From 09f5acbdf6dd828002b298f35b6bdf6f452b607c Mon Sep 17 00:00:00 2001 From: Benjamin Ruland Date: Wed, 20 Dec 2023 13:44:48 +0100 Subject: [PATCH] Update product_stability test data with BSI reference --- tests/data/product_stability/alinux2.yml | 1 + tests/data/product_stability/alinux3.yml | 1 + tests/data/product_stability/anolis23.yml | 75 +++++++++++++++++ tests/data/product_stability/anolis8.yml | 1 + tests/data/product_stability/chromium.yml | 1 + tests/data/product_stability/debian10.yml | 1 + tests/data/product_stability/debian11.yml | 1 + tests/data/product_stability/debian12.yml | 83 +++++++++++++++++++ tests/data/product_stability/eks.yml | 1 + tests/data/product_stability/example.yml | 1 + tests/data/product_stability/fedora.yml | 1 + tests/data/product_stability/firefox.yml | 1 + tests/data/product_stability/macos1015.yml | 1 + tests/data/product_stability/ocp4.yml | 1 + tests/data/product_stability/ol7.yml | 1 + tests/data/product_stability/ol8.yml | 1 + tests/data/product_stability/ol9.yml | 1 + tests/data/product_stability/openembedded.yml | 79 ++++++++++++++++++ tests/data/product_stability/opensuse.yml | 1 + tests/data/product_stability/rhcos4.yml | 1 + tests/data/product_stability/rhel7.yml | 1 + tests/data/product_stability/rhel8.yml | 1 + tests/data/product_stability/rhel9.yml | 1 + tests/data/product_stability/rhv4.yml | 1 + tests/data/product_stability/sle12.yml | 1 + tests/data/product_stability/sle15.yml | 1 + tests/data/product_stability/ubuntu1604.yml | 1 + tests/data/product_stability/ubuntu1804.yml | 1 + tests/data/product_stability/ubuntu2004.yml | 1 + tests/data/product_stability/ubuntu2204.yml | 1 + tests/data/product_stability/uos20.yml | 1 + 31 files changed, 265 insertions(+) create mode 100644 tests/data/product_stability/anolis23.yml create mode 100644 tests/data/product_stability/debian12.yml create mode 100644 tests/data/product_stability/openembedded.yml diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml index 93e43d8102c8..d2bafc64e601 100644 --- a/tests/data/product_stability/alinux2.yml +++ b/tests/data/product_stability/alinux2.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/aliyun_linux cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml index 15aca2431380..7f9a8982ec38 100644 --- a/tests/data/product_stability/alinux3.yml +++ b/tests/data/product_stability/alinux3.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/aliyun_linux cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml new file mode 100644 index 000000000000..00b7d244ce95 --- /dev/null +++ b/tests/data/product_stability/anolis23.yml @@ -0,0 +1,75 @@ +aide_also_checks_audispd: 'yes' +aide_also_checks_rsyslog: 'no' +aide_bin_path: /usr/sbin/aide +aide_conf_path: /etc/aide.conf +audisp_conf_path: /etc/audit +auid: 1000 +basic_properties_derived: true +benchmark_id: ANOLIS-23 +benchmark_root: ../../linux_os/guide +chrony_conf_path: /etc/chrony.conf +cpes: +- anolis23: + check_id: installed_OS_is_anolis23 + name: cpe:/o:anolis:anolis_os:23 + title: Anolis OS 23 +cpes_root: ../../shared/applicability +dconf_gdm_dir: gdm.d +faillock_path: /var/run/faillock +full_name: Anolis OS 23 +gid_min: 1000 +groups: {} +grub2_boot_path: /boot/grub2 +grub2_uefi_boot_path: /boot/grub2 +grub_helper_executable: grubby +init_system: systemd +nobody_gid: 65534 +nobody_uid: 65534 +pkg_manager: yum +pkg_manager_config_file: /etc/yum.conf +pkg_system: rpm +platform_package_overrides: + aarch64_arch: null + grub2: grub2-common + login_defs: shadow-utils + no_ovirt: null + non-uefi: null + not_aarch64_arch: null + not_s390x_arch: null + ovirt: null + s390x_arch: null + sssd: sssd-common + sssd-ldap: null + uefi: null + zipl: s390utils-base +product: anolis23 +profiles_root: ./profiles +reference_uris: + anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ + app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf + cis-csc: https://www.cisecurity.org/controls/ + cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf + cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf + cobit5: https://www.isaca.org/resources/cobit + cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf + dcid: not_officially_available + disa: https://public.cyber.mil/stigs/cci/ + hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf + isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat + isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu + ism: https://www.cyber.gov.au/acsc/view-all-content/ism + iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html + nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx + nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf + nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os + ospp: https://www.niap-ccevs.org/Profile/PP.cfm + pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf + stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux + stigref: https://public.cyber.mil/stigs/srg-stig-tools/ +sshd_distributed_config: 'false' +sysctl_remediate_drop_in_file: 'false' +type: platform +uid_min: 1000 diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml index f1f5e3b5dffd..a4c0cc16c5a1 100644 --- a/tests/data/product_stability/anolis8.yml +++ b/tests/data/product_stability/anolis8.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/chromium.yml b/tests/data/product_stability/chromium.yml index 4943098a653d..7648b68afe95 100644 --- a/tests/data/product_stability/chromium.yml +++ b/tests/data/product_stability/chromium.yml @@ -43,6 +43,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/debian10.yml b/tests/data/product_stability/debian10.yml index 9456aea96a2e..d00478b71cd8 100644 --- a/tests/data/product_stability/debian10.yml +++ b/tests/data/product_stability/debian10.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml index 4fab4f7bb497..f74f685ba1f8 100644 --- a/tests/data/product_stability/debian11.yml +++ b/tests/data/product_stability/debian11.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml new file mode 100644 index 000000000000..62cf82add614 --- /dev/null +++ b/tests/data/product_stability/debian12.yml @@ -0,0 +1,83 @@ +aide_also_checks_audispd: 'yes' +aide_also_checks_rsyslog: 'no' +aide_bin_path: /usr/sbin/aide +aide_conf_path: /etc/aide.conf +audisp_conf_path: /etc/audit +auid: 1000 +basic_properties_derived: true +benchmark_id: DEBIAN-12 +benchmark_root: ../../linux_os/guide +chrony_conf_path: /etc/chrony.conf +cpes: +- debian12: + check_id: installed_OS_is_debian12 + name: cpe:/o:debian:debian_linux:12 + title: Debian Linux 12 +cpes_root: ../../shared/applicability +dconf_gdm_dir: gdm.d +faillock_path: /var/run/faillock +families: +- debian +- debian-like +full_name: Debian 12 +gid_min: 1000 +groups: {} +grub2_boot_path: /boot/grub +grub2_uefi_boot_path: /boot/grub2 +grub_helper_executable: update-grub +init_system: systemd +major_version_ordinal: 12 +nobody_gid: 65534 +nobody_uid: 65534 +pkg_manager: apt_get +pkg_system: dpkg +platform_package_overrides: + aarch64_arch: null + gdm: gdm3 + grub2: grub2-common + login_defs: login + net-snmp: snmp + no_ovirt: null + non-uefi: null + not_aarch64_arch: null + not_s390x_arch: null + nss-pam-ldapd: libpam-ldap + ovirt: null + pam: libpam-runtime + s390x_arch: null + shadow: login + sssd: sssd-common + sssd-ldap: null + uefi: null + zipl: s390utils-base +product: debian12 +profiles_root: ./profiles +reference_uris: + anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ + app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf + cis-csc: https://www.cisecurity.org/controls/ + cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf + cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf + cobit5: https://www.isaca.org/resources/cobit + cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf + dcid: not_officially_available + disa: https://public.cyber.mil/stigs/cci/ + hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf + isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat + isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu + ism: https://www.cyber.gov.au/acsc/view-all-content/ism + iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html + nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx + nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf + nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os + ospp: https://www.niap-ccevs.org/Profile/PP.cfm + pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf + stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux + stigref: https://public.cyber.mil/stigs/srg-stig-tools/ +sshd_distributed_config: 'false' +sysctl_remediate_drop_in_file: 'false' +type: platform +uid_min: 1000 diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml index 11bc6b50448f..07bf94c7465d 100644 --- a/tests/data/product_stability/eks.yml +++ b/tests/data/product_stability/eks.yml @@ -53,6 +53,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/kubernetes/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml index ac747c33d0e4..02fb3c56533f 100644 --- a/tests/data/product_stability/example.yml +++ b/tests/data/product_stability/example.yml @@ -48,6 +48,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml index 4a8fa87e3eae..7c83f20a1095 100644 --- a/tests/data/product_stability/fedora.yml +++ b/tests/data/product_stability/fedora.yml @@ -82,6 +82,7 @@ rawhide_version: 40 reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml index 30e05346a5a8..9936c0633326 100644 --- a/tests/data/product_stability/firefox.yml +++ b/tests/data/product_stability/firefox.yml @@ -43,6 +43,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/macos1015.yml b/tests/data/product_stability/macos1015.yml index f802282a8ab9..e541cb7d82ef 100644 --- a/tests/data/product_stability/macos1015.yml +++ b/tests/data/product_stability/macos1015.yml @@ -43,6 +43,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml index 2a26afa5adcc..26a9020fbf7e 100644 --- a/tests/data/product_stability/ocp4.yml +++ b/tests/data/product_stability/ocp4.yml @@ -129,6 +129,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/kubernetes/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml index 2b5caa6d1795..db09ff6e0260 100644 --- a/tests/data/product_stability/ol7.yml +++ b/tests/data/product_stability/ol7.yml @@ -57,6 +57,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/oracle_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml index 306676ba99c1..438a245fe5a7 100644 --- a/tests/data/product_stability/ol8.yml +++ b/tests/data/product_stability/ol8.yml @@ -56,6 +56,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/oracle_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml index df9804716344..58e0362e4109 100644 --- a/tests/data/product_stability/ol9.yml +++ b/tests/data/product_stability/ol9.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: '' cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml new file mode 100644 index 000000000000..0368f3cc3b6c --- /dev/null +++ b/tests/data/product_stability/openembedded.yml @@ -0,0 +1,79 @@ +aide_also_checks_audispd: 'yes' +aide_also_checks_rsyslog: 'no' +aide_bin_path: /usr/sbin/aide +aide_conf_path: /etc/aide.conf +audisp_conf_path: /etc/audit +auid: 1000 +basic_properties_derived: true +benchmark_id: OPENEMBEDDED +benchmark_root: ../../linux_os/guide +chrony_conf_path: /etc/chrony.conf +cpes: +- openembedded: + check_id: installed_OS_is_openembedded + name: 'cpe:/o:openembedded:nodistro:' + title: OpenEmbedded nodistro +- poky: + check_id: installed_OS_is_poky + name: 'cpe:/o:openembedded:poky:' + title: OpenEmbedded Poky reference distribution +cpes_root: ../../shared/applicability +dconf_gdm_dir: gdm.d +faillock_path: /var/run/faillock +full_name: OpemEmbedded +gid_min: 1000 +groups: {} +grub2_boot_path: /boot/grub2 +grub2_uefi_boot_path: /boot/grub2 +grub_helper_executable: grubby +init_system: systemd +nobody_gid: 65534 +nobody_uid: 65534 +pkg_manager: dnf +pkg_manager_config_file: /etc/dnf/dnf.conf +pkg_system: rpm +platform_package_overrides: + aarch64_arch: null + grub2: grub2-common + login_defs: login + no_ovirt: null + non-uefi: null + not_aarch64_arch: null + not_s390x_arch: null + ovirt: null + s390x_arch: null + sssd: sssd-common + sssd-ldap: null + uefi: null + zipl: s390utils-base +product: openembedded +profiles_root: ./profiles +reference_uris: + anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ + app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf + cis-csc: https://www.cisecurity.org/controls/ + cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf + cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf + cobit5: https://www.isaca.org/resources/cobit + cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf + dcid: not_officially_available + disa: https://public.cyber.mil/stigs/cci/ + hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf + isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat + isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu + ism: https://www.cyber.gov.au/acsc/view-all-content/ism + iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html + nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx + nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf + nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os + ospp: https://www.niap-ccevs.org/Profile/PP.cfm + pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf + stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux + stigref: https://public.cyber.mil/stigs/srg-stig-tools/ +sshd_distributed_config: 'false' +sysctl_remediate_drop_in_file: 'false' +type: platform +uid_min: 1000 diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml index 02661dbc61f6..c92e91af55f8 100644 --- a/tests/data/product_stability/opensuse.yml +++ b/tests/data/product_stability/opensuse.