diff --git a/component-definitions/fedora/fedora-cis_fedora-l1_server/component-definition.json b/component-definitions/fedora/fedora-cis_fedora-l1_server/component-definition.json
index 1193ae34..389e73c6 100644
--- a/component-definitions/fedora/fedora-cis_fedora-l1_server/component-definition.json
+++ b/component-definitions/fedora/fedora-cis_fedora-l1_server/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "77a62ff1-d5eb-47f8-a08f-063352e9479f",
"metadata": {
"title": "Component definition for fedora",
- "last-modified": "2025-12-17T11:20:02.273422+00:00",
- "version": "1.6",
+ "last-modified": "2026-01-05T17:16:07.446294+00:00",
+ "version": "1.7",
"oscal-version": "1.1.3"
},
"components": [
@@ -119,121 +119,121 @@
{
"name": "Parameter_Id_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
+ "value": "Disable ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "value": "Disable ICMP Redirect Acceptance?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "value": "Disable IP source routing?",
"remarks": "rule_set_000"
},
{
@@ -245,13 +245,13 @@
{
"name": "Parameter_Id_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
+ "value": "Toggle IPv4 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -263,31 +263,31 @@
{
"name": "Parameter_Id_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enables source route verification",
"remarks": "rule_set_000"
},
{
@@ -299,49 +299,49 @@
{
"name": "Parameter_Id_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "value": "Enable to prevent unnecessary logging",
"remarks": "rule_set_000"
},
{
@@ -353,13 +353,13 @@
{
"name": "Parameter_Id_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
"remarks": "rule_set_000"
},
{
@@ -371,31 +371,31 @@
{
"name": "Parameter_Id_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
+ "value": "Accept all router advertisements?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
+ "value": "Toggle ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
@@ -407,13 +407,13 @@
{
"name": "Parameter_Id_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -425,13 +425,13 @@
{
"name": "Parameter_Id_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -443,13 +443,13 @@
{
"name": "Parameter_Id_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
+ "value": "Accept default router advertisements by default?",
"remarks": "rule_set_000"
},
{
@@ -461,13 +461,13 @@
{
"name": "Parameter_Id_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
"remarks": "rule_set_000"
},
{
@@ -479,13 +479,13 @@
{
"name": "Parameter_Id_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -497,13 +497,13 @@
{
"name": "Parameter_Id_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 default Forwarding",
"remarks": "rule_set_000"
},
{
@@ -689,7 +689,7 @@
{
"name": "Parameter_Value_Alternatives_36",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -767,234 +767,252 @@
{
"name": "Parameter_Id_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minclass",
+ "value": "var_password_pam_maxsequence",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of categories of characters that must exist in a password",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minlen",
+ "value": "var_password_pam_minclass",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters in password",
+ "value": "Minimum number of categories of characters that must exist in a password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
+ "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember",
+ "value": "var_password_pam_minlen",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent password reuse using password history lookup",
+ "value": "Minimum number of characters in password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
+ "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember_control_flag",
+ "value": "var_password_pam_remember",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
+ "value": "Prevent password reuse using password history lookup",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_postfix_inet_interfaces",
+ "value": "var_password_pam_remember_control_flag",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
+ "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
+ "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_screensaver_lock_delay",
+ "value": "var_postfix_inet_interfaces",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
+ "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
+ "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_policy_name",
+ "value": "var_screensaver_lock_delay",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
+ "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
+ "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_max_sessions",
+ "value": "var_selinux_policy_name",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of open sessions permitted.",
+ "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
+ "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_keepalive",
+ "value": "var_sshd_max_sessions",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of idle message counts before session is terminated.",
+ "value": "Specify the maximum number of open sessions permitted.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
+ "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_login_grace_time",
+ "value": "var_sshd_set_keepalive",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
+ "value": "Specify the maximum number of idle message counts before session is terminated.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 60, 60: 60}",
+ "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_maxstartups",
+ "value": "var_sshd_set_login_grace_time",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
+ "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
+ "value": "{'default': 60, 60: 60}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
+ "value": "var_sshd_set_maxstartups",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
+ "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
+ "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_user_initialization_files_regex",
+ "value": "var_sudo_timestamp_timeout",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_user_initialization_files_regex",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
"remarks": "rule_set_000"
},
@@ -1349,3225 +1367,3741 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
+ "value": "disable_weak_deps",
"remarks": "rule_set_030"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
+ "value": "Disable Installation of Weak Dependencies in DNF",
"remarks": "rule_set_030"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
+ "value": "package_libselinux_installed",
"remarks": "rule_set_031"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "value": "Install libselinux Package",
"remarks": "rule_set_031"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
+ "value": "grub2_enable_selinux",
"remarks": "rule_set_032"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
"remarks": "rule_set_032"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
+ "value": "selinux_policytype",
"remarks": "rule_set_033"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
+ "value": "Configure SELinux Policy",
"remarks": "rule_set_033"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
+ "value": "selinux_not_disabled",
"remarks": "rule_set_034"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
+ "value": "Ensure SELinux is Not Disabled",
"remarks": "rule_set_034"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_setroubleshoot_removed",
+ "value": "package_mcstrans_removed",
"remarks": "rule_set_035"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall setroubleshoot Package",
+ "value": "Uninstall mcstrans Package",
"remarks": "rule_set_035"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
+ "value": "package_setroubleshoot_removed",
"remarks": "rule_set_036"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
+ "value": "Uninstall setroubleshoot Package",
"remarks": "rule_set_036"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
+ "value": "grub2_password",
"remarks": "rule_set_037"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
+ "value": "Set Boot Loader Password in grub2",
"remarks": "rule_set_037"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
+ "value": "file_permissions_boot_grub2",
"remarks": "rule_set_038"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
"remarks": "rule_set_038"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
+ "value": "file_owner_boot_grub2",
"remarks": "rule_set_039"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
+ "value": "All GRUB configuration files must be owned by root",
"remarks": "rule_set_039"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
+ "value": "file_groupowner_boot_grub2",
"remarks": "rule_set_040"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
+ "value": "All GRUB configuration files must be group-owned by root",
"remarks": "rule_set_040"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
+ "value": "disable_users_coredumps",
"remarks": "rule_set_041"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
+ "value": "Disable Core Dumps for All Users",
"remarks": "rule_set_041"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
+ "value": "sysctl_fs_protected_hardlinks",
"remarks": "rule_set_042"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
"remarks": "rule_set_042"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
+ "value": "sysctl_fs_protected_symlinks",
"remarks": "rule_set_043"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
"remarks": "rule_set_043"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
+ "value": "sysctl_fs_suid_dumpable",
"remarks": "rule_set_044"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
+ "value": "Disable Core Dumps for SUID programs",
"remarks": "rule_set_044"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
+ "value": "sysctl_kernel_dmesg_restrict",
"remarks": "rule_set_045"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "value": "Restrict Access to Kernel Message Buffer",
"remarks": "rule_set_045"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
+ "value": "sysctl_kernel_kptr_restrict",
"remarks": "rule_set_046"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
"remarks": "rule_set_046"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
+ "value": "sysctl_kernel_yama_ptrace_scope",
"remarks": "rule_set_047"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
+ "value": "Restrict usage of ptrace to descendant processes",
"remarks": "rule_set_047"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
+ "value": "sysctl_kernel_randomize_va_space",
"remarks": "rule_set_048"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
+ "value": "Enable Randomized Layout of Virtual Address Space",
"remarks": "rule_set_048"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
+ "value": "coredump_disable_backtraces",
"remarks": "rule_set_049"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
+ "value": "Disable core dump backtraces",
"remarks": "rule_set_049"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
+ "value": "coredump_disable_storage",
"remarks": "rule_set_050"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
+ "value": "Disable storing core dump",
"remarks": "rule_set_050"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
+ "value": "configure_custom_crypto_policy_cis",
"remarks": "rule_set_051"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
"remarks": "rule_set_051"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
+ "value": "banner_etc_motd_cis",
"remarks": "rule_set_052"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
+ "value": "Ensure Message Of The Day Is Configured Properly",
"remarks": "rule_set_052"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
+ "value": "banner_etc_issue_cis",
"remarks": "rule_set_053"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
"remarks": "rule_set_053"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
+ "value": "banner_etc_issue_net_cis",
"remarks": "rule_set_054"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
"remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
+ "value": "file_groupowner_etc_motd",
"remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
+ "value": "Verify Group Ownership of Message of the Day Banner",
"remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
+ "value": "file_owner_etc_motd",
"remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
+ "value": "Verify ownership of Message of the Day Banner",
"remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
+ "value": "file_permissions_etc_motd",
"remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
+ "value": "Verify permissions on Message of the Day Banner",
"remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
+ "value": "file_groupowner_etc_issue",
"remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
+ "value": "Verify Group Ownership of System Login Banner",
"remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
+ "value": "file_owner_etc_issue",
"remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "value": "Verify ownership of System Login Banner",
"remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
+ "value": "file_permissions_etc_issue",
"remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "value": "Verify permissions on System Login Banner",
"remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
+ "value": "file_groupowner_etc_issue_net",
"remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
+ "value": "file_owner_etc_issue_net",
"remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
+ "value": "Verify ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
+ "value": "file_permissions_etc_issue_net",
"remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
+ "value": "Verify permissions on System Login Banner for Remote Connections",
"remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
+ "value": "dconf_gnome_banner_enabled",
"remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
+ "value": "Enable GNOME3 Login Warning Banner",
"remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
+ "value": "dconf_gnome_login_banner_text",
"remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
+ "value": "Set the GNOME3 Login Warning Banner Text",
"remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
+ "value": "dconf_gnome_disable_user_list",
"remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
+ "value": "Disable the GNOME3 Login User List",
"remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
+ "value": "dconf_gnome_screensaver_idle_delay",
"remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
"remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
+ "value": "dconf_gnome_screensaver_lock_delay",
"remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
"remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
+ "value": "dconf_gnome_session_idle_user_locks",
"remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
"remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
+ "value": "dconf_gnome_screensaver_user_locks",
"remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
"remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
+ "value": "dconf_gnome_disable_automount",
"remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
+ "value": "Disable GNOME3 Automounting",
"remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
+ "value": "dconf_gnome_disable_automount_open",
"remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
+ "value": "Disable GNOME3 Automount Opening",
"remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_cups_disabled",
+ "value": "dconf_gnome_disable_autorun",
"remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the CUPS Service",
+ "value": "Disable GNOME3 Automount running",
"remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
+ "value": "service_autofs_disabled",
"remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
+ "value": "Disable the Automounter",
"remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
+ "value": "service_avahi-daemon_disabled",
"remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
+ "value": "Disable Avahi Server Software",
"remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
+ "value": "package_kea_removed",
"remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
+ "value": "Uninstall kea Package",
"remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
+ "value": "package_bind_removed",
"remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
+ "value": "Uninstall bind Package",
"remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
+ "value": "package_dnsmasq_removed",
"remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
+ "value": "Uninstall dnsmasq Package",
"remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
+ "value": "package_vsftpd_removed",
"remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
+ "value": "Uninstall vsftpd Package",
"remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
+ "value": "package_dovecot_removed",
"remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
+ "value": "Uninstall dovecot Package",
"remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
+ "value": "package_cyrus-imapd_removed",
"remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
+ "value": "Uninstall cyrus-imapd Package",
"remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
+ "value": "service_nfs_disabled",
"remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
+ "value": "Disable Network File System (nfs)",
"remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
+ "value": "service_cups_disabled",
"remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
+ "value": "Disable the CUPS Service",
"remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
+ "value": "service_rpcbind_disabled",
"remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "value": "Disable rpcbind Service",
"remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
+ "value": "package_rsync_removed",
"remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
+ "value": "Uninstall rsync Package",
"remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
+ "value": "package_samba_removed",
"remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
+ "value": "Uninstall Samba Package",
"remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
+ "value": "package_net-snmp_removed",
"remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
+ "value": "Uninstall net-snmp Package",
"remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
+ "value": "package_telnet-server_removed",
"remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
+ "value": "Uninstall telnet-server Package",
"remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
+ "value": "package_tftp-server_removed",
"remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
+ "value": "Uninstall tftp-server Package",
"remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
+ "value": "package_squid_removed",
"remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
+ "value": "Uninstall squid Package",
"remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
+ "value": "package_httpd_removed",
"remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
+ "value": "Uninstall httpd Package",
"remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
+ "value": "package_nginx_removed",
"remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
+ "value": "Uninstall nginx Package",
"remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
+ "value": "postfix_network_listening_disabled",
"remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
+ "value": "Disable Postfix Network Listening",
"remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
+ "value": "has_nonlocal_mta",
"remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
"remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
+ "value": "package_ftp_removed",
"remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
+ "value": "Remove ftp Package",
"remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
+ "value": "package_telnet_removed",
"remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
+ "value": "Remove telnet Clients",
"remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
+ "value": "package_tftp_removed",
"remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
+ "value": "Remove tftp Daemon",
"remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
+ "value": "chronyd_specify_remote_server",
"remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
+ "value": "A remote time server for Chrony is configured",
"remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
+ "value": "chronyd_run_as_chrony_user",
"remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
+ "value": "Ensure that chronyd is running under chrony user account",
"remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
+ "value": "package_cron_installed",
"remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
+ "value": "Install the cron service",
"remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
+ "value": "service_crond_enabled",
"remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
+ "value": "Enable cron Service",
"remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
+ "value": "file_groupowner_crontab",
"remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
+ "value": "Verify Group Who Owns Crontab",
"remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
+ "value": "file_owner_crontab",
"remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
+ "value": "Verify Owner on crontab",
"remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
+ "value": "file_permissions_crontab",
"remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
+ "value": "Verify Permissions on crontab",
"remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
+ "value": "file_groupowner_cron_hourly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
+ "value": "Verify Group Who Owns cron.hourly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
+ "value": "file_owner_cron_hourly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
+ "value": "Verify Owner on cron.hourly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
+ "value": "file_permissions_cron_hourly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
+ "value": "Verify Permissions on cron.hourly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
+ "value": "file_groupowner_cron_daily",
"remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
+ "value": "Verify Group Who Owns cron.daily",
"remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
+ "value": "file_owner_cron_daily",
"remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
+ "value": "Verify Owner on cron.daily",
"remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
+ "value": "file_permissions_cron_daily",
"remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
+ "value": "Verify Permissions on cron.daily",
"remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
+ "value": "file_groupowner_cron_weekly",
"remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
+ "value": "Verify Group Who Owns cron.weekly",
"remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
+ "value": "file_owner_cron_weekly",
"remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
+ "value": "Verify Owner on cron.weekly",
"remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
+ "value": "file_permissions_cron_weekly",
"remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
+ "value": "Verify Permissions on cron.weekly",
"remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
+ "value": "file_groupowner_cron_monthly",
"remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
+ "value": "Verify Group Who Owns cron.monthly",
"remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
+ "value": "file_owner_cron_monthly",
"remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
+ "value": "Verify Owner on cron.monthly",
"remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
+ "value": "file_permissions_cron_monthly",
"remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
+ "value": "Verify Permissions on cron.monthly",
"remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
+ "value": "file_groupowner_cron_yearly",
"remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
+ "value": "Verify Group Who Owns cron.yearly",
"remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
+ "value": "file_owner_cron_yearly",
"remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
+ "value": "Verify Owner on cron.yearly",
"remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "wireless_disable_interfaces",
+ "value": "file_permissions_cron_yearly",
"remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Deactivate Wireless Network Interfaces",
+ "value": "Verify Permissions on cron.yearly",
"remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
+ "value": "file_groupowner_cron_d",
"remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
+ "value": "Verify Group Who Owns cron.d",
"remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
+ "value": "file_owner_cron_d",
"remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
+ "value": "Verify Owner on cron.d",
"remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "value": "file_permissions_cron_d",
"remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "value": "Verify Permissions on cron.d",
"remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "value": "file_cron_deny_not_exist",
"remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "value": "Ensure that /etc/cron.deny does not exist",
"remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "value": "file_cron_allow_exists",
"remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "value": "Ensure that /etc/cron.allow exists",
"remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "value": "file_groupowner_cron_allow",
"remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/cron.allow file",
"remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "value": "file_owner_cron_allow",
"remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "value": "Verify User Who Owns /etc/cron.allow file",
"remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "value": "file_permissions_cron_allow",
"remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/cron.allow file",
"remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "value": "file_at_deny_not_exist",
"remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "value": "Ensure that /etc/at.deny does not exist",
"remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "value": "file_at_allow_exists",
"remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "value": "Ensure that /etc/at.allow exists",
"remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "value": "file_groupowner_at_allow",
"remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/at.allow file",
"remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "value": "file_owner_at_allow",
"remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "value": "Verify User Who Owns /etc/at.allow file",
"remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "value": "file_permissions_at_allow",
"remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/at.allow file",
"remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "value": "wireless_disable_interfaces",
"remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "value": "Deactivate Wireless Network Interfaces",
"remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "value": "service_bluetooth_disabled",
"remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "value": "Disable Bluetooth Service",
"remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "value": "kernel_module_atm_disabled",
"remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "value": "Disable ATM Support",
"remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
+ "value": "kernel_module_can_disabled",
"remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "value": "Disable CAN Support",
"remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "value": "kernel_module_dccp_disabled",
"remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "value": "Disable DCCP Support",
"remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "value": "kernel_module_tipc_disabled",
"remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "value": "Disable TIPC Support",
"remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "value": "kernel_module_rds_disabled",
"remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "value": "Disable RDS Support",
"remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
"remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
"remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
"remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
"remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
"remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
"remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
"remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
"remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
"remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
"remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
"remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
"remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
"remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
"remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
"remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
"remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
"remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
"remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
"remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
"remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
"remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
"remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
"remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
"remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
"remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
"remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
"remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
"remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
"remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
"remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
+ "value": "sysctl_net_ipv4_tcp_syncookies",
"remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
"remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
"remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
"remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
"remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
"remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
"remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
"remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
"remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
"remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
"remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
"remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
"remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
"remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
"remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
"remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
"remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
"remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
+ "value": "package_nftables_installed",
"remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
+ "value": "Install nftables Package",
"remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
+ "value": "service_firewalld_enabled",
"remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
+ "value": "Verify firewalld Enabled",
"remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
+ "value": "package_firewalld_installed",
"remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
+ "value": "Install firewalld Package",
"remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
+ "value": "service_nftables_disabled",
"remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "value": "Verify nftables Service is Disabled",
"remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
+ "value": "firewalld_loopback_traffic_trusted",
"remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
+ "value": "Configure Firewalld to Trust Loopback Traffic",
"remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
+ "value": "firewalld_loopback_traffic_restricted",
"remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
"remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
+ "value": "file_groupowner_sshd_config",
"remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
+ "value": "Verify Group Who Owns SSH Server config file",
"remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
+ "value": "file_owner_sshd_config",
"remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
+ "value": "Verify Owner on SSH Server config file",
"remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
+ "value": "file_permissions_sshd_config",
"remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
+ "value": "Verify Permissions on SSH Server config file",
"remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
+ "value": "directory_permissions_sshd_config_d",
"remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
+ "value": "file_permissions_sshd_drop_in_config",
"remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
+ "value": "directory_groupowner_sshd_config_d",
"remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
+ "value": "directory_owner_sshd_config_d",
"remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
+ "value": "file_groupowner_sshd_drop_in_config",
"remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
+ "value": "file_owner_sshd_drop_in_config",
"remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
+ "value": "file_permissions_sshd_private_key",
"remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
"remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
+ "value": "file_ownership_sshd_private_key",
"remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
+ "value": "file_groupownership_sshd_private_key",
"remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
+ "value": "file_permissions_sshd_pub_key",
"remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
"remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
+ "value": "file_ownership_sshd_pub_key",
"remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
+ "value": "file_groupownership_sshd_pub_key",
"remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
+ "value": "sshd_limit_user_access",
"remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
+ "value": "Limit Users' SSH Access",
"remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
+ "value": "sshd_enable_warning_banner_net",
"remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
+ "value": "Enable SSH Warning Banner",
"remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
+ "value": "sshd_set_idle_timeout",
"remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "value": "Set SSH Client Alive Interval",
"remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
+ "value": "sshd_set_keepalive",
"remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "value": "Set SSH Client Alive Count Max",
"remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
+ "value": "disable_host_auth",
"remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "value": "Disable Host-Based Authentication",
"remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
+ "value": "sshd_disable_rhosts",
"remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
+ "value": "Disable SSH Support for .rhosts Files",
"remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
+ "value": "sshd_set_login_grace_time",
"remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "value": "Ensure SSH LoginGraceTime is configured",
"remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
+ "value": "sshd_set_loglevel_verbose",
"remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
"remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "value": "sshd_set_max_auth_tries",
"remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
+ "value": "Set SSH authentication attempt limit",
"remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "value": "sshd_set_maxstartups",
"remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
+ "value": "Ensure SSH MaxStartups is configured",
"remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
+ "value": "sshd_set_max_sessions",
"remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
+ "value": "Set SSH MaxSessions limit",
"remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
+ "value": "sshd_disable_empty_passwords",
"remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "value": "Disable SSH Access via Empty Passwords",
"remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
+ "value": "sshd_disable_root_login",
"remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "value": "Disable SSH Root Login",
"remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
+ "value": "sshd_do_not_permit_user_env",
"remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
+ "value": "Do Not Allow SSH Environment Options",
"remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
+ "value": "sshd_enable_pam",
"remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
+ "value": "Enable PAM",
"remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
+ "value": "package_sudo_installed",
"remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
+ "value": "Install sudo Package",
"remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
+ "value": "sudo_add_use_pty",
"remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
"remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
+ "value": "sudo_custom_logfile",
"remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
"remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
+ "value": "sudo_remove_no_authenticate",
"remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
"remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
+ "value": "sudo_require_reauthentication",
"remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
+ "value": "Require Re-Authentication When Using the sudo Command",
"remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
+ "value": "use_pam_wheel_group_for_su",
"remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
"remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
+ "value": "ensure_pam_wheel_group_empty",
"remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
"remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
+ "value": "package_pam_pwquality_installed",
"remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
+ "value": "Install pam_pwquality Package",
"remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
+ "value": "account_password_pam_faillock_password_auth",
"remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
"remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
+ "value": "account_password_pam_faillock_system_auth",
"remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
"remarks": "rule_set_210"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
+ "value": "accounts_password_pam_pwquality_password_auth",
"remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
"remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
+ "value": "accounts_password_pam_pwquality_system_auth",
"remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
"remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
+ "value": "accounts_password_pam_unix_enabled",
"remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
+ "value": "Verify pam_unix module is activated",
"remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
+ "value": "accounts_passwords_pam_faillock_deny",
"remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "value": "Lock Accounts After Failed Password Attempts",
"remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
+ "value": "accounts_passwords_pam_faillock_unlock_time",
"remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
+ "value": "Set Lockout Time for Failed Password Attempts",
"remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
+ "value": "accounts_password_pam_difok",
"remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
"remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
+ "value": "accounts_password_pam_minlen",
"remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
"remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
+ "value": "accounts_password_pam_minclass",
"remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
"remarks": "rule_set_218"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
+ "value": "accounts_password_pam_maxrepeat",
"remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
+ "value": "Set Password Maximum Consecutive Repeating Characters",
"remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
+ "value": "accounts_password_pam_maxsequence",
"remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
+ "value": "Limit the maximum number of sequential characters in passwords",
"remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
+ "value": "accounts_password_pam_dictcheck",
"remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
"remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
+ "value": "accounts_password_pam_enforce_root",
"remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
"remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
"remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
+ "value": "Limit Password Reuse: password-auth",
"remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
"remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
+ "value": "Limit Password Reuse: system-auth",
"remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
"remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
+ "value": "Enforce Password History with use_authtok",
"remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
+ "value": "no_empty_passwords",
"remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
+ "value": "Prevent Login to Accounts With Empty Password",
"remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
+ "value": "accounts_password_pam_unix_no_remember",
"remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
+ "value": "Avoid using remember in pam_unix module",
"remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
+ "value": "set_password_hashing_algorithm_systemauth",
"remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
"remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
+ "value": "set_password_hashing_algorithm_passwordauth",
"remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
"remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
+ "value": "accounts_password_pam_unix_authtok",
"remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
+ "value": "Require use_authtok for pam_unix.so",
"remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
+ "value": "accounts_maximum_age_login_defs",
"remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
+ "value": "Set Password Maximum Age",
"remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
+ "value": "accounts_password_set_max_life_existing",
"remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
+ "value": "Set Existing Passwords Maximum Age",
"remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
+ "value": "accounts_password_warn_age_login_defs",
"remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
+ "value": "Set Password Warning Age",
"remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
+ "value": "accounts_password_set_warn_age_existing",
"remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
+ "value": "Set Existing Passwords Warning Age",
"remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
+ "value": "set_password_hashing_algorithm_logindefs",
"remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
"remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
+ "value": "account_disable_post_pw_expiration",
"remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
+ "value": "Set Account Expiration Following Inactivity",
"remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
+ "value": "accounts_set_post_pw_existing",
"remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
+ "value": "Set existing passwords a period of inactivity before they been locked",
"remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
+ "value": "accounts_password_last_change_is_in_past",
"remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
+ "value": "Ensure all users last password change date is in the past",
"remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
+ "value": "accounts_no_uid_except_zero",
"remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
+ "value": "Verify Only Root Has UID 0",
"remarks": "rule_set_239"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
+ "value": "accounts_root_gid_zero",
"remarks": "rule_set_240"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
+ "value": "Verify Root Has A Primary GID 0",
"remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
+ "value": "groups_no_zero_gid_except_root",
"remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
+ "value": "Verify Only Group Root Has GID 0",
"remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
+ "value": "ensure_root_password_configured",
"remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
+ "value": "Ensure Authentication Required for Single User Mode",
"remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
+ "value": "accounts_root_path_dirs_no_write",
"remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
"remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
+ "value": "root_path_no_dot",
"remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
"remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
+ "value": "accounts_umask_root",
"remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
"remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
+ "value": "no_password_auth_for_systemaccounts",
"remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Are Locked",
"remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
+ "value": "no_shelllogin_for_systemaccounts",
"remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
"remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
+ "value": "no_invalid_shell_accounts_unlocked",
"remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
+ "value": "Verify Non-Interactive Accounts Are Locked",
"remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
+ "value": "accounts_tmout",
"remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
+ "value": "Set Interactive Session Timeout",
"remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
+ "value": "accounts_umask_etc_bashrc",
"remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
+ "value": "Ensure the Default Bash Umask is Set Correctly",
"remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
+ "value": "accounts_umask_etc_login_defs",
"remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
"remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
+ "value": "accounts_umask_etc_profile",
"remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
"remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
+ "value": "package_aide_installed",
"remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
+ "value": "Install AIDE",
"remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
+ "value": "aide_build_database",
"remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
+ "value": "Build and Test AIDE Database",
"remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
+ "value": "aide_periodic_cron_checking",
"remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
+ "value": "Configure Periodic Execution of AIDE",
"remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
+ "value": "aide_check_audit_tools",
"remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
+ "value": "Configure AIDE to Verify the Audit Tools",
"remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
+ "value": "service_systemd-journald_enabled",
"remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
+ "value": "Enable systemd-journald Service",
"remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
"remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
"remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
+ "value": "package_systemd-journal-remote_installed",
"remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
+ "value": "Install systemd-journal-remote Package",
"remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
+ "value": "service_systemd-journal-upload_enabled",
"remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "value": "Enable systemd-journal-upload Service",
"remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
+ "value": "socket_systemd-journal-remote_disabled",
"remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
+ "value": "Disable systemd-journal-remote Socket",
"remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
+ "value": "journald_disable_forward_to_syslog",
"remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
+ "value": "Ensure journald ForwardToSyslog is disabled",
"remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
+ "value": "journald_compress",
"remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
+ "value": "Ensure journald is configured to compress large log files",
"remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
+ "value": "journald_storage",
"remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "value": "Ensure journald is configured to write log files to persistent disk",
"remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
+ "value": "rsyslog_files_groupownership",
"remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
"remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
+ "value": "rsyslog_files_ownership",
"remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "value": "Ensure Log Files Are Owned By Appropriate User",
"remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
+ "value": "rsyslog_files_permissions",
"remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
+ "value": "Ensure System Log Files Have Correct Permissions",
"remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
+ "value": "file_groupowner_etc_passwd",
"remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
+ "value": "Verify Group Who Owns passwd File",
"remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
+ "value": "file_owner_etc_passwd",
"remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
+ "value": "Verify User Who Owns passwd File",
"remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
+ "value": "file_permissions_etc_passwd",
"remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
+ "value": "Verify Permissions on passwd File",
"remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
+ "value": "file_groupowner_backup_etc_passwd",
"remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "value": "Verify Group Who Owns Backup passwd File",
"remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
+ "value": "file_owner_backup_etc_passwd",
"remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "value": "Verify User Who Owns Backup passwd File",
"remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
+ "value": "file_permissions_backup_etc_passwd",
"remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "value": "Verify Permissions on Backup passwd File",
"remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
+ "value": "file_groupowner_etc_group",
"remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
+ "value": "Verify Group Who Owns group File",
"remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
+ "value": "file_owner_etc_group",
"remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
+ "value": "Verify User Who Owns group File",
"remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
+ "value": "file_permissions_etc_group",
"remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "value": "Verify Permissions on group File",
"remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
+ "value": "file_groupowner_backup_etc_group",
"remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
+ "value": "Verify Group Who Owns Backup group File",
"remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
+ "value": "file_owner_backup_etc_group",
"remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
+ "value": "Verify User Who Owns Backup group File",
"remarks": "rule_set_278"
- }
- ],
- "control-implementations": [
+ },
{
- "uuid": "1c0935db-0d68-4e5b-af32-1f7d25d0bc22",
- "source": "trestle://profiles/fedora-cis_fedora-l1_server/profile.json",
- "description": "Control implementation for cis_server_l1",
- "props": [
- {
- "name": "Framework_Short_Name",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
- "value": "cis_server_l1"
- }
- ],
- "set-parameters": [
- {
- "param-id": "cis_banner_text",
- "values": [
- "cis"
- ]
- },
- {
- "param-id": "inactivity_timeout_value",
- "values": [
- "15_minutes"
- ]
- },
- {
- "param-id": "login_banner_text",
- "values": [
- "cis_banners"
- ]
- },
- {
- "param-id": "sshd_idle_timeout_value",
- "values": [
- "5_minutes"
- ]
- },
- {
- "param-id": "sshd_max_auth_tries_value",
- "values": [
- "4"
- ]
- },
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_log_martians_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_rp_filter_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_secure_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_rp_filter_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_secure_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_tcp_syncookies_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_forwarding_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "var_account_disable_post_pw_expiration",
- "values": [
- "30"
- ]
- },
- {
- "param-id": "var_accounts_maximum_age_login_defs",
- "values": [
- "365"
- ]
- },
- {
- "param-id": "var_accounts_password_warn_age_login_defs",
- "values": [
- "7"
- ]
- },
- {
- "param-id": "var_accounts_passwords_pam_faillock_deny",
- "values": [
- "5"
- ]
- },
- {
- "param-id": "var_accounts_passwords_pam_faillock_unlock_time",
- "values": [
- "900"
- ]
- },
- {
- "param-id": "var_accounts_tmout",
- "values": [
- "15_min"
- ]
- },
- {
- "param-id": "var_accounts_user_umask",
- "values": [
- "027"
- ]
- },
- {
- "param-id": "var_multiple_time_servers",
- "values": [
- "rhel"
- ]
- },
- {
- "param-id": "var_pam_wheel_group_for_su",
- "values": [
- "cis"
- ]
- },
- {
- "param-id": "var_password_hashing_algorithm",
- "values": [
- "yescrypt"
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_group",
+ "remarks": "rule_set_279"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup group File",
+ "remarks": "rule_set_279"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shadow",
+ "remarks": "rule_set_280"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns shadow File",
+ "remarks": "rule_set_280"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shadow",
+ "remarks": "rule_set_281"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns shadow File",
+ "remarks": "rule_set_281"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shadow",
+ "remarks": "rule_set_282"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on shadow File",
+ "remarks": "rule_set_282"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_backup_etc_shadow",
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns Backup shadow File",
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_backup_etc_shadow",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns Backup shadow File",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_shadow",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup shadow File",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_gshadow",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns gshadow File",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_gshadow",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns gshadow File",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_gshadow",
+ "remarks": "rule_set_288"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on gshadow File",
+ "remarks": "rule_set_288"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_backup_etc_gshadow",
+ "remarks": "rule_set_289"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns Backup gshadow File",
+ "remarks": "rule_set_289"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_backup_etc_gshadow",
+ "remarks": "rule_set_290"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns Backup gshadow File",
+ "remarks": "rule_set_290"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_296"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_296"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_297"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_297"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_298"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_298"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_299"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_299"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_300"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_300"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_unauthorized_world_writable",
+ "remarks": "rule_set_301"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure No World-Writable Files Exist",
+ "remarks": "rule_set_301"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dir_perms_world_writable_sticky_bits",
+ "remarks": "rule_set_302"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "remarks": "rule_set_302"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_303"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_303"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_304"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_304"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_all_shadowed",
+ "remarks": "rule_set_305"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify All Account Password Hashes are Shadowed",
+ "remarks": "rule_set_305"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_empty_passwords_etc_shadow",
+ "remarks": "rule_set_306"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "remarks": "rule_set_306"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "gid_passwd_group_same",
+ "remarks": "rule_set_307"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "remarks": "rule_set_307"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "account_unique_id",
+ "remarks": "rule_set_308"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "remarks": "rule_set_308"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "group_unique_id",
+ "remarks": "rule_set_309"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Groups on the System Have Unique Group ID",
+ "remarks": "rule_set_309"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "account_unique_name",
+ "remarks": "rule_set_310"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Accounts on the System Have Unique Names",
+ "remarks": "rule_set_310"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "group_unique_name",
+ "remarks": "rule_set_311"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Groups on the System Have Unique Group Names",
+ "remarks": "rule_set_311"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_user_interactive_home_directory_exists",
+ "remarks": "rule_set_312"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All Interactive Users Home Directories Must Exist",
+ "remarks": "rule_set_312"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_home_directories",
+ "remarks": "rule_set_313"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "remarks": "rule_set_313"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_home_directories",
+ "remarks": "rule_set_314"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "remarks": "rule_set_314"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_user_dot_group_ownership",
+ "remarks": "rule_set_315"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "remarks": "rule_set_315"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_user_dot_user_ownership",
+ "remarks": "rule_set_316"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "User Initialization Files Must Be Owned By the Primary User",
+ "remarks": "rule_set_316"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_317"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_317"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_forward_files",
+ "remarks": "rule_set_318"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_318"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_netrc_files",
+ "remarks": "rule_set_319"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_319"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_rhost_files",
+ "remarks": "rule_set_320"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_320"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_321"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_321"
+ }
+ ],
+ "control-implementations": [
+ {
+ "uuid": "83700fcb-0209-4573-bd11-c01cd0d343b3",
+ "source": "trestle://profiles/fedora-cis_fedora-l1_server/profile.json",
+ "description": "Control implementation for cis_server_l1",
+ "props": [
+ {
+ "name": "Framework_Short_Name",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
+ "value": "cis_server_l1"
+ }
+ ],
+ "set-parameters": [
+ {
+ "param-id": "cis_banner_text",
+ "values": [
+ "cis"
+ ]
+ },
+ {
+ "param-id": "inactivity_timeout_value",
+ "values": [
+ "15_minutes"
+ ]
+ },
+ {
+ "param-id": "login_banner_text",
+ "values": [
+ "cis_banners"
+ ]
+ },
+ {
+ "param-id": "sshd_idle_timeout_value",
+ "values": [
+ "5_minutes"
+ ]
+ },
+ {
+ "param-id": "sshd_max_auth_tries_value",
+ "values": [
+ "4"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_tcp_syncookies_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "var_account_disable_post_pw_expiration",
+ "values": [
+ "30"
+ ]
+ },
+ {
+ "param-id": "var_accounts_maximum_age_login_defs",
+ "values": [
+ "365"
+ ]
+ },
+ {
+ "param-id": "var_accounts_password_warn_age_login_defs",
+ "values": [
+ "7"
+ ]
+ },
+ {
+ "param-id": "var_accounts_passwords_pam_faillock_deny",
+ "values": [
+ "5"
+ ]
+ },
+ {
+ "param-id": "var_accounts_passwords_pam_faillock_unlock_time",
+ "values": [
+ "900"
+ ]
+ },
+ {
+ "param-id": "var_accounts_tmout",
+ "values": [
+ "15_min"
+ ]
+ },
+ {
+ "param-id": "var_accounts_user_umask",
+ "values": [
+ "027"
+ ]
+ },
+ {
+ "param-id": "var_multiple_time_servers",
+ "values": [
+ "rhel"
+ ]
+ },
+ {
+ "param-id": "var_pam_wheel_group_for_su",
+ "values": [
+ "cis"
+ ]
+ },
+ {
+ "param-id": "var_password_hashing_algorithm",
+ "values": [
+ "cis_fedora"
]
},
{
@@ -4594,6 +5128,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -4661,9 +5201,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -4675,7 +5215,7 @@
],
"implemented-requirements": [
{
- "uuid": "51e11ffa-842a-4bb4-b71c-c1efcb904e05",
+ "uuid": "50fa1bae-537a-4670-954f-a2a33a475db0",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -4692,7 +5232,7 @@
]
},
{
- "uuid": "9289b2f8-28f3-45f3-86c1-576b69d9f65e",
+ "uuid": "292d0e8d-a2fe-493a-9cba-7afa7a058e2b",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -4709,7 +5249,7 @@
]
},
{
- "uuid": "556e470a-d78f-4e7b-a9bd-fb44bb80daa6",
+ "uuid": "cdfe6bd4-a8f2-4954-bea3-6e046f901cc1",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -4726,7 +5266,7 @@
]
},
{
- "uuid": "c14475b5-2b7e-4a93-a177-864242ab324b",
+ "uuid": "ca26c576-4706-4bd1-beed-66a078c44b56",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -4743,7 +5283,7 @@
]
},
{
- "uuid": "d635f33d-82ad-4e16-82c2-225f2c5f6ee3",
+ "uuid": "e1c1fd80-4495-44a8-8223-d70f72b5685d",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -4760,7 +5300,7 @@
]
},
{
- "uuid": "f271c17b-e1a0-4404-983a-edbf7ceda0f1",
+ "uuid": "2d40f450-b29b-4783-b169-d77338650e18",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -4777,7 +5317,7 @@
]
},
{
- "uuid": "7b53f7b6-5a46-475e-b30e-dbd84b827bf1",
+ "uuid": "8bc1d71d-ebab-4d0a-bb62-7e5c7004f043",
"control-id": "cis_fedora_1-1.1.9",
"description": "No notes for control-id 1.1.1.9.",
"props": [
@@ -4794,7 +5334,7 @@
]
},
{
- "uuid": "cc08a2f5-9e79-4c18-9ebe-c8c222b67c52",
+ "uuid": "19dcf4f1-9df5-49a3-ba6f-69eac3cac0a1",
"control-id": "cis_fedora_1-1.1.10",
"description": "No notes for control-id 1.1.1.10.",
"props": [
@@ -4811,7 +5351,7 @@
]
},
{
- "uuid": "168fea3e-bfa4-45b3-b85c-91929f679923",
+ "uuid": "2b737672-c751-4689-9475-ffc77bac448a",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -4824,7 +5364,7 @@
]
},
{
- "uuid": "a667af18-64bc-4cd7-afca-5bfdd8b5a7be",
+ "uuid": "928cd0f0-0cd3-44f7-99e4-5ca5abf937c1",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -4841,7 +5381,7 @@
]
},
{
- "uuid": "f8f6bb6e-b4af-455b-af57-b48335febb42",
+ "uuid": "6711a3ad-d35e-413c-a9e9-8fffdb0554d1",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -4858,7 +5398,7 @@
]
},
{
- "uuid": "60491dfb-5cdf-4e6a-89fb-27e1af815b3a",
+ "uuid": "36917a7a-fe03-461f-8d94-61ed00b6f9e1",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -4875,7 +5415,7 @@
]
},
{
- "uuid": "54f6b663-41db-4125-85fc-14145db5e7cb",
+ "uuid": "c1267048-8724-4acd-b6c2-224054e0d1f1",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -4892,7 +5432,7 @@
]
},
{
- "uuid": "3738eb31-4c53-4c0b-ac11-8819cef33ce1",
+ "uuid": "70c1c599-8582-4b7b-8866-bffbfea6116e",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -4909,7 +5449,7 @@
]
},
{
- "uuid": "85c794e6-723c-49be-a964-88157a638ae3",
+ "uuid": "30331dfe-c6ba-4600-bbe0-deba0df893ef",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -4926,7 +5466,7 @@
]
},
{
- "uuid": "71b5cb80-ce99-47c4-b489-cf621b99ecd6",
+ "uuid": "268e708b-f27e-403c-9f5e-084db26b110a",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -4943,7 +5483,7 @@
]
},
{
- "uuid": "628057c4-a4ff-4992-92c0-e80f29eea10b",
+ "uuid": "86b6bcab-3739-4c6f-a03c-652a1edefc58",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -4960,7 +5500,7 @@
]
},
{
- "uuid": "59e010dd-9d14-40d8-afac-b213fcd1196e",
+ "uuid": "4a6be034-8213-4eb9-9559-6edcdf05629e",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -4977,7 +5517,7 @@
]
},
{
- "uuid": "6b2d6c87-0bb1-4b60-a4a8-09e8247ca65b",
+ "uuid": "73d819dd-306e-4a01-bfd2-62901d7e8bb6",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -4994,7 +5534,7 @@
]
},
{
- "uuid": "9b055c10-817d-4fe5-8bb5-9de4f5f28472",
+ "uuid": "f07625d4-6f2d-4e72-9bc5-8a149d49d2a2",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -5011,7 +5551,7 @@
]
},
{
- "uuid": "b6301332-71a4-4474-80b7-f0c30ec78a0b",
+ "uuid": "f68ac459-d20b-45bb-bd34-db483eae9f78",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -5028,7 +5568,7 @@
]
},
{
- "uuid": "eb6916c3-b659-4f3b-8b27-aa19c63c53cf",
+ "uuid": "5320a7b5-4254-4669-acc7-95765ee70558",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -5045,7 +5585,7 @@
]
},
{
- "uuid": "76569930-a26a-4cd2-9a07-ac352f09ac3f",
+ "uuid": "70d8a721-ff41-408d-ade2-e6ca90e8b25b",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -5062,7 +5602,7 @@
]
},
{
- "uuid": "783eec51-42bb-490c-a9e2-f7b4b9a6db04",
+ "uuid": "d92bea82-677b-46ba-acf2-25b1c58803cf",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -5079,7 +5619,7 @@
]
},
{
- "uuid": "03fffe5e-3d1c-4a11-9815-9523fccf8c9c",
+ "uuid": "016d5186-1607-4f5a-8a95-725de7e84012",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -5096,7 +5636,7 @@
]
},
{
- "uuid": "0b6f5bae-608f-4ba6-8110-b99508f5cbb5",
+ "uuid": "bdb69fed-bd4c-4230-bee3-ffbe5f37bec1",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -5113,7 +5653,7 @@
]
},
{
- "uuid": "7ae36a96-a2f5-4a16-aaf2-4229d61f7524",
+ "uuid": "ec4a0e47-ca68-4424-aed7-456567990b04",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -5130,7 +5670,7 @@
]
},
{
- "uuid": "298f972e-e23f-4a7e-8bd9-a3ff97cea648",
+ "uuid": "bc935bc3-a082-4bb6-8e04-b7b83fda685f",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -5147,7 +5687,7 @@
]
},
{
- "uuid": "1415dfcb-18f0-4aa3-99e7-c8512474b99d",
+ "uuid": "38ef961d-8833-4c2d-9e2b-806228bffeac",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -5164,7 +5704,7 @@
]
},
{
- "uuid": "7fc5a8a1-2e58-4ec3-bb13-38dc9845e838",
+ "uuid": "54e93b6a-846a-43f6-abac-d1cec0496ff9",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -5181,7 +5721,7 @@
]
},
{
- "uuid": "34765405-84bf-4be6-9603-c84bbc5886ec",
+ "uuid": "04665c0c-d58e-46b2-99c4-eb1214f8bbc5",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -5194,7 +5734,7 @@
]
},
{
- "uuid": "744a6875-1700-4fd2-a4dd-edfb14979b01",
+ "uuid": "e1ae389d-fc9f-4304-9a94-369ef0f9e5dd",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -5211,7 +5751,7 @@
]
},
{
- "uuid": "a8f98d4f-ef7f-4327-98aa-022fbbac8f11",
+ "uuid": "3ca890df-19f2-415b-a58c-bb001e121ae3",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -5224,20 +5764,24 @@
]
},
{
- "uuid": "016b7325-b3f1-4f00-8e58-7056d55058a8",
+ "uuid": "169fd3eb-2e65-47f3-a116-074696d901e3",
"control-id": "cis_fedora_1-2.1.5",
- "description": "The description for control-id cis_fedora_1-2.1.5.",
+ "description": "No notes for control-id 1.2.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.2.1.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_weak_deps"
}
]
},
{
- "uuid": "29481c41-9611-4f76-85b8-4bb7434040f2",
+ "uuid": "7ab4c2d2-16e2-4ccc-aab4-425aae62579e",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -5250,7 +5794,7 @@
]
},
{
- "uuid": "0f107a60-0ea2-4ec7-bc58-9623ec1b7994",
+ "uuid": "e926b78a-9e00-45b7-9db7-048e011cd494",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -5267,7 +5811,7 @@
]
},
{
- "uuid": "cabdb27b-f7e4-4f8f-84c4-ae19431c1299",
+ "uuid": "e933de78-eaa9-45e0-9e8b-2bcb7dca407a",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -5284,7 +5828,7 @@
]
},
{
- "uuid": "61fb5c78-ab2b-47bc-99de-2c1b1fb3720f",
+ "uuid": "ff368b5c-c553-474f-9d4e-4ff75fb7f966",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -5301,7 +5845,7 @@
]
},
{
- "uuid": "a77a4d23-b4aa-4d56-b28e-aa290e805d0b",
+ "uuid": "1845671c-f0c3-4972-972c-73454341e388",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -5318,7 +5862,7 @@
]
},
{
- "uuid": "749b2e90-5ee5-4bfa-9b17-1b7a83f4ee01",
+ "uuid": "92385240-d65f-4ec7-bd95-0da53c0683d9",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -5335,7 +5879,7 @@
]
},
{
- "uuid": "b8bfc128-5e60-4357-8fdd-37c89dbf452c",
+ "uuid": "d1277512-a723-491f-b90b-56259975546b",
"control-id": "cis_fedora_1-3.1.8",
"description": "No notes for control-id 1.3.1.8.",
"props": [
@@ -5352,7 +5896,7 @@
]
},
{
- "uuid": "9116c7a9-3619-4bcb-839c-fcb835437136",
+ "uuid": "112b0382-1da6-4ca2-b12f-13ed743d6b9c",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -5369,180 +5913,204 @@
]
},
{
- "uuid": "972ebc01-2a34-47f1-bcb6-970cdb709ec9",
+ "uuid": "32c70565-11f8-4dbd-b988-75011fe98e00",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "65a1939c-3292-4d43-85bc-ea4115386ef3",
+ "uuid": "51671e1a-6d26-4ea6-b601-57437f5a6302",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "a73ace43-9572-4405-a3bb-b36fb012092d",
+ "uuid": "979f3f8a-908f-478b-b6da-fdacf3b0267d",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "6f458c2d-7108-4772-90a8-9ca9f0146988",
+ "uuid": "4f9d07bc-e936-44f3-bfb6-5f898a17fb5c",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "c287d3b7-f34c-4db1-a24d-aff6bc11397d",
+ "uuid": "68ef375d-bb39-443d-9f15-fd5e5a12a4a6",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "86a95afb-4f34-4307-b885-08ff75eed917",
+ "uuid": "a2814b9b-a9ac-48cd-9c4b-f0a7e39c0db5",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "20008437-d6f3-44d7-9731-b54cae57471c",
+ "uuid": "40f1d154-9404-47e3-9054-6560cd37efc7",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "b7acdbce-d154-4489-82bf-b9095c255bef",
+ "uuid": "c0b81a8d-93aa-4bdd-a8e6-6051e635d253",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "8c594ec2-7d21-4125-9d26-0238732d79fa",
+ "uuid": "a43e7b7d-5a27-4230-a0ed-34f3273bc713",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "14058759-4567-427e-b26f-fdb5d1f18d61",
+ "uuid": "8584e357-f4b2-4a8b-9253-9ace48af50b6",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "36a3d3f2-e7a6-4837-8fe4-ccaf0852a0f6",
+ "uuid": "f0e0b83a-1235-4309-8284-27ca6b68923f",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "e0f80f01-fb78-41d8-acb7-1804acc458e1",
+ "uuid": "607eaf09-5f4e-40da-9362-e963f630b0dc",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -5554,50 +6122,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "b6d5e16f-bcb2-437d-8a35-332184389aa3",
+ "uuid": "e63b3dee-a4dc-41d0-9778-c5e8ca7f8204",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "bf2a88c4-e3ca-400a-9fa4-3eea46975e52",
+ "uuid": "1efd6437-0ccb-45c8-8e9d-f303507ec271",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "8a06b8e8-a3ee-404e-b689-1a2d064f50f6",
+ "uuid": "909fbd31-4739-4c80-bbaf-2995d131363e",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "5dffe5bb-e98c-4556-ace8-427fe426f7c7",
+ "uuid": "cbe35e39-f1e9-4b02-8fd7-61bb69bfc0f1",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -5614,7 +6195,7 @@
]
},
{
- "uuid": "9a331d3c-92b0-4e9e-b453-f215bf05db83",
+ "uuid": "ad1cb4c3-b3f3-45f1-bd66-adf82684e3de",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -5631,7 +6212,7 @@
]
},
{
- "uuid": "7b8c4f09-9160-4dd0-b9e8-c243a98f8601",
+ "uuid": "cc578316-8762-44cb-8e05-72d965042044",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -5648,7 +6229,7 @@
]
},
{
- "uuid": "2bd49084-54ff-437f-995b-c953f23f85b3",
+ "uuid": "fc78b67d-4d44-45b8-a382-9ddcf9a4e059",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -5675,7 +6256,7 @@
]
},
{
- "uuid": "4d72dbb0-b45a-4116-b4d7-aaef5626c727",
+ "uuid": "827f1a03-95d1-46e7-9dfa-a8db4293a083",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -5702,7 +6283,7 @@
]
},
{
- "uuid": "e13bb40e-6e94-4b8b-9f23-8b6d4331bc00",
+ "uuid": "62af3a62-501b-441f-afb9-05a860cc0fde",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -5729,14 +6310,14 @@
]
},
{
- "uuid": "df2db27f-549b-429b-a4a7-f23a46507236",
+ "uuid": "02afa483-371c-4811-af66-00984af65edd",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5751,7 +6332,7 @@
]
},
{
- "uuid": "e5824b94-ae0d-4a3e-95b0-537ee9e738a1",
+ "uuid": "7f466b08-e381-4415-ba31-b0051202517c",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -5768,14 +6349,14 @@
]
},
{
- "uuid": "2b1ae283-ee6f-4ddc-b2e1-a21cb1dfab49",
+ "uuid": "f53c2b22-b4fa-43d7-b9d4-33c617f65bad",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5786,11 +6367,21 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "30465990-e2ac-4e44-95cb-24e71fe1f0f3",
+ "uuid": "da5d8d22-f471-459a-9dfa-f8abd5f3a09e",
"control-id": "cis_fedora_1-8.4",
"description": "No notes for control-id 1.8.4.",
"props": [
@@ -5812,14 +6403,14 @@
]
},
{
- "uuid": "bc5bd251-19d0-4c8c-a719-a54394aa1dae",
+ "uuid": "0cb8710a-1b4b-4179-afcf-57f9a2a8dd09",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5829,7 +6420,7 @@
]
},
{
- "uuid": "e4b474cb-7c97-497a-8146-76794c8ed512",
+ "uuid": "8ed4946f-e749-4731-8a90-b963863c1ab9",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -5842,7 +6433,7 @@
]
},
{
- "uuid": "35b963c2-1c68-495c-add1-28a4d2f0a7d7",
+ "uuid": "358c768a-a4ea-4197-b133-878964f2b454",
"control-id": "cis_fedora_2-1.1",
"description": "No notes for control-id 2.1.1.",
"props": [
@@ -5859,7 +6450,7 @@
]
},
{
- "uuid": "e990f356-2ad8-44c0-b3e3-10d8ad7b6f9d",
+ "uuid": "9ded6adf-ccd4-4cc2-8c5d-7c1753a016e2",
"control-id": "cis_fedora_2-1.2",
"description": "No notes for control-id 2.1.2.",
"props": [
@@ -5876,7 +6467,7 @@
]
},
{
- "uuid": "06cd2c54-99b5-4eb9-b2e8-193f48188c6b",
+ "uuid": "4c686d60-7c5d-4a80-9994-be06d819eede",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -5893,7 +6484,7 @@
]
},
{
- "uuid": "2609cf8f-cdec-4098-bac3-23280e84aa0b",
+ "uuid": "c5b8a041-e94e-4c5d-89a3-944e1cbf4374",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -5910,7 +6501,7 @@
]
},
{
- "uuid": "27731731-4fbc-49ea-bdcd-c98c3ca83bc9",
+ "uuid": "072e2b2f-a276-4df7-aab2-f9956bfed533",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -5927,7 +6518,7 @@
]
},
{
- "uuid": "03e55e68-dfd4-4750-b000-25ce4bf87a93",
+ "uuid": "55c42ca9-8a82-4e14-b2fc-282e644ea18a",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -5944,7 +6535,7 @@
]
},
{
- "uuid": "ba061485-71ad-4983-a93c-5c3ecc6175d0",
+ "uuid": "2c5964bf-f8ba-45e5-bc8d-1e6f459484ca",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -5966,7 +6557,7 @@
]
},
{
- "uuid": "747c55cd-b262-48bf-b398-7764dd66dfe0",
+ "uuid": "2a60c6b4-470f-4838-b935-a806e1ffeb64",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -5983,7 +6574,7 @@
]
},
{
- "uuid": "1548aced-f87f-45f0-8ab5-78f4999d784d",
+ "uuid": "21252ef4-68f2-404a-a8bc-0f18bdca89a1",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -5995,7 +6586,7 @@
]
},
{
- "uuid": "57760519-040f-4ee1-955b-55a0603d0049",
+ "uuid": "7fbb03a1-6296-405f-86b9-30a8d16fc123",
"control-id": "cis_fedora_2-1.11",
"description": "No notes for control-id 2.1.11.",
"props": [
@@ -6012,7 +6603,7 @@
]
},
{
- "uuid": "34dca66e-61c5-441f-bb87-86d26b9a77a7",
+ "uuid": "72138471-3a79-45a3-8c08-0aa602ce34e3",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -6029,7 +6620,7 @@
]
},
{
- "uuid": "f98e04d5-8c38-4874-95e5-139c1e7aaff7",
+ "uuid": "f91dcdc2-83b8-4506-9cfd-1b9035b01c6e",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -6046,7 +6637,7 @@
]
},
{
- "uuid": "70762f88-4817-4a51-94e9-a52e8a74a332",
+ "uuid": "7e0ebcc9-e919-483a-8e86-46a0d9dd6e59",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -6063,7 +6654,7 @@
]
},
{
- "uuid": "300bf21f-bd98-40d7-9e57-b5e55f90ddb3",
+ "uuid": "b477749e-5803-477a-9ad6-e7edcbd81ffe",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -6080,7 +6671,7 @@
]
},
{
- "uuid": "819bcc7d-7ac5-4543-89be-cb88e1c217e8",
+ "uuid": "95cba550-0ab5-4582-8eda-0f4c23a46717",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -6097,7 +6688,7 @@
]
},
{
- "uuid": "c19222e3-43d1-418f-879a-2b5792cf9384",
+ "uuid": "48b64afb-b345-427d-a4da-eecac0e9f757",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -6114,7 +6705,7 @@
]
},
{
- "uuid": "c1efa90e-ea5e-4a25-8923-afeb9c2cf226",
+ "uuid": "87f9b294-6ae2-48d7-8702-5c6783802ef8",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -6131,7 +6722,7 @@
]
},
{
- "uuid": "f9ef5b7a-36ee-4966-9576-9c64737ecefd",
+ "uuid": "33a34f6b-b93c-4994-a0d6-6fc802f4c07e",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -6153,7 +6744,7 @@
]
},
{
- "uuid": "09455db4-505b-465b-96db-649d588d3207",
+ "uuid": "d3a0622e-f50c-4360-af61-90b38cf48205",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -6166,14 +6757,14 @@
]
},
{
- "uuid": "7f2a99e6-9f9c-4675-8d99-a3611a525931",
+ "uuid": "874c7b30-0a19-4e36-b08b-f7ea79a6bbd5",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -6188,7 +6779,7 @@
]
},
{
- "uuid": "bfd873a8-684a-44a6-b949-6956ab171f92",
+ "uuid": "58d2ecf6-aa10-4dca-8c7c-167356022da2",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -6201,7 +6792,7 @@
]
},
{
- "uuid": "c6c5f8aa-029b-4463-8272-cb3efbe72415",
+ "uuid": "ce7f4a9d-4013-4412-b032-911ace82e424",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -6218,7 +6809,7 @@
]
},
{
- "uuid": "89866a01-3427-47a2-9cf7-21e43a132508",
+ "uuid": "0da92e05-9176-436e-8433-123de5189492",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -6230,7 +6821,7 @@
]
},
{
- "uuid": "572b9ea2-d764-4ac4-95d9-f0fef6c93440",
+ "uuid": "74866f73-64bb-4107-a631-b6a152a3943c",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -6247,7 +6838,7 @@
]
},
{
- "uuid": "a7b47360-51bb-44ac-a4ba-ec0bfcac573c",
+ "uuid": "05485924-33b3-40ed-b330-be309d98f72c",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -6264,7 +6855,7 @@
]
},
{
- "uuid": "e0a8fb5b-f7c3-4e6f-9678-d78c14fd42f8",
+ "uuid": "66dc3336-a809-4965-af91-9c5448109b46",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -6276,7 +6867,7 @@
]
},
{
- "uuid": "b8cc21df-01c5-4b73-9f09-fc3130243580",
+ "uuid": "cde2c45b-c6b4-4213-b2bf-7f914fb6f11d",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -6293,7 +6884,7 @@
]
},
{
- "uuid": "edd27e61-4933-4dc0-8fa8-14ed7b2a9d23",
+ "uuid": "91501ef9-8b3d-455e-a65b-8e068217ac78",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -6310,7 +6901,7 @@
]
},
{
- "uuid": "d1df4ca3-6efb-45af-ba1a-a8443cdf9f63",
+ "uuid": "f43c6834-dff0-4339-9a9f-9afe0dd3bd0f",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -6332,7 +6923,7 @@
]
},
{
- "uuid": "e0553375-3c1a-426e-9a18-412465755816",
+ "uuid": "e8de9a64-104a-47e2-86e1-bf566fa1241b",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -6359,7 +6950,7 @@
]
},
{
- "uuid": "d5fce030-c912-4776-83bf-9d2c9fcd2310",
+ "uuid": "5edaf0d5-91e3-4613-b635-8c0e8a30acf3",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -6386,7 +6977,7 @@
]
},
{
- "uuid": "b389ce1a-631a-475b-9307-b4747c79e78c",
+ "uuid": "91413d40-97e1-4982-8414-e47d2f5dfbef",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -6413,7 +7004,7 @@
]
},
{
- "uuid": "5fc9a2cd-8545-4b54-a1c2-c851cbf5218d",
+ "uuid": "349025d2-d524-457d-959e-b880bb1bc66f",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -6440,7 +7031,7 @@
]
},
{
- "uuid": "c6e9295a-1164-4ca0-806a-2ad2f4068b1b",
+ "uuid": "a8614f21-f3aa-484b-acb2-aa09615da8b7",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -6467,20 +7058,34 @@
]
},
{
- "uuid": "18766a7c-3f6a-4ecd-bb49-2f7bff2a6837",
+ "uuid": "a597e991-ca6f-47cf-bf26-9683931d6789",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "e23696ab-55c3-47eb-9bca-c3d07f1e4e00",
+ "uuid": "f5e8baf9-ebf2-441f-aa23-2647615004f5",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -6507,7 +7112,7 @@
]
},
{
- "uuid": "e48d0090-78e9-43d7-9d66-11919deb4763",
+ "uuid": "d922d697-1231-4024-906f-94fbffdad08f",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -6544,20 +7149,25 @@
]
},
{
- "uuid": "a4d9e608-2a31-4c2e-8a4d-919476c2d1f9",
+ "uuid": "8fa81d40-f282-4180-9260-251f26a239b7",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -6576,7 +7186,7 @@
]
},
{
- "uuid": "4b36c88e-ceea-4a24-99e8-122913a5283f",
+ "uuid": "29dbeb33-3996-45d3-a317-cad836e72447",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -6589,7 +7199,7 @@
]
},
{
- "uuid": "9c511198-2f11-44ed-8d1f-0aca79311006",
+ "uuid": "7c62adf1-0835-4f53-9ff9-145fa3dcc95d",
"control-id": "cis_fedora_3-1.2",
"description": "No notes for control-id 3.1.2.",
"props": [
@@ -6606,7 +7216,7 @@
]
},
{
- "uuid": "510787e4-777e-413d-b6bb-4967f11c0d24",
+ "uuid": "15d504b5-399c-45f5-9a54-16ea12a34ed6",
"control-id": "cis_fedora_3-1.3",
"description": "No notes for control-id 3.1.3.",
"props": [
@@ -6623,46 +7233,58 @@
]
},
{
- "uuid": "a8275a78-237a-41c0-85c8-df234cf6b7ff",
+ "uuid": "dd77e3a0-fb71-4d8b-ba15-48f12d7dac18",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "750bbd98-1169-44a9-a19f-64970f551ee3",
+ "uuid": "cc432443-cf55-4727-a6e7-e58a2703920b",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "40583018-9805-4b44-8564-92c109d35256",
+ "uuid": "b249e8a1-cf41-4e4d-8d9e-157329b8d6d9",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "8d44c59c-2f5b-433a-9094-c5cb9e0cfc58",
+ "uuid": "4a8ec5bd-c47a-4ec5-a74c-6b421e117b7e",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -6679,46 +7301,58 @@
]
},
{
- "uuid": "e412e580-29d4-4a86-9334-c569cb716b54",
+ "uuid": "d6762bd3-e6be-4165-9422-7a626640d13f",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "24f38a05-9d7d-4afd-b0cb-92ae78159137",
+ "uuid": "2ed4332a-62b2-4d9b-a62d-fe7c58dd9f82",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "d53c3652-ea1e-4f39-8821-0ad3eef79c15",
+ "uuid": "1a85b9a7-67cd-41da-ab44-a635c27b931b",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "cb780949-8c5a-44e5-accf-e23bac33ebea",
+ "uuid": "35e0eb7e-bf7d-423e-9294-54231e9b6fda",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -6735,7 +7369,7 @@
]
},
{
- "uuid": "db9599d0-4025-4dc5-b8d3-feda7e1a4715",
+ "uuid": "709231e4-1045-4556-bed3-8faf77a4dd77",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -6752,7 +7386,7 @@
]
},
{
- "uuid": "149a48c4-cc17-4a1b-a184-3f018aee8b0d",
+ "uuid": "9e45fc84-2dc5-4770-a1b3-697d63ea0417",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -6769,7 +7403,7 @@
]
},
{
- "uuid": "9868ded2-8c60-462c-bad1-e6a1dd374da0",
+ "uuid": "25ef5647-9cc5-4d5d-8f59-424a3dbc9f8b",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -6786,7 +7420,7 @@
]
},
{
- "uuid": "29f89f8e-d93e-470b-98d7-3cb5477961aa",
+ "uuid": "979808a1-f6ff-4805-a0a9-8c4be42160ac",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -6803,7 +7437,7 @@
]
},
{
- "uuid": "1f1f0760-2c02-43b7-a906-836c2a4a5e1c",
+ "uuid": "9ab17f9b-74e5-4740-bbb3-c3507e64ae5f",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -6820,7 +7454,7 @@
]
},
{
- "uuid": "47eed494-0bc8-40d0-9978-eac7b281272a",
+ "uuid": "c83690b6-70d5-4779-b127-beadb9d078bf",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -6833,16 +7467,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "aa549398-b071-45b3-918d-41b9e1724811",
+ "uuid": "79714e02-6d36-4c42-a3fb-81b417f28019",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -6859,7 +7488,7 @@
]
},
{
- "uuid": "40e8755a-bdae-4130-868f-6a62c5ea30e1",
+ "uuid": "b6834bf5-3061-4548-a290-449438bc860e",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -6876,7 +7505,7 @@
]
},
{
- "uuid": "e65e3cd4-9c27-4e31-bdbb-cb604dadcdca",
+ "uuid": "d4cef50e-4ae6-4c93-adfb-9ae026eb8977",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -6893,7 +7522,7 @@
]
},
{
- "uuid": "a1ec35ba-dfe4-41b8-9a76-ba8a1dcaa47f",
+ "uuid": "ed4bf9fd-c962-42e5-8ff7-94ec76dab2e2",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -6910,7 +7539,7 @@
]
},
{
- "uuid": "e04d86a8-c0a1-4309-b01b-7b0298e90a06",
+ "uuid": "9e78856c-eaa8-40e6-a60a-054542b2cff3",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -6927,7 +7556,7 @@
]
},
{
- "uuid": "8acb1d4f-d393-46da-b7f3-9822cf76d022",
+ "uuid": "ffe6269e-ef97-4aea-8cb5-1e5c303b2416",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -6944,7 +7573,7 @@
]
},
{
- "uuid": "f95d5d63-2ef4-4999-ac8a-03523b468370",
+ "uuid": "32634795-7bb8-49e8-8b92-11f475c6a47a",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -6961,7 +7590,7 @@
]
},
{
- "uuid": "cfa0dfff-77da-4ab6-a0b6-f3852ba38894",
+ "uuid": "fc913e4d-d3a1-4f86-af2b-e7b893b1acc6",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -6978,7 +7607,7 @@
]
},
{
- "uuid": "4fc27634-8ec0-49d4-9130-45f9222ea0b2",
+ "uuid": "645bea66-7158-4a96-af80-12179b8121c1",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -6995,20 +7624,24 @@
]
},
{
- "uuid": "b930929c-8b97-4275-9802-3d0ec63e4768",
+ "uuid": "22d25c74-6525-49a3-b0a3-198f0e573484",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "ceb87c31-5fee-4af4-94b7-e7ea89b7680a",
+ "uuid": "e67ba066-ab02-47f9-b3dc-ff6abda78278",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -7025,7 +7658,7 @@
]
},
{
- "uuid": "f7e2ec45-14a1-4d1e-a55b-1e4d945e4a82",
+ "uuid": "678a33c1-68a9-4dc6-b28f-9fbd3152444d",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -7042,7 +7675,7 @@
]
},
{
- "uuid": "332e5ca2-e023-47d4-9474-b33d6d6576b0",
+ "uuid": "f2327dba-a8d4-4b30-911c-ac6845b324b7",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -7059,7 +7692,7 @@
]
},
{
- "uuid": "2d00c9e6-510e-4544-98ba-507241b706f7",
+ "uuid": "c93639b0-5eff-48e5-bd15-5f4c1af02018",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -7076,7 +7709,7 @@
]
},
{
- "uuid": "282bb950-3735-47e4-8587-037dec45c03b",
+ "uuid": "d0e9b52f-6f8f-4704-ac36-0f67ff1caac3",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -7093,7 +7726,7 @@
]
},
{
- "uuid": "a6592034-e410-4cf1-b285-228ea2e3f7fd",
+ "uuid": "798abb2d-9c06-4817-8bd2-a35c1a754274",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -7110,7 +7743,7 @@
]
},
{
- "uuid": "3f30efe6-ca3a-442e-8a05-06c127686f10",
+ "uuid": "74588a8f-b907-4e14-afc6-9a072f3a77f6",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -7127,7 +7760,7 @@
]
},
{
- "uuid": "452b8f16-7cab-4823-ab73-7d6c2559c6e3",
+ "uuid": "a8516262-0c33-48bf-a11d-81c7abd610a4",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -7154,7 +7787,7 @@
]
},
{
- "uuid": "944da33d-b46d-4b26-b6fe-71fb494ad2b1",
+ "uuid": "a277d3ac-3e8e-450d-ba3f-1ddfed6e31e0",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -7167,7 +7800,7 @@
]
},
{
- "uuid": "e1497f6c-d5fb-4b1e-a9d6-2bc3065632e4",
+ "uuid": "0e5814c0-c969-43cf-99da-f6dc5ba082eb",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -7189,7 +7822,7 @@
]
},
{
- "uuid": "793bb169-73e5-40e3-93af-9b9010180e73",
+ "uuid": "6d5afcae-4554-4fda-8d76-b1aa8a6be0fd",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -7201,7 +7834,7 @@
]
},
{
- "uuid": "5aa08d58-0b48-4b70-afdb-67b79780a1e5",
+ "uuid": "10cd55c4-6fbf-451b-a225-5c4dca4e465c",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -7214,7 +7847,7 @@
]
},
{
- "uuid": "dba9b3bf-8836-4fc9-b2ce-dedcb3d969b1",
+ "uuid": "9921a38f-aad8-43a5-8394-8736c0a92ed0",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -7226,7 +7859,7 @@
]
},
{
- "uuid": "6b2919d9-01d7-4830-b2ed-c2588ca64724",
+ "uuid": "21dbc444-4ee9-4e2d-b1b6-096b0346bfdb",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -7238,7 +7871,7 @@
]
},
{
- "uuid": "bdb8d156-6da6-4c25-afcd-81daef13778c",
+ "uuid": "f83ea6e3-caf3-4143-be14-2b32cd8f5bb9",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -7261,11 +7894,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "e9010e9d-48a1-46c3-ba21-e0d8455eed57",
+ "uuid": "d88186b4-d810-4383-b368-9b56c1656c0b",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -7292,7 +7955,7 @@
]
},
{
- "uuid": "055b6f58-eaf2-4113-99a6-ef9c405e037d",
+ "uuid": "3d17b198-4eec-4a08-9cd0-dca13a66c9dc",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -7319,56 +7982,58 @@
]
},
{
- "uuid": "1f4e7451-b76c-406d-ad1f-2c6e137bc9e1",
+ "uuid": "57b4e094-b02a-44c4-b972-33a889b1e32f",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "e4db8b18-eaf5-4158-8ed8-4dc9059e1e26",
+ "uuid": "7d70ab3a-bbc3-459f-9f7b-0e91ba8ca4f2",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "c74654e7-7b4e-4fd2-8edc-32d9f7c53200",
+ "uuid": "def209b4-47be-4647-bf9a-b142b3eda775",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "df0b265b-67f9-4105-8f86-1f1210bd1ef1",
+ "uuid": "fcc74d30-3ab7-40b8-9e90-8e31dc87eb06",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -7385,7 +8050,7 @@
]
},
{
- "uuid": "58fccdcf-0d43-43e8-b4e0-86ee5b5e7d13",
+ "uuid": "6f679aa5-f196-41a5-bc4e-bb9882b442c2",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -7402,7 +8067,7 @@
]
},
{
- "uuid": "2abdf89a-4e9e-4a86-8f6f-07363acb379f",
+ "uuid": "d345b465-8c55-4674-b2ee-31e8cfe50fb6",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -7424,7 +8089,7 @@
]
},
{
- "uuid": "b7239b9a-2f55-4181-8713-16f625eef19c",
+ "uuid": "d3215262-e82d-48f4-ae22-5159745efd1e",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -7441,7 +8106,7 @@
]
},
{
- "uuid": "6238e5eb-e90b-43af-a2ce-b1053cd16d37",
+ "uuid": "60645f79-f5d9-4eb0-98f3-0d6f6458a513",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -7458,7 +8123,7 @@
]
},
{
- "uuid": "7c62ace6-9fbd-4f62-b917-47ded896cc7b",
+ "uuid": "2f485c8a-1304-4561-a8e5-a46d4c0e3b72",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -7475,7 +8140,7 @@
]
},
{
- "uuid": "2502032f-6740-4d66-8439-d386a9ae1c12",
+ "uuid": "8a76e217-988c-4b74-9154-770d10cf317c",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -7492,7 +8157,7 @@
]
},
{
- "uuid": "7bf9fd29-a4b2-42e0-a55e-59a4676e05cd",
+ "uuid": "4e012fc9-5dc4-450f-b67b-997785db1733",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -7509,7 +8174,7 @@
]
},
{
- "uuid": "65ee04d6-e6c0-454c-9e0a-57b7fd93fad7",
+ "uuid": "e9d4633f-5f60-4796-af3c-7898d7c5b82d",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -7526,7 +8191,7 @@
]
},
{
- "uuid": "643c1f60-f119-407d-b264-a57d9a0b0c45",
+ "uuid": "2736e332-f844-4894-a053-0d44ee8f94fd",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -7543,7 +8208,7 @@
]
},
{
- "uuid": "b33c6f3f-3399-44f3-97f6-ab195e83a865",
+ "uuid": "6b4abd16-90a5-4404-8994-5892fa10f223",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -7560,7 +8225,7 @@
]
},
{
- "uuid": "90fd3d77-3ac7-4a23-81c5-4d621f658adf",
+ "uuid": "b4c090b2-06fe-455a-acf9-681f930ee3d3",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -7577,7 +8242,7 @@
]
},
{
- "uuid": "5a2cf46a-8d38-43c6-8d67-e5ed1b6612ff",
+ "uuid": "a6411fed-80fb-4446-a1aa-5c310f28f2eb",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -7594,7 +8259,7 @@
]
},
{
- "uuid": "eeacde2f-f895-4091-b4a3-923c3b374403",
+ "uuid": "ff493527-9fac-45c5-8d8e-607e00c0cee1",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -7611,7 +8276,7 @@
]
},
{
- "uuid": "7dbbe719-e863-4caf-9090-10b89a14d9ee",
+ "uuid": "33b1e26e-c785-4a0c-a5fe-9b1857794ca0",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -7628,7 +8293,7 @@
]
},
{
- "uuid": "4609682e-7f11-439d-b962-53a15700b8c6",
+ "uuid": "1a32fb86-5858-4f52-89fb-a649aac9b999",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -7645,7 +8310,7 @@
]
},
{
- "uuid": "184b8668-8bff-4745-835b-2490842b68ba",
+ "uuid": "b19ed128-b1a8-4226-a8b1-4338911215e7",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -7662,7 +8327,7 @@
]
},
{
- "uuid": "7b40d896-afa3-4ef3-b801-7550181d3aa1",
+ "uuid": "e4f4e6ce-f1e0-4714-b4e1-f4f7768769c4",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -7674,12 +8339,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "0d6b2521-c7b3-47db-882a-8e1a554135a1",
+ "uuid": "355980f7-8cfc-457e-b361-3cf967be9adb",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -7696,7 +8361,7 @@
]
},
{
- "uuid": "1b5a067d-27f6-436e-bb71-f5cffd0368d3",
+ "uuid": "4931f954-2c35-456c-9b54-33fea42707f1",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -7718,7 +8383,7 @@
]
},
{
- "uuid": "31480a31-948e-45a4-b111-c065deb79754",
+ "uuid": "34c76b07-42dd-4aae-a6ce-561d26d7f3e3",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -7731,7 +8396,7 @@
]
},
{
- "uuid": "584c6cbb-7398-4595-902e-7d940b02bbe4",
+ "uuid": "23d9bc54-d384-44c6-a827-887a644faa46",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -7744,7 +8409,7 @@
]
},
{
- "uuid": "cdef5b01-9db7-405a-aa96-378b5d14226d",
+ "uuid": "f37d2404-10c0-4d96-8ee6-4f4a631f1c6d",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -7762,7 +8427,7 @@
]
},
{
- "uuid": "5d882df8-a26f-428a-8aac-c0a9b875e4c4",
+ "uuid": "beb321c1-b263-4b9e-bf2e-0aa09fe38617",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -7774,7 +8439,7 @@
]
},
{
- "uuid": "f9d0a124-cb03-49a8-830e-4c9ec4719445",
+ "uuid": "5fc43310-ca5d-4257-a34d-93a0dfc83e58",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -7796,7 +8461,7 @@
]
},
{
- "uuid": "a468f71a-7766-4f78-a230-e8ba07f79f06",
+ "uuid": "db83530c-8b9b-445b-8cf8-5721c24e3f45",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -7804,11 +8469,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "ed612455-6c0e-41b9-afba-c5fb242b75cc",
+ "uuid": "220f2bb3-a928-48db-a27f-3f6b62769926",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -7820,19 +8500,24 @@
]
},
{
- "uuid": "d5fb7ddb-4143-419c-bd37-9e7ceef8665d",
+ "uuid": "77451261-f1b6-4b39-9608-bbd8674720e8",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "fe733b5b-bc67-4588-9131-e22d648503da",
+ "uuid": "3ef38037-c998-40df-87a6-e577cc73ea67",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -7849,7 +8534,7 @@
]
},
{
- "uuid": "8a81cf00-8df7-4910-813b-05f104795f74",
+ "uuid": "fa7f8c1d-9ab3-4fa2-9dce-f83e751a1fca",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -7866,7 +8551,7 @@
]
},
{
- "uuid": "6f2ffdb8-caf1-493a-9a08-d7bad1ceecf0",
+ "uuid": "7abb01e2-afe4-4c80-8eea-eae01190bee7",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -7883,7 +8568,7 @@
]
},
{
- "uuid": "09c2d2ff-25ed-4dbc-9e3f-8d7d31014b1c",
+ "uuid": "f63b2fe7-0847-4035-a930-fd1c990a4264",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -7900,7 +8585,7 @@
]
},
{
- "uuid": "9727bdab-0fe2-4fbf-bacf-b5a0144153a1",
+ "uuid": "8cf67fe4-1e6f-4951-bfe1-30a0abcc7841",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -7917,7 +8602,7 @@
]
},
{
- "uuid": "0758f1f5-b064-4d5d-837c-f104b303eecc",
+ "uuid": "69e4ae2a-f22e-4817-aaa3-dc8f2148d551",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -7934,20 +8619,24 @@
]
},
{
- "uuid": "7381249d-6df3-43d6-8fe4-230d150571a1",
+ "uuid": "f03ba9d5-4fc6-486a-93cf-e439657ce814",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "027ad639-dbf9-4c8a-8567-02b74a464b5d",
+ "uuid": "68b6c54c-1828-4ee2-b120-00fe88f0f74a",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -7964,7 +8653,7 @@
]
},
{
- "uuid": "efebddc6-46a5-4324-82dc-c6177d668ab2",
+ "uuid": "437096cf-2034-4810-b41f-2297ac077ed7",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -7981,7 +8670,7 @@
]
},
{
- "uuid": "62354677-625d-47fc-a63d-1fbaf8d4cf24",
+ "uuid": "041dcc74-ce12-4c31-9362-2f665bdc5bba",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -8003,7 +8692,7 @@
]
},
{
- "uuid": "4b79f0a0-0c64-4f4b-9eae-0f7053943772",
+ "uuid": "25f606d2-a4fc-411e-b02c-856ecbb6119e",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -8016,7 +8705,7 @@
]
},
{
- "uuid": "826512ef-9225-487c-bdf8-a0ee4bfc9b2b",
+ "uuid": "2dfa0a44-1191-4ce8-98ca-cadb347108f5",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -8024,11 +8713,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "8c0dc502-761e-44d2-bc7c-fa886c2373ba",
+ "uuid": "4ddaff53-5188-4cd7-8df5-c026ea113449",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -8045,20 +8739,24 @@
]
},
{
- "uuid": "a1abf8ed-e2bf-41b6-8725-701411a23792",
+ "uuid": "5649d94c-9835-4168-8a91-4de01996ef6d",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "0c890549-687e-4e69-9205-f393a6d15d0f",
+ "uuid": "7fbdac8c-b0b0-48a5-ae2d-51ffd141557a",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -8080,19 +8778,24 @@
]
},
{
- "uuid": "da66dbbe-0844-4556-80d4-57cc7d322280",
+ "uuid": "56e59998-ecb6-4034-9afe-ebfefb615f97",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "0172b7c4-e409-4a8a-b54b-e1a93fb149d5",
+ "uuid": "7a63c1cf-d404-4906-8e62-152a68d7f286",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -8114,7 +8817,7 @@
]
},
{
- "uuid": "3e25c6f3-9ae1-47a7-8abb-c32dcd4f8596",
+ "uuid": "531e2a9a-b083-4aa7-8a96-1f96ba3f57e9",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -8136,20 +8839,15 @@
]
},
{
- "uuid": "87c2140d-fd29-45ba-b710-cf7056ba3f70",
+ "uuid": "f8bc8e4f-18be-45cc-b450-f4cde8d25d58",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -8158,7 +8856,7 @@
]
},
{
- "uuid": "d9749a94-6229-45a2-bca0-38c63d4a9e41",
+ "uuid": "20574e45-d65c-4afe-aa73-5f9a5248a0bf",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -8180,7 +8878,7 @@
]
},
{
- "uuid": "aa0d9ba8-6333-47a0-9ce0-54a4c228f4ea",
+ "uuid": "8a997b55-b036-46ee-85b7-a0f1225d1395",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -8197,7 +8895,7 @@
]
},
{
- "uuid": "13170a23-73b3-4aeb-b663-1777aecd5f8a",
+ "uuid": "19f5c7bb-3f2f-4633-a684-b1eb32e7070b",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -8214,7 +8912,7 @@
]
},
{
- "uuid": "81f3b633-cbaa-4002-8ce7-edd039386072",
+ "uuid": "b8084e1c-4ce6-4d2b-bf6e-a979cbb24a74",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -8231,20 +8929,24 @@
]
},
{
- "uuid": "484e660c-b6af-4585-81a8-449713c7c426",
+ "uuid": "6f1ff9d7-15d2-456a-b953-0af2ac989424",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "eae07608-c150-4f9a-8dd9-21dd463472eb",
+ "uuid": "61db0482-aae8-481c-a102-b3189b4793fa",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -8261,7 +8963,7 @@
]
},
{
- "uuid": "1646c717-26f8-496d-9772-926ee7c0042a",
+ "uuid": "0b52da16-60ee-40d9-966a-470fefd73842",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -8283,20 +8985,24 @@
]
},
{
- "uuid": "e9c36879-f483-4bbf-9b23-5c8002fa694a",
+ "uuid": "2371cfa1-51c5-4ec8-a4e1-f6c7053ba8d7",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "df2d2305-dfef-4347-b8c5-05569771d54f",
+ "uuid": "ab7b0187-53ee-4094-bb9b-5156e12c2253",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -8318,20 +9024,24 @@
]
},
{
- "uuid": "fb1bd167-1def-4903-922f-8c011285ef68",
+ "uuid": "1b8e6134-017a-4eea-80ba-d40d826df6f0",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "2fea939f-c555-4d14-8e53-28689e577812",
+ "uuid": "a55b845f-5593-4e0d-8bcb-afdc8b0d6b01",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -8348,7 +9058,7 @@
]
},
{
- "uuid": "e304cbaf-622a-424e-8a75-fdc1615c13c5",
+ "uuid": "25ab425a-a189-44ae-8b2f-b680438fe9dc",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -8375,7 +9085,7 @@
]
},
{
- "uuid": "b0265930-25be-40a6-bca0-b3f9af08da96",
+ "uuid": "c4798559-b02c-4812-8b8b-38b9ffcb3cb1",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -8397,7 +9107,7 @@
]
},
{
- "uuid": "5ba2014d-ae03-4a79-a186-901a964a03b6",
+ "uuid": "e1f2d6bb-08a8-4e57-8d73-d1238c21f550",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -8414,7 +9124,7 @@
]
},
{
- "uuid": "596eaf7c-ca97-4c81-a56a-9d549c645dbc",
+ "uuid": "a2706c93-493f-4d10-a1f3-768d4e78ff82",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -8431,7 +9141,7 @@
]
},
{
- "uuid": "22e59f4d-fcb1-466b-acca-1d1a07b2c2b6",
+ "uuid": "64e84a8f-e360-46f3-b00a-839869fc85c9",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -8448,7 +9158,7 @@
]
},
{
- "uuid": "b43f8837-b164-4729-ad17-af58d47ab30e",
+ "uuid": "1d1f271a-868a-4fe4-aadf-e1ef3eba53d3",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -8461,7 +9171,7 @@
]
},
{
- "uuid": "6d00203d-c7e0-426c-937e-68348c10b1e2",
+ "uuid": "8b878b18-b019-4338-84ef-11b52c3f7c7c",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -8474,20 +9184,24 @@
]
},
{
- "uuid": "ce1ebe9f-6db6-4a3d-b0f4-eec19655c189",
+ "uuid": "6b8e4146-c511-4533-9a3e-9711b6e422db",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "e43b6126-67fc-4051-8a72-ed354806a459",
+ "uuid": "5ab52d17-a09e-4d1f-9df8-f7d7672860f7",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -8504,7 +9218,7 @@
]
},
{
- "uuid": "10d849c9-0c2e-4994-b293-dedd03558ab2",
+ "uuid": "37226b5d-35d8-46c7-a865-68f4a0440977",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -8517,20 +9231,24 @@
]
},
{
- "uuid": "d12141b4-9ef9-4727-ba00-f48ca8ac819e",
+ "uuid": "01579d05-bc0a-4337-b5ad-8dfe1f4df332",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "5832db2f-ff20-4d23-81cf-7fb47737d170",
+ "uuid": "451150eb-824b-4045-a442-25c32115c325",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -8547,20 +9265,24 @@
]
},
{
- "uuid": "903b3ef4-0b53-4900-b8af-05205201b081",
+ "uuid": "ec5f1866-5295-4d16-a819-990cad2b44cd",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "67c6649e-102f-406c-995f-f6d49789c3e9",
+ "uuid": "d8162c01-ed32-47c9-a058-226da562cb46",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -8577,7 +9299,7 @@
]
},
{
- "uuid": "d3490f8f-a3a1-4cce-a651-a8d65fe8e626",
+ "uuid": "11724574-da36-46f8-a237-c4e90afa4ab1",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -8594,7 +9316,7 @@
]
},
{
- "uuid": "81a8f716-49a8-492c-a75c-f74a8ddb5ec8",
+ "uuid": "f2df0bcf-da93-4569-8561-a0b877f1a812",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -8606,7 +9328,7 @@
]
},
{
- "uuid": "0a5d6253-946e-4d30-8cb5-ed45eed0476a",
+ "uuid": "2673a328-d257-4044-896e-487ba65e1b6b",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -8618,7 +9340,7 @@
]
},
{
- "uuid": "3c49c500-8832-4c57-8f1a-7b14f1888998",
+ "uuid": "8ad6574a-3242-42e6-a751-0d3c40bf2f1f",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -8630,7 +9352,7 @@
]
},
{
- "uuid": "8a2ca262-4e5f-4b42-a410-95e45712eb63",
+ "uuid": "0f55510f-53e3-4ba6-b101-f5e3bd11709f",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -8642,7 +9364,7 @@
]
},
{
- "uuid": "7b100cde-5ce2-4152-ae22-53d42632e82a",
+ "uuid": "7c03cbfe-b2fb-4ea8-8d19-392eaa07982e",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -8655,7 +9377,7 @@
]
},
{
- "uuid": "3a6ae291-b0c3-4c70-ac8d-bd43e4b8660e",
+ "uuid": "60eaae68-9467-4d6d-8605-c4e42991f0fa",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -8668,7 +9390,7 @@
]
},
{
- "uuid": "c62b7c0e-fb8e-4db8-b609-c056e84ae410",
+ "uuid": "3e4cec10-de69-44ff-b180-f3867c5b9772",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -8680,7 +9402,7 @@
]
},
{
- "uuid": "e20816b1-dcb8-4dae-88a7-2bf461aca266",
+ "uuid": "1269187d-e502-474d-a2e9-297d79bc6e65",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -8693,7 +9415,7 @@
]
},
{
- "uuid": "5d48c043-db0b-444e-ac02-44ce6f35efb5",
+ "uuid": "fd441639-4f02-44a3-9956-4197ebeed0b5",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -8720,7 +9442,7 @@
]
},
{
- "uuid": "1c32af53-814f-4fe6-976a-b3ec9e6a1e40",
+ "uuid": "d5b00616-9aae-42f9-a564-fdf01558d27a",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -8747,7 +9469,7 @@
]
},
{
- "uuid": "1fb62459-d177-4670-86e2-97db1792933b",
+ "uuid": "14611cec-14c2-457e-ac3e-99e947a79d10",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -8774,7 +9496,7 @@
]
},
{
- "uuid": "52d7d7b2-ce16-47bb-ac9c-d17a3b0bf183",
+ "uuid": "626c6afd-af60-45b9-8e00-175acec82af0",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -8801,7 +9523,7 @@
]
},
{
- "uuid": "2c92bba4-1b01-4b45-a671-d5c881ef5e1e",
+ "uuid": "2d562419-1c03-4237-a34b-e9e507d7f80f",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -8828,7 +9550,7 @@
]
},
{
- "uuid": "79db970c-1906-4ff6-abba-d2f963043d75",
+ "uuid": "12250e66-24cb-4b42-8772-224779e6b68d",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -8855,7 +9577,7 @@
]
},
{
- "uuid": "01675b61-967d-4b99-815f-597f401337a9",
+ "uuid": "13d2a419-686d-4ed5-803d-f1d0dc54154f",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -8882,7 +9604,7 @@
]
},
{
- "uuid": "116bb8a7-f845-47ee-a9a8-22d354262701",
+ "uuid": "1b486d2f-a93f-4193-8cd5-a60e4c4ec347",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -8909,7 +9631,7 @@
]
},
{
- "uuid": "4738c5bf-b51f-4734-8265-cd4566b16fb6",
+ "uuid": "b90ce527-f99f-4ab0-a61a-f00fb2c75a3e",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -8936,7 +9658,7 @@
]
},
{
- "uuid": "1294a0a5-1f24-46af-ac07-4733e3fbaefd",
+ "uuid": "9be58ee8-213c-48a1-bffe-dbd97bd316c2",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -8963,24 +9685,49 @@
]
},
{
- "uuid": "eaacdfde-f373-4f15-870b-16d06c635872",
+ "uuid": "d1cd52e8-0fdf-43c9-9bc7-587084589d54",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "306a8f1b-08e1-4417-87e2-bdd306468c6b",
+ "uuid": "c153d213-209f-4dce-a9c3-06e5cea55d21",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -9002,29 +9749,29 @@
]
},
{
- "uuid": "702f471e-9879-4169-8883-f9ab452255af",
+ "uuid": "5a16629c-1046-4a24-a531-4536650c5669",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "6552636e-abf3-42d4-bff3-6f7476eaa0a6",
+ "uuid": "573e7840-b3ab-49a3-ba05-50183d5296d6",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -9037,7 +9784,7 @@
]
},
{
- "uuid": "72bc0434-dfae-4ff5-8522-f7e95a010783",
+ "uuid": "e7afc49a-c369-405b-b7e2-b928e79fd14c",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -9054,7 +9801,7 @@
]
},
{
- "uuid": "364022ba-8860-4edb-86a5-4ca2f6d727db",
+ "uuid": "0f218299-d55d-4dea-890a-b2376a095948",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -9071,7 +9818,7 @@
]
},
{
- "uuid": "ae79e60f-0965-4ff6-9c01-86eeb6cacc3c",
+ "uuid": "65bc586f-33f9-4576-bc6d-78a60ba0a9ff",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -9088,7 +9835,7 @@
]
},
{
- "uuid": "3ae42ede-4d43-443a-bdbb-3344fcb97030",
+ "uuid": "ef5d1333-37ba-4290-ba9d-d5b86df5f425",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -9105,7 +9852,7 @@
]
},
{
- "uuid": "dd1ee990-341a-4599-9331-dcde39918213",
+ "uuid": "35955538-8e9d-4b8f-b288-54e5dee7eb21",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -9122,7 +9869,7 @@
]
},
{
- "uuid": "0bf5b7d8-fecf-44eb-a5b1-76010ae477e9",
+ "uuid": "78d193b4-5b18-467b-99bf-e40593850c3f",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -9139,7 +9886,7 @@
]
},
{
- "uuid": "7974ca9d-5b62-43a0-a7a8-263f099646a2",
+ "uuid": "360b1d66-4597-4921-b6b7-8b9913b17328",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -9156,7 +9903,7 @@
]
},
{
- "uuid": "43439e56-a7ff-4f75-b49e-56ef592545c0",
+ "uuid": "f29cca2c-e843-4f65-8045-003f931dcd3a",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -9183,14 +9930,14 @@
]
},
{
- "uuid": "fd2b2805-d1db-4d61-8d05-1ec472824a2c",
+ "uuid": "5214e8de-04fa-461d-b83f-e6559f50cf87",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -9205,22 +9952,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
@@ -9235,7677 +9987,8727 @@
"description": "openscap",
"props": [
{
- "name": "Rule_Id",
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "cis_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization according to the local policy.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "inactivity_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "login_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_idle_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify duration of allowed idle time.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_max_auth_tries_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of authentication attempts per connection.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable IP source routing?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv4 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enables source route verification",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent unnecessary logging",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept all router advertisements?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept default router advertisements by default?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 default Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_account_disable_post_pw_expiration",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_maximum_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum age of password in days",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The number of days' warning given before a password expires.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Number of failed login attempts before account lockout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_tmout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_33",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
+ "value": "var_accounts_user_umask",
"remarks": "rule_set_000"
},
{
- "name": "Rule_Description",
+ "name": "Parameter_Description_33",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "value": "Enter default user umask",
"remarks": "rule_set_000"
},
{
- "name": "Check_Id",
+ "name": "Parameter_Value_Alternatives_33",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
+ "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
"remarks": "rule_set_000"
},
{
- "name": "Check_Description",
+ "name": "Parameter_Id_34",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "value": "var_multiple_time_servers",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_0",
+ "name": "Parameter_Description_34",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "cis_banner_text",
+ "value": "The list of vendor-approved time servers",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_0",
+ "name": "Parameter_Value_Alternatives_34",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization according to the local policy.",
+ "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_0",
+ "name": "Parameter_Id_35",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
+ "value": "var_pam_wheel_group_for_su",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_1",
+ "name": "Parameter_Description_35",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "inactivity_timeout_value",
+ "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_1",
+ "name": "Parameter_Value_Alternatives_35",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
+ "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_1",
+ "name": "Parameter_Id_36",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
+ "value": "var_password_hashing_algorithm",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_2",
+ "name": "Parameter_Description_36",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "login_banner_text",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_2",
+ "name": "Parameter_Value_Alternatives_36",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_2",
+ "name": "Parameter_Id_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
+ "value": "var_password_hashing_algorithm_pam",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_3",
+ "name": "Parameter_Description_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_idle_timeout_value",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_3",
+ "name": "Parameter_Value_Alternatives_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify duration of allowed idle time.",
+ "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_3",
+ "name": "Parameter_Id_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
+ "value": "var_password_pam_dictcheck",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_4",
+ "name": "Parameter_Description_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_max_auth_tries_value",
+ "value": "Prevent the use of dictionary words for passwords.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_4",
+ "name": "Parameter_Value_Alternatives_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of authentication attempts per connection.",
+ "value": "{1: 1, 'default': 1}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_4",
+ "name": "Parameter_Id_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
+ "value": "var_password_pam_difok",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_5",
+ "name": "Parameter_Description_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
+ "value": "Minimum number of characters not present in old password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_5",
+ "name": "Parameter_Value_Alternatives_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
+ "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_5",
+ "name": "Parameter_Id_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
+ "value": "var_password_pam_maxrepeat",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_6",
+ "name": "Parameter_Description_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
+ "value": "Maximum Number of Consecutive Repeating Characters in a Password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_6",
+ "name": "Parameter_Value_Alternatives_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_6",
+ "name": "Parameter_Id_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
+ "value": "var_password_pam_maxsequence",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_7",
+ "name": "Parameter_Description_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_7",
+ "name": "Parameter_Value_Alternatives_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_7",
+ "name": "Parameter_Id_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "var_password_pam_minclass",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_8",
+ "name": "Parameter_Description_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "value": "Minimum number of categories of characters that must exist in a password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_8",
+ "name": "Parameter_Value_Alternatives_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_8",
+ "name": "Parameter_Id_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "var_password_pam_minlen",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_9",
+ "name": "Parameter_Description_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "value": "Minimum number of characters in password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_9",
+ "name": "Parameter_Value_Alternatives_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_9",
+ "name": "Parameter_Id_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "var_password_pam_remember",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_10",
+ "name": "Parameter_Description_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "value": "Prevent password reuse using password history lookup",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_10",
+ "name": "Parameter_Value_Alternatives_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_10",
+ "name": "Parameter_Id_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "value": "var_password_pam_remember_control_flag",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_11",
+ "name": "Parameter_Description_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_11",
+ "name": "Parameter_Value_Alternatives_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_11",
+ "name": "Parameter_Id_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "var_postfix_inet_interfaces",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_12",
+ "name": "Parameter_Description_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_12",
+ "name": "Parameter_Value_Alternatives_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
+ "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_12",
+ "name": "Parameter_Id_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "var_screensaver_lock_delay",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_13",
+ "name": "Parameter_Description_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_13",
+ "name": "Parameter_Value_Alternatives_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
+ "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_13",
+ "name": "Parameter_Id_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "var_selinux_policy_name",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_14",
+ "name": "Parameter_Description_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_14",
+ "name": "Parameter_Value_Alternatives_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_14",
+ "name": "Parameter_Id_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "var_sshd_max_sessions",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_15",
+ "name": "Parameter_Description_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "value": "Specify the maximum number of open sessions permitted.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_15",
+ "name": "Parameter_Value_Alternatives_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
+ "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_15",
+ "name": "Parameter_Id_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "var_sshd_set_keepalive",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_16",
+ "name": "Parameter_Description_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "value": "Specify the maximum number of idle message counts before session is terminated.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_16",
+ "name": "Parameter_Value_Alternatives_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_16",
+ "name": "Parameter_Id_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "var_sshd_set_login_grace_time",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 60, 60: 60}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_maxstartups",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sudo_timestamp_timeout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_17",
+ "name": "Parameter_Id_54",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "value": "var_user_initialization_files_regex",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_17",
+ "name": "Parameter_Description_54",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_17",
+ "name": "Parameter_Value_Alternatives_54",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_18",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Description_18",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Value_Alternatives_18",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Id_19",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Description_19",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
- "remarks": "rule_set_000"
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Value_Alternatives_19",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Id_20",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Description_20",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Value_Alternatives_20",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Id_21",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Description_21",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Value_Alternatives_21",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Id_22",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Description_22",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Value_Alternatives_22",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Id_23",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Description_23",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
- "remarks": "rule_set_000"
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Value_Alternatives_23",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Id_24",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Description_24",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Value_Alternatives_24",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_firewire-core_disabled",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Id_25",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Disable IEEE 1394 (FireWire) Support",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Description_25",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
- "remarks": "rule_set_000"
+ "value": "kernel_module_firewire-core_disabled",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Value_Alternatives_25",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable IEEE 1394 (FireWire) Support",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Id_26",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_usb-storage_disabled",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Description_26",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Disable Modprobe Loading of USB Storage Driver",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Value_Alternatives_26",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_usb-storage_disabled",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Id_27",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_account_disable_post_pw_expiration",
- "remarks": "rule_set_000"
+ "value": "Disable Modprobe Loading of USB Storage Driver",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Description_27",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Value_Alternatives_27",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Id_28",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_maximum_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Description_28",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum age of password in days",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Value_Alternatives_28",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Id_29",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_password_warn_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Description_29",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days' warning given before a password expires.",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Value_Alternatives_29",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Id_30",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Description_30",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Number of failed login attempts before account lockout",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Value_Alternatives_30",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Id_31",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Description_31",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Value_Alternatives_31",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Id_32",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_tmout",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Description_32",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Value_Alternatives_32",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Id_33",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_user_umask",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Description_33",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter default user umask",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Value_Alternatives_33",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Id_34",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_multiple_time_servers",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Description_34",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The list of vendor-approved time servers",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Value_Alternatives_34",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Id_35",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_pam_wheel_group_for_su",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Description_35",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Value_Alternatives_35",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Id_36",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Description_36",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Value_Alternatives_36",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Id_37",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm_pam",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Description_37",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Value_Alternatives_37",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Id_38",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_dictcheck",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Description_38",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent the use of dictionary words for passwords.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Value_Alternatives_38",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 'default': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Id_39",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_difok",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Description_39",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters not present in old password",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Value_Alternatives_39",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Id_40",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_maxrepeat",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Description_40",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum Number of Consecutive Repeating Characters in a Password",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Value_Alternatives_40",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Id_41",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minclass",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Description_41",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of categories of characters that must exist in a password",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Value_Alternatives_41",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Id_42",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minlen",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Description_42",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters in password",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Value_Alternatives_42",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Id_43",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Description_43",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent password reuse using password history lookup",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Value_Alternatives_43",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Id_44",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember_control_flag",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Description_44",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Value_Alternatives_44",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Id_45",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_postfix_inet_interfaces",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Description_45",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Value_Alternatives_45",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Id_46",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_screensaver_lock_delay",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Description_46",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Value_Alternatives_46",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Id_47",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_policy_name",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Description_47",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Value_Alternatives_47",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Id_48",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_max_sessions",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Description_48",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of open sessions permitted.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Value_Alternatives_48",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Id_49",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_keepalive",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Description_49",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of idle message counts before session is terminated.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Value_Alternatives_49",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Id_50",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_login_grace_time",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Description_50",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Value_Alternatives_50",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 60, 60: 60}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Id_51",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_maxstartups",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Description_51",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Value_Alternatives_51",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Id_52",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Description_52",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Value_Alternatives_52",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Id_53",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_user_initialization_files_regex",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Description_53",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Value_Alternatives_53",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_027"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_028"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_028"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_028"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_028"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_029"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_029"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_029"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_029"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "disable_weak_deps",
+ "remarks": "rule_set_030"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Disable Installation of Weak Dependencies in DNF",
+ "remarks": "rule_set_030"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "disable_weak_deps",
+ "remarks": "rule_set_030"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Disable Installation of Weak Dependencies in DNF",
