Skip to content

Commit

Permalink
add file_permission_user_init_files_root and associated variable to R…
Browse files Browse the repository at this point in the history 
…HEL7 STIG
  • Loading branch information
@vojtapolasek
vojtapolasek committed Apr 25, 2024
1 parent 8238866 commit fa7cdef
Show file tree
Hide file tree
Showing 5 changed files with 8 additions and 4 deletions.
2 changes: 2 additions & 0 deletions ...x_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,14 @@ rationale: |-
severity: medium

identifiers:
cce@rhel7: CCE-86105-4
cce@rhel8: CCE-86101-3
cce@rhel9: CCE-87087-3

references:
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227
stigid@rhel7: RHEL-07-020710
stigid@rhel8: RHEL-08-010770

ocil_clause: 'they are not 0740 or more permissive'
Expand Down
3 changes: 2 additions & 1 deletion products/rhel7/profiles/stig.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,8 @@ selections:
- accounts_users_home_files_permissions
- accounts_user_dot_user_ownership
- accounts_user_dot_group_ownership
- file_permission_user_init_files
- file_permission_user_init_files_root
- var_user_initialization_files_regex=all_dotfiles
- accounts_user_home_paths_only
- accounts_user_dot_no_world_writable_programs
- selinux_all_devicefiles_labeled
Expand Down
1 change: 0 additions & 1 deletion shared/references/cce-redhat-avail.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
CCE-86105-4
CCE-86106-2
CCE-86141-9
CCE-86142-7
Expand Down
3 changes: 2 additions & 1 deletion tests/data/profile_stability/rhel7/stig.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@ selections:
- package_tftp-server_removed
- audit_rules_unsuccessful_file_modification_ftruncate
- audit_rules_privileged_commands_postdrop
- file_permission_user_init_files
- file_permission_user_init_files_root
- gnome_gdm_disable_automatic_login
- uefi_no_removeable_media
- audit_rules_kernel_module_loading_init
Expand Down Expand Up @@ -354,6 +354,7 @@ selections:
- var_sshd_set_keepalive=0
- var_auditd_name_format=stig
- sssd_ldap_start_tls.severity=medium
- var_user_initialization_files_regex=all_dotfiles
unselected_groups: []
platforms: !!set {}
cpe_names: !!set {}
Expand Down
3 changes: 2 additions & 1 deletion tests/data/profile_stability/rhel7/stig_gui.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,7 @@ selections:
- package_tftp-server_removed
- audit_rules_unsuccessful_file_modification_ftruncate
- audit_rules_privileged_commands_postdrop
- file_permission_user_init_files
- file_permission_user_init_files_root
- gnome_gdm_disable_automatic_login
- uefi_no_removeable_media
- audit_rules_kernel_module_loading_init
Expand Down Expand Up @@ -364,6 +364,7 @@ selections:
- var_sshd_set_keepalive=0
- var_auditd_name_format=stig
- sssd_ldap_start_tls.severity=medium
- var_user_initialization_files_regex=all_dotfiles
unselected_groups: []
platforms: !!set {}
cpe_names: !!set {}
Expand Down

0 comments on commit fa7cdef

Please sign in to comment.