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml index 3e4bdc2cf413..a10bcabf5526 100644 --- a/tests/data/product_stability/rhcos4.yml +++ b/tests/data/product_stability/rhcos4.yml @@ -49,6 +49,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/rhel7.yml b/tests/data/product_stability/rhel7.yml index 96a7592bf30c..9ffd10e169c1 100644 --- a/tests/data/product_stability/rhel7.yml +++ b/tests/data/product_stability/rhel7.yml @@ -80,6 +80,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/red_hat_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml index be321497c3fc..87bd25660bf2 100644 --- a/tests/data/product_stability/rhel8.yml +++ b/tests/data/product_stability/rhel8.yml @@ -107,6 +107,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/red_hat_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml index ca5406ff9767..89e6f867b4a2 100644 --- a/tests/data/product_stability/rhel9.yml +++ b/tests/data/product_stability/rhel9.yml @@ -63,6 +63,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf ccn: https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html cis: https://www.cisecurity.org/benchmark/red_hat_linux/ cis-csc: https://www.cisecurity.org/controls/ diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml index 932f653dd85f..cf63c69653cf 100644 --- a/tests/data/product_stability/rhv4.yml +++ b/tests/data/product_stability/rhv4.yml @@ -56,6 +56,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml index 1f506eeea3c9..0500c3f35903 100644 --- a/tests/data/product_stability/sle12.yml +++ b/tests/data/product_stability/sle12.yml @@ -55,6 +55,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/suse_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml index 540c70a3a9ff..4ae7d858a43b 100644 --- a/tests/data/product_stability/sle15.yml +++ b/tests/data/product_stability/sle15.yml @@ -58,6 +58,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/suse_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ubuntu1604.yml b/tests/data/product_stability/ubuntu1604.yml index 93710bd15551..187343237bb7 100644 --- a/tests/data/product_stability/ubuntu1604.yml +++ b/tests/data/product_stability/ubuntu1604.yml @@ -59,6 +59,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ubuntu1804.yml b/tests/data/product_stability/ubuntu1804.yml index 47a97755989a..46f8016d63e6 100644 --- a/tests/data/product_stability/ubuntu1804.yml +++ b/tests/data/product_stability/ubuntu1804.yml @@ -58,6 +58,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ubuntu2004.yml b/tests/data/product_stability/ubuntu2004.yml index 359af22ed576..22c97e0ffc04 100644 --- a/tests/data/product_stability/ubuntu2004.yml +++ b/tests/data/product_stability/ubuntu2004.yml @@ -60,6 +60,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml index 5c70a5419c7a..bedbfa5bc297 100644 --- a/tests/data/product_stability/ubuntu2204.yml +++ b/tests/data/product_stability/ubuntu2204.yml @@ -61,6 +61,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis: https://www.cisecurity.org/benchmark/ubuntu_linux/ cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf diff --git a/tests/data/product_stability/uos20.yml b/tests/data/product_stability/uos20.yml index 764ae8a37dde..facc7e2873fd 100644 --- a/tests/data/product_stability/uos20.yml +++ b/tests/data/product_stability/uos20.yml @@ -47,6 +47,7 @@ profiles_root: ./profiles reference_uris: anssi: http://www.ssi.gouv.fr/administration/bonnes-pratiques/ app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers + bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf cis-csc: https://www.cisecurity.org/controls/ cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf cnss: http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf