From b36ecf8942ce8dea0c4a2b06b4607259deaf3613 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Wed, 10 Aug 2022 09:59:57 +0200 Subject: [PATCH] switch rule grub2_disable_interactive_boot for grub2_disable_recovery in rhel8 ospp --- .../system/bootloader-grub2/grub2_disable_recovery/rule.yml | 1 + products/rhel8/profiles/ospp.profile | 2 +- shared/references/cce-redhat-avail.txt | 1 - tests/data/profile_stability/rhel8/ospp.profile | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml index 4f8d4ddcfde..fb126cbe7d8 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml @@ -17,6 +17,7 @@ rationale: |- severity: medium identifiers: + cce@rhel8: CCE-86006-4 cce@rhel9: CCE-85986-8 references: diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile index ebec8a3a6f9..6e3b30f64bb 100644 --- a/products/rhel8/profiles/ospp.profile +++ b/products/rhel8/profiles/ospp.profile @@ -304,7 +304,7 @@ selections: ## Disable Unauthenticated Login (such as Guest Accounts) ## FIA_UAU.1 - require_singleuser_auth - - grub2_disable_interactive_boot + - grub2_disable_recovery - grub2_uefi_password - no_empty_passwords diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 89cede34830..d01737e293b 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -1,4 +1,3 @@ -CCE-86006-4 CCE-86007-2 CCE-86008-0 CCE-86009-8 diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile index 21e93e310d5..267b66a4f89 100644 --- a/tests/data/profile_stability/rhel8/ospp.profile +++ b/tests/data/profile_stability/rhel8/ospp.profile @@ -89,7 +89,7 @@ selections: - ensure_redhat_gpgkey_installed - grub2_audit_argument - grub2_audit_backlog_limit_argument -- grub2_disable_interactive_boot +- grub2_disable_recovery - grub2_kernel_trust_cpu_rng - grub2_page_poison_argument - grub2_pti_argument