+ "remarks": "rule_set_030"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_031"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_031"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_031"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_031"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_032"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_032"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_032"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_032"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
- "remarks": "rule_set_006"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_033"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
- "remarks": "rule_set_006"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_033"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
- "remarks": "rule_set_006"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_033"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
- "remarks": "rule_set_006"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_033"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
- "remarks": "rule_set_007"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_034"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
- "remarks": "rule_set_007"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_034"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
- "remarks": "rule_set_007"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_034"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
- "remarks": "rule_set_007"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_034"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_008"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_035"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_008"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_035"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_008"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_035"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_008"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_035"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_009"
+ "value": "package_setroubleshoot_removed",
+ "remarks": "rule_set_036"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "Uninstall setroubleshoot Package",
+ "remarks": "rule_set_036"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_009"
+ "value": "package_setroubleshoot_removed",
+ "remarks": "rule_set_036"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "Uninstall setroubleshoot Package",
+ "remarks": "rule_set_036"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_010"
+ "value": "grub2_password",
+ "remarks": "rule_set_037"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_010"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_037"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_010"
+ "value": "grub2_password",
+ "remarks": "rule_set_037"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_010"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_037"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_011"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_038"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_011"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_038"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_011"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_038"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_011"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_038"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_012"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_039"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_012"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_039"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_012"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_039"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_012"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_039"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_013"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_040"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_040"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_013"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_040"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_040"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_014"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_041"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_014"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_041"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_014"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_041"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_014"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_041"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_015"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_042"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_015"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_042"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_015"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_042"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_015"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_042"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_016"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_043"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_016"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_043"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_016"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_043"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_016"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_043"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_017"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_044"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_017"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_044"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_017"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_044"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_017"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_044"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_018"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_045"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_018"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_045"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_018"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_045"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_018"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_045"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_019"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_046"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_019"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_046"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_019"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_046"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_019"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_046"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_020"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_047"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_047"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_020"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_047"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_047"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_021"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_048"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_021"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_048"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_021"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_048"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_021"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_048"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_022"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_049"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_022"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_049"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_022"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_049"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_022"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_049"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_023"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_050"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_050"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_023"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_050"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_050"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_024"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_051"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_024"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_051"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_024"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_051"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_024"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_051"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_025"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_052"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_025"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_052"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_025"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_052"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_025"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_052"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_026"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_053"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_053"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_026"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_053"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_053"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_027"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_054"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_027"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_054"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_027"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_054"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_027"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_028"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_028"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_028"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_028"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_029"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_029"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_029"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_029"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_030"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_030"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_030"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_030"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_031"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_031"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_031"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_031"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_032"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_032"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_032"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_032"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_033"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_033"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_033"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_033"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_034"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_034"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_034"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_034"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_setroubleshoot_removed",
- "remarks": "rule_set_035"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall setroubleshoot Package",
- "remarks": "rule_set_035"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_setroubleshoot_removed",
- "remarks": "rule_set_035"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall setroubleshoot Package",
- "remarks": "rule_set_035"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_036"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_036"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_036"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_036"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_037"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_037"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_038"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_038"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_039"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_039"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_040"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_040"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_040"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_040"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_041"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_041"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_041"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_041"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_042"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_042"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_042"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_042"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_043"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_043"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_043"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_043"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_044"
+ "value": "dconf_gnome_disable_automount",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_044"
+ "value": "Disable GNOME3 Automounting",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_044"
+ "value": "dconf_gnome_disable_automount",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_044"
+ "value": "Disable GNOME3 Automounting",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_045"
+ "value": "dconf_gnome_disable_automount_open",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_045"
+ "value": "Disable GNOME3 Automount Opening",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_045"
+ "value": "dconf_gnome_disable_automount_open",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_045"
+ "value": "Disable GNOME3 Automount Opening",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_046"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_046"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_046"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_046"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_047"
+ "value": "service_autofs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_047"
+ "value": "Disable the Automounter",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_047"
+ "value": "service_autofs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_047"
+ "value": "Disable the Automounter",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_048"
+ "value": "service_avahi-daemon_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_048"
+ "value": "Disable Avahi Server Software",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_048"
+ "value": "service_avahi-daemon_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_048"
+ "value": "Disable Avahi Server Software",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_049"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_049"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_049"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_049"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_050"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_050"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_050"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_050"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_051"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_051"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_051"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_051"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_052"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_052"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_052"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_052"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_053"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_053"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_053"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_053"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_054"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_054"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_054"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_054"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_055"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_055"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_055"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_055"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_056"
+ "value": "service_cups_disabled",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_056"
+ "value": "Disable the CUPS Service",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_056"
+ "value": "service_cups_disabled",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_056"
+ "value": "Disable the CUPS Service",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_057"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_057"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_057"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_057"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_058"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_058"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_058"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_058"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_059"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_059"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_059"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_059"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_060"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_060"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_060"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_060"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
- "remarks": "rule_set_061"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
- "remarks": "rule_set_061"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
- "remarks": "rule_set_061"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
- "remarks": "rule_set_061"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
- "remarks": "rule_set_062"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
- "remarks": "rule_set_062"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
- "remarks": "rule_set_062"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
- "remarks": "rule_set_062"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_063"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_063"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_063"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_063"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
- "remarks": "rule_set_064"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
- "remarks": "rule_set_064"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
- "remarks": "rule_set_064"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
- "remarks": "rule_set_064"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
- "remarks": "rule_set_065"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
- "remarks": "rule_set_065"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
- "remarks": "rule_set_065"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
- "remarks": "rule_set_065"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_066"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_066"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_066"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_066"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_067"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_067"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_067"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_067"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_068"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_068"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_068"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_068"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_069"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_069"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_069"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_069"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_070"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_070"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_070"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_070"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_071"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_071"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_071"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_071"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_072"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_072"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_072"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_072"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_cups_disabled",
- "remarks": "rule_set_073"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the CUPS Service",
- "remarks": "rule_set_073"
+ "value": "Install the cron service",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_cups_disabled",
- "remarks": "rule_set_073"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the CUPS Service",
- "remarks": "rule_set_073"
+ "value": "Install the cron service",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_074"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_074"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_074"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_074"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_075"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_075"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_075"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_075"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_076"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_076"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_076"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_076"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_077"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_077"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_077"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_077"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_078"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_078"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_078"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_078"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_079"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_079"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_079"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_079"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_080"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_080"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_080"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_080"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_081"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_081"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_081"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_081"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_082"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_082"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_082"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_082"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_083"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_083"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_083"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_083"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_084"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_084"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_084"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_084"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_085"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_085"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_085"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_085"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_086"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_086"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_086"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_086"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_087"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_087"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_087"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_087"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_088"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_088"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_088"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_088"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_089"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_089"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_089"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_089"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_090"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_090"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_090"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_090"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_091"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_091"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_091"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_091"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_092"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_092"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_092"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_092"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_093"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_093"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_093"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_093"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_094"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_094"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_094"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_094"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_095"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_095"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_095"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_095"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_096"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_096"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_096"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_096"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_097"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_097"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_097"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_097"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_098"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_098"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_098"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_098"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_099"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_099"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_099"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_099"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_100"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_100"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_100"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_100"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_101"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_101"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_101"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_101"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_102"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_102"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_102"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_102"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_103"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_103"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_103"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_103"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_104"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_104"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_104"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_104"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_105"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_105"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_105"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_105"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_106"
+ "value": "wireless_disable_interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_106"
+ "value": "Deactivate Wireless Network Interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_106"
+ "value": "wireless_disable_interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_106"
+ "value": "Deactivate Wireless Network Interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_107"
+ "value": "service_bluetooth_disabled",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_107"
+ "value": "Disable Bluetooth Service",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_107"
+ "value": "service_bluetooth_disabled",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_107"
+ "value": "Disable Bluetooth Service",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_108"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_108"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_108"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_108"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_109"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_109"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_109"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_109"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_110"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_110"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_110"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_110"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_111"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_111"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_111"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_111"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_112"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_112"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_112"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_112"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_113"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_113"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_113"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_113"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_114"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_114"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_114"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_114"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_115"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_115"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_115"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_115"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_116"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_116"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_116"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_116"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_117"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_117"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_117"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_117"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_118"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_118"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_118"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_118"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "wireless_disable_interfaces",
- "remarks": "rule_set_119"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Deactivate Wireless Network Interfaces",
- "remarks": "rule_set_119"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "wireless_disable_interfaces",
- "remarks": "rule_set_119"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Deactivate Wireless Network Interfaces",
- "remarks": "rule_set_119"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
- "remarks": "rule_set_120"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
- "remarks": "rule_set_120"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
- "remarks": "rule_set_120"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
- "remarks": "rule_set_120"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_121"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_121"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_121"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_121"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_122"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_122"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_122"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_122"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_123"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_123"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_123"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_123"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_124"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_124"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_124"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_124"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_125"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_125"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_126"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_126"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_126"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_126"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_127"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_127"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_127"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_127"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_128"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_128"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_128"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_128"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_129"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_129"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_129"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_129"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_130"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_130"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_131"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_131"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_131"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_131"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_132"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_132"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_133"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_133"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_133"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_133"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_134"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_134"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_134"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_134"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_135"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_135"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_135"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_135"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_136"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_136"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_136"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_136"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_137"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_137"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_137"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_137"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_138"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_138"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_138"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_138"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_139"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_139"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_139"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_139"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_140"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_140"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_140"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_140"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_141"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_141"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_141"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_141"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_142"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_142"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_142"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_142"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_143"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_143"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_170"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_143"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_170"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_143"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_144"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_144"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_171"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_144"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_171"
},
{
"name": "Check_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_144"
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_145"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_145"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_172"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_145"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_172"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_145"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_146"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_146"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_173"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_146"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_173"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_146"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_147"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_147"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_174"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_147"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_174"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_147"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_148"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_148"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_175"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_148"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_175"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_148"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_149"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_149"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_176"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_149"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_176"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_149"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_150"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_150"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_177"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_150"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_177"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_150"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_151"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_151"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_178"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_151"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_178"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_151"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_152"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_152"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_179"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_152"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_179"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_152"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_180"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_180"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_181"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_181"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_182"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_182"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_183"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_183"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_184"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_184"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_185"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_185"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_158"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_159"
- },
- {
- "name": "Rule_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_159"
- },
- {
- "name": "Check_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_159"
- },
- {
- "name": "Check_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_159"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_160"
- },
- {
- "name": "Rule_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_160"
- },
- {
- "name": "Check_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_160"
- },
- {
- "name": "Check_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_160"
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_limit_user_access",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Users' SSH Access",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_limit_user_access",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Users' SSH Access",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable SSH Warning Banner",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable SSH Warning Banner",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_idle_timeout",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_idle_timeout",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_keepalive",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_keepalive",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "disable_host_auth",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable Host-Based Authentication",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "disable_host_auth",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable Host-Based Authentication",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_rhosts",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_rhosts",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_login_grace_time",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_login_grace_time",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_maxstartups",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_maxstartups",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_sessions",
- "remarks": "rule_set_171"
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_171"
+ "remarks": "rule_set_196"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_sessions",
- "remarks": "rule_set_171"
+ "remarks": "rule_set_196"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_171"
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_root_login",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Root Login",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_root_login",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Root Login",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_pam",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable PAM",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_pam",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable PAM",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_sudo_installed",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install sudo Package",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_sudo_installed",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install sudo Package",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_add_use_pty",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_add_use_pty",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_custom_logfile",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_203"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_custom_logfile",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_203"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_179"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_179"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_179"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_179"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_require_reauthentication",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_205"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_require_reauthentication",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_205"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_206"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_206"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_182"
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_182"
+ "remarks": "rule_set_207"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_182"
+ "remarks": "rule_set_207"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_182"
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_pam_pwquality_installed",
- "remarks": "rule_set_183"
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install pam_pwquality Package",
- "remarks": "rule_set_183"
+ "remarks": "rule_set_208"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_pam_pwquality_installed",
- "remarks": "rule_set_183"
+ "remarks": "rule_set_208"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install pam_pwquality Package",
- "remarks": "rule_set_183"
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_209"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_209"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_210"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_210"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_210"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_211"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_211"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_211"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_211"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_212"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_212"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_212"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_212"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_213"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_213"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_213"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_214"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_214"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_215"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_215"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_difok",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_216"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_difok",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_216"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_minlen",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_217"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_minlen",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_217"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_minclass",
- "remarks": "rule_set_190"
+ "remarks": "rule_set_218"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_218"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_minclass",
+ "remarks": "rule_set_218"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_218"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_190"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_219"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
- "remarks": "rule_set_190"
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_219"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_190"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_191"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_191"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_220"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_191"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_220"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_191"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_192"
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_192"
+ "remarks": "rule_set_221"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_192"
+ "remarks": "rule_set_221"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_192"
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_193"
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_193"
+ "remarks": "rule_set_222"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_193"
+ "remarks": "rule_set_222"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_193"
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_194"
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_194"
+ "remarks": "rule_set_223"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_194"
+ "remarks": "rule_set_223"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_194"
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_195"
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_195"
+ "remarks": "rule_set_224"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_195"
+ "remarks": "rule_set_224"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_195"
+ "remarks": "rule_set_224"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_225"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_225"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_225"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_226"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_226"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_226"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_227"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_227"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_227"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_199"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_199"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_230"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_199"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_230"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_199"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_200"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_200"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_231"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_200"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_231"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_200"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_201"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_201"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_232"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_201"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_232"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_201"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_202"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_202"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_202"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_202"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_203"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_203"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_234"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_203"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_234"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_203"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_235"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_235"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_236"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_236"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_237"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_237"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_238"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_238"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_239"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_239"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_239"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_240"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_240"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_240"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_209"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_209"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_241"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_209"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_241"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_209"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_root_password_configured",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_242"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_root_password_configured",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_242"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_243"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_243"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "root_path_no_dot",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_244"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "root_path_no_dot",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_244"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_244"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_245"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_245"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_245"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_246"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_246"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_247"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_247"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_247"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_248"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_248"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_248"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_tmout",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Interactive Session Timeout",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_tmout",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Interactive Session Timeout",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_250"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_250"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_251"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_251"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_profile",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_252"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_profile",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_252"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_aide_installed",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install AIDE",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_253"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_aide_installed",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_253"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install AIDE",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_build_database",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Build and Test AIDE Database",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_254"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_build_database",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_254"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Build and Test AIDE Database",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_periodic_cron_checking",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_255"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_periodic_cron_checking",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_255"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_check_audit_tools",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_256"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_check_audit_tools",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_256"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "service_systemd-journald_enabled",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable systemd-journald Service",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_257"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "service_systemd-journald_enabled",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_257"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable systemd-journald Service",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_257"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_258"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_258"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_258"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_259"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_259"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_259"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_260"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_260"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_260"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_261"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_261"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_261"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_262"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_262"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_262"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_compress",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_compress",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_storage",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_storage",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_groupownership",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_groupownership",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_ownership",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_ownership",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_permissions",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_permissions",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_passwd",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_passwd",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_passwd",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on passwd File",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_passwd",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on passwd File",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_group",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns group File",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_group",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns group File",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_group",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns group File",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_group",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns group File",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_group",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on group File",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_group",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on group File",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_group",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_group",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_shadow",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_shadow",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_shadow",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on shadow File",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_shadow",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on shadow File",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_246"
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_246"
+ "remarks": "rule_set_283"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_246"
+ "remarks": "rule_set_283"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_246"
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_247"
+ "remarks": "rule_set_284"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_247"
+ "remarks": "rule_set_284"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_247"
+ "remarks": "rule_set_284"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_247"
+ "remarks": "rule_set_284"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_248"
+ "remarks": "rule_set_285"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_248"
+ "remarks": "rule_set_285"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_248"
+ "remarks": "rule_set_285"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_248"
+ "remarks": "rule_set_285"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_249"
+ "remarks": "rule_set_286"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_249"
+ "remarks": "rule_set_286"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_249"
+ "remarks": "rule_set_286"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_249"
+ "remarks": "rule_set_286"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_gshadow",
- "remarks": "rule_set_250"
+ "remarks": "rule_set_287"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_250"
+ "remarks": "rule_set_287"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_gshadow",
- "remarks": "rule_set_250"
+ "remarks": "rule_set_287"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_250"
+ "remarks": "rule_set_287"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_288"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_288"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_289"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_289"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_253"
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_253"
+ "remarks": "rule_set_290"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_253"
+ "remarks": "rule_set_290"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_253"
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_254"
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_254"
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_296"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_254"
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_254"
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_255"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_255"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_297"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_255"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_297"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_255"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_256"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_256"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_298"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_256"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_298"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_256"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_257"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_257"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_299"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_257"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_299"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_257"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_258"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_258"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_300"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_258"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_300"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_258"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_261"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_261"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_303"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_261"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_303"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_261"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_262"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_262"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_304"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_262"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_304"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_262"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_all_shadowed",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_all_shadowed",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "gid_passwd_group_same",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "gid_passwd_group_same",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_id",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_id",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_id",
- "remarks": "rule_set_267"
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_267"
+ "remarks": "rule_set_309"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_id",
- "remarks": "rule_set_267"
+ "remarks": "rule_set_309"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_267"
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_name",
- "remarks": "rule_set_268"
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_268"
+ "remarks": "rule_set_310"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_name",
- "remarks": "rule_set_268"
+ "remarks": "rule_set_310"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_268"
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_name",
- "remarks": "rule_set_269"
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_269"
+ "remarks": "rule_set_311"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_name",
- "remarks": "rule_set_269"
+ "remarks": "rule_set_311"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_269"
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_270"
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_270"
+ "remarks": "rule_set_312"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_270"
+ "remarks": "rule_set_312"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_270"
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_home_directories",
- "remarks": "rule_set_271"
+ "remarks": "rule_set_313"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_271"
+ "remarks": "rule_set_313"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_home_directories",
- "remarks": "rule_set_271"
+ "remarks": "rule_set_313"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_271"
+ "remarks": "rule_set_313"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_home_directories",
- "remarks": "rule_set_272"
+ "remarks": "rule_set_314"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_272"
+ "remarks": "rule_set_314"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_home_directories",
- "remarks": "rule_set_272"
+ "remarks": "rule_set_314"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_272"
+ "remarks": "rule_set_314"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_273"
+ "remarks": "rule_set_315"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_273"
+ "remarks": "rule_set_315"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_273"
+ "remarks": "rule_set_315"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_273"
+ "remarks": "rule_set_315"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_274"
+ "remarks": "rule_set_316"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_274"
+ "remarks": "rule_set_316"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_274"
+ "remarks": "rule_set_316"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_274"
+ "remarks": "rule_set_316"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_275"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_317"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_275"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_317"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_275"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_317"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_275"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_317"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_276"
+ "value": "no_forward_files",
+ "remarks": "rule_set_318"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_276"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_318"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_276"
+ "value": "no_forward_files",
+ "remarks": "rule_set_318"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_276"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_318"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_277"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_319"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_277"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_319"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_277"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_319"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_277"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_319"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_278"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_320"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_278"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_320"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_278"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_320"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_278"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_320"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_321"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_321"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_321"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_321"
}
],
"control-implementations": [
{
- "uuid": "85f150b8-75b7-458d-9d69-0b4f291e2cec",
+ "uuid": "ac84de45-2ebc-47ed-ae2e-1f57a0376f37",
"source": "trestle://profiles/fedora-cis_fedora-l1_server/profile.json",
"description": "Control implementation for cis_server_l1",
"props": [
@@ -16946,18 +18748,6 @@
"4"
]
},
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
{
"param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"values": [
@@ -17000,6 +18790,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
"values": [
@@ -17078,6 +18874,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "var_account_disable_post_pw_expiration",
"values": [
@@ -17135,7 +18937,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -17162,6 +18964,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -17229,9 +19037,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -17243,7 +19051,7 @@
],
"implemented-requirements": [
{
- "uuid": "a0d6fba5-5435-4188-af46-8a687509b657",
+ "uuid": "993d2ab3-76cc-44f0-8f4a-ee2ce5ab6cc7",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -17260,7 +19068,7 @@
]
},
{
- "uuid": "ea810512-255f-4d0f-92f8-1c4a1ab89507",
+ "uuid": "8a9620b0-5fbd-4420-8d69-de5ee8f7df5e",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -17277,7 +19085,7 @@
]
},
{
- "uuid": "65dbf695-0ab1-4d46-a48e-9a4acd22ad70",
+ "uuid": "3d1cf4fd-5c97-4e4f-b50d-be90c9ce4cce",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -17294,7 +19102,7 @@
]
},
{
- "uuid": "1a82ff56-c9d4-427e-bab4-34b79314928c",
+ "uuid": "44a40abe-5326-4216-ada2-9d9a7eac5090",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -17311,7 +19119,7 @@
]
},
{
- "uuid": "004e5e7d-e3e0-46f8-8d05-36544e9969cb",
+ "uuid": "78376eec-87f2-44b8-a52e-a2f5ae7ccbbd",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -17328,7 +19136,7 @@
]
},
{
- "uuid": "cdcc862f-5ab8-458b-bcf6-07328a3944dc",
+ "uuid": "881ac40d-ad9e-497d-9818-bd1a712e8c4a",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -17345,7 +19153,7 @@
]
},
{
- "uuid": "a7b8885a-5a91-4d79-a20d-ae84be19777c",
+ "uuid": "1fe8706a-9d32-4b79-b95b-d1285bc0ce78",
"control-id": "cis_fedora_1-1.1.9",
"description": "No notes for control-id 1.1.1.9.",
"props": [
@@ -17362,7 +19170,7 @@
]
},
{
- "uuid": "54d135f7-4af6-4d56-87a4-e222e51e3c74",
+ "uuid": "cb891a42-6b85-4912-93df-3c3122ab0742",
"control-id": "cis_fedora_1-1.1.10",
"description": "No notes for control-id 1.1.1.10.",
"props": [
@@ -17379,7 +19187,7 @@
]
},
{
- "uuid": "9ce6b08e-1a9f-449d-9b82-6b81f1bb25cc",
+ "uuid": "e55f1efa-7f93-4e9a-b587-c3c056bcb7df",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -17392,7 +19200,7 @@
]
},
{
- "uuid": "bc2034f0-e181-4f64-8230-c16dd9c7637f",
+ "uuid": "0c790f88-1761-4658-bf6d-cc4814893982",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -17409,7 +19217,7 @@
]
},
{
- "uuid": "6516ca72-be77-412e-8db5-358a41f63938",
+ "uuid": "ce79cdd3-550b-4632-bb9e-f988fe20fb3b",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -17426,7 +19234,7 @@
]
},
{
- "uuid": "23434bca-190e-42f5-ad14-35ca0d41090a",
+ "uuid": "258b794a-b734-461d-ae40-f7f91512ad09",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -17443,7 +19251,7 @@
]
},
{
- "uuid": "a9f8b096-b67a-43a5-945e-1ff87c3cfaa7",
+ "uuid": "17602bf2-6086-4c7b-b9b8-d871ac31405f",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -17460,7 +19268,7 @@
]
},
{
- "uuid": "d4ed9991-1fbb-4ca3-8351-a500e8f2c64f",
+ "uuid": "682eee8e-d68c-4532-b34e-6e30f92d33f9",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -17477,7 +19285,7 @@
]
},
{
- "uuid": "2fd43e63-c815-49bf-a536-bb9296679956",
+ "uuid": "d135d1be-f5d6-4a38-bd83-6eaef6d3c240",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -17494,7 +19302,7 @@
]
},
{
- "uuid": "22c26a9f-a431-4013-bbd9-5d546cdc8b55",
+ "uuid": "b04fc38a-c1f3-48c1-95ed-59ff98d5d493",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -17511,7 +19319,7 @@
]
},
{
- "uuid": "1b27a793-dc95-4717-af85-4399d44badb5",
+ "uuid": "cac2c9f4-fe23-473e-854b-5b985a989e18",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -17528,7 +19336,7 @@
]
},
{
- "uuid": "7fbaf4b5-282f-48d2-ab95-f9439926e922",
+ "uuid": "a37c4ec6-5e13-4d47-88b9-a2515f980f46",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -17545,7 +19353,7 @@
]
},
{
- "uuid": "6efcbfe0-904b-4ef0-abac-31d0070c601f",
+ "uuid": "23314c42-25c4-461e-825e-42504013d153",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -17562,7 +19370,7 @@
]
},
{
- "uuid": "c1fd1c17-6415-423f-ab05-9c6f205f85cb",
+ "uuid": "393e02ff-af82-41c9-8b89-e3edb45095cd",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -17579,7 +19387,7 @@
]
},
{
- "uuid": "ebc9e06c-b9fb-4242-b6f5-82c0a40bdad7",
+ "uuid": "fbae0d9c-82b4-4523-92aa-5bd8961d9f9a",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -17596,7 +19404,7 @@
]
},
{
- "uuid": "ca9f9a90-fb80-493b-91ae-9e0ffeb6ade9",
+ "uuid": "5ecf20eb-c2de-4551-9755-3f720b843fb2",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -17613,7 +19421,7 @@
]
},
{
- "uuid": "98a2bf24-c134-42b6-815d-ca8835fb865c",
+ "uuid": "f13e54da-422e-4d73-a987-4b6770e8fd74",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -17630,7 +19438,7 @@
]
},
{
- "uuid": "b1b50a7f-3bc1-4605-9a47-40cbbbe2e3a0",
+ "uuid": "ca0dcd0f-a963-49fd-8f69-a0fa6b9aa246",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -17647,7 +19455,7 @@
]
},
{
- "uuid": "e281e628-162b-4492-a0a0-3518a6573149",
+ "uuid": "6f9b1fc4-e390-41e9-8880-5f2cde8ce290",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -17664,7 +19472,7 @@
]
},
{
- "uuid": "6f682f24-22f5-486f-b45a-f2f088094ed5",
+ "uuid": "fad3080f-1858-403e-86c1-912463421127",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -17681,7 +19489,7 @@
]
},
{
- "uuid": "4c655c57-d2ba-4b56-bd5a-d3c36d39014a",
+ "uuid": "27a9ca7b-f5a3-464a-9ac7-0244a5967c07",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -17698,7 +19506,7 @@
]
},
{
- "uuid": "d2a3455c-c06d-4c9b-84f1-af584c468af2",
+ "uuid": "66cf02df-fa4b-4b39-8326-ac43e24e2195",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -17715,7 +19523,7 @@
]
},
{
- "uuid": "cded73e7-6571-44c1-b77d-4cd5d63b1040",
+ "uuid": "36dda4d8-2b4d-4a55-8c8b-c4866bedd669",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -17732,7 +19540,7 @@
]
},
{
- "uuid": "e9150fc8-84a3-475c-8338-a4dd29d06028",
+ "uuid": "5bd8b305-cca3-4bf5-834f-94978565411e",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -17749,7 +19557,7 @@
]
},
{
- "uuid": "f4498ccd-6b3c-42e2-880a-ea7e9a609eb8",
+ "uuid": "dd0ead60-1ad1-46e7-9632-310df0f082c8",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -17762,7 +19570,7 @@
]
},
{
- "uuid": "83a820fa-88f3-4722-b70e-3dc25d6c8cb9",
+ "uuid": "e34ed9f4-c80f-440a-96b5-91af307ae103",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -17779,7 +19587,7 @@
]
},
{
- "uuid": "380de96a-c9a5-4d6f-9529-7d5797b85c97",
+ "uuid": "5d454119-c072-43ec-ac41-2dba138f3dce",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -17792,20 +19600,24 @@
]
},
{
- "uuid": "2e2267d3-4d14-42a6-9202-0449ebba2b7d",
+ "uuid": "778f7c03-598c-4c2c-ab12-5e68c2d29cd6",
"control-id": "cis_fedora_1-2.1.5",
- "description": "The description for control-id cis_fedora_1-2.1.5.",
+ "description": "No notes for control-id 1.2.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.2.1.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_weak_deps"
}
]
},
{
- "uuid": "8c8776ac-2b14-40c6-b8f1-d03c5b1c3263",
+ "uuid": "f447795f-a9a5-47de-a2a2-cefacaf951e1",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -17818,7 +19630,7 @@
]
},
{
- "uuid": "1fd3263e-3bca-4f28-9d8a-730a5c35a26f",
+ "uuid": "e3eb3f66-85e6-46b2-bfea-b64d2612a839",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -17835,7 +19647,7 @@
]
},
{
- "uuid": "2aed6016-3a87-4735-9911-7a05e9cf3fc4",
+ "uuid": "6b2f14ba-7892-4b9a-ac4b-f78cb1923b45",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -17852,7 +19664,7 @@
]
},
{
- "uuid": "4fa4ac9d-895a-4c45-a4e8-3d30d4582746",
+ "uuid": "80e9b110-9b34-45fd-80c5-e8c0890f2681",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -17869,7 +19681,7 @@
]
},
{
- "uuid": "f9ecbb6c-8141-440d-81ed-363a10661272",
+ "uuid": "5414d6ac-bd08-4b7c-a66b-fc6cb749a4e4",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -17886,7 +19698,7 @@
]
},
{
- "uuid": "15989a50-7700-46d5-9b27-a1659e94a9d2",
+ "uuid": "ce9e48f9-ce31-473c-9a81-c5364a708dc5",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -17903,7 +19715,7 @@
]
},
{
- "uuid": "cb68f34b-6af5-4385-b046-7c1febac6d1e",
+ "uuid": "042a7e0d-c1ea-491c-a5da-17474ac10c7c",
"control-id": "cis_fedora_1-3.1.8",
"description": "No notes for control-id 1.3.1.8.",
"props": [
@@ -17920,7 +19732,7 @@
]
},
{
- "uuid": "5f13d40c-3e8d-44c8-86e6-c4f39d1d167e",
+ "uuid": "eec29e4e-10d5-4f52-a49a-85fc1076aa23",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -17937,180 +19749,204 @@
]
},
{
- "uuid": "abbcdf33-daad-4146-8d82-5bfd9cefde5a",
+ "uuid": "95ba6b72-a9ff-49cb-8186-5069086a33cb",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "14d74056-d568-4e03-8d35-001765bee928",
+ "uuid": "fe2713b8-14cc-449d-8319-2a78f6bb51a0",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "f969e844-2e33-4374-a2e0-b8631d4521d8",
+ "uuid": "17c1113e-308b-47b2-8a65-e2094cb0462e",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "8c91b9b1-e9b2-4eeb-bddd-843ae6efc5eb",
+ "uuid": "b3c29257-71d4-421c-9a6b-fce5038be959",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "bf91e5e9-eae3-4784-a617-da8684334ae9",
+ "uuid": "81daece4-dab0-4eb9-885e-1950a6ee4c07",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "d394308c-a40e-4dcf-89cc-558656388b11",
+ "uuid": "02e33429-6882-41dd-a6e8-b11714e0aa1c",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "26eb76fd-8f85-4a04-a60c-d6eb6e236b06",
+ "uuid": "914227e2-4de9-42f9-9031-7bfa2dcc0918",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "f2c18466-6759-4cd2-90fc-89a25d2bfbb5",
+ "uuid": "fcda135c-8670-4c70-a3ba-cfd9b9a81c1e",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "de387ae6-5aa5-482d-b5ec-d8ace4f81c10",
+ "uuid": "9463a6b2-5fda-43fe-8341-e9b75684ec3a",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "b2533155-399d-4d93-b686-d750fba4110e",
+ "uuid": "a72530c0-5391-413e-b96f-f4f68dd4640d",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "eae9ec01-25da-4619-a96f-9f25200a85bd",
+ "uuid": "9b3d0ce5-befb-45c8-9c81-0af2f503bcda",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "a2e823ad-96c3-4b99-b40b-2ed0171a764f",
+ "uuid": "12f25ef1-2e17-4696-8df5-e3fd14769657",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -18122,50 +19958,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "7097a688-a639-48fa-a6c5-7ab29be91171",
+ "uuid": "6ed7dc30-58a9-424c-b3f5-2733d28505f1",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "9c785921-c844-4d75-9e60-4be855cb52cf",
+ "uuid": "d6a04c86-895a-4a23-a72b-b42a0f626593",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "84920d5b-f6ca-439f-86e7-36cd75fd0386",
+ "uuid": "15adf6b2-3d6b-445c-a2c8-640c94b8c96c",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "9b07759d-269b-445e-833e-e6e4f7e9c0bc",
+ "uuid": "1f820d52-15d0-46c2-bef9-81132fae415a",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -18182,7 +20031,7 @@
]
},
{
- "uuid": "3c177421-2704-4a06-84c2-482573d64b0a",
+ "uuid": "e94b2963-579b-4e09-8a6c-76932428243b",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -18199,7 +20048,7 @@
]
},
{
- "uuid": "6f04e424-82b3-46e7-9a2e-bbbe7256f327",
+ "uuid": "f65a2360-2404-41bd-9acf-43ca1d3b7553",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -18216,7 +20065,7 @@
]
},
{
- "uuid": "f619d79c-e438-4d44-acc1-6df7f632964d",
+ "uuid": "2818ff41-315e-4503-afce-9661b9e888d8",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -18243,7 +20092,7 @@
]
},
{
- "uuid": "eb7a18d5-eee0-4ef4-92c7-3ba6e95c5302",
+ "uuid": "928c2bf7-13a5-483c-ae58-769d6e38217e",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -18270,7 +20119,7 @@
]
},
{
- "uuid": "55a7bff1-4184-4ba3-91d3-e393739dd74a",
+ "uuid": "7cace5c6-300f-48f1-be63-52ce3e167566",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -18297,14 +20146,14 @@
]
},
{
- "uuid": "dafda31f-06c8-45cc-953b-c87be6a3cc09",
+ "uuid": "8dd9d4f6-02d1-47cc-9e1e-a669d16ce684",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -18319,7 +20168,7 @@
]
},
{
- "uuid": "edab1ad7-0e2c-4f29-9db3-1dcacc6dcdb1",
+ "uuid": "d6361665-bf1e-4e3f-95b7-1cae4ee7c28d",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -18336,14 +20185,14 @@
]
},
{
- "uuid": "6d23b0b2-37d3-4a76-b138-c2fc9f49dbcd",
+ "uuid": "5cf9173a-09b4-4187-af33-925fdffead26",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -18354,11 +20203,21 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "9831e618-fb12-42b5-aab1-1af0eb54b049",
+ "uuid": "d4f7a1c1-f147-4c1b-b506-5481489a64a7",
"control-id": "cis_fedora_1-8.4",
"description": "No notes for control-id 1.8.4.",
"props": [
@@ -18380,14 +20239,14 @@
]
},
{
- "uuid": "fb9117a1-834c-478e-a480-e89095d3e0bc",
+ "uuid": "8771f1bb-527f-458b-bfec-9a51cd309029",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -18397,7 +20256,7 @@
]
},
{
- "uuid": "83fab39d-8e7d-4c51-b6e4-75defe014393",
+ "uuid": "1fd24062-fe6c-47da-a95f-e4e6b7cbeb7f",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -18410,7 +20269,7 @@
]
},
{
- "uuid": "b1c5b059-8193-4540-b6de-b30bf18c454a",
+ "uuid": "8c552273-bf52-45e3-a7f9-503d14de340c",
"control-id": "cis_fedora_2-1.1",
"description": "No notes for control-id 2.1.1.",
"props": [
@@ -18427,7 +20286,7 @@
]
},
{
- "uuid": "3a64044c-d001-4f8b-aa3a-1be7fc053d46",
+ "uuid": "aceb31f4-48a8-4190-9232-1f914f5b43a6",
"control-id": "cis_fedora_2-1.2",
"description": "No notes for control-id 2.1.2.",
"props": [
@@ -18444,7 +20303,7 @@
]
},
{
- "uuid": "f876ac11-11bb-4473-81ed-0e13c529883e",
+ "uuid": "37586a58-60b6-4209-af9c-fc6d992fe83f",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -18461,7 +20320,7 @@
]
},
{
- "uuid": "082bb6b4-6faa-4fea-9994-6e518ee6fb7f",
+ "uuid": "3aec5330-f2f0-4434-a60d-487c03823c74",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -18478,7 +20337,7 @@
]
},
{
- "uuid": "3f5e6b2a-a508-45a6-9197-213c9bfd2d61",
+ "uuid": "419377ec-b61b-4fc0-8f6f-7df177089c82",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -18495,7 +20354,7 @@
]
},
{
- "uuid": "514c9374-30bb-45cc-813f-868d1fde1333",
+ "uuid": "3473ccd9-864b-4096-b654-4023b05a8807",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -18512,7 +20371,7 @@
]
},
{
- "uuid": "ac750fb0-cf3d-4f11-b0a6-99d052cac89e",
+ "uuid": "e6f21845-593f-4cdb-8092-ca0769bc8cff",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -18534,7 +20393,7 @@
]
},
{
- "uuid": "ee5f7995-31e7-4a8b-abfa-5b77c099b4b6",
+ "uuid": "3e1b157c-6c72-4b95-a22d-5a162efd925b",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -18551,7 +20410,7 @@
]
},
{
- "uuid": "60c2fae2-8c14-4cdb-afca-d91e59fc78af",
+ "uuid": "86f47f7c-3409-408c-8542-5df61df0f97c",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -18563,7 +20422,7 @@
]
},
{
- "uuid": "13d2421e-0d35-4631-86ba-59f9cab64965",
+ "uuid": "5230c58c-e193-446a-ae12-fe1de7ce4969",
"control-id": "cis_fedora_2-1.11",
"description": "No notes for control-id 2.1.11.",
"props": [
@@ -18580,7 +20439,7 @@
]
},
{
- "uuid": "78385b90-b539-4e66-b437-5a7b747edb64",
+ "uuid": "f8f542d3-b543-47c2-80e7-d6992f09e455",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -18597,7 +20456,7 @@
]
},
{
- "uuid": "acf9a7e5-c569-4fe7-ad1d-fb5762047c01",
+ "uuid": "c823620b-89b9-45ca-bd34-d1df707b7d14",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -18614,7 +20473,7 @@
]
},
{
- "uuid": "b2dc81eb-8554-4716-b961-6d8b8b16095c",
+ "uuid": "8938af9b-cecc-4150-a521-2d7b3fee2a23",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -18631,7 +20490,7 @@
]
},
{
- "uuid": "2e399e07-9db0-41c5-8fd7-3db9da44e439",
+ "uuid": "826849f1-d0ae-4b64-a891-5e32c2c7ec56",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -18648,7 +20507,7 @@
]
},
{
- "uuid": "6f6ee509-799e-478d-bdfb-7bdcca97637f",
+ "uuid": "3f1d040b-0400-4a9b-8c36-b588bd9c236e",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -18665,7 +20524,7 @@
]
},
{
- "uuid": "cbd2f45a-8247-4cae-9b80-dce0a4cb03e7",
