ca195b 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040284 stigid@rhel8: RHEL-08-040284 - stigid@rhel9: RHEL-09-213105 ocil: | Verify that {{{ full_name }}} disables the use of user namespaces with the following commands: diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml index d07729af4ce..190ba71bf1f 100644 --- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml +++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml @@ -18,7 +18,6 @@ identifiers: references: srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-431030 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml index c9bddfefc24..40f37f68e60 100644 --- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml +++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068 stigid@ol8: OL08-00-010171 stigid@rhel8: RHEL-08-010171 - stigid@rhel9: RHEL-09-431025 ocil_clause: 'the policycoreutils package is not installed' diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml index 0c202be77d5..28b2ad0e9a4 100644 --- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml +++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml @@ -40,7 +40,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020900 stigid@rhel7: RHEL-07-020900 - stigid@rhel9: RHEL-09-232260 ocil_clause: 'there is output' diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml index d5cb03d9f15..1899fe42223 100644 --- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml +++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml @@ -51,7 +51,6 @@ references: stigid@ol8: OL08-00-010450 stigid@rhel7: RHEL-07-020220 stigid@rhel8: RHEL-08-010450 - stigid@rhel9: RHEL-09-431015 ocil_clause: 'the loaded policy name is not "{{{ xccdf_value("var_selinux_policy_name") }}}"' diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml index dca1a25b762..7506764380a 100644 --- a/linux_os/guide/system/selinux/selinux_state/rule.yml +++ b/linux_os/guide/system/selinux/selinux_state/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-010170 stigid@rhel7: RHEL-07-020210 stigid@rhel8: RHEL-08-010170 - stigid@rhel9: RHEL-09-431010 ocil_clause: 'SELINUX is not set to enforcing' diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml index 827d015b542..340b76d1a6a 100644 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml @@ -76,7 +76,6 @@ references: srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183 stigid@ol8: OL08-00-010030 stigid@rhel8: RHEL-08-010030 - stigid@rhel9: RHEL-09-231190 stigid@sle12: SLES-12-010450 stigid@sle15: SLES-15-010330 stigid@ubuntu2004: UBTU-20-010414 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml index a6bab16a7a2..af2323216e7 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-010800 stigid@rhel7: RHEL-07-021310 stigid@rhel8: RHEL-08-010800 - stigid@rhel9: RHEL-09-231010 stigid@sle12: SLES-12-010850 stigid@sle15: SLES-15-040200 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml index ad21efea283..7256a515b6f 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-010543 stigid@rhel7: RHEL-07-021340 stigid@rhel8: RHEL-08-010543 - stigid@rhel9: RHEL-09-231015 {{{ complete_ocil_entry_separate_partition(part="/tmp") }}} diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml index bf23f80db24..e81fc09419e 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml @@ -41,7 +41,6 @@ references: stigid@ol8: OL08-00-010540 stigid@rhel7: RHEL-07-021320 stigid@rhel8: RHEL-08-010540 - stigid@rhel9: RHEL-09-231020 stigid@sle12: SLES-12-010860 stigid@sle15: SLES-15-040210 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml index 1811a978433..04890f4b835 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml @@ -39,7 +39,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010541 stigid@rhel8: RHEL-08-010541 - stigid@rhel9: RHEL-09-231025 {{{ complete_ocil_entry_separate_partition(part="/var/log") }}} diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml index eb9fdf318af..e874b23cf8a 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-010542 stigid@rhel7: RHEL-07-021330 stigid@rhel8: RHEL-08-010542 - stigid@rhel9: RHEL-09-231030 stigid@sle12: SLES-12-010870 stigid@sle15: SLES-15-030810 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml index 7866aa7a556..65e4fed4dd3 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010544 stigid@rhel8: RHEL-08-010544 - stigid@rhel9: RHEL-09-231035 {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}} diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml index 0531f9f0150..3f47d38ccbe 