Merge pull request #11892 from vojtapolasek/rhel8_stig_extend_user_in…

…it_files increase coverage RHEL-08-010770 and RHEL-07-020710
ComplianceAsCode · Jun 21, 2024 · 9fb1f47 · 9fb1f47
2 parents 6147cc6 + 5897559
commit 9fb1f47
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 5 deletions.
diff --git a/...x_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml b/...x_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
@@ -18,11 +18,14 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel7: CCE-86105-4
+    cce@rhel8: CCE-86106-2
     cce@rhel9: CCE-87087-3
 
 references:
     disa: CCI-000366
     srg: SRG-OS-000480-GPOS-00227
+    stigid@rhel8: RHEL-08-010770
 
 ocil_clause: 'they are not 0740 or more permissive'
 

diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
@@ -480,7 +480,8 @@ selections:
     - accounts_have_homedir_login_defs
 
     # RHEL-08-010770
-    - file_permission_user_init_files
+    - file_permission_user_init_files_root
+    - var_user_initialization_files_regex=all_dotfiles
 
     # RHEL-08-010780
     - no_files_unowned_by_user

diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
@@ -1,5 +1,3 @@
-CCE-86105-4
-CCE-86106-2
 CCE-86141-9
 CCE-86142-7
 CCE-86143-5

diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
@@ -165,7 +165,7 @@ selections:
 - installed_OS_is_vendor_supported
 - package_postfix_installed
 - account_password_pam_faillock_system_auth
-- file_permission_user_init_files
+- file_permission_user_init_files_root
 - audit_rules_privileged_commands_ssh_keysign
 - sysctl_fs_protected_hardlinks
 - sshd_enable_strictmodes
@@ -492,6 +492,7 @@ selections:
 - var_screensaver_lock_delay=5_seconds
 - var_logind_session_timeout=15_minutes
 - var_auditd_name_format=stig
+- var_user_initialization_files_regex=all_dotfiles
 unselected_groups: []
 platforms: !!set {}
 cpe_names: !!set {}

diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -66,7 +66,7 @@ selections:
 - audit_rules_usergroup_modification_group
 - kernel_module_atm_disabled
 - audit_rules_unsuccessful_file_modification_open
-- file_permission_user_init_files
+- file_permission_user_init_files_root
 - configure_ssh_crypto_policy
 - dir_ownership_library_dirs
 - package_rsyslog_installed
@@ -499,6 +499,7 @@ selections:
 - var_screensaver_lock_delay=5_seconds
 - var_logind_session_timeout=15_minutes
 - var_auditd_name_format=stig
+- var_user_initialization_files_regex=all_dotfiles
 unselected_groups: []
 platforms: !!set {}
 cpe_names: !!set {}