+ "uuid": "d15de8a9-e35f-40d1-8776-1d4136aa1b13",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -18682,7 +20541,7 @@
]
},
{
- "uuid": "370e6667-bce2-45b0-95ad-f150579720bb",
+ "uuid": "5f958014-e1bd-47fc-86e6-1ffb38dad44d",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -18699,7 +20558,7 @@
]
},
{
- "uuid": "bb798e5a-e3e2-40ba-ba48-6eb846e719d1",
+ "uuid": "0c52ae81-ff86-40cd-8c12-d669a1e0baf4",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -18721,7 +20580,7 @@
]
},
{
- "uuid": "7f537711-9f5c-4943-9d8b-d90994894198",
+ "uuid": "ccfd0a9b-e0c1-4d6b-9132-775aea37ec1d",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -18734,14 +20593,14 @@
]
},
{
- "uuid": "69446aa7-2997-495e-8760-1d4196d19c1f",
+ "uuid": "dd9fb752-4028-41bb-af6b-c9a3a938039c",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -18756,7 +20615,7 @@
]
},
{
- "uuid": "8b7cc1fb-f1f2-45e7-b694-0fa3c9dc73dd",
+ "uuid": "7073299a-6a86-4e27-b067-d37d3b4d5cfc",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -18769,7 +20628,7 @@
]
},
{
- "uuid": "a15b5900-3801-49a5-bcd2-b5a069c0b63e",
+ "uuid": "fc6ecb4d-5720-4168-ad2b-bb69fb59138e",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -18786,7 +20645,7 @@
]
},
{
- "uuid": "2bf6d808-d806-4893-8b87-ae762f91604e",
+ "uuid": "65a87ee9-8683-4910-aa61-0a4190a5ef51",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -18798,7 +20657,7 @@
]
},
{
- "uuid": "ab1a6201-67e8-4e7c-93ab-5467504d04d2",
+ "uuid": "df0d1f14-f01f-41fa-97e0-842d1ad0066a",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -18815,7 +20674,7 @@
]
},
{
- "uuid": "c4076bbf-3e70-4859-a116-9d59ebb13038",
+ "uuid": "b829ae6e-349b-4f55-a789-246b1c3abfcc",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -18832,7 +20691,7 @@
]
},
{
- "uuid": "3f376467-7a4e-4a6b-91bd-d6c92616f82a",
+ "uuid": "faad1876-bf15-4c5d-a503-92cd6d751345",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -18844,7 +20703,7 @@
]
},
{
- "uuid": "169f7af1-6036-467e-878d-29737841c0d1",
+ "uuid": "fab46aaf-37ee-40a2-a965-194bbf5ad533",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -18861,7 +20720,7 @@
]
},
{
- "uuid": "76c90171-4163-4f1c-9037-9d42c36cb0ca",
+ "uuid": "d04465bc-6b1f-4491-ac28-698a1d0ffbfa",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -18878,7 +20737,7 @@
]
},
{
- "uuid": "e5679301-e8f6-47f4-851e-2eeb15106b69",
+ "uuid": "1b626214-a2fb-4fe7-849e-2ef4b5f34d33",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -18900,7 +20759,7 @@
]
},
{
- "uuid": "76ca7e2a-83e8-4aa5-92c0-bc7270d655fd",
+ "uuid": "43fe381b-8c9a-4369-b112-caf71b78a28f",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -18927,7 +20786,7 @@
]
},
{
- "uuid": "ef6da8e9-c4f8-4f93-850e-140e305f8f2f",
+ "uuid": "9f5222df-f099-4435-bc34-02379ebf2c90",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -18954,7 +20813,7 @@
]
},
{
- "uuid": "aafa43a0-4010-42e0-b2b9-dd4d1d21c3e3",
+ "uuid": "88a2f8f6-742a-47de-af59-2bb84e987551",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -18981,7 +20840,7 @@
]
},
{
- "uuid": "5bdca4b1-3719-4dee-8fb7-a1140f323992",
+ "uuid": "f282ff1f-dab0-4e9e-af99-eb9ff4a309c6",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -19008,7 +20867,7 @@
]
},
{
- "uuid": "0be9d893-b5d2-4b94-8055-37694a397856",
+ "uuid": "e36f6aae-29f2-4397-85fb-f028aa378ae7",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -19035,20 +20894,34 @@
]
},
{
- "uuid": "6d306722-0edd-42be-9b79-c5c736a99d2c",
+ "uuid": "961e4e97-024f-4612-89e1-8f0f026d132c",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "23eca921-0104-4e6a-bf1b-223c04cf2caf",
+ "uuid": "069ab5d1-b629-48f4-aece-6985cf83c352",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -19075,7 +20948,7 @@
]
},
{
- "uuid": "637a8628-0310-493e-8e2a-6f656848aa92",
+ "uuid": "6f88344d-c271-4755-b3e6-6f76a51e0422",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -19112,20 +20985,25 @@
]
},
{
- "uuid": "5e6d1c87-adfa-4d86-90a2-7f0b546bcc10",
+ "uuid": "51479e11-196c-4b3e-926d-0c5d8e75629f",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -19144,7 +21022,7 @@
]
},
{
- "uuid": "91725e2d-07a7-4485-b477-facc0ccfd64a",
+ "uuid": "c95766a8-31a4-48c4-8b2c-e9936fe6f192",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -19157,7 +21035,7 @@
]
},
{
- "uuid": "38778d43-d65f-4906-826d-301c82baa510",
+ "uuid": "938757c2-5ba8-4d7f-bb40-e918ddb80f58",
"control-id": "cis_fedora_3-1.2",
"description": "No notes for control-id 3.1.2.",
"props": [
@@ -19174,7 +21052,7 @@
]
},
{
- "uuid": "1c68ec9a-93dd-4ee1-9501-2d7dcb572aee",
+ "uuid": "2f6a1f40-0abd-4974-83c6-ead6fdad6d4f",
"control-id": "cis_fedora_3-1.3",
"description": "No notes for control-id 3.1.3.",
"props": [
@@ -19191,46 +21069,58 @@
]
},
{
- "uuid": "ecad0096-705a-44f4-a673-7db367414850",
+ "uuid": "8552aba7-7b69-438a-b43b-6f0c186e2eaa",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "55db5a99-0851-4d76-83bc-ec359192231f",
+ "uuid": "d24217ba-29cb-4c62-b71b-dbfa9e191304",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "fac8cf93-b2b1-42d4-bd6d-020200aa396e",
+ "uuid": "117b856a-7e51-4519-923d-dcdc0e5a21ed",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "08820caa-5521-4438-818c-f0a3dd28d0f9",
+ "uuid": "43a18236-863a-4991-8228-05393e5a91ad",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -19247,46 +21137,58 @@
]
},
{
- "uuid": "b3b970f3-1690-4f76-958e-124a46637f7b",
+ "uuid": "bd1c0c9d-5a97-4236-914f-d3602636e051",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "1db62640-4fe8-4ae1-8bd6-afb396018b90",
+ "uuid": "37053015-342c-47af-b33b-fb1dcd224d64",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "832ea2d7-a930-4b2c-91be-9941bed4cbc4",
+ "uuid": "865de490-0756-45c7-a9e5-59b0495d7094",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "eeae04a5-3c7d-43a3-b7a5-57075e5774c0",
+ "uuid": "fbf54e04-7a88-45de-8d82-7350a6c98229",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -19303,7 +21205,7 @@
]
},
{
- "uuid": "c8faaa6d-81d7-4174-aefe-748816636ed0",
+ "uuid": "028fd7af-3bba-46e9-8d8b-ded51209fce7",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -19320,7 +21222,7 @@
]
},
{
- "uuid": "7c771aed-c2a7-4acf-a7aa-6fb78212eb7d",
+ "uuid": "7a187fd2-858d-4007-b38c-87b04f592eb0",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -19337,7 +21239,7 @@
]
},
{
- "uuid": "698c97c4-a153-4e0e-9d80-0c613e2bcabb",
+ "uuid": "7d0438b3-b5f9-4361-a320-6167bc32ccfe",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -19354,7 +21256,7 @@
]
},
{
- "uuid": "b352031a-2849-469b-af4e-2c749f72db18",
+ "uuid": "02cf8b43-f7d8-4960-bc13-c0be0b3c2cab",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -19371,7 +21273,7 @@
]
},
{
- "uuid": "8fcd9c93-c66b-4da5-8f1e-0a5ec16fbaa7",
+ "uuid": "ea17cdfa-28f4-418f-b9f6-5e307bbb5d9a",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -19388,7 +21290,7 @@
]
},
{
- "uuid": "ab7e7d7e-0af5-45ce-aa53-8be2e296a55c",
+ "uuid": "b6e4bcf8-e6da-4a38-b848-ea4df49a24f7",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -19401,16 +21303,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "97bbf8da-d9b7-4edb-b467-73430d0d9ace",
+ "uuid": "4ea938e9-0aa3-4942-84f6-75b954ad9b66",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -19427,7 +21324,7 @@
]
},
{
- "uuid": "749cccf0-421b-425c-8f9d-7d85541527f8",
+ "uuid": "f633fd80-b032-4ea4-a4ed-8af5c69dad5b",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -19444,7 +21341,7 @@
]
},
{
- "uuid": "8e2038c6-4deb-430c-9876-8dbfc5a7458a",
+ "uuid": "f79f86ba-594d-4575-a2f5-b35a016cc562",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -19461,7 +21358,7 @@
]
},
{
- "uuid": "4e54c313-8865-49ef-847c-a8797859ecdc",
+ "uuid": "c23da1a2-5b43-4c74-88aa-1b2df5ee768b",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -19478,7 +21375,7 @@
]
},
{
- "uuid": "25927345-4b44-4b06-be48-0e5862e9ba92",
+ "uuid": "5b94dc5b-ae7f-44d1-a9e1-c9169189cb1e",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -19495,7 +21392,7 @@
]
},
{
- "uuid": "d2e9d78d-9785-4990-96b5-0ae4c172782b",
+ "uuid": "6a970c9a-7bce-4a28-9100-de81329cc990",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -19512,7 +21409,7 @@
]
},
{
- "uuid": "b7986ed9-4538-4180-ae39-d98b73fa6888",
+ "uuid": "3a3f347a-cba3-4caa-ab27-3282cb1c3848",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -19529,7 +21426,7 @@
]
},
{
- "uuid": "ebeea803-78f2-49bc-9a9b-b6ab6916a84f",
+ "uuid": "59fe42a4-5150-4748-9652-a60e44c5c001",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -19546,7 +21443,7 @@
]
},
{
- "uuid": "198d8077-7c32-49bc-a7f3-0b24388aad8c",
+ "uuid": "42879533-b1f7-4484-af8b-bfa1ec5acbc8",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -19563,20 +21460,24 @@
]
},
{
- "uuid": "f1e4dc96-9241-4d6b-9e48-2219824bb503",
+ "uuid": "a48f53f0-31e6-4c21-b66f-dce2e76b588e",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "7e2b8016-50a3-431a-b3e3-7a8ba7965575",
+ "uuid": "07dc2508-337e-4ec9-b6c8-028eb84c49b0",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -19593,7 +21494,7 @@
]
},
{
- "uuid": "59bce705-861d-430e-a2c4-08916103efc1",
+ "uuid": "d8310309-26b1-4c34-b654-8a64750c147e",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -19610,7 +21511,7 @@
]
},
{
- "uuid": "ab72ca13-f765-4ff4-a102-f72904e5ca1e",
+ "uuid": "729079de-24eb-4a51-b814-6af2e505bb2f",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -19627,7 +21528,7 @@
]
},
{
- "uuid": "97a8b6e9-a23a-4afa-9c96-68fd7f3e0eb4",
+ "uuid": "3dec2d7d-15fd-4d46-826d-2fb3f2d36149",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -19644,7 +21545,7 @@
]
},
{
- "uuid": "037e5856-c221-4bed-82ae-59e40f629b5d",
+ "uuid": "1ee1b49a-9d2c-4313-ac74-89f308d1ec70",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -19661,7 +21562,7 @@
]
},
{
- "uuid": "acd7e07a-6604-4e7e-b0d1-e602b45b92ef",
+ "uuid": "eb31424f-58ce-4fe8-af99-2b73a5b71d39",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -19678,7 +21579,7 @@
]
},
{
- "uuid": "b534819d-2007-4cc5-983a-10269252193f",
+ "uuid": "96a98337-955e-4458-a6fa-f71c0b77a322",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -19695,7 +21596,7 @@
]
},
{
- "uuid": "92ac7ce5-621e-4193-9a4c-222e3199706d",
+ "uuid": "e1db80b8-a3d7-4bc5-90cd-3bc9b1879de0",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -19722,7 +21623,7 @@
]
},
{
- "uuid": "c04e5cdb-1ece-489e-b7e4-0a9eb97716fa",
+ "uuid": "f0b01637-a709-4c1e-a5cc-f081dee3fcde",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -19735,7 +21636,7 @@
]
},
{
- "uuid": "22386d5a-e69c-4463-8bb6-467033625eab",
+ "uuid": "8aee33b7-5c08-4099-b61a-505241419e7a",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -19757,7 +21658,7 @@
]
},
{
- "uuid": "d4ac58f8-e654-4ece-a694-37cfddf8100b",
+ "uuid": "a33fbc6d-5a0c-4aac-b31f-34e66ad2619d",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -19769,7 +21670,7 @@
]
},
{
- "uuid": "5da92e59-218f-47eb-bc4a-76f56af3999f",
+ "uuid": "731007f7-f782-49c0-9469-c86eaccf191a",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -19782,7 +21683,7 @@
]
},
{
- "uuid": "559f8611-43ec-4607-9aaf-6e1a2a6ecb70",
+ "uuid": "7827697f-9bb4-414e-8346-727bf4461b55",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -19794,7 +21695,7 @@
]
},
{
- "uuid": "9977cbf1-6be4-462b-8fa0-b8b4ee823a1f",
+ "uuid": "5d3eb122-dd2e-4ebb-b3a0-54d3449645af",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -19806,7 +21707,7 @@
]
},
{
- "uuid": "badb0d34-52dd-43ad-8cb4-4197899d6eb1",
+ "uuid": "53818f61-eb34-4100-ae8a-c9bbe63e3537",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -19829,11 +21730,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "9f5fff22-e4d3-4853-9877-b5ddce788a97",
+ "uuid": "63c35d2e-0f32-431e-beba-1f612a487e19",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -19860,7 +21791,7 @@
]
},
{
- "uuid": "ac8cb444-5df2-4908-962b-c8ab38bfadfd",
+ "uuid": "b5f81482-6551-4ead-bf0b-27f3773d4eef",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -19887,56 +21818,58 @@
]
},
{
- "uuid": "4c4536d9-a6f9-4039-97ff-bdce78f54a33",
+ "uuid": "5beb2390-89ea-4129-9f3d-99b615dbba44",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "27b4194a-6e9e-4f22-a626-0d58ce4263fa",
+ "uuid": "7d773361-3d0f-4229-a046-cfea711e14df",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "ae032e05-f44e-4609-894c-b61dedcf1561",
+ "uuid": "286ceca8-d296-47c9-948f-ce8cea63dd67",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "cb802d60-19a7-48e1-9d96-9d328e03c9c3",
+ "uuid": "13539b1b-1a3f-43c4-89e4-bc21ada298c7",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -19953,7 +21886,7 @@
]
},
{
- "uuid": "adfbf5c2-263e-4f52-8e36-b59606b16555",
+ "uuid": "c685d577-d8af-4046-8846-783f756297b9",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -19970,7 +21903,7 @@
]
},
{
- "uuid": "b4b52359-5c52-42a8-b291-e5e39d3484d5",
+ "uuid": "2d47d691-d5fb-4d48-ab98-b31bf210e83b",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -19992,7 +21925,7 @@
]
},
{
- "uuid": "050ef507-9d25-4c1d-91ab-d2ce89696764",
+ "uuid": "ca17f855-95d5-4318-af42-be3c53f4132e",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -20009,7 +21942,7 @@
]
},
{
- "uuid": "7deaa719-7124-43f5-ae88-659ac3ffdf2a",
+ "uuid": "a528021d-0a91-4c52-b20f-d60cb0ee200d",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -20026,7 +21959,7 @@
]
},
{
- "uuid": "06327f48-3e1c-43a3-909e-c1fd0da7fb0a",
+ "uuid": "a3f5c235-b96f-45a3-a4ef-082a4265e913",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -20043,7 +21976,7 @@
]
},
{
- "uuid": "8ca6f2ca-b9d7-40df-b4ed-bed8874406fd",
+ "uuid": "f14252a6-1c7a-445c-99ae-43ea20c97652",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -20060,7 +21993,7 @@
]
},
{
- "uuid": "1de123f2-844b-4360-92c1-24701802ca75",
+ "uuid": "a02ff274-6054-4c8a-9f94-4aee24310984",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -20077,7 +22010,7 @@
]
},
{
- "uuid": "83aad831-c538-4949-ac22-051494eb2983",
+ "uuid": "7b44c02c-2776-45c4-bdc8-40388ac9a3b5",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -20094,7 +22027,7 @@
]
},
{
- "uuid": "215ff948-d312-4723-9c5f-57b437d67a10",
+ "uuid": "3a34542d-1116-4d2b-ba7c-8adb0f9de5a3",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -20111,7 +22044,7 @@
]
},
{
- "uuid": "09e859a5-5744-44cf-97be-136ab3d1a476",
+ "uuid": "19c64453-2ddb-4486-8fdc-9425b4805280",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -20128,7 +22061,7 @@
]
},
{
- "uuid": "e3082a5e-354c-4718-a278-3835daba85db",
+ "uuid": "b1896658-ea52-4afa-b551-710236f8cdb6",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -20145,7 +22078,7 @@
]
},
{
- "uuid": "72e7d505-228c-49f9-a4bb-172957375527",
+ "uuid": "73fb3e37-94eb-42e1-9f50-de201135a037",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -20162,7 +22095,7 @@
]
},
{
- "uuid": "cd38d4a8-a12e-4f4f-9ce7-7891c5748cf4",
+ "uuid": "bdc984e5-9ca3-4715-9318-8e977256cac6",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -20179,7 +22112,7 @@
]
},
{
- "uuid": "e99894b6-51ca-451b-8aba-f75f49ab14a3",
+ "uuid": "7d7c6e26-806f-49f1-8138-bb35139b7a86",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -20196,7 +22129,7 @@
]
},
{
- "uuid": "485f8f89-7937-4c23-bae2-7367492a6fec",
+ "uuid": "c7798a29-e31b-4870-96c2-54bf50d08d55",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -20213,7 +22146,7 @@
]
},
{
- "uuid": "c42ba0fc-9258-4b28-bba6-87748df66ea2",
+ "uuid": "bfa92da3-d141-499a-ae48-9f62416a991e",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -20230,7 +22163,7 @@
]
},
{
- "uuid": "854f77c0-1bf1-4196-8e09-7df0494d7bda",
+ "uuid": "2e194530-a026-4e0e-873b-76f65c7ca3ca",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -20242,12 +22175,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "a31a9b99-d4cb-4389-b2c7-2f9a671c929b",
+ "uuid": "aa456974-7d2d-4e32-9389-9c21655252ae",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -20264,7 +22197,7 @@
]
},
{
- "uuid": "400598c9-3cca-49e3-bd6e-847950478e5d",
+ "uuid": "cbecae22-97d9-41bc-9470-43728c668c32",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -20286,7 +22219,7 @@
]
},
{
- "uuid": "9cb22912-dacc-4a27-b65f-9d61325ec629",
+ "uuid": "c0dde2a5-8f9d-4236-8214-2ae5017d5bf4",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -20299,7 +22232,7 @@
]
},
{
- "uuid": "de5ebef2-8b82-49cd-9c2e-d1ec1144aeb1",
+ "uuid": "ec83e177-a1d0-431a-9810-cbb484c5e2de",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -20312,7 +22245,7 @@
]
},
{
- "uuid": "eec628fb-faa6-4589-8b48-963248792fea",
+ "uuid": "49974e9b-22ad-463f-aa57-239e88fffa70",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -20330,7 +22263,7 @@
]
},
{
- "uuid": "2ae2867e-ce98-46b4-b120-f963141947e7",
+ "uuid": "fa65b916-eeeb-4551-83d0-1d6d6d42edcd",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -20342,7 +22275,7 @@
]
},
{
- "uuid": "0f38e4be-c01f-425f-86ab-96de1b186ae9",
+ "uuid": "5539ede7-09d4-46df-bed5-a6e37466e4db",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -20364,7 +22297,7 @@
]
},
{
- "uuid": "d2912f1c-01b2-40b0-a732-ca0a03441276",
+ "uuid": "045641c4-2fd4-4228-a122-679467751311",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -20372,11 +22305,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "3e09a7c5-035b-40a0-ae39-1702bad34dba",
+ "uuid": "cd981f80-e799-45fa-9fb6-a695b938c538",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -20388,19 +22336,24 @@
]
},
{
- "uuid": "8749163e-c80a-4585-8802-68fd2b5af902",
+ "uuid": "621aa06d-b2ee-4530-b870-975fdb5cceab",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "d880fecd-307f-4ed3-8627-6faa233c449c",
+ "uuid": "f4ebe2ff-e1f1-4e35-8957-d2d2cdcf40cb",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -20417,7 +22370,7 @@
]
},
{
- "uuid": "84c4c11f-9cc2-404b-94db-8b90370f3df2",
+ "uuid": "a37ff512-8394-4bf5-8601-53931734e6b6",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -20434,7 +22387,7 @@
]
},
{
- "uuid": "ab9327dd-0209-42f6-b5f1-487bb88fdf3f",
+ "uuid": "aad9ae1a-6ae5-46d8-b247-d62f6a07828f",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -20451,7 +22404,7 @@
]
},
{
- "uuid": "42cf4260-5cbf-4990-b010-a87c639ca72a",
+ "uuid": "009be089-e297-4f5a-847d-a328d334c5b6",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -20468,7 +22421,7 @@
]
},
{
- "uuid": "898a4c35-248a-4243-b693-d2ce99f73c2e",
+ "uuid": "c20768bf-5711-41ad-bd2f-4889b20667a2",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -20485,7 +22438,7 @@
]
},
{
- "uuid": "010e6d76-f56b-4cfb-a9ef-c7279cc35d81",
+ "uuid": "601aed5c-0fc2-4ec4-8065-0db2d45236fc",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -20502,20 +22455,24 @@
]
},
{
- "uuid": "c69f2b54-4fa0-4f98-8782-7a30f026ab40",
+ "uuid": "dc5bf8f4-9288-47e5-ad7d-240062d29c02",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "cb996f59-9b64-489f-b14d-310899bdb378",
+ "uuid": "6b9ee345-4cba-4567-a5b0-1de9afa0a61f",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -20532,7 +22489,7 @@
]
},
{
- "uuid": "1951a41e-284c-4450-aa63-0db3febc2106",
+ "uuid": "80e7bb1b-6ac5-4c65-b56e-51f1053a2f2e",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -20549,7 +22506,7 @@
]
},
{
- "uuid": "a0c4019f-7910-4556-9dc2-df8ef22ba94b",
+ "uuid": "9654d8ef-6291-4d7c-b909-5da85624ee4e",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -20571,7 +22528,7 @@
]
},
{
- "uuid": "93677500-0aa9-42e0-adb5-f5906f04d736",
+ "uuid": "3af2c7e3-1d39-471e-8c72-6189682d60c0",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -20584,7 +22541,7 @@
]
},
{
- "uuid": "5e62f581-b3ec-4488-bb66-d51a794792ea",
+ "uuid": "7afdb563-7e4c-404d-afdb-f4c26fdf1e42",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -20592,11 +22549,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "5e1db804-036b-491a-a552-41e6f7969f59",
+ "uuid": "45288828-fb12-4efe-a634-509ba0001942",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -20613,20 +22575,24 @@
]
},
{
- "uuid": "930a2a69-d739-4fa2-b73c-dcbe7a5654f3",
+ "uuid": "5621ceb5-0d0e-4ca4-b4d6-e81e661bd70c",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "542fc77f-a250-4c8e-b261-d03881128aa8",
+ "uuid": "b74b7a65-073a-4dfe-add9-b3030ebb090f",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -20648,19 +22614,24 @@
]
},
{
- "uuid": "78a2a889-fc64-4800-812d-a76bb6df02f4",
+ "uuid": "5766608b-405a-422f-afc3-98aecbd0e761",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "08f135c1-b068-441f-bb0a-3207880969db",
+ "uuid": "f30d0324-0fe3-4fd7-9169-a64dc54e975e",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -20682,7 +22653,7 @@
]
},
{
- "uuid": "f51a26bf-a0c1-48fe-9f9f-85efe23811dd",
+ "uuid": "381f6e1f-3f83-442d-b027-56f3ddcba402",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -20704,20 +22675,15 @@
]
},
{
- "uuid": "43e5d222-a032-4f90-8317-ac3546a93947",
+ "uuid": "50e6fa0d-88d4-45a1-94c3-702de3bed27d",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -20726,7 +22692,7 @@
]
},
{
- "uuid": "3cc9a745-a264-495f-aa74-2c599a3c39fa",
+ "uuid": "5de965ea-65e5-4a22-9ce5-bf91cb2bdff6",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -20748,7 +22714,7 @@
]
},
{
- "uuid": "5bf77c6f-9860-488a-abc6-f57ae03464aa",
+ "uuid": "b047cd40-9832-472c-87e8-7ec0a56554b0",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -20765,7 +22731,7 @@
]
},
{
- "uuid": "02412287-e255-4ce0-9a99-ee5e60c026e4",
+ "uuid": "b939456f-9c8c-4fd5-b7b1-23de882c39ad",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -20782,7 +22748,7 @@
]
},
{
- "uuid": "7c06ef47-095e-4904-9b3f-7632fbacdbb3",
+ "uuid": "2f403119-0310-4c6c-bc22-9307c3e70673",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -20799,20 +22765,24 @@
]
},
{
- "uuid": "676b0dea-0498-45fb-9497-a270c9e488f5",
+ "uuid": "7aa7f4fa-1ff9-43f2-8df8-3cf06e3cb787",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "2e98f3dd-8563-4c32-8d75-43abc0f6c6ed",
+ "uuid": "9e1e2822-563e-4554-adda-01d4d7f12d9b",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -20829,7 +22799,7 @@
]
},
{
- "uuid": "c3e15a6f-9e9a-4f73-ba68-9f413aba8d61",
+ "uuid": "62b75580-0a86-4a6e-844c-5eeb1b2bef43",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -20851,20 +22821,24 @@
]
},
{
- "uuid": "db0c27c7-db18-4251-89ac-b3b74e27c4ea",
+ "uuid": "ecd2606b-f56d-4cdb-bbac-aa873b931fd8",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "7dc9177a-4eb3-4cfe-89f8-5474ccb9e4d2",
+ "uuid": "5a1e7583-1423-4d68-b967-72f808bd6dfd",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -20886,20 +22860,24 @@
]
},
{
- "uuid": "cb2c3e84-10b6-401e-a73b-dc69f6caa8d6",
+ "uuid": "0fe00f74-6c62-466f-b30f-ea624bacaaf0",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "a72713b1-1956-445a-b75c-7392e458c79a",
+ "uuid": "fe37d38f-9cd9-411c-b8ff-ea2d408dbfdd",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -20916,7 +22894,7 @@
]
},
{
- "uuid": "303c1e72-2f0b-4457-b86a-c124a8df16a5",
+ "uuid": "9c861b3f-3acf-4386-82d4-12ec4e8111ec",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -20943,7 +22921,7 @@
]
},
{
- "uuid": "99b90f07-6edc-443a-8120-3c31b8e877e5",
+ "uuid": "89fa0e0e-1b77-4320-9f49-f73629580ada",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -20965,7 +22943,7 @@
]
},
{
- "uuid": "e18bc460-3826-4dbb-8f53-bf4aebad40ba",
+ "uuid": "29ef3369-e315-4ce4-9452-96b22bcbb010",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -20982,7 +22960,7 @@
]
},
{
- "uuid": "5c4d2024-7597-4e92-a71f-3de9b9149047",
+ "uuid": "bd2900c5-17bd-4b25-bc67-47d123a20ff8",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -20999,7 +22977,7 @@
]
},
{
- "uuid": "911126a8-806b-4d26-8c83-a814f017df5b",
+ "uuid": "eec78895-e40b-48fe-9548-82d508e2423b",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -21016,7 +22994,7 @@
]
},
{
- "uuid": "be42a8d8-705c-4ce3-9d6f-6d569204a493",
+ "uuid": "d1c8b94e-db19-4cc2-a5c6-75c8c8407525",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -21029,7 +23007,7 @@
]
},
{
- "uuid": "5ae3da03-e4d0-439c-9147-ca4240b4ed53",
+ "uuid": "06db1544-c394-4b13-8856-39a0468b2ddb",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -21042,20 +23020,24 @@
]
},
{
- "uuid": "e6cc82bc-8158-447e-ba83-55c55dc35ba5",
+ "uuid": "6e12a234-c109-4a6e-af94-bc019463be1a",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "1753be7a-bb19-4861-81b7-93035ffec5f0",
+ "uuid": "e502f0ae-fd57-49e2-a683-fe6cb7796886",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -21072,7 +23054,7 @@
]
},
{
- "uuid": "5032203e-9dee-4e14-8c95-a6917d2584d5",
+ "uuid": "615fd35b-ae36-4454-8b87-6a3b0fbc08c0",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -21085,20 +23067,24 @@
]
},
{
- "uuid": "3a53fff3-b711-4177-bc31-a42c3865cc3d",
+ "uuid": "5bd306ab-4f99-45c3-ae27-5c874facbbfb",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "b94fd506-b415-4b19-aba8-3e06515c9f91",
+ "uuid": "d0823115-54a0-4d13-841a-92a83a363394",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -21115,20 +23101,24 @@
]
},
{
- "uuid": "dd6f45d8-f0fc-4f7c-8688-ac1957a74cbb",
+ "uuid": "fd3e3585-e4ff-4973-985f-b629fad7c224",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "78115297-949c-4eae-9b50-e60be48ba0a9",
+ "uuid": "52771d43-2d20-4dc5-90e3-c26233b46edb",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -21145,7 +23135,7 @@
]
},
{
- "uuid": "983a2a06-8a86-44c0-a6ae-02ec434ab8dd",
+ "uuid": "272229c8-b3d3-4b3f-8588-f1d1fe372a43",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -21162,7 +23152,7 @@
]
},
{
- "uuid": "be5661d0-f2ca-4402-94de-735a16e00cfc",
+ "uuid": "13d9fe58-1127-489d-b5a7-55f7caa7441a",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -21174,7 +23164,7 @@
]
},
{
- "uuid": "6548a5f0-f37d-49d3-af5e-4800bfb32039",
+ "uuid": "38959d87-0ae4-4454-83b8-e0172592960c",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -21186,7 +23176,7 @@
]
},
{
- "uuid": "bbf25e46-cb38-41e6-b3bc-3f36807f8b38",
+ "uuid": "0e628d21-0a03-4ee3-a6f1-ec90e5a63860",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -21198,7 +23188,7 @@
]
},
{
- "uuid": "13d695f2-fcf3-4423-b2ee-721fcf262680",
+ "uuid": "e34d7093-41ce-42a0-9001-b1ca6e98d8a1",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -21210,7 +23200,7 @@
]
},
{
- "uuid": "ff831d9a-944b-4261-98a5-8ee3510d9087",
+ "uuid": "0b3057f3-8600-4e46-8348-0b23b2702b62",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -21223,7 +23213,7 @@
]
},
{
- "uuid": "008d4401-6141-4a15-8e60-6c6407556cb5",
+ "uuid": "aebd3dce-1ed8-4ced-a0b1-17f6f0d72569",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -21236,7 +23226,7 @@
]
},
{
- "uuid": "91dcdea0-4b7c-48fc-9bf2-d07463b0e222",
+ "uuid": "e517ebcc-7b8e-4199-9a8f-40efcda61060",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -21248,7 +23238,7 @@
]
},
{
- "uuid": "10390f6f-e8a3-49cd-a6f0-df901bc3a0ba",
+ "uuid": "0b798dad-1c16-4709-850a-01046807b6ac",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -21261,7 +23251,7 @@
]
},
{
- "uuid": "94fc9b3f-75b9-49d8-a9d3-91f940d8afaf",
+ "uuid": "5bcb39e6-258e-4cd0-aedb-b6460e097bd1",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -21288,7 +23278,7 @@
]
},
{
- "uuid": "7932a5ac-1bc6-4791-9604-6497c43c1e13",
+ "uuid": "6fd9693b-cdf1-450c-b086-d7cf54c859ae",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -21315,7 +23305,7 @@
]
},
{
- "uuid": "d1179ddb-c643-4e74-a238-f36740bab160",
+ "uuid": "d7f2ddb6-2782-49dd-acd8-f390b0d7d58d",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -21342,7 +23332,7 @@
]
},
{
- "uuid": "703e9e07-1624-422a-adb3-5957ee92a93f",
+ "uuid": "cabb0f97-d01a-4e54-99b2-f5cabdc402ab",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -21369,7 +23359,7 @@
]
},
{
- "uuid": "3a86294c-f75e-488d-8973-e41f17025841",
+ "uuid": "305c65b2-6c64-4ac3-912d-fc803c1ac3e7",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -21396,7 +23386,7 @@
]
},
{
- "uuid": "bc937228-0c5c-4456-abc2-d2a094902d6b",
+ "uuid": "1820ef1a-4f79-4fd7-94bf-7511ea4a3522",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -21423,7 +23413,7 @@
]
},
{
- "uuid": "1998883e-b237-4554-94b5-c58a1e6db9b9",
+ "uuid": "5923221c-302c-4f23-ad6e-e701514bf86b",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -21450,7 +23440,7 @@
]
},
{
- "uuid": "7cebb252-09e8-4393-90bf-5e4de1cc57a6",
+ "uuid": "ad522bb9-e63f-4b23-97f1-7fb1520d96ea",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -21477,7 +23467,7 @@
]
},
{
- "uuid": "17eb11f5-c717-4c01-8185-3083b535db21",
+ "uuid": "bd70e484-3822-4591-bc89-5672b7267585",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -21504,7 +23494,7 @@
]
},
{
- "uuid": "30b9b393-16b6-44aa-bc28-e5dd6d459afc",
+ "uuid": "284d1b92-cd50-4cec-97b6-3631cb7279e4",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -21531,24 +23521,49 @@
]
},
{
- "uuid": "28600b38-669c-43fe-bd49-7c13f1b1e380",
+ "uuid": "f6c6c66c-ccdd-438a-924f-71f2bfa820f4",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "8afc2d9f-2838-4c5b-8bb2-bfeefcdd64ee",
+ "uuid": "170036da-ed6c-4d80-9dd0-3562311a8a3e",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -21570,29 +23585,29 @@
]
},
{
- "uuid": "055f41cf-97af-435c-8d8e-262799e6aedb",
+ "uuid": "3afcaef4-c2bc-4f01-b0aa-c31f40c8ab61",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "914b3bf4-1447-40b8-b532-33f0dab24a89",
+ "uuid": "9f81ac6f-e143-4007-8d89-5c8456cb5460",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -21605,7 +23620,7 @@
]
},
{
- "uuid": "4f8fcbda-1e57-4bc0-bfbc-67a88809b58a",
+ "uuid": "5457eee0-79d4-4c14-8e41-89e518a4eb52",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -21622,7 +23637,7 @@
]
},
{
- "uuid": "5475124c-f759-4053-af88-625aff00b241",
+ "uuid": "7adf1641-e7fe-43b5-8908-46063c3c1d5f",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -21639,7 +23654,7 @@
]
},
{
- "uuid": "d45eccc4-f81b-4d1c-9409-b820854b8234",
+ "uuid": "e72e9f46-2634-4968-a52b-1c71ee323f36",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -21656,7 +23671,7 @@
]
},
{
- "uuid": "2ee352e6-b044-4899-82ea-9c7ccb174672",
+ "uuid": "d2473cee-10e7-470d-ab21-72a33bf2dc1e",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -21673,7 +23688,7 @@
]
},
{
- "uuid": "fd00a08f-31b2-4623-a3da-c395ba639bfa",
+ "uuid": "887188ac-96da-442a-b424-314728011fc0",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -21690,7 +23705,7 @@
]
},
{
- "uuid": "942e5c9c-ed55-46de-a741-18bd1829736c",
+ "uuid": "7aa5c676-51e5-4713-a67f-24db884fca6d",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -21707,7 +23722,7 @@
]
},
{
- "uuid": "28a86716-d275-47a1-868f-ab5c06a5ca9a",
+ "uuid": "50faa12e-bbe6-400d-9afd-d32e536dd93d",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -21724,7 +23739,7 @@
]
},
{
- "uuid": "5a9487b0-9ce3-44e4-b276-de772532a7af",
+ "uuid": "3b45c284-eb3e-495b-aaee-81fc22a61a9c",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -21751,14 +23766,14 @@
]
},
{
- "uuid": "5e5a507c-2497-40f9-a016-a774e0f37959",
+ "uuid": "012e074c-49f3-4d42-a77a-022151b51816",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -21773,22 +23788,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
diff --git a/component-definitions/fedora/fedora-cis_fedora-l1_workstation/component-definition.json b/component-definitions/fedora/fedora-cis_fedora-l1_workstation/component-definition.json
index 5b0be5fa..d66c2142 100644
--- a/component-definitions/fedora/fedora-cis_fedora-l1_workstation/component-definition.json
+++ b/component-definitions/fedora/fedora-cis_fedora-l1_workstation/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "e4c9973a-dbda-48c4-8081-bf2dbfe65692",
"metadata": {
"title": "Component definition for fedora",
- "last-modified": "2025-12-17T11:20:51.860810+00:00",
- "version": "1.6",
+ "last-modified": "2026-01-05T17:16:56.688077+00:00",
+ "version": "1.7",
"oscal-version": "1.1.3"
},
"components": [
@@ -119,121 +119,121 @@
{
"name": "Parameter_Id_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
+ "value": "Disable ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "value": "Disable ICMP Redirect Acceptance?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "value": "Disable IP source routing?",
"remarks": "rule_set_000"
},
{
@@ -245,13 +245,13 @@
{
"name": "Parameter_Id_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
+ "value": "Toggle IPv4 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -263,31 +263,31 @@
{
"name": "Parameter_Id_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enables source route verification",
"remarks": "rule_set_000"
},
{
@@ -299,49 +299,49 @@
{
"name": "Parameter_Id_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "value": "Enable to prevent unnecessary logging",
"remarks": "rule_set_000"
},
{
@@ -353,13 +353,13 @@
{
"name": "Parameter_Id_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
"remarks": "rule_set_000"
},
{
@@ -371,31 +371,31 @@
{
"name": "Parameter_Id_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
+ "value": "Accept all router advertisements?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
+ "value": "Toggle ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
@@ -407,13 +407,13 @@
{
"name": "Parameter_Id_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -425,13 +425,13 @@
{
"name": "Parameter_Id_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -443,13 +443,13 @@
{
"name": "Parameter_Id_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
+ "value": "Accept default router advertisements by default?",
"remarks": "rule_set_000"
},
{
@@ -461,13 +461,13 @@
{
"name": "Parameter_Id_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
"remarks": "rule_set_000"
},
{
@@ -479,13 +479,13 @@
{
"name": "Parameter_Id_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -497,13 +497,13 @@
{
"name": "Parameter_Id_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 default Forwarding",
"remarks": "rule_set_000"
},
{
@@ -689,7 +689,7 @@
{
"name": "Parameter_Value_Alternatives_36",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -767,234 +767,252 @@
{
"name": "Parameter_Id_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minclass",
+ "value": "var_password_pam_maxsequence",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of categories of characters that must exist in a password",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minlen",
+ "value": "var_password_pam_minclass",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters in password",
+ "value": "Minimum number of categories of characters that must exist in a password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
+ "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember",
+ "value": "var_password_pam_minlen",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent password reuse using password history lookup",
+ "value": "Minimum number of characters in password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
+ "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember_control_flag",
+ "value": "var_password_pam_remember",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
+ "value": "Prevent password reuse using password history lookup",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_postfix_inet_interfaces",
+ "value": "var_password_pam_remember_control_flag",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
+ "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
+ "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_screensaver_lock_delay",
+ "value": "var_postfix_inet_interfaces",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
+ "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
+ "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_policy_name",
+ "value": "var_screensaver_lock_delay",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
+ "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
+ "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_max_sessions",
+ "value": "var_selinux_policy_name",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of open sessions permitted.",
+ "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
+ "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_keepalive",
+ "value": "var_sshd_max_sessions",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of idle message counts before session is terminated.",
+ "value": "Specify the maximum number of open sessions permitted.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
+ "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_login_grace_time",
+ "value": "var_sshd_set_keepalive",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
+ "value": "Specify the maximum number of idle message counts before session is terminated.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 60, 60: 60}",
+ "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_maxstartups",
+ "value": "var_sshd_set_login_grace_time",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
+ "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
+ "value": "{'default': 60, 60: 60}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
+ "value": "var_sshd_set_maxstartups",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
+ "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
+ "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_user_initialization_files_regex",
+ "value": "var_sudo_timestamp_timeout",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_user_initialization_files_regex",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
"remarks": "rule_set_000"
},
@@ -1397,2868 +1415,3384 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
+ "value": "file_permissions_boot_grub2",
"remarks": "rule_set_034"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
"remarks": "rule_set_034"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
+ "value": "file_owner_boot_grub2",
"remarks": "rule_set_035"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
+ "value": "All GRUB configuration files must be owned by root",
"remarks": "rule_set_035"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
+ "value": "file_groupowner_boot_grub2",
"remarks": "rule_set_036"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
+ "value": "All GRUB configuration files must be group-owned by root",
"remarks": "rule_set_036"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
+ "value": "disable_users_coredumps",
"remarks": "rule_set_037"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
+ "value": "Disable Core Dumps for All Users",
"remarks": "rule_set_037"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
+ "value": "sysctl_fs_protected_hardlinks",
"remarks": "rule_set_038"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
"remarks": "rule_set_038"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
+ "value": "sysctl_fs_protected_symlinks",
"remarks": "rule_set_039"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
"remarks": "rule_set_039"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
+ "value": "sysctl_fs_suid_dumpable",
"remarks": "rule_set_040"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
+ "value": "Disable Core Dumps for SUID programs",
"remarks": "rule_set_040"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
+ "value": "sysctl_kernel_dmesg_restrict",
"remarks": "rule_set_041"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
+ "value": "Restrict Access to Kernel Message Buffer",
"remarks": "rule_set_041"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
+ "value": "sysctl_kernel_kptr_restrict",
"remarks": "rule_set_042"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
"remarks": "rule_set_042"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
+ "value": "sysctl_kernel_yama_ptrace_scope",
"remarks": "rule_set_043"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "value": "Restrict usage of ptrace to descendant processes",
"remarks": "rule_set_043"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
+ "value": "sysctl_kernel_randomize_va_space",
"remarks": "rule_set_044"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
+ "value": "Enable Randomized Layout of Virtual Address Space",
"remarks": "rule_set_044"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
+ "value": "coredump_disable_backtraces",
"remarks": "rule_set_045"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
+ "value": "Disable core dump backtraces",
"remarks": "rule_set_045"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
+ "value": "coredump_disable_storage",
"remarks": "rule_set_046"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
+ "value": "Disable storing core dump",
"remarks": "rule_set_046"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
+ "value": "configure_custom_crypto_policy_cis",
"remarks": "rule_set_047"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
"remarks": "rule_set_047"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
+ "value": "banner_etc_motd_cis",
"remarks": "rule_set_048"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
+ "value": "Ensure Message Of The Day Is Configured Properly",
"remarks": "rule_set_048"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
+ "value": "banner_etc_issue_cis",
"remarks": "rule_set_049"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
"remarks": "rule_set_049"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
+ "value": "banner_etc_issue_net_cis",
"remarks": "rule_set_050"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
"remarks": "rule_set_050"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
+ "value": "file_groupowner_etc_motd",
"remarks": "rule_set_051"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
+ "value": "Verify Group Ownership of Message of the Day Banner",
"remarks": "rule_set_051"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
+ "value": "file_owner_etc_motd",
"remarks": "rule_set_052"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
+ "value": "Verify ownership of Message of the Day Banner",
"remarks": "rule_set_052"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
+ "value": "file_permissions_etc_motd",
"remarks": "rule_set_053"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
+ "value": "Verify permissions on Message of the Day Banner",
"remarks": "rule_set_053"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
+ "value": "file_groupowner_etc_issue",
"remarks": "rule_set_054"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
+ "value": "Verify Group Ownership of System Login Banner",
"remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
+ "value": "file_owner_etc_issue",
"remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
+ "value": "Verify ownership of System Login Banner",
"remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
+ "value": "file_permissions_etc_issue",
"remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "value": "Verify permissions on System Login Banner",
"remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
+ "value": "file_groupowner_etc_issue_net",
"remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
+ "value": "file_owner_etc_issue_net",
"remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
+ "value": "Verify ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
+ "value": "file_permissions_etc_issue_net",
"remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
+ "value": "Verify permissions on System Login Banner for Remote Connections",
"remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
+ "value": "dconf_gnome_banner_enabled",
"remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
+ "value": "Enable GNOME3 Login Warning Banner",
"remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
+ "value": "dconf_gnome_login_banner_text",
"remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
+ "value": "Set the GNOME3 Login Warning Banner Text",
"remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
+ "value": "dconf_gnome_disable_user_list",
"remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
+ "value": "Disable the GNOME3 Login User List",
"remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
+ "value": "dconf_gnome_screensaver_idle_delay",
"remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
"remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
+ "value": "dconf_gnome_screensaver_lock_delay",
"remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
"remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
+ "value": "dconf_gnome_session_idle_user_locks",
"remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
"remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