100644 --- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml @@ -32,7 +32,6 @@ references: hipaa: 164.308(a)(1)(ii)(B),164.308(a)(5)(ii)(A) pcidss: Req-6.2 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-271090 stigid@sle12: SLES-12-010040 stigid@sle15: SLES-15-010090 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml index 64bc76b5dbc..b316ab55bc2 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml @@ -42,7 +42,6 @@ references: nist: CM-6(a),AC-6(1),CM-7(b) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-271095,RHEL-09-271100 ocil_clause: 'disable-restart-buttons has not been configured or is not disabled' diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml index 6436175aeb7..4cca435a661 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-020032 stigid@rhel7: RHEL-07-010063 stigid@rhel8: RHEL-08-020032 - stigid@rhel9: RHEL-09-271115 ocil_clause: 'disable-user-list has not been configured or is not disabled' diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml index 640a61e516e..72feb1469e5 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011 stigid@ol8: OL08-00-020050 stigid@rhel8: RHEL-08-020050 - stigid@rhel9: RHEL-09-271045,RHEL-09-271050 ocil_clause: 'removal-action has not been configured' diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml index 7743322648e..73002177c26 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-010820 stigid@rhel7: RHEL-07-010440 stigid@rhel8: RHEL-08-010820 - stigid@rhel9: RHEL-09-271040 ocil_clause: 'GDM allows users to automatically login' diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml index 3ec633da2eb..e96590e6b4c 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020111 stigid@rhel7: RHEL-07-020111 - stigid@rhel9: RHEL-09-271020,RHEL-09-271025 ocil_clause: 'GNOME automounting is not disabled' diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml index 9f3a614cb2e..3e08f2c9c51 100644 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-020111 stigid@rhel7: RHEL-07-020111 - stigid@rhel9: RHEL-09-271030,RHEL-09-271035 ocil_clause: 'GNOME autorun is not disabled' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml index 9f881a4f689..4eabf4c0e5f 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml @@ -49,7 +49,6 @@ references: stigid@ol8: OL08-00-020060 stigid@rhel7: RHEL-07-010070 stigid@rhel8: RHEL-08-020060 - stigid@rhel9: RHEL-09-271065 stigid@sle12: SLES-12-010080 stigid@sle15: SLES-15-010120 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml index 4638aa591b1..7f941c056cb 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml @@ -41,7 +41,6 @@ references: stigid@ol8: OL08-00-020031 stigid@rhel7: RHEL-07-010110 stigid@rhel8: RHEL-08-020031 - stigid@rhel9: RHEL-09-271075 ocil_clause: 'the screensaver lock delay is missing, or is set to a value greater than {{{ xccdf_value("var_screensaver_lock_delay") }}}' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml index 5bf03b57f98..b2adc554077 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-020030,OL08-00-020082 stigid@rhel7: RHEL-07-010060 stigid@rhel8: RHEL-08-020030 - stigid@rhel9: RHEL-09-271060,RHEL-09-271055 stigid@sle12: SLES-12-010060 stigid@sle15: SLES-15-010100 stigid@ubuntu2004: UBTU-20-010004 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml index 6a6fca980d9..b6f85481045 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml @@ -66,7 +66,6 @@ references: ospp: FMT_MOF_EXT.1 pcidss: Req-8.1.8 srg: SRG-OS-000031-GPOS-00012 - stigid@rhel9: RHEL-09-271085 stigid@sle12: SLES-12-010100 stigid@sle15: SLES-15-010140 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml index 2f9fb442250..c5918b5240e 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml @@ -41,7 +41,6 @@ references: stigid@ol8: OL08-00-020080 stigid@rhel7: RHEL-07-010081 stigid@rhel8: RHEL-08-020080 - stigid@rhel9: RHEL-09-271080 ocil_clause: 'GNOME3 session settings are not locked or configured properly' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml index 361dc9500a6..aa5afe29156 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol8: OL08-00-020081 stigid@rhel7: RHEL-07-010082 stigid@rhel8: RHEL-08-020081 - stigid@rhel9: RHEL-09-271070 stigid@sle12: SLES-12-010080 stigid@sle15: SLES-15-010120 diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml index 6700f053355..63893c3212a 100644 --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-040171 stigid@rhel7: RHEL-07-020231 stigid@rhel8: RHEL-08-040171 - stigid@rhel9: RHEL-09-271105,RHEL-09-271110 stigid@ubuntu2004: UBTU-20-010459 ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed' diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml index 90d7c08b0c8..c6f87fb5b6a 100644 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml @@ -49,7 +49,6 @@ references: stigid@ol8: OL08-00-010000 stigid@rhel7: RHEL-07-020250 stigid@rhel8: RHEL-08-010000 - stigid@rhel9: RHEL-09-211010 stigid@sle12: SLES-12-010000 stigid@sle15: SLES-15-010000 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml index 395e7a66558..93bc87dbf3a 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-672050 ocil_clause: |- BIND is installed and the BIND config file doesn't contain the diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml index 009ff86b94e..c065a2f5353 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml @@ -67,7 +67,6 @@ references: srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-671010,RHEL-09-672030,RHEL-09-672045 ocil_clause: 'cryptographic policy is not configured or is configured incorrectly' diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml index de54d7f962a..0fe42c65215 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-672025 ocil_clause: 'the symlink does not exist or points to a different target' diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml index f0b78257177..50a24168a7e 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml @@ -36,7 +36,6 @@ references: srg: SRG-OS-000033-GPOS-00014 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-671020 ocil_clause: |- the "IPsec" service is active and the ipsec configuration file does not contain does not contain include /etc/crypto-policies/back-ends/libreswan.config diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml index 0f60c61d7fc..b3ef46578ec 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000250-GPOS-00093 stigid@ol8: OL08-00-010293 stigid@rhel8: RHEL-08-010293 - stigid@rhel9: RHEL-09-672035 ocil_clause: |- the OpenSSL config file doesn't contain the whole section, diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml index 6fad634d723..bef94ba7e90 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174 stigid@ol8: OL08-00-010294 stigid@rhel8: RHEL-08-010294 - stigid@rhel9: RHEL-09-672040 ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly' diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml index b3eb10fb75f..84e934e6461 100644 --- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml @@ -33,7 +33,6 @@ references: srg: SRG-OS-000250-GPOS-00093 stigid@ol8: OL08-00-010287 stigid@rhel8: RHEL-08-010287 - stigid@rhel9: RHEL-09-255055 ocil_clause: 'the CRYPTO_POLICY variable is set or is not commented out in the /etc/sysconfig/sshd' diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml index d8dbff00998..f25e84f0ecc 100644 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000423-GPOS-00187 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-255060 ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly' diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml index 946f7e102f8..2b95e3b80ce 100644 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml @@ -32,7 +32,6 @@ references: srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093 stigid@ol8: OL08-00-010291 stigid@rhel8: RHEL-08-010291 - stigid@rhel9: RHEL-09-255065 ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly' diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml index 4d4123b006c..62d705471a7 100644 --- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml @@ -20,7 +20,6 @@ identifiers: references: ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1 srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174 - stigid@rhel9: RHEL-09-672010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml index 3f8e47ab0ad..c1b5ebac2ac 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml @@ -27,7 +27,6 @@ references: stigid@ol8: OL08-00-010001 stigid@rhel7: RHEL-07-020019 stigid@rhel8: RHEL-08-010001 - stigid@rhel9: RHEL-09-211025 ocil_clause: 'virus scanning software is not running' diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml index 97f7635ddc8..995c546611a 100644 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml @@ -35,7 +35,6 @@ references: stigid@ol8: OL08-00-010001 stigid@rhel7: RHEL-07-020019 stigid@rhel8: RHEL-08-010001 - stigid@rhel9: RHEL-09-211025 stigid@ubuntu2004: UBTU-20-010415 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml index 885a4044e52..047aaf28462 100644 --- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml +++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000478-GPOS-00223 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-671010 ocil_clause: 'the Dracut FIPS module is not enabled' diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml index 97898e301bf..239818829cc 100644 --- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml +++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml @@ -48,7 +48,6 @@ references: srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-671010 ocil_clause: 'FIPS mode is not enabled' diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml index c498e1dada8..d9372300575 100644 --- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml +++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml @@ -35,7 +35,6 @@ references: srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000396-GPOS-00176,SRG-OS-000423-GPOS-00187,SRG-OS-000478-GPOS-00223 stigid@ol8: OL08-00-010020 stigid@rhel8: RHEL-08-010020 - stigid@rhel9: RHEL-09-671010 ocil_clause: 'crypto.fips_enabled is not 1' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml index fc1db915489..a3d7469d5c0 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml @@ -42,7 +42,6 @@ references: srg: SRG-OS-000278-GPOS-00108 stigid@ol8: OL08-00-030650 stigid@rhel8: RHEL-08-030650 - stigid@rhel9: RHEL-09-651025 stigid@sle12: SLES-12-010540 stigid@sle15: SLES-15-030630 stigid@ubuntu2004: UBTU-20-010205 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml index 001338c543b..747662e4cc3 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml @@ -60,7 +60,6 @@ references: srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201 stigid@ol7: OL07-00-020030 stigid@rhel7: RHEL-07-020030 - stigid@rhel9: RHEL-09-651015 stigid@sle12: SLES-12-010500 stigid@sle15: SLES-15-010420 stigid@ubuntu2004: UBTU-20-010074 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml index 777e2eb56d0..003dda7cd8d 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml @@ -48,7 +48,6 @@ references: stigid@ol8: OL08-00-010360 stigid@rhel7: RHEL-07-020040 stigid@rhel8: RHEL-08-010360 - stigid@rhel9: RHEL-09-651015 stigid@sle12: SLES-12-010510 stigid@sle15: SLES-15-010570 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml index b60a5d2a223..6d37a6696de 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml @@ -36,7 +36,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-021620 stigid@rhel7: RHEL-07-021620 - stigid@rhel9: RHEL-09-651020 ocil_clause: 'the sha512 option is missing or not added to the correct ruleset' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml index c95e4599d2f..3154dbb7e74 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-040310 stigid@rhel7: RHEL-07-021600 stigid@rhel8: RHEL-08-040310 - stigid@rhel9: RHEL-09-651030 stigid@sle12: SLES-12-010520 stigid@sle15: SLES-15-040040 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml index 6ce0d152f03..a6282859f37 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-040300 stigid@rhel7: RHEL-07-021610 stigid@rhel8: RHEL-08-040300 - stigid@rhel9: RHEL-09-651035 stigid@sle12: SLES-12-010530 stigid@sle15: SLES-15-040050 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml index 5a4079e2df3..7e9f5846111 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099 stigid@ol8: OL08-00-030640 stigid@rhel8: RHEL-08-030640 - stigid@rhel9: RHEL-09-232225 ocil_clause: 'any audit tools are not group-owned by root' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml index 766e086b2c9..5f823d1460d 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099 stigid@ol8: OL08-00-030630 stigid@rhel8: RHEL-08-030630 - stigid@rhel9: RHEL-09-232220 ocil_clause: 'any audit tools are not owned by root' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml index 96c20bb3200..cdad3044717 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml @@ -26,7 +26,6 @@ references: srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099 stigid@ol8: OL08-00-030620 stigid@rhel8: RHEL-08-030620 - stigid@rhel9: RHEL-09-232035 ocil_clause: 'any of these files have more permissive permissions than 0755' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml index d5097308426..c3ccdb412e9 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-010359 stigid@rhel7: RHEL-07-020029 stigid@rhel8: RHEL-08-010359 - stigid@rhel9: RHEL-09-651010 stigid@sle12: SLES-12-010499 stigid@sle15: SLES-15-010419 stigid@ubuntu2004: UBTU-20-010450 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml index a2acae9724c..7833144f3fc 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml @@ -54,7 +54,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-010020 stigid@rhel7: RHEL-07-010020 - stigid@rhel9: RHEL-09-214030 ocil_clause: 'there is output' diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml index b5970d6af8a..d5fa29fc58b 100644 --- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml @@ -31,7 +31,6 @@ references: nist: CM-6(a) ospp: FMT_MOF_EXT.1 srg: SRG-OS-000324-GPOS-00125 - stigid@rhel9: RHEL-09-432010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml index 0d58b8b56aa..e580c801c82 100644 --- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-010381 stigid@rhel7: RHEL-07-010350 stigid@rhel8: RHEL-08-010381 - stigid@rhel9: RHEL-09-432025 stigid@sle12: SLES-12-010110 stigid@sle15: SLES-15-010450 diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml index 2ce1874f9ce..342345a5922 100644 --- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol8: OL08-00-010380 stigid@rhel7: RHEL-07-010340 stigid@rhel8: RHEL-08-010380 - stigid@rhel9: RHEL-09-611085 stigid@sle12: SLES-12-010110 stigid@sle15: SLES-15-010450 diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml index 7397fbf08a1..f6e67303e83 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-010384 stigid@rhel7: RHEL-07-010343 stigid@rhel8: RHEL-08-010384 - stigid@rhel9: RHEL-09-432015 stigid@sle12: SLES-12-010113 stigid@sle15: SLES-15-020102 diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml index ff37f2f173a..74cab63ec33 100644 --- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml @@ -34,7 +34,6 @@ references: stigid@ol8: OL08-00-010382 stigid@rhel7: RHEL-07-010341 stigid@rhel8: RHEL-08-010382 - stigid@rhel9: RHEL-09-432030 stigid@sle12: SLES-12-010111 stigid@sle15: SLES-15-020101 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml index bfb4e8fe163..862c387647c 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol8: OL08-00-010383 stigid@rhel7: RHEL-07-010342 stigid@rhel8: RHEL-08-010383 - stigid@rhel9: RHEL-09-432020 stigid@sle12: SLES-12-010112 stigid@sle15: SLES-15-020103 diff --git a/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml index 72322dc7241..7b43f345fe4 100644 --- a/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml @@ -23,7 +23,6 @@ identifiers: references: ospp: FIA_X509_EXT.1,FIA_X509_EXT.2 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-215080 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml index ba437727cb5..801df41d9a7 100644 --- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml @@ -21,7 +21,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040370 stigid@rhel8: RHEL-08-040370 - stigid@rhel9: RHEL-09-215045 {{{ complete_ocil_entry_package(package="gssproxy") }}} diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml index 4000e219f77..53e7a0a8b7d 100644 --- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml @@ -22,7 +22,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040380 stigid@rhel8: RHEL-08-040380 - stigid@rhel9: RHEL-09-215050 {{{ complete_ocil_entry_package(package="iprutils") }}} diff --git a/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml index 82c45c0b9ec..a6bed84a661 100644 --- a/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml @@ -21,7 +21,6 @@ identifiers: references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel9: RHEL-09-215085 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml index 53b65dca164..135b6b3989a 100644 --- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml @@ -22,7 +22,6 @@ references: srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010472 stigid@rhel8: RHEL-08-010472 - stigid@rhel9: RHEL-09-215090 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml index 97c7b011d4e..e930dc900a5 100644 --- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml @@ -31,7 +31,6 @@ references: ism: 0940,1144,1467,1472,1483,1493,1494,1495 ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2 srg: SRG-OS-000366-GPOS-00153 - stigid@rhel9: RHEL-09-215010 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml index 76bd27a3132..e14d516e31c 100644 --- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml @@ -24,7 +24,6 @@ references: srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040390 stigid@rhel8: RHEL-08-040390 - stigid@rhel9: RHEL-09-215055 {{{ complete_ocil_entry_package(package="tuned") }}} diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml index 79ecf5d4601..fc688e45de4 100644 --- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol8: OL08-00-010440 stigid@rhel7: RHEL-07-020200 stigid@rhel8: RHEL-08-010440 - stigid@rhel9: RHEL-09-214035 stigid@sle12: SLES-12-010570 stigid@sle15: SLES-15-010560 stigid@ubuntu2004: UBTU-20-010449 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml index 493a7e194b7..7cb06aa46da 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml @@ -57,7 +57,6 @@ references: stigid@ol8: OL08-00-010370 stigid@rhel7: RHEL-07-020050 stigid@rhel8: RHEL-08-010370 - stigid@rhel9: RHEL-09-214015 stigid@sle12: SLES-12-010550 stigid@sle15: SLES-15-010430 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml index 27add9a53d6..9aa0633f74e 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol8: OL08-00-010371 stigid@rhel7: RHEL-07-020060 stigid@rhel8: RHEL-08-010371 - stigid@rhel9: RHEL-09-214020 ocil_clause: 'there is no process to validate certificates for local packages that is approved by the organization' diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml index 092cae2e041..d46746274d6 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml @@ -44,7 +44,6 @@ references: srg: SRG-OS-000366-GPOS-00153 stigid@ol8: OL08-00-010370 stigid@rhel8: RHEL-08-010370 - stigid@rhel9: RHEL-09-214025 ocil_clause: 'GPG checking is disabled' diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml index 8a0d94cc4df..c30929636c3 100644 --- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml @@ -55,7 +55,6 @@ references: srg: SRG-OS-000366-GPOS-00153 stigid@rhel7: RHEL-07-010019 stigid@rhel8: RHEL-08-010019 - stigid@rhel9: RHEL-09-214010 ocil_clause: 'the Red Hat GPG Key is not installed' diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml index 975805df1cf..fed8d1e7e33 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml @@ -62,7 +62,6 @@ references: stigid@ol8: OL08-00-010010 stigid@rhel7: RHEL-07-020260 stigid@rhel8: RHEL-08-010010 - stigid@rhel9: RHEL-09-211015 stigid@sle12: SLES-12-010010 stigid@sle15: SLES-15-010010 From 007cd3a94799118971aaf9cdc776d87b17f09cb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 15 Feb 2024 14:40:26 +0100 Subject: [PATCH 4/5] Remove empty references keys from rules --- linux_os/guide/services/ftp/package_ftp_removed/rule.yml | 1 - .../http/securing_httpd/httpd_configure_log_format/rule.yml | 1 - .../httpd_configure_max_keepalive_requests/rule.yml | 1 - .../httpd_configure_perl_taint/rule.yml | 1 - .../httpd_anonymous_content_sharing/rule.yml | 1 - .../httpd_configure_script_permissions/rule.yml | 1 - .../httpd_disable_anonymous_ftp_access/rule.yml | 1 - .../httpd_ignore_htaccess_files/rule.yml | 1 - .../http/securing_httpd/httpd_disable_mime_types/rule.yml | 1 - .../http/securing_httpd/httpd_enable_error_logging/rule.yml | 1 - .../services/http/securing_httpd/httpd_enable_loglevel/rule.yml | 1 - .../http/securing_httpd/httpd_enable_system_logging/rule.yml | 1 - .../http/securing_httpd/httpd_entrust_passwords/rule.yml | 1 - .../httpd_core_modules/httpd_enable_log_config/rule.yml | 1 - .../httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml | 1 - .../httpd_configure_valid_server_cert/rule.yml | 1 - .../httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml | 1 - .../http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml | 1 - .../http/securing_httpd/httpd_no_compilers_in_prod/rule.yml | 1 - .../httpd_private_server_on_separate_subnet/rule.yml | 1 - .../securing_httpd/httpd_public_resources_not_shared/rule.yml | 1 - .../services/http/securing_httpd/httpd_remove_backups/rule.yml | 1 - .../httpd_secure_content/httpd_configure_banner_page/rule.yml | 1 - .../httpd_secure_content/httpd_configure_documentroot/rule.yml | 1 - .../httpd_secure_content/httpd_disable_content_symlinks/rule.yml | 1 - .../httpd_secure_content/httpd_encrypt_file_uploads/rule.yml | 1 - .../httpd_secure_content/httpd_limit_java_files/rule.yml | 1 - .../httpd_secure_content/httpd_remove_robots_file/rule.yml | 1 - .../httpd_secure_content/partition_for_web_content/rule.yml | 1 - .../guide/services/obsolete/tftp/package_tftp_removed/rule.yml | 1 - .../file_permissions_audit_configuration/rule.yml | 1 - .../firewalld_loopback_traffic_restricted/rule.yml | 1 - .../firewalld_loopback_traffic_trusted/rule.yml | 1 - .../guide/system/selinux/package_libselinux_installed/rule.yml | 1 - .../system-tools/package_cryptsetup-luks_installed/rule.yml | 1 - 35 files changed, 35 deletions(-) diff --git