+ "value": "dconf_gnome_screensaver_user_locks",
"remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
"remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
+ "value": "dconf_gnome_disable_autorun",
"remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
+ "value": "Disable GNOME3 Automount running",
"remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
+ "value": "package_kea_removed",
"remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
+ "value": "Uninstall kea Package",
"remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
+ "value": "package_bind_removed",
"remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
+ "value": "Uninstall bind Package",
"remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
+ "value": "package_dnsmasq_removed",
"remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
+ "value": "Uninstall dnsmasq Package",
"remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
+ "value": "package_vsftpd_removed",
"remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
+ "value": "Uninstall vsftpd Package",
"remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
+ "value": "package_dovecot_removed",
"remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
+ "value": "Uninstall dovecot Package",
"remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
+ "value": "package_cyrus-imapd_removed",
"remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
+ "value": "Uninstall cyrus-imapd Package",
"remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
+ "value": "service_nfs_disabled",
"remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
+ "value": "Disable Network File System (nfs)",
"remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
+ "value": "service_rpcbind_disabled",
"remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
+ "value": "Disable rpcbind Service",
"remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
+ "value": "package_rsync_removed",
"remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "value": "Uninstall rsync Package",
"remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
+ "value": "package_samba_removed",
"remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
+ "value": "Uninstall Samba Package",
"remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
+ "value": "package_net-snmp_removed",
"remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
+ "value": "Uninstall net-snmp Package",
"remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
+ "value": "package_telnet-server_removed",
"remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
+ "value": "Uninstall telnet-server Package",
"remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
+ "value": "package_tftp-server_removed",
"remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
+ "value": "Uninstall tftp-server Package",
"remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
+ "value": "package_squid_removed",
"remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
+ "value": "Uninstall squid Package",
"remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
+ "value": "package_httpd_removed",
"remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
+ "value": "Uninstall httpd Package",
"remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
+ "value": "package_nginx_removed",
"remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
+ "value": "Uninstall nginx Package",
"remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
+ "value": "postfix_network_listening_disabled",
"remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
+ "value": "Disable Postfix Network Listening",
"remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
+ "value": "has_nonlocal_mta",
"remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
"remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
+ "value": "package_ftp_removed",
"remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
+ "value": "Remove ftp Package",
"remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
+ "value": "package_telnet_removed",
"remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
+ "value": "Remove telnet Clients",
"remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
+ "value": "package_tftp_removed",
"remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
+ "value": "Remove tftp Daemon",
"remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
+ "value": "chronyd_specify_remote_server",
"remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
+ "value": "A remote time server for Chrony is configured",
"remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
+ "value": "chronyd_run_as_chrony_user",
"remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
+ "value": "Ensure that chronyd is running under chrony user account",
"remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
+ "value": "package_cron_installed",
"remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
+ "value": "Install the cron service",
"remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
+ "value": "service_crond_enabled",
"remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
+ "value": "Enable cron Service",
"remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
+ "value": "file_groupowner_crontab",
"remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
+ "value": "Verify Group Who Owns Crontab",
"remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
+ "value": "file_owner_crontab",
"remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
+ "value": "Verify Owner on crontab",
"remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
+ "value": "file_permissions_crontab",
"remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
+ "value": "Verify Permissions on crontab",
"remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
+ "value": "file_groupowner_cron_hourly",
"remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
+ "value": "Verify Group Who Owns cron.hourly",
"remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
+ "value": "file_owner_cron_hourly",
"remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
+ "value": "Verify Owner on cron.hourly",
"remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
+ "value": "file_permissions_cron_hourly",
"remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
+ "value": "Verify Permissions on cron.hourly",
"remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
+ "value": "file_groupowner_cron_daily",
"remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
+ "value": "Verify Group Who Owns cron.daily",
"remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
+ "value": "file_owner_cron_daily",
"remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
+ "value": "Verify Owner on cron.daily",
"remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
+ "value": "file_permissions_cron_daily",
"remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
+ "value": "Verify Permissions on cron.daily",
"remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
+ "value": "file_groupowner_cron_weekly",
"remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
+ "value": "Verify Group Who Owns cron.weekly",
"remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
+ "value": "file_owner_cron_weekly",
"remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
+ "value": "Verify Owner on cron.weekly",
"remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
+ "value": "file_permissions_cron_weekly",
"remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
+ "value": "Verify Permissions on cron.weekly",
"remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
+ "value": "file_groupowner_cron_monthly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
+ "value": "Verify Group Who Owns cron.monthly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
+ "value": "file_owner_cron_monthly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
+ "value": "Verify Owner on cron.monthly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
+ "value": "file_permissions_cron_monthly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
+ "value": "Verify Permissions on cron.monthly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
+ "value": "file_groupowner_cron_yearly",
"remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
+ "value": "Verify Group Who Owns cron.yearly",
"remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
+ "value": "file_owner_cron_yearly",
"remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
+ "value": "Verify Owner on cron.yearly",
"remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
+ "value": "file_permissions_cron_yearly",
"remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
+ "value": "Verify Permissions on cron.yearly",
"remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
+ "value": "file_groupowner_cron_d",
"remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
+ "value": "Verify Group Who Owns cron.d",
"remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
+ "value": "file_owner_cron_d",
"remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "value": "Verify Owner on cron.d",
"remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "value": "file_permissions_cron_d",
"remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "value": "Verify Permissions on cron.d",
"remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "value": "file_cron_deny_not_exist",
"remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "value": "Ensure that /etc/cron.deny does not exist",
"remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "value": "file_cron_allow_exists",
"remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "value": "Ensure that /etc/cron.allow exists",
"remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "value": "file_groupowner_cron_allow",
"remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/cron.allow file",
"remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "value": "file_owner_cron_allow",
"remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "value": "Verify User Who Owns /etc/cron.allow file",
"remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "value": "file_permissions_cron_allow",
"remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/cron.allow file",
"remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "value": "file_at_deny_not_exist",
"remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "value": "Ensure that /etc/at.deny does not exist",
"remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "value": "file_at_allow_exists",
"remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "value": "Ensure that /etc/at.allow exists",
"remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "value": "file_groupowner_at_allow",
"remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/at.allow file",
"remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "value": "file_owner_at_allow",
"remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "value": "Verify User Who Owns /etc/at.allow file",
"remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "value": "file_permissions_at_allow",
"remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/at.allow file",
"remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "value": "kernel_module_atm_disabled",
"remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "value": "Disable ATM Support",
"remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "value": "kernel_module_can_disabled",
"remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "value": "Disable CAN Support",
"remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "value": "kernel_module_dccp_disabled",
"remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "value": "Disable DCCP Support",
"remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
+ "value": "kernel_module_tipc_disabled",
"remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "value": "Disable TIPC Support",
"remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "value": "kernel_module_rds_disabled",
"remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "value": "Disable RDS Support",
"remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "value": "sysctl_net_ipv4_ip_forward",
"remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
"remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
"remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
"remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
"remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
"remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
"remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
"remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
"remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
"remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
"remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
"remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
"remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
"remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
"remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
"remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
"remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
"remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
"remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
"remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
"remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
"remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
"remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
"remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
"remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
"remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
"remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
"remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
"remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
"remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
"remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
"remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_tcp_syncookies",
"remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
"remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
"remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
"remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
"remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
"remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
"remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
"remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
"remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
"remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
"remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
"remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
"remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
"remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
"remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
"remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
"remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
"remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
+ "value": "package_nftables_installed",
"remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
+ "value": "Install nftables Package",
"remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
+ "value": "service_firewalld_enabled",
"remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
+ "value": "Verify firewalld Enabled",
"remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
+ "value": "package_firewalld_installed",
"remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
+ "value": "Install firewalld Package",
"remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
+ "value": "service_nftables_disabled",
"remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
+ "value": "Verify nftables Service is Disabled",
"remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
+ "value": "firewalld_loopback_traffic_trusted",
"remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
+ "value": "Configure Firewalld to Trust Loopback Traffic",
"remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
+ "value": "firewalld_loopback_traffic_restricted",
"remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
"remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
+ "value": "file_groupowner_sshd_config",
"remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
+ "value": "Verify Group Who Owns SSH Server config file",
"remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
+ "value": "file_owner_sshd_config",
"remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
+ "value": "Verify Owner on SSH Server config file",
"remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
+ "value": "file_permissions_sshd_config",
"remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
+ "value": "Verify Permissions on SSH Server config file",
"remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
+ "value": "directory_permissions_sshd_config_d",
"remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
+ "value": "file_permissions_sshd_drop_in_config",
"remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
+ "value": "directory_groupowner_sshd_config_d",
"remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
+ "value": "directory_owner_sshd_config_d",
"remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
+ "value": "file_groupowner_sshd_drop_in_config",
"remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
+ "value": "file_owner_sshd_drop_in_config",
"remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
+ "value": "file_permissions_sshd_private_key",
"remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
"remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
+ "value": "file_ownership_sshd_private_key",
"remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
+ "value": "file_groupownership_sshd_private_key",
"remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
+ "value": "file_permissions_sshd_pub_key",
"remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
"remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
+ "value": "file_ownership_sshd_pub_key",
"remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
+ "value": "file_groupownership_sshd_pub_key",
"remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
+ "value": "sshd_limit_user_access",
"remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "value": "Limit Users' SSH Access",
"remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
+ "value": "sshd_enable_warning_banner_net",
"remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "value": "Enable SSH Warning Banner",
"remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
+ "value": "sshd_set_idle_timeout",
"remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
+ "value": "Set SSH Client Alive Interval",
"remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
+ "value": "sshd_set_keepalive",
"remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
+ "value": "Set SSH Client Alive Count Max",
"remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
+ "value": "sshd_disable_forwarding",
"remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "value": "Disable SSH Forwarding",
"remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
+ "value": "sshd_disable_gssapi_auth",
"remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "value": "Disable GSSAPI Authentication",
"remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
+ "value": "disable_host_auth",
"remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "value": "Disable Host-Based Authentication",
"remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
+ "value": "sshd_disable_rhosts",
"remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
+ "value": "Disable SSH Support for .rhosts Files",
"remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
+ "value": "sshd_set_login_grace_time",
"remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "value": "Ensure SSH LoginGraceTime is configured",
"remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
+ "value": "sshd_set_loglevel_verbose",
"remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
"remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "value": "sshd_set_max_auth_tries",
"remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
+ "value": "Set SSH authentication attempt limit",
"remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "value": "sshd_set_maxstartups",
"remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
+ "value": "Ensure SSH MaxStartups is configured",
"remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
+ "value": "sshd_set_max_sessions",
"remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
+ "value": "Set SSH MaxSessions limit",
"remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
+ "value": "sshd_disable_empty_passwords",
"remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "value": "Disable SSH Access via Empty Passwords",
"remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
+ "value": "sshd_disable_root_login",
"remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "value": "Disable SSH Root Login",
"remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
+ "value": "sshd_do_not_permit_user_env",
"remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
+ "value": "Do Not Allow SSH Environment Options",
"remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
+ "value": "sshd_enable_pam",
"remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
+ "value": "Enable PAM",
"remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
+ "value": "package_sudo_installed",
"remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
+ "value": "Install sudo Package",
"remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
+ "value": "sudo_add_use_pty",
"remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
"remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
+ "value": "sudo_custom_logfile",
"remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
"remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
+ "value": "sudo_remove_no_authenticate",
"remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
"remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
+ "value": "sudo_require_reauthentication",
"remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
+ "value": "Require Re-Authentication When Using the sudo Command",
"remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
+ "value": "use_pam_wheel_group_for_su",
"remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
"remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
+ "value": "ensure_pam_wheel_group_empty",
"remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
"remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
+ "value": "package_pam_pwquality_installed",
"remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
+ "value": "Install pam_pwquality Package",
"remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
+ "value": "account_password_pam_faillock_password_auth",
"remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
"remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
+ "value": "account_password_pam_faillock_system_auth",
"remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
"remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
+ "value": "accounts_password_pam_pwquality_password_auth",
"remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
"remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
+ "value": "accounts_password_pam_pwquality_system_auth",
"remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
"remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
+ "value": "accounts_password_pam_unix_enabled",
"remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
+ "value": "Verify pam_unix module is activated",
"remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
+ "value": "accounts_passwords_pam_faillock_deny",
"remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "value": "Lock Accounts After Failed Password Attempts",
"remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
+ "value": "accounts_passwords_pam_faillock_unlock_time",
"remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
+ "value": "Set Lockout Time for Failed Password Attempts",
"remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
+ "value": "accounts_password_pam_difok",
"remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
"remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
+ "value": "accounts_password_pam_minlen",
"remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
"remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
+ "value": "accounts_password_pam_minclass",
"remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
"remarks": "rule_set_210"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
+ "value": "accounts_password_pam_maxrepeat",
"remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
+ "value": "Set Password Maximum Consecutive Repeating Characters",
"remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
+ "value": "accounts_password_pam_maxsequence",
"remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
+ "value": "Limit the maximum number of sequential characters in passwords",
"remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
+ "value": "accounts_password_pam_dictcheck",
"remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
"remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
+ "value": "accounts_password_pam_enforce_root",
"remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
"remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
"remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
+ "value": "Limit Password Reuse: password-auth",
"remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
"remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
+ "value": "Limit Password Reuse: system-auth",
"remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
"remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
+ "value": "Enforce Password History with use_authtok",
"remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
+ "value": "no_empty_passwords",
"remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
+ "value": "Prevent Login to Accounts With Empty Password",
"remarks": "rule_set_218"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
+ "value": "accounts_password_pam_unix_no_remember",
"remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
+ "value": "Avoid using remember in pam_unix module",
"remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
+ "value": "set_password_hashing_algorithm_systemauth",
"remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
"remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
+ "value": "set_password_hashing_algorithm_passwordauth",
"remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
"remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
+ "value": "accounts_password_pam_unix_authtok",
"remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
+ "value": "Require use_authtok for pam_unix.so",
"remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
+ "value": "accounts_maximum_age_login_defs",
"remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
+ "value": "Set Password Maximum Age",
"remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
+ "value": "accounts_password_set_max_life_existing",
"remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
+ "value": "Set Existing Passwords Maximum Age",
"remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
+ "value": "accounts_password_warn_age_login_defs",
"remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
+ "value": "Set Password Warning Age",
"remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
+ "value": "accounts_password_set_warn_age_existing",
"remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
+ "value": "Set Existing Passwords Warning Age",
"remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
+ "value": "set_password_hashing_algorithm_logindefs",
"remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
"remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
+ "value": "account_disable_post_pw_expiration",
"remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
+ "value": "Set Account Expiration Following Inactivity",
"remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
+ "value": "accounts_set_post_pw_existing",
"remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
+ "value": "Set existing passwords a period of inactivity before they been locked",
"remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
+ "value": "accounts_password_last_change_is_in_past",
"remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
+ "value": "Ensure all users last password change date is in the past",
"remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
+ "value": "accounts_no_uid_except_zero",
"remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
+ "value": "Verify Only Root Has UID 0",
"remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
+ "value": "accounts_root_gid_zero",
"remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
+ "value": "Verify Root Has A Primary GID 0",
"remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
+ "value": "groups_no_zero_gid_except_root",
"remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
+ "value": "Verify Only Group Root Has GID 0",
"remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
+ "value": "ensure_root_password_configured",
"remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
+ "value": "Ensure Authentication Required for Single User Mode",
"remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
+ "value": "accounts_root_path_dirs_no_write",
"remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
"remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
+ "value": "root_path_no_dot",
"remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
"remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
+ "value": "accounts_umask_root",
"remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
"remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
+ "value": "no_password_auth_for_systemaccounts",
"remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Are Locked",
"remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
+ "value": "no_shelllogin_for_systemaccounts",
"remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
"remarks": "rule_set_239"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
+ "value": "no_invalid_shell_accounts_unlocked",
"remarks": "rule_set_240"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
+ "value": "Verify Non-Interactive Accounts Are Locked",
"remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
+ "value": "accounts_tmout",
"remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
+ "value": "Set Interactive Session Timeout",
"remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
+ "value": "accounts_umask_etc_bashrc",
"remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
+ "value": "Ensure the Default Bash Umask is Set Correctly",
"remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
+ "value": "accounts_umask_etc_login_defs",
"remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
"remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
+ "value": "accounts_umask_etc_profile",
"remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
"remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
+ "value": "package_aide_installed",
"remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
+ "value": "Install AIDE",
"remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
+ "value": "aide_build_database",
"remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
+ "value": "Build and Test AIDE Database",
"remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
+ "value": "aide_periodic_cron_checking",
"remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
+ "value": "Configure Periodic Execution of AIDE",
"remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
+ "value": "aide_check_audit_tools",
"remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
+ "value": "Configure AIDE to Verify the Audit Tools",
"remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
+ "value": "service_systemd-journald_enabled",
"remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
+ "value": "Enable systemd-journald Service",
"remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
"remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
"remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
+ "value": "package_systemd-journal-remote_installed",
"remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
+ "value": "Install systemd-journal-remote Package",
"remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
+ "value": "service_systemd-journal-upload_enabled",
"remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "value": "Enable systemd-journal-upload Service",
"remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
+ "value": "socket_systemd-journal-remote_disabled",
"remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
+ "value": "Disable systemd-journal-remote Socket",
"remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
+ "value": "journald_disable_forward_to_syslog",
"remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
+ "value": "Ensure journald ForwardToSyslog is disabled",
"remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
+ "value": "journald_compress",
"remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
+ "value": "Ensure journald is configured to compress large log files",
"remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
+ "value": "journald_storage",
"remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "value": "Ensure journald is configured to write log files to persistent disk",
"remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
+ "value": "rsyslog_files_groupownership",
"remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
"remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
+ "value": "rsyslog_files_ownership",
"remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "value": "Ensure Log Files Are Owned By Appropriate User",
"remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
+ "value": "rsyslog_files_permissions",
"remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
+ "value": "Ensure System Log Files Have Correct Permissions",
"remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
+ "value": "file_groupowner_etc_passwd",
"remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
+ "value": "Verify Group Who Owns passwd File",
"remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
+ "value": "file_owner_etc_passwd",
"remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
+ "value": "Verify User Who Owns passwd File",
"remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
+ "value": "file_permissions_etc_passwd",
"remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
+ "value": "Verify Permissions on passwd File",
"remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
+ "value": "file_groupowner_backup_etc_passwd",
"remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "value": "Verify Group Who Owns Backup passwd File",
"remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
+ "value": "file_owner_backup_etc_passwd",
"remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "value": "Verify User Who Owns Backup passwd File",
"remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
+ "value": "file_permissions_backup_etc_passwd",
"remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "value": "Verify Permissions on Backup passwd File",
"remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
+ "value": "file_groupowner_etc_group",
"remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
+ "value": "Verify Group Who Owns group File",
"remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
+ "value": "file_owner_etc_group",
"remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
+ "value": "Verify User Who Owns group File",
"remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
+ "value": "file_permissions_etc_group",
"remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "value": "Verify Permissions on group File",
"remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
+ "value": "file_groupowner_backup_etc_group",
"remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
+ "value": "Verify Group Who Owns Backup group File",
"remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
+ "value": "file_owner_backup_etc_group",
"remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
+ "value": "Verify User Who Owns Backup group File",
"remarks": "rule_set_270"
- }
- ],
- "control-implementations": [
+ },
{
- "uuid": "e427170b-3d22-4fc6-9ee4-bcb0465f00a0",
- "source": "trestle://profiles/fedora-cis_fedora-l1_workstation/profile.json",
- "description": "Control implementation for cis_workstation_l1",
- "props": [
- {
- "name": "Framework_Short_Name",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
- "value": "cis_workstation_l1"
- }
- ],
- "set-parameters": [
- {
- "param-id": "cis_banner_text",
- "values": [
- "cis"
- ]
- },
- {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_group",
+ "remarks": "rule_set_271"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup group File",
+ "remarks": "rule_set_271"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shadow",
+ "remarks": "rule_set_272"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns shadow File",
+ "remarks": "rule_set_272"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shadow",
+ "remarks": "rule_set_273"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns shadow File",
+ "remarks": "rule_set_273"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shadow",
+ "remarks": "rule_set_274"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on shadow File",
+ "remarks": "rule_set_274"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_backup_etc_shadow",
+ "remarks": "rule_set_275"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns Backup shadow File",
+ "remarks": "rule_set_275"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_backup_etc_shadow",
+ "remarks": "rule_set_276"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns Backup shadow File",
+ "remarks": "rule_set_276"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_shadow",
+ "remarks": "rule_set_277"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup shadow File",
+ "remarks": "rule_set_277"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_gshadow",
+ "remarks": "rule_set_278"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns gshadow File",
+ "remarks": "rule_set_278"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_gshadow",
+ "remarks": "rule_set_279"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns gshadow File",
+ "remarks": "rule_set_279"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_gshadow",
+ "remarks": "rule_set_280"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on gshadow File",
+ "remarks": "rule_set_280"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_backup_etc_gshadow",
+ "remarks": "rule_set_281"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns Backup gshadow File",
+ "remarks": "rule_set_281"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_backup_etc_gshadow",
+ "remarks": "rule_set_282"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns Backup gshadow File",
+ "remarks": "rule_set_282"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_288"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_288"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_289"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_289"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_290"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_290"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_291"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_292"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_unauthorized_world_writable",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure No World-Writable Files Exist",
+ "remarks": "rule_set_293"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dir_perms_world_writable_sticky_bits",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "remarks": "rule_set_294"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_295"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_296"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_296"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_all_shadowed",
+ "remarks": "rule_set_297"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify All Account Password Hashes are Shadowed",
+ "remarks": "rule_set_297"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_empty_passwords_etc_shadow",
+ "remarks": "rule_set_298"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "remarks": "rule_set_298"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "gid_passwd_group_same",
+ "remarks": "rule_set_299"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "remarks": "rule_set_299"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "account_unique_id",
+ "remarks": "rule_set_300"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "remarks": "rule_set_300"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "group_unique_id",
+ "remarks": "rule_set_301"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Groups on the System Have Unique Group ID",
+ "remarks": "rule_set_301"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "account_unique_name",
+ "remarks": "rule_set_302"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Accounts on the System Have Unique Names",
+ "remarks": "rule_set_302"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "group_unique_name",
+ "remarks": "rule_set_303"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All Groups on the System Have Unique Group Names",
+ "remarks": "rule_set_303"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_user_interactive_home_directory_exists",
+ "remarks": "rule_set_304"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All Interactive Users Home Directories Must Exist",
+ "remarks": "rule_set_304"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_home_directories",
+ "remarks": "rule_set_305"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "remarks": "rule_set_305"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_home_directories",
+ "remarks": "rule_set_306"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "remarks": "rule_set_306"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_user_dot_group_ownership",
+ "remarks": "rule_set_307"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "remarks": "rule_set_307"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_user_dot_user_ownership",
+ "remarks": "rule_set_308"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "User Initialization Files Must Be Owned By the Primary User",
+ "remarks": "rule_set_308"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_309"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_309"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_forward_files",
+ "remarks": "rule_set_310"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_310"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_netrc_files",
+ "remarks": "rule_set_311"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_311"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_rhost_files",
+ "remarks": "rule_set_312"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_312"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_313"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_313"
+ }
+ ],
+ "control-implementations": [
+ {
+ "uuid": "000b968b-8ffa-4806-a36d-5f6a085a450a",
+ "source": "trestle://profiles/fedora-cis_fedora-l1_workstation/profile.json",
+ "description": "Control implementation for cis_workstation_l1",
+ "props": [
+ {
+ "name": "Framework_Short_Name",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