a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml index d0dcc2c8b9c..f23a5c8396a 100644 --- a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml +++ b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@rhel8: CCE-90745-1 cce@rhel9: CCE-86075-9 -references: ocil: '{{{ describe_package_remove(package="ftp") }}}' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml index 1c83f4f1dcd..2d78161900a 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80548-1 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml index 2d3d1d7106a..c787ba84d42 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80551-5 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml index 707de67cce6..aa2fec173b1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml @@ -30,7 +30,6 @@ severity: medium identifiers: cce@rhel7: CCE-80560-6 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml index e486d490892..1b102c63b44 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml @@ -21,7 +21,6 @@ severity: medium identifiers: cce@rhel7: CCE-80555-6 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml index 7844f57eab1..4bc4ce7b52f 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml @@ -22,7 +22,6 @@ severity: high identifiers: cce@rhel7: CCE-80556-4 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml index f783b2791d5..4a4fd4c403b 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80553-1 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml index 6094e449f4c..e20ace7dfa9 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80554-9 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml index aa6b7a9f7cd..6b81044cff9 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml @@ -16,7 +16,6 @@ rationale: |- severity: medium -references: ocil_clause: 'either of these exist and they configure csh, or any other shell as a viewer for documents' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml index 38dc0e3fccc..cce226b5a75 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml @@ -21,7 +21,6 @@ severity: medium identifiers: cce@rhel7: CCE-81130-7 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml index a6ac357d4ab..a8708803715 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml @@ -24,7 +24,6 @@ severity: medium identifiers: cce@rhel7: CCE-80550-7 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml index b66cd27cafc..0b5527469c4 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80549-9 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml index b29d507c1b3..e7b23624ca5 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml @@ -17,7 +17,6 @@ rationale: |- severity: medium -references: ocil_clause: 'the web server password(s) are not entrusted to the SA or Web Manager' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml index 1230f23b527..8929e49c1b3 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80552-3 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml index e194dab145f..d96af355760 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml @@ -24,7 +24,6 @@ severity: medium identifiers: cce@rhel7: CCE-80557-2 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml index 2dabb04aa38..727f0100ac5 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml @@ -22,7 +22,6 @@ severity: medium identifiers: cce@rhel7: CCE-80559-8 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml index 34e04796490..bdb6554a7ba 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml @@ -20,7 +20,6 @@ severity: medium identifiers: cce@rhel7: CCE-80558-0 -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml index cda70b4834e..bc86e555023 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml @@ -26,7 +26,6 @@ rationale: |- severity: medium -references: ocil_clause: 'the web server is not isolated in an accredited DoD DMZ Extension' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml index 7832027aca1..12cada578a6 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml @@ -14,7 +14,6 @@ rationale: |- severity: medium -references: ocil_clause: |- the web server is part of an application suite and a comiler is needed diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml index 3b8bbec310f..d1616994550 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml @@ -20,7 +20,6 @@ rationale: |- severity: medium -references: ocil_clause: 'the private web server is not on a separate controlled access subnet' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml index 8b0aaa0c6a1..358dd11b6c2 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml @@ -21,7 +21,6 @@ rationale: |- severity: medium -references: ocil_clause: |- sharing is selected for any web folder, this is a finding. diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml index 932fed535ff..99cc7c8b152 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml @@ -24,7 +24,6 @@ rationale: |- severity: medium -references: ocil_clause: |- If fileos with these extensions have no relationship with web activity, diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml index b9f6b53c898..a514cda0a95 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml @@ -22,7 +22,6 @@ rationale: |- severity: low -references: ocil_clause: 'it is not display the required banner' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml index eac9a859ff3..11c87b77414 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml @@ -21,7 +21,6 @@ rationale: |- severity: low -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml index 686e11dea18..567092bced0 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml @@ -19,7 +19,6 @@ rationale: |- severity: high -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml index 3e4fab8e511..d1f1c6e5894 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml @@ -15,7 +15,6 @@ rationale: |- severity: high -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml index e4c709ca98c..5db56b6a84a 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml @@ -18,7 +18,6 @@ rationale: |- severity: low -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml index 4e021b753c0..cd29471f9d6 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml @@ -28,7 +28,6 @@ rationale: |- severity: medium -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml index 644ed051c13..dfc445269fe 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml @@ -19,7 +19,6 @@ rationale: |- severity: medium -references: ocil_clause: 'it is not' diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml index 2a51b0eed74..5d66007d88d 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml @@ -23,7 +23,6 @@ identifiers: cce@sle12: CCE-91465-5 cce@sle15: CCE-91158-6 -references: ocil: '{{{ describe_package_remove(package="tftp") }}}' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml index b9ea22bb4f7..398f582250b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml @@ -22,7 +22,6 @@ identifiers: cce@rhel8: CCE-86407-4 cce@rhel9: CCE-88002-1 -references: ocil: |- {{{ describe_file_permissions(file="/etc/audit/", perms="0640") }}} diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml index af18c87998b..1222f81d41a 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml @@ -32,7 +32,6 @@ identifiers: cce@rhel8: CCE-87272-1 cce@rhel9: CCE-86137-7 -references: ocil_clause: 'loopback traffic is not restricted' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml index 6d4f54ec5fe..010d52ab7a2 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml @@ -24,7 +24,6 @@ identifiers: cce@rhel8: CCE-87278-8 cce@rhel9: CCE-86116-1 -references: ocil_clause: 'loopback traffic is not trusted' diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml index 232439dfcf1..5c470d72fd8 100644 --- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml @@ -20,7 +20,6 @@ identifiers: cce@rhel9: CCE-84069-4 cce@sle15: CCE-92490-2 -references: ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml index 15c0b81e41c..ed6c6c2949d 100644 --- a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml @@ -20,7 +20,6 @@ identifiers: cce@rhel7: CCE-82996-0 cce@rhel9: CCE-86612-9 -references: ocil_clause: 'the package is not installed' From 7ab2ade0fde38a426b66fcefb8c805211ff83dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 15 Feb 2024 15:47:17 +0100 Subject: [PATCH 5/5] Remove references test This test tests if a rule.yml contains the specific references. We started to generated these reference types from control files therefore they stop being present in rule.ymls and we can't use this test. --- tests/CMakeLists.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 78344868f7c..eaac24d4769 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -252,10 +252,6 @@ endmacro() if(PYTHON_VERSION_MAJOR GREATER 2 AND SSG_PRODUCT_RHEL9) - ssg_refcheck_test("rhel9" "ccn_basic" "ccn") - ssg_refcheck_test("rhel9" "ccn_advanced" "ccn") - # This exclude can be removed once enable_authselect has a stigid - ssg_refcheck_test("rhel9" "stig" "stigid" "enable_authselect") stig_srg_mapping_test("rhel9") endif()