+ "value": "cis_workstation_l1"
+ }
+ ],
+ "set-parameters": [
+ {
+ "param-id": "cis_banner_text",
+ "values": [
+ "cis"
+ ]
+ },
+ {
"param-id": "inactivity_timeout_value",
"values": [
"15_minutes"
@@ -4282,18 +4816,6 @@
"4"
]
},
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
{
"param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"values": [
@@ -4336,6 +4858,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
"values": [
@@ -4414,6 +4942,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "var_account_disable_post_pw_expiration",
"values": [
@@ -4471,7 +5005,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -4498,6 +5032,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -4565,9 +5105,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -4579,7 +5119,7 @@
],
"implemented-requirements": [
{
- "uuid": "66a985f8-ff6b-4f07-9e24-5808a63d9c5b",
+ "uuid": "9015ce0c-801b-4326-aa37-30dcf610062c",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -4596,7 +5136,7 @@
]
},
{
- "uuid": "b66779de-7105-45c9-b166-a6f438d9c8dc",
+ "uuid": "ecead3ef-5931-4d02-a6dc-4745463579ad",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -4613,7 +5153,7 @@
]
},
{
- "uuid": "7b6767dd-8e8f-4e3e-aea4-1ecd51293108",
+ "uuid": "95622faa-527a-4b46-b5ad-cd70bca77de7",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -4630,7 +5170,7 @@
]
},
{
- "uuid": "94d8a41f-7a80-46ad-be1e-c8aeeb8259a2",
+ "uuid": "0e94cb39-ff79-41e1-99b3-41d846211fcd",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -4647,7 +5187,7 @@
]
},
{
- "uuid": "fc152118-02ee-4707-8e86-f51aa9e4bcb6",
+ "uuid": "17f04d04-4749-472b-a12b-0a4b1868d5cf",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -4664,7 +5204,7 @@
]
},
{
- "uuid": "a4ec2872-f513-47ef-9110-7ee5feae4280",
+ "uuid": "de7d3117-cdbf-4baa-85c4-bcc69ff48e74",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -4681,7 +5221,7 @@
]
},
{
- "uuid": "afad5f95-525f-430f-a3c5-4ea48e3fd5f9",
+ "uuid": "88a229d7-d667-4d64-918d-444db0ccb2ba",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -4694,7 +5234,7 @@
]
},
{
- "uuid": "de16061d-cd27-49cb-b319-dffb0fea90e5",
+ "uuid": "c1f27f71-54c8-4869-a675-38ceb85534d9",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -4711,7 +5251,7 @@
]
},
{
- "uuid": "362edff4-1330-420f-a940-4c91fa5d577b",
+ "uuid": "38e41e07-320e-4600-ac9a-27d1472205ff",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -4728,7 +5268,7 @@
]
},
{
- "uuid": "07da1da1-d987-4f06-a84a-6aaf87f414e8",
+ "uuid": "6b81f4ba-2c72-42fb-9527-4810b3493e28",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -4745,7 +5285,7 @@
]
},
{
- "uuid": "5387dac9-7920-4443-836a-f0d0ea26efcd",
+ "uuid": "43f7715c-419d-47dc-94ae-cb8343ba98f1",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -4762,7 +5302,7 @@
]
},
{
- "uuid": "08fa54ba-ee8a-4a92-996f-6b24f60d6d4f",
+ "uuid": "8ec4d06b-bf2e-46e1-9719-20ba5d9ae4b4",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -4779,7 +5319,7 @@
]
},
{
- "uuid": "23046a1b-be36-4864-99ee-af399cf55593",
+ "uuid": "c3c3c3a6-4a80-471a-a9b2-13f41780f06f",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -4796,7 +5336,7 @@
]
},
{
- "uuid": "6605caac-6f54-4ebf-b03e-dc462506b81d",
+ "uuid": "bb7b1832-a03a-437f-ba70-822cbe909a4d",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -4813,7 +5353,7 @@
]
},
{
- "uuid": "84fbd70d-7808-4cb2-ad63-eed3f6574445",
+ "uuid": "04f7aa7e-d5d9-4afc-9ff7-2e92a3888e32",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -4830,7 +5370,7 @@
]
},
{
- "uuid": "2a24c280-cc1a-4039-b77d-e91a57f3c5f8",
+ "uuid": "0089fa4b-fd27-431d-8584-0b1664dee35a",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -4847,7 +5387,7 @@
]
},
{
- "uuid": "00600561-a86e-4b0a-970d-15799a3dda73",
+ "uuid": "d4718078-5309-4a38-97b1-bea7b91b1c47",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -4864,7 +5404,7 @@
]
},
{
- "uuid": "2d3ebb58-2c68-4a8f-a519-d52da2db6153",
+ "uuid": "5755f0bf-ad25-4a05-9a11-99527d59f8fe",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -4881,7 +5421,7 @@
]
},
{
- "uuid": "7dd4e579-c9e2-4d1f-a40f-f22d03cba34d",
+ "uuid": "a6706b7b-cd21-46e1-985e-7b9772bb4ab9",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -4898,7 +5438,7 @@
]
},
{
- "uuid": "f6225a84-c6a0-426a-871b-516e2fe3148b",
+ "uuid": "7bb94dbd-c77d-4b24-b640-e248b3641ee5",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -4915,7 +5455,7 @@
]
},
{
- "uuid": "7f3136c8-5db8-4162-ac70-f43938a0eccc",
+ "uuid": "227d131f-bd9c-4c70-8a2f-1aa6b54731e5",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -4932,7 +5472,7 @@
]
},
{
- "uuid": "745220a7-3f5d-464d-abe1-62a7662ec47d",
+ "uuid": "5619d91f-dfc7-4b34-99b9-5b621bc512fe",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -4949,7 +5489,7 @@
]
},
{
- "uuid": "5e98e1bf-075f-45bc-b8bf-36d4632203d9",
+ "uuid": "80a93a24-b0de-4d07-9e11-e3ec09b73080",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -4966,7 +5506,7 @@
]
},
{
- "uuid": "5e6b528b-3096-49f9-8457-e26a221dd3a6",
+ "uuid": "2177a389-93ba-4c02-a56f-4de5ca81fa51",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -4983,7 +5523,7 @@
]
},
{
- "uuid": "6403c9f4-7588-4f90-bf1d-c4f461302f72",
+ "uuid": "4fc13ead-47ec-4f80-836c-c0b3804f3a80",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -5000,7 +5540,7 @@
]
},
{
- "uuid": "ac5352de-b52c-4dab-859b-daeb14d05e58",
+ "uuid": "0714b6af-c80a-4cfd-a067-12fc302bfea0",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -5017,7 +5557,7 @@
]
},
{
- "uuid": "8daa235d-bebd-49d3-a4cc-f7d1243a0b70",
+ "uuid": "89dcf099-0e0b-4ce3-8e79-7994603b5d1a",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -5034,7 +5574,7 @@
]
},
{
- "uuid": "57c0a296-2585-424d-9830-324f4d676574",
+ "uuid": "79a2059c-1507-4733-a6e2-e25fa2279059",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -5051,7 +5591,7 @@
]
},
{
- "uuid": "c0718cbc-2276-4ee3-8a9d-7fa7fbafd85b",
+ "uuid": "4c3f146b-1524-4da2-8e7e-d358cdb3417d",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -5064,7 +5604,7 @@
]
},
{
- "uuid": "5fc3eb65-6494-4f92-b473-219c466046b8",
+ "uuid": "efb17216-b089-4fff-a6fc-1229380ede4f",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -5081,7 +5621,7 @@
]
},
{
- "uuid": "f6235a6e-9371-4524-8c0a-4359b5c0f5a0",
+ "uuid": "5df7ac9f-6479-4199-b110-7e79e9a79fd9",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -5094,7 +5634,7 @@
]
},
{
- "uuid": "6ed10db8-5afd-4b12-a2c0-735bc714bcba",
+ "uuid": "462c963a-8e77-448c-9a8f-fcec9f7e0d78",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -5107,7 +5647,7 @@
]
},
{
- "uuid": "9e9bf413-8b97-43f1-93a5-5b51c06e2d91",
+ "uuid": "639102a0-5f69-4a93-bb3f-1fef563ae7f5",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -5124,7 +5664,7 @@
]
},
{
- "uuid": "54e76d49-833e-4b67-957b-f5a683f7fd4a",
+ "uuid": "39fa9097-998c-4a14-a5c3-3c578215968c",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -5141,7 +5681,7 @@
]
},
{
- "uuid": "cd381689-6fd9-4b33-a9b0-f878cace0655",
+ "uuid": "63b69f7e-6a20-462b-b122-e68e5eb5eb19",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -5158,7 +5698,7 @@
]
},
{
- "uuid": "ac1eb0a9-e35a-49fa-85d9-45145277a191",
+ "uuid": "10c9846c-53d6-483a-a62a-c841a59814fc",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -5175,7 +5715,7 @@
]
},
{
- "uuid": "c53a2223-5ee5-4a9c-b293-7f8259ada8e7",
+ "uuid": "05c0fd16-4e33-4fec-8cef-5aaeb840c07d",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -5192,7 +5732,7 @@
]
},
{
- "uuid": "9a25e661-892e-4ae9-a428-1de4ae547d7a",
+ "uuid": "c79c9351-d312-45b2-8778-b266345cd147",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -5209,180 +5749,204 @@
]
},
{
- "uuid": "6d9119db-56a8-4d02-bda4-8d72fa08feeb",
+ "uuid": "8c7b29e9-c1a8-425d-a8b6-e717e85ba2ce",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "54679277-ec73-4aca-8850-1c76a6a6ed29",
+ "uuid": "20f5f349-efc6-47af-94bd-ce4228593d8f",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "632f93af-214b-44bf-b22b-7f8f96028ce1",
+ "uuid": "e96c6682-739e-45cc-9c2d-13b57ab899cb",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "e17f06d4-5743-4dbc-88ba-57d9fc2ebb78",
+ "uuid": "c25e6bb6-f797-4089-bf3c-90dafc53558e",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "094e42bc-0a81-4188-a469-66450965f195",
+ "uuid": "46b09e14-9f03-42fb-bbec-17d367c8fee4",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "bda24a13-c477-4962-b2a6-1ae8cc079286",
+ "uuid": "6e14f6ce-5409-4398-ac42-63df208d8632",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
- "name": "implementation-status",
+ "name": "implementation-status",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "33c14f68-a10a-4c46-971e-29d6c02d6e90",
+ "uuid": "b5bc51dc-414a-48e8-bbcc-e20ebdb20c27",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "a80a6af6-ff30-4b7b-af2c-c22d3defb4c2",
+ "uuid": "d3275018-3a6a-4d93-aa9c-c7652ec6918f",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "2fe0be48-4d03-43f6-800c-98ba7252f4ef",
+ "uuid": "0198e765-da01-4874-b73f-7c6584d982bc",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "96089cb1-acaf-45a0-8fc0-a99d4fda481e",
+ "uuid": "44c4330d-63ca-4a6a-937d-89af9edd6321",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "76586970-c365-40a7-8bd4-c03db29e4af3",
+ "uuid": "58bb37ba-0530-42e5-a9dc-3093a5cdde71",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "ef0666f1-6bcb-4fa0-bb0f-62a90e5f3f74",
+ "uuid": "579c7762-8c8d-427c-8d9e-2e5093dd398f",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -5394,50 +5958,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "d62d6486-00bf-4b0b-9d04-2cdd5531d482",
+ "uuid": "0fffe8eb-2d62-40e6-8281-d04c07cb2bac",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "08e26e2d-a6b9-43c7-ae8e-69227d18876f",
+ "uuid": "79ebba02-f9d1-4e64-84fd-7c6f614eaade",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "04c1d594-57dd-4281-b887-fb5a70abd670",
+ "uuid": "bb85674d-9ab2-4a3c-889a-2e15d891ffca",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "39925523-b70b-401c-b18b-b53129d8d2c3",
+ "uuid": "cdc29e82-a7ac-4e0b-ac7d-7d1058f29314",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -5454,7 +6031,7 @@
]
},
{
- "uuid": "b16303e1-6be5-4495-a19e-46c0079abc24",
+ "uuid": "c34e9859-a189-4b91-a85e-c407972ef2a4",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -5471,7 +6048,7 @@
]
},
{
- "uuid": "fe0ec573-5bb6-4a5e-8b00-044c21794a51",
+ "uuid": "32a840a7-005b-489a-832b-45a8ca11a1df",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -5488,7 +6065,7 @@
]
},
{
- "uuid": "82be2234-256c-4fcf-9819-db38a62ca7b3",
+ "uuid": "2b5c948f-a1d4-4d84-afd5-832d653cc9ed",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -5515,7 +6092,7 @@
]
},
{
- "uuid": "3ea0848c-3836-4c03-9332-363312fa12d9",
+ "uuid": "31670389-5cf8-4a01-b564-8197044c356b",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -5542,7 +6119,7 @@
]
},
{
- "uuid": "bc0b47bd-74c7-4639-bc42-6016ec6626d9",
+ "uuid": "380557ff-7d1e-419d-b5dd-fa32dfb76cc8",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -5569,14 +6146,14 @@
]
},
{
- "uuid": "84a84900-f9db-479c-887d-9008379d3a1a",
+ "uuid": "69c92fe9-881b-4051-947a-c7ddf4c34386",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5591,7 +6168,7 @@
]
},
{
- "uuid": "da9d0276-daef-451b-b461-85df4b359540",
+ "uuid": "b8a66beb-efef-400e-928e-34f785c734aa",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -5608,14 +6185,14 @@
]
},
{
- "uuid": "e5291a46-2687-4343-a3bd-8f16ede3474c",
+ "uuid": "b0224f2a-7a59-4799-9ce2-e17a4986b35c",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5626,18 +6203,28 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "76849cf7-73a3-4662-8ef4-ea93b57924af",
+ "uuid": "b9fc8abd-bf5d-4a65-a5b1-10f096891ce1",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5647,7 +6234,7 @@
]
},
{
- "uuid": "3255d58d-dc0d-4525-a200-dae077f679e8",
+ "uuid": "67d9eeaa-8b06-4cf9-99bb-324e417bccef",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -5660,7 +6247,7 @@
]
},
{
- "uuid": "8631700a-2bfa-49e7-9c55-38f5b8007cd9",
+ "uuid": "aedbfe70-7201-4deb-87b5-30bf89115305",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -5677,7 +6264,7 @@
]
},
{
- "uuid": "b569a867-335e-4694-b379-145398e46182",
+ "uuid": "5f0fafde-5ae0-464e-8cc8-d3f2948bff02",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -5694,7 +6281,7 @@
]
},
{
- "uuid": "c20ca186-2609-4058-a282-fe42e3958897",
+ "uuid": "264282ea-e48a-420c-8e0f-e29e876cc536",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -5711,7 +6298,7 @@
]
},
{
- "uuid": "5c69234a-1709-4fcd-a07d-e709c4312f40",
+ "uuid": "819b9415-aaa8-4bc4-8c15-b4656b09b405",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -5728,7 +6315,7 @@
]
},
{
- "uuid": "37c7c7cd-2522-4565-8d58-2a79e4b719b1",
+ "uuid": "48ca3233-0ee8-4cc9-8bb1-f544ce58ac86",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -5750,7 +6337,7 @@
]
},
{
- "uuid": "11ceb7e0-aacd-41b5-b148-f96f512f63cb",
+ "uuid": "5cf68f25-397a-4990-988f-4a37b8e7a4df",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -5767,7 +6354,7 @@
]
},
{
- "uuid": "0a3aef0f-138c-449b-84a8-08e3a719ef9e",
+ "uuid": "7cf91c98-c058-4162-8cc2-ef52f66548e3",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -5779,7 +6366,7 @@
]
},
{
- "uuid": "3a62a8a3-56c2-4297-acfa-a8a440fcb8c7",
+ "uuid": "3d74393e-e1f6-4fe2-8209-0becb1c726d0",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -5796,7 +6383,7 @@
]
},
{
- "uuid": "119e2ec4-d010-4366-8a22-e44d3245dc3c",
+ "uuid": "f3899890-d115-4c86-ac43-b90976ef8786",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -5813,7 +6400,7 @@
]
},
{
- "uuid": "a67effb7-0653-448e-8259-2cdab8ae9396",
+ "uuid": "98b7fe6c-0c3f-43cc-8c43-aaa444958a4c",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -5830,7 +6417,7 @@
]
},
{
- "uuid": "612ad6ea-ce23-48b5-87e2-e91751ccd102",
+ "uuid": "af1cb687-3a4d-4c16-b400-58013f13163b",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -5847,7 +6434,7 @@
]
},
{
- "uuid": "042d9bc6-08e0-4080-8e3a-72e40ead6268",
+ "uuid": "2c2081c9-0cf6-448a-a675-eb03694cc736",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -5864,7 +6451,7 @@
]
},
{
- "uuid": "42ff180a-e936-4bba-9bf3-126ef3da6739",
+ "uuid": "0312c29b-5bc5-46b8-a2aa-afc63afa1190",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -5881,7 +6468,7 @@
]
},
{
- "uuid": "ac59efc8-636d-4e9f-b718-aa3fcc0ce41f",
+ "uuid": "93a50504-dbb5-4bcc-b0bf-87497c35e747",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -5898,7 +6485,7 @@
]
},
{
- "uuid": "c61e32bc-7e15-415b-a70a-7ca3c0a68e7c",
+ "uuid": "ab8c84d9-e6f4-445c-93fd-35f7932c00b8",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -5920,7 +6507,7 @@
]
},
{
- "uuid": "77ef0fd7-868e-4580-870e-446ed93be874",
+ "uuid": "73a97789-27a1-4f47-9b12-b2e8591b8626",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -5933,14 +6520,14 @@
]
},
{
- "uuid": "fd66b150-9b62-4422-b5a8-fd63834138bf",
+ "uuid": "5b1d5bb4-4056-4f02-b34f-24c1ba85c9ca",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -5955,7 +6542,7 @@
]
},
{
- "uuid": "6d7868f3-728c-4ff0-ba3b-82f085e3ecdb",
+ "uuid": "1dc2dd7e-3158-4817-855a-83feff6a3a18",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -5968,7 +6555,7 @@
]
},
{
- "uuid": "c375311a-ce07-48f1-b0b5-4b58103bc4d1",
+ "uuid": "acf3fbfb-3bf7-4289-8cb4-8d11ccbab78a",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -5985,7 +6572,7 @@
]
},
{
- "uuid": "30ed3f53-81d7-4fbc-8a8d-b4e3493c6d53",
+ "uuid": "f8e7c322-cae6-4230-b826-9f104c3304b7",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -5997,7 +6584,7 @@
]
},
{
- "uuid": "98493543-bc0a-4a1b-a4d0-ad8f6a3f9031",
+ "uuid": "4b6a7a20-56de-40bd-84f8-ab9b4ecb51f8",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -6014,7 +6601,7 @@
]
},
{
- "uuid": "1d80e3b1-f0b7-430d-854a-8eb5617cc34a",
+ "uuid": "abc09f3b-5dd1-4239-b3df-5dcc68786c27",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -6031,7 +6618,7 @@
]
},
{
- "uuid": "7446ad4c-4bbd-4ac1-ab36-3046919e97cc",
+ "uuid": "f3667f95-7ade-4763-8d55-cc4576a60c34",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -6043,7 +6630,7 @@
]
},
{
- "uuid": "2062fbca-8ac7-4540-bfb6-d46491ecafc4",
+ "uuid": "5e0a9ec6-7cd8-4e32-b31e-420d4b8b2ff9",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -6060,7 +6647,7 @@
]
},
{
- "uuid": "17773d28-cad5-45dd-9d31-e89044db19d6",
+ "uuid": "81110eb9-11c7-427f-8aea-c33a4e2ccc8f",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -6077,7 +6664,7 @@
]
},
{
- "uuid": "f10fb1de-295b-4d63-8b8c-29745623face",
+ "uuid": "cf1b0fab-a2c8-4baa-86dd-993e88a86f38",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -6099,7 +6686,7 @@
]
},
{
- "uuid": "07d88a6a-acb0-4272-b35a-2e9abcb21bb7",
+ "uuid": "d4c450bb-165e-495e-a17e-dfa94623645c",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -6126,7 +6713,7 @@
]
},
{
- "uuid": "f86cb9f1-b452-4133-b7d3-1de644305372",
+ "uuid": "d1498d0f-3b6b-4829-812b-49cb46246c6f",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -6153,7 +6740,7 @@
]
},
{
- "uuid": "cae1fa60-6009-446b-8912-c7270ef8e64f",
+ "uuid": "f99a3643-0f93-4cfe-84c1-2e73778e52d4",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -6180,7 +6767,7 @@
]
},
{
- "uuid": "5cae3df6-a79b-4fbd-b586-5bfeb9488c6b",
+ "uuid": "4a58e2c5-3035-40f5-b6da-3fd080cf1c79",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -6207,7 +6794,7 @@
]
},
{
- "uuid": "5157ea01-c042-4219-99e2-ddf43a863c9b",
+ "uuid": "b62030b8-6e34-4723-a0e1-c7ef93f76551",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -6234,20 +6821,34 @@
]
},
{
- "uuid": "920202c0-4033-4d4a-99eb-655b8edcb048",
+ "uuid": "fc36551d-21f7-49d0-ab81-0fdb5ed977a5",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "0149ef05-8a3d-4b18-9c8d-edb5971ee8fe",
+ "uuid": "38cb9066-a959-4def-abf8-de17f92b253a",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -6274,7 +6875,7 @@
]
},
{
- "uuid": "ef6ecc8e-ab52-4fc6-93b0-9b72a59031f6",
+ "uuid": "f4ee31f6-5201-429d-a529-8ac60f685f41",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -6311,20 +6912,25 @@
]
},
{
- "uuid": "63c3d4ab-e93a-496e-b615-c6c9d3b7183f",
+ "uuid": "da316e5b-df6c-40cc-b78d-e46e2120697f",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -6343,7 +6949,7 @@
]
},
{
- "uuid": "771d58c9-2594-4e6f-b457-8f00433a2425",
+ "uuid": "eea9e88d-a403-4cf8-ba01-90f7315ed174",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -6356,46 +6962,58 @@
]
},
{
- "uuid": "bfeeb214-ac64-4837-8f6b-ac120f11e62c",
+ "uuid": "33d239e4-bf73-422d-962b-52b628c4b285",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "52973ff2-92d5-4a93-ab9c-bee75e1b6e45",
+ "uuid": "608edf9e-a5fc-46be-a572-c2650dd3e2b1",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "fceba262-0ded-48e8-9d27-042f34dc82cb",
+ "uuid": "05893988-3504-4b1e-8bdb-721d963ac277",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "f0c34d0d-3955-4abd-bb78-dabbb46adf5b",
+ "uuid": "e4431949-6e25-42c0-9a23-71732e04a738",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -6412,20 +7030,24 @@
]
},
{
- "uuid": "6e3b3598-a4e5-40cd-83ac-c941dda57b64",
+ "uuid": "0ef5cd21-4cc5-40b8-a182-9028c4a19fab",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "9e6068cb-4bc5-4955-808a-8d3c1cec7ca2",
+ "uuid": "4a3423ef-8243-4357-9147-f0263eb881f3",
"control-id": "cis_fedora_3-3.1.1",
"description": "No notes for control-id 3.3.1.1.",
"props": [
@@ -6442,33 +7064,41 @@
]
},
{
- "uuid": "7a82288e-a2e8-4942-bee2-1a67ae0773dc",
+ "uuid": "b435e1c5-937c-4e59-b64e-05e63e14944a",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "0edb09f3-db14-4778-b078-6ce59973c6fa",
+ "uuid": "881bc443-29f5-410a-8b8d-9bd6684cb423",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "61d71010-68f7-4108-9234-e2ed3aee9ba0",
+ "uuid": "12d59a1e-757f-4c92-8f32-f54c82262748",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -6485,7 +7115,7 @@
]
},
{
- "uuid": "3aa72eee-915f-4387-bd26-9e436799d21b",
+ "uuid": "f5e6d735-9f82-484a-85b6-5baa8d218c84",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -6502,7 +7132,7 @@
]
},
{
- "uuid": "1ebc1aa9-edbd-4338-9976-3ba427feb06f",
+ "uuid": "6e441f4c-347d-4ae2-8b58-1646376d8fd9",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -6519,7 +7149,7 @@
]
},
{
- "uuid": "88fc3336-2621-43db-a82a-5336b5b9e9fb",
+ "uuid": "32c565bb-ed99-45e4-887a-2073ba2dbf35",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -6536,7 +7166,7 @@
]
},
{
- "uuid": "1bff0324-b2af-4d54-97e2-0503670861d6",
+ "uuid": "9949260a-fb45-4583-8428-5173a824aa00",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -6553,7 +7183,7 @@
]
},
{
- "uuid": "ada1d079-39c1-4b12-b704-5d238d8c82c2",
+ "uuid": "8c34cbe5-5fbd-4e52-ba12-005ef82c502d",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -6570,7 +7200,7 @@
]
},
{
- "uuid": "a6804950-6d3e-42c2-9e05-897c762faa10",
+ "uuid": "503b2c5e-0bb4-477c-acbb-ae2770ae0101",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -6583,16 +7213,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "8c01ad2d-57f8-4924-97cc-41193888a378",
+ "uuid": "044437db-c3e0-4fd3-ad49-9d5f1bba6e65",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -6609,7 +7234,7 @@
]
},
{
- "uuid": "f492fbff-1522-49e6-b377-a29237d78c90",
+ "uuid": "fb91a181-6bab-453a-86a0-0d5b6d87ae24",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -6626,7 +7251,7 @@
]
},
{
- "uuid": "a2eb4e76-b0ae-4a44-8e0a-1bb6d6df9512",
+ "uuid": "2471dcc6-aa4b-4328-b1c1-fc61aba3c610",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -6643,7 +7268,7 @@
]
},
{
- "uuid": "af5d1222-2ab5-43cd-8288-c03ad207335e",
+ "uuid": "c71da4dc-a85c-48a4-9a02-620d8ee17ea2",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -6660,7 +7285,7 @@
]
},
{
- "uuid": "23980a80-0aef-4f3d-8a26-bade38a7028e",
+ "uuid": "8addf331-587a-4f67-bd89-a42acb3a31e2",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -6677,7 +7302,7 @@
]
},
{
- "uuid": "3d99c646-aa9c-41cf-84a4-ace572e3e064",
+ "uuid": "c519dadd-4d00-4d5b-9385-f7547fae725a",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -6694,7 +7319,7 @@
]
},
{
- "uuid": "6c5d3c45-07d1-40ea-85ba-f43cf7fcf56e",
+ "uuid": "618e8b87-85bd-4504-aabc-a8d56ef8814a",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -6711,7 +7336,7 @@
]
},
{
- "uuid": "c31d24b1-a1b6-4622-85e8-71d77a42a2c7",
+ "uuid": "125da33d-58d1-461f-a776-2ec7f153e732",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -6728,7 +7353,7 @@
]
},
{
- "uuid": "8e2e75bb-e6e3-440d-af66-542a214345ba",
+ "uuid": "eb3d7581-8b7d-4af3-b426-18f697c640e8",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -6745,20 +7370,24 @@
]
},
{
- "uuid": "2b339765-8daa-4e9e-9ee1-4ac9d04c91d6",
+ "uuid": "5daa49c4-5b77-4ae3-bf67-e204ca4191f7",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "6b0f4e8c-f77e-473b-9ff3-defbf5f4283c",
+ "uuid": "5c24afd6-bea0-4f4a-a39f-2dc9ece5341c",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -6775,7 +7404,7 @@
]
},
{
- "uuid": "c0c6ccc2-eaa9-423a-b022-827c97b469bd",
+ "uuid": "9e2e4bb3-9b31-4f54-b8a1-272853bcb0aa",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -6792,7 +7421,7 @@
]
},
{
- "uuid": "e9f457f5-0f52-4f08-8006-727070285f0c",
+ "uuid": "2bfe1fa2-73f0-4b54-b000-679cc7d6e201",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -6809,7 +7438,7 @@
]
},
{
- "uuid": "284c09a9-0fbb-449d-80b7-ad03acfb27c3",
+ "uuid": "d031143c-fa35-4ee6-9180-999d7d2bfbf7",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -6826,7 +7455,7 @@
]
},
{
- "uuid": "aa152993-4fc9-448e-90d2-3195f847b009",
+ "uuid": "5297e765-04f2-4342-bf96-19c5d972246f",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -6843,7 +7472,7 @@
]
},
{
- "uuid": "bf46b482-95a0-44cd-b810-fce03deb6316",
+ "uuid": "cac511ef-acf4-455b-87fd-980659cc703f",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -6860,7 +7489,7 @@
]
},
{
- "uuid": "9cc2a31a-691f-4a6e-ba4b-9b4cf0e87c09",
+ "uuid": "5f8cc766-7796-469f-b045-ee9b6c410818",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -6877,7 +7506,7 @@
]
},
{
- "uuid": "1850c51d-fc45-4d0c-919a-227318912ab5",
+ "uuid": "08bd6016-c333-4235-9282-333684d0a9fb",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -6904,7 +7533,7 @@
]
},
{
- "uuid": "3be99ba6-143e-4e75-bc08-fdc11d1981fd",
+ "uuid": "aa608cfb-ddb7-4b25-bb8e-5e615b7ecaf1",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -6917,7 +7546,7 @@
]
},
{
- "uuid": "c72ffcb0-eb7e-4a39-88d1-a323ca3abdc8",
+ "uuid": "d3169860-ccfb-4877-89d8-541607d149e2",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -6939,7 +7568,7 @@
]
},
{
- "uuid": "25719ff6-d2df-4968-b758-f256705ad3ad",
+ "uuid": "5358c6ef-3dc2-481e-8aed-b8f9224b5f81",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -6951,7 +7580,7 @@
]
},
{
- "uuid": "ff11f5bf-3df8-4637-8ebf-7f197f4544f7",
+ "uuid": "6c2f2767-b59b-4b66-96e8-bad6db589d72",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -6964,7 +7593,7 @@
]
},
{
- "uuid": "5388440e-539c-494a-9a05-6995ac9f17db",
+ "uuid": "46ad273b-0a88-47a9-ba35-244a8a3ef96a",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -6976,7 +7605,7 @@
]
},
{
- "uuid": "20eb0711-be2a-40b9-82f2-ca37f32ffeda",
+ "uuid": "26712c78-56a9-4913-a806-7177bfbeb6c7",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -6988,7 +7617,7 @@
]
},
{
- "uuid": "751d63f7-0d09-4155-831c-103d5bc4cfea",
+ "uuid": "114e70c5-c79b-4404-b4bd-62af42e4d8c6",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -7011,11 +7640,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "b2d5fba4-d96e-47e6-b419-2cdb67d62766",
+ "uuid": "ce5396cf-bf2a-40b6-be65-b67195060169",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -7042,7 +7701,7 @@
]
},
{
- "uuid": "660f744c-fcd8-4e25-9134-d516051f7215",
+ "uuid": "396c7b2d-c0b1-409a-a03c-c8a0b98d5cd0",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -7069,56 +7728,58 @@
]
},
{
- "uuid": "da6cca6e-439c-4b59-a558-fa833615603c",
+ "uuid": "1ca95903-cd1d-4e26-bdf5-63300ace48f1",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "4f0d5b2c-99c0-4713-8512-a57f629dbcb9",
+ "uuid": "014deaa3-7104-4539-90fe-8ae340a7899d",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "33b3ac78-8d69-4e97-b4da-90017f8ac8c3",
+ "uuid": "c298414e-7e46-4795-8f33-c2d15f9f7a7b",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "78b03349-1f30-46ea-9052-3f521757a0ef",
+ "uuid": "2ee9112f-c6af-4440-86b2-b4b48b77eede",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -7135,7 +7796,7 @@
]
},
{
- "uuid": "eb0c1689-6c45-43eb-ab89-dabeefea052a",
+ "uuid": "5409062a-5b10-4c6f-bfff-d630ebbb3437",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -7152,7 +7813,7 @@
]
},
{
- "uuid": "f5fe42c0-9023-47db-88a0-31cc9ab46a16",
+ "uuid": "391ed9a5-0220-4f07-be4e-d34ab688272e",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -7174,20 +7835,24 @@
]
},
{
- "uuid": "48c8f9fa-0db3-4238-af5a-a75bcf33a8e2",
+ "uuid": "7c5cb4d1-e3cb-4a5b-875a-2c92c5a692fe",
"control-id": "cis_fedora_5-1.10",
- "description": "The description for control-id cis_fedora_5-1.10.",
+ "description": "No notes for control-id 5.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary for \"disableforwarding\" option."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding"
}
]
},
{
- "uuid": "e1ffbcf4-3b35-458c-858d-5d91d349e284",
+ "uuid": "45b2da21-0f66-4815-be01-7b60632c8330",
"control-id": "cis_fedora_5-1.11",
"description": "No notes for control-id 5.1.11.",
"props": [
@@ -7204,7 +7869,7 @@
]
},
{
- "uuid": "88128c49-440f-4eca-856c-656b0fc042b8",
+ "uuid": "05ed05d2-d8df-4b0e-9a59-07bb1e8cd62f",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -7221,7 +7886,7 @@
]
},
{
- "uuid": "8633aefb-550f-45f3-8487-91ef64f2943e",
+ "uuid": "1604b5a8-285a-4ebe-97da-e9bff4f58e90",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -7238,7 +7903,7 @@
]
},
{
- "uuid": "8c644b5f-2b41-4077-9fb7-317d31e55333",
+ "uuid": "ce1c1d3b-5590-48c5-b430-97fad7edd43b",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -7255,7 +7920,7 @@
]
},
{
- "uuid": "6b6849d4-99d3-4f59-acff-43377a689e3c",
+ "uuid": "648d1bab-67c8-4b5f-9d57-95fb71fda0dc",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -7272,7 +7937,7 @@
]
},
{
- "uuid": "42877bef-e9f5-4b3a-83c5-8da6e5bfdf3b",
+ "uuid": "df9ea11d-7811-4791-a6f7-92268f98d95c",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -7289,7 +7954,7 @@
]
},
{
- "uuid": "305e38f9-24f0-4ec0-b13a-4436b8580216",
+ "uuid": "aa88ec26-1ebf-440b-8a29-de33b0e1fe10",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -7306,7 +7971,7 @@
]
},
{
- "uuid": "b6b54eae-20e6-4e9e-8c91-402f5ab3d877",
+ "uuid": "d311051c-d7f4-4f26-84d3-eb3b90ed5d76",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -7323,7 +7988,7 @@
]
},
{
- "uuid": "aad1c3c2-b89a-4b72-aeaf-fd78200a17a6",
+ "uuid": "38d3cf70-0be6-4f88-a450-7ed661545df6",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -7340,7 +8005,7 @@
]
},
{
- "uuid": "7cf2ce78-18db-4971-b507-0ebace069b19",
+ "uuid": "b26886ba-8077-45a6-b7e0-29bdf43690e7",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -7357,7 +8022,7 @@
]
},
{
- "uuid": "0402491b-6416-43e9-9909-ff916c8849a8",
+ "uuid": "4ac006d7-cb7b-426b-9de6-c6f09716e0a0",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -7374,7 +8039,7 @@
]
},
{
- "uuid": "68863464-59b3-43ad-840f-8aaab0cb4de9",
+ "uuid": "9e0a516d-82a9-46ea-8c98-a265f0efc69d",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -7391,7 +8056,7 @@
]
},
{
- "uuid": "1bb61fc2-1bd7-4db7-b309-eecb950819c0",
+ "uuid": "3c1b216c-75c4-4b38-9ad8-0f87502f5b20",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -7408,7 +8073,7 @@
]
},
{
- "uuid": "146eda55-107e-4e5e-9526-0e184ec8a12c",
+ "uuid": "c6af3ce8-8364-4da1-9cec-5e8c2f64fb45",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -7425,7 +8090,7 @@
]
},
{
- "uuid": "a54a804a-f473-4d7c-b856-a5b7b9b240dd",
+ "uuid": "117ecf24-1cde-4095-bbbb-a081d48d27f0",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -7442,7 +8107,7 @@
]
},
{
- "uuid": "e0ed790f-da1d-465f-9b61-94a9f29a9343",
+ "uuid": "2c216481-9df4-47bf-be7b-34f3aa050b60",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -7454,12 +8119,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "dc8c19e2-1c34-4c7e-bf5d-9e8c9881a78e",
+ "uuid": "bbbd703e-4927-4855-ae17-ac7ebd574bba",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -7476,7 +8141,7 @@
]
},
{
- "uuid": "02aecbfb-8722-457e-a3ef-36c3f0508cb5",
+ "uuid": "6b027924-f067-4057-8178-231718c190a5",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -7498,7 +8163,7 @@
]
},
{
- "uuid": "fa6421cd-b104-46ca-a988-833fcb1050b6",
+ "uuid": "3112b4e0-68e9-45b8-95b6-e3f077d93ded",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -7511,7 +8176,7 @@
]
},
{
- "uuid": "7dd9e191-9765-4971-8c90-2a2569b5dc1d",
+ "uuid": "b1c98974-7858-4c55-acaf-9c9f425cc9b3",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -7524,7 +8189,7 @@
]
},
{
- "uuid": "788348a6-43ff-4880-bda5-825898914c14",
+ "uuid": "8d66dce5-39e1-4261-80eb-bb793c521da8",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -7542,7 +8207,7 @@
]
},
{
- "uuid": "326f6dae-9b42-4d35-8920-c8d2b4ccb474",
+ "uuid": "a1988ea0-5a4a-4c8c-99e3-060386d4dc9a",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -7554,7 +8219,7 @@
]
},
{
- "uuid": "b9227a6c-ba88-473e-a788-680e5a6027be",
+ "uuid": "8f6a2fa0-854b-48ff-bd10-19fc8a10b9cf",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -7576,7 +8241,7 @@
]
},
{
- "uuid": "14d359bb-625b-4083-bdfa-9e66327b81a5",
+ "uuid": "3dcc9775-6c3b-4430-99fd-9d631e7f0521",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -7584,11 +8249,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "5991edbb-c5b3-4b1b-b704-114b2f40a992",
+ "uuid": "2f73053a-ddc0-455f-9ae5-6373f41ae5dc",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -7600,19 +8280,24 @@
]
},
{
- "uuid": "4a4dc474-7254-4808-843d-db7ffa5f3841",
+ "uuid": "2088dab3-1932-4989-9d1e-f710dbd9ac06",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "96bc5396-05bd-4f9e-92c1-0ccf64d2356a",
+ "uuid": "f6127a76-d0e7-49d5-a8b0-2a3da3866d18",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -7629,7 +8314,7 @@
]
},
{
- "uuid": "e308e8fc-0a4f-4598-a74e-129d9f143cd4",
+ "uuid": "b8d8994c-c0be-4965-85b3-60f281fd288d",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -7646,7 +8331,7 @@
]
},
{
- "uuid": "35345bc0-2641-45b9-b416-544bf80d9d78",
+ "uuid": "da08e8df-39a6-44b4-8f6e-d85bdeebed49",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -7663,7 +8348,7 @@
]
},
{
- "uuid": "ee2397e8-ce5e-4bc0-8bd2-a708ec59a410",
+ "uuid": "1cd32049-87ad-466f-a0de-7d98add9b7dd",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -7680,7 +8365,7 @@
]
},
{
- "uuid": "19a93dbc-06e4-4eaa-9970-d415817a9662",
+ "uuid": "8925e25e-1e5c-42f1-8d08-b86c4d0c999b",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -7697,7 +8382,7 @@
]
},
{
- "uuid": "914c3b2b-5f66-411d-b486-1c317577d196",
+ "uuid": "dae8a77e-33a4-4171-a74e-b0ca459ece34",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -7714,20 +8399,24 @@
]
},
{
- "uuid": "5183a465-edd9-443d-81aa-d61425bbe223",
+ "uuid": "eb86fb0b-c7b8-4948-bddf-83137acd37ec",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "9a10a7f7-0c51-4949-b58d-96f8f1264dc6",
+ "uuid": "11e1d30b-cf11-4968-871e-234481edb9ab",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -7744,7 +8433,7 @@
]
},
{
- "uuid": "da3ed249-b0dd-45d5-bf00-00e05ab587c4",
+ "uuid": "2154c728-47d4-4753-8e2d-7aa3703b5c7d",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -7761,7 +8450,7 @@
]
},
{
- "uuid": "bd36b8a5-56f9-42b6-a92c-b1d4eaeb1f14",
+ "uuid": "81ff9532-a7f8-4181-8e32-7bbccb667b90",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -7783,7 +8472,7 @@
]
},
{
- "uuid": "24ae6b3e-79a4-4637-a248-6aaf37e25ad2",
+ "uuid": "a443f959-465f-4aa8-9d5c-73373abd2818",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -7796,7 +8485,7 @@
]
},
{
- "uuid": "7b84c24a-a20c-41df-b776-b8e6e13945cc",
+ "uuid": "240d5b00-8506-4d70-a978-3d626e8b75ea",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -7804,11 +8493,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "fb67d4f4-c077-45d3-a600-ad36693a62ff",
+ "uuid": "b7a96d89-290c-454f-b2b5-9a168a1c69ff",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -7825,20 +8519,24 @@
]
},
{
- "uuid": "21b1f563-f0f0-4f42-ac8f-34af31ed4a4b",
+ "uuid": "b7f7b361-d72a-41f1-98be-75ed364b38cf",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "295b3d98-777b-4ebf-a003-a13c84c89690",
+ "uuid": "bae55b96-e50b-4d11-995d-a4057011a3a4",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -7860,19 +8558,24 @@
]
},
{
- "uuid": "7c91b894-8ed0-45f2-afac-631a00578228",
+ "uuid": "a7daf839-20b1-42c4-bb71-daeea2efd34e",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "ea18a82d-ddf1-4267-ab75-7fb9386f481d",
+ "uuid": "8b70f5c0-ae8b-4b2e-903a-4d3a4664fe5a",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -7894,7 +8597,7 @@
]
},
{
- "uuid": "d1071662-45e1-4016-a7bb-8a7378aa05fd",
+ "uuid": "471eea72-5beb-4f97-a952-f9bf29555ab0",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -7916,20 +8619,15 @@
]
},
{
- "uuid": "06f5cc31-d46c-4d49-84f0-e3dd40c21e47",
+ "uuid": "7d89d6a5-645b-4a3f-850c-ba43eaa798c8",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -7938,7 +8636,7 @@
]
},
{
- "uuid": "c8968184-af98-4d9b-b0b8-15e491cf4fab",
+ "uuid": "8038fe00-5669-4a6f-90c4-b1b56b034671",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -7960,7 +8658,7 @@
]
},
{
- "uuid": "66b039f1-b4a7-4521-bda9-8fb917c98ae7",
+ "uuid": "f91392d8-541e-43a3-b821-4faf5089221b",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -7977,7 +8675,7 @@
]
},
{
- "uuid": "ec6e3775-fe8e-48a4-a88d-0bbc895982d8",
+ "uuid": "395058b1-aa61-4495-9e82-268482c52c05",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -7994,7 +8692,7 @@
]
},
{
- "uuid": "722e48dc-4725-46d8-96f4-7bc18cd4ad2b",
+ "uuid": "e470bfbe-42f0-492b-bad6-bd6b28a42edd",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -8011,20 +8709,24 @@
]
},
{
- "uuid": "b91e50f9-88a1-4961-8d44-e33d2e76af35",
+ "uuid": "c10e54b7-e098-49e4-9cb8-4ef475d40610",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "371783dc-8b74-47ef-a9bf-ddedd6b7818a",
+ "uuid": "88d9c8de-824f-4b4e-930a-b41235d79c6f",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -8041,7 +8743,7 @@
]
},
{
- "uuid": "9ff4f7e9-c35d-49fd-9453-7e8bbf95cc57",
+ "uuid": "685c3ee5-24c4-4fb1-afc3-65aa8d30f5b4",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -8063,20 +8765,24 @@
]
},
{
- "uuid": "35dc9106-d569-4a57-b98b-f0d4aa5b3db6",
+ "uuid": "2cfb3d48-7988-4cf6-a9e8-2f7af637a9c9",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "341e9a1a-0ad3-4ab6-983e-23e871bcfff6",
+ "uuid": "e78f9208-ff3b-4890-a4b7-055d3451f440",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -8098,20 +8804,24 @@
]
},
{
- "uuid": "c899a18d-44bc-4441-a7d1-bfb64b02b3d6",
+ "uuid": "72ade904-fd78-4def-8dbc-f393341f1df5",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "4f156f8f-f880-4413-a211-22cd250e65e0",
+ "uuid": "0df9fbc8-c0f7-4f38-87fd-e2f8b5885c8c",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -8128,7 +8838,7 @@
]
},
{
- "uuid": "d4239889-a76e-427f-8052-a11eb8aa62fc",
+ "uuid": "2b39ba23-2e72-4652-a5d9-e44c5dc814c0",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -8155,7 +8865,7 @@
]
},
{
- "uuid": "c31bc1e1-fd81-4a7b-80f8-60398abc8bef",
+ "uuid": "072ce054-1d6b-4a65-891a-eb7e36a19cd4",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -8177,7 +8887,7 @@
]
},
{
- "uuid": "4accbb7a-5c94-4559-bb17-40bed8cfbdc2",
+ "uuid": "b719fe94-77ab-4492-80d8-7e98ccd3b055",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -8194,7 +8904,7 @@
]
},
{
- "uuid": "48d2cb40-657a-4c55-a1bc-83e932da3dab",
+ "uuid": "f04890cf-0924-447a-9f11-bcfd74cd9018",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -8211,7 +8921,7 @@
]
},
{
- "uuid": "57bb352e-df09-4474-849b-1a5e59282463",
+ "uuid": "5676786b-fb47-4dbc-b966-8d51fc28b9fc",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -8228,7 +8938,7 @@
]
},
{
- "uuid": "70d73dd3-3aa7-48df-8a3a-dfa27e3e56a8",
+ "uuid": "4d582489-f4cc-4b67-840e-900b626e81ac",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -8241,7 +8951,7 @@
]
},
{
- "uuid": "22c36543-6db3-40e8-ae6e-097d4f7fe346",
+ "uuid": "2f891230-8224-4662-813d-670a36f7e438",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -8254,20 +8964,24 @@
]
},
{
- "uuid": "b7b80a44-59de-4dd6-b381-7d8ae115ef56",
+ "uuid": "4fb3fe4b-3982-4d04-8192-147011a37097",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "5db4406d-ff38-41b2-817c-938fd00083d6",
+ "uuid": "0793855f-2080-41db-83de-06e499c1901d",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -8284,7 +8998,7 @@
]
},
{
- "uuid": "dc718f55-4532-4cac-a840-a6dbc65aed98",
+ "uuid": "4dd57d08-c2de-4089-89e7-25b0e8d48abc",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -8297,20 +9011,24 @@
]
},
{
- "uuid": "aaccd41f-8dac-46d4-81aa-c2d575a006c5",
+ "uuid": "c5a803af-137b-4c9f-8cc1-9c8949b17ab5",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "771a327f-04ea-4a7b-8a0a-55dc1967ef19",
+ "uuid": "187d2b9f-a778-4156-b351-ccc7d1a8b120",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -8327,20 +9045,24 @@
]
},
{
- "uuid": "d0e0fbcd-cc51-4440-b3c0-88d82f533d64",
+ "uuid": "a684ca60-bc5f-4d0a-a30b-affb8f7c25c7",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
- "name": "implementation-status",
+ "name": "implementation-status",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "b5a150dd-c4be-474a-b75d-fa98c39051b3",
+ "uuid": "9f9dbd9f-5662-4bc5-ad79-227adbae6d77",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -8357,7 +9079,7 @@
]
},
{
- "uuid": "2a8a7ed3-30f3-458c-a400-5fec7ea0a453",
+ "uuid": "3d000b05-5e6a-46e4-9f5e-28e250620c3b",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -8374,7 +9096,7 @@
]
},
{
- "uuid": "bc299583-e598-491f-9ec4-e2378d96ebe4",
+ "uuid": "e668d9c2-11fa-499d-9359-14b6ba2b60e1",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -8386,7 +9108,7 @@
]
},
{
- "uuid": "cb476fc5-ca30-4871-9c70-a8f7ddac6e24",
+ "uuid": "73894f24-ea00-43c3-9b02-1845f365c304",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -8398,7 +9120,7 @@
]
},
{
- "uuid": "da7df211-5afc-4a41-95c5-daa81c8514df",
+ "uuid": "9a887d96-286d-4f8a-9c45-51c9a632118a",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -8410,7 +9132,7 @@
]
},
{
- "uuid": "77bf36d0-b9e9-4a79-a3db-0d9724455f5d",
+ "uuid": "13ded5c3-37c1-4362-9cd6-400639f1bf3f",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -8422,7 +9144,7 @@
]
},
{
- "uuid": "5e2e35fa-1268-4294-a52a-a53427b73927",
+ "uuid": "a157b871-9470-4817-8686-06bfb0903a35",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -8435,7 +9157,7 @@
]
},
{
- "uuid": "266d57ff-a19e-4a82-9709-f72cec2d8e86",
+ "uuid": "0819e3cb-ed14-43f6-be09-706802b94b96",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -8448,7 +9170,7 @@
]
},
{
- "uuid": "703613b6-39de-4dc9-88c9-71a0e2972c4c",
+ "uuid": "6871ab21-7177-47cd-9631-127fdad2c0a1",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -8460,7 +9182,7 @@
]
},
{
- "uuid": "e4f3d189-1f36-4791-a7b2-974b0b1ce161",
+ "uuid": "459d42f6-ff79-4444-87d6-da1fd67ad56b",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -8473,7 +9195,7 @@
]
},
{
- "uuid": "d39efd27-fad4-4a54-b0b4-00a4db52a63c",
+ "uuid": "299a32c1-e12d-4f71-ac66-a775ed6b9183",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -8500,7 +9222,7 @@
]
},
{
- "uuid": "2ad6138b-6644-447e-ba7c-6dd1e16ecb9c",
+ "uuid": "a7bbc536-ecdb-44c0-82bd-d8555f64f4c7",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -8527,7 +9249,7 @@
]
},
{
- "uuid": "4bec98b5-da24-41a1-bbc8-7ea00522fd19",
+ "uuid": "a3282dc7-fcbe-4848-975b-0bec3a437184",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -8554,7 +9276,7 @@
]
},
{
- "uuid": "2a1c31d3-057f-4e5d-aea3-0ed24911fe03",
+ "uuid": "2a1a6105-c545-4842-9e34-b17ae3142e5e",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -8581,7 +9303,7 @@
]
},
{
- "uuid": "24250c0b-f15a-4b56-946e-2a002d8297ba",
+ "uuid": "05b04ca7-f93a-4aed-9746-1151e4457fa2",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -8608,7 +9330,7 @@
]
},
{
- "uuid": "a3ec1d4c-f684-4181-bfef-faa528a769bd",
+ "uuid": "34749d8f-17c1-4c5c-8a49-342024924bdb",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -8635,7 +9357,7 @@
]
},
{
- "uuid": "7f2d3785-bf76-4d0e-98e1-2938e7af8901",
+ "uuid": "ca04d470-5862-4271-b306-3570546c6a6f",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -8662,7 +9384,7 @@
]
},
{
- "uuid": "e8f97ed7-b3b5-437f-b180-52ddb40152f6",
+ "uuid": "37683ab2-0487-46a7-9daa-a08ba3298b01",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -8689,7 +9411,7 @@
]
},
{
- "uuid": "635be8d2-9bd6-49b9-9f68-da909c975c2e",
+ "uuid": "4a468cbf-a835-4530-a868-6e6d0e84ed2a",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -8716,7 +9438,7 @@
]
},
{
- "uuid": "2682ddab-b6c1-4362-a60c-01dd8195c28c",
+ "uuid": "40cc3e70-1ded-43c5-b772-607df05cffdd",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -8743,24 +9465,49 @@
]
},
{
- "uuid": "df6e1690-3fce-42ac-968b-82d6102169a4",
+ "uuid": "46e1ab96-563b-4f09-a2fb-c88449be7b64",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "a0246c11-4242-4409-8be1-dab1ccd230e4",
+ "uuid": "bbab3883-a335-4461-af69-1835ffd8d7cf",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -8782,29 +9529,29 @@
]
},
{
- "uuid": "167d231c-9bba-41ba-be04-51527f5a1c3e",
+ "uuid": "7438ee0a-d9b5-4c71-bdc6-b9d8c49ecf70",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "3781c288-137d-4547-9126-f2ad862c3c59",
+ "uuid": "e4e73a93-be28-428e-86e7-615aaa85f5d4",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -8817,7 +9564,7 @@
]
},
{
- "uuid": "5c26e710-f4c8-4a94-a8b9-0fa5831131e1",
+ "uuid": "cc13836b-1296-45b7-b998-7216800b4bbb",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -8834,7 +9581,7 @@
]
},
{
- "uuid": "7526868e-f5b8-4be5-9970-6d24bee2e9a2",
+ "uuid": "43be2628-432f-4cac-8c2c-d252280403ba",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -8851,7 +9598,7 @@
]
},
{
- "uuid": "91673708-9afb-4004-b797-2067f16d59c2",
+ "uuid": "d301c117-4c59-4b4d-a3cc-9c48a0b63871",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -8868,7 +9615,7 @@
]
},
{
- "uuid": "7ede720c-9905-4d3e-b3d0-a4228b470afd",
+ "uuid": "4d8eb289-ace2-4100-9e4e-6e62c9449edb",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -8885,7 +9632,7 @@
]
},
{
- "uuid": "189a4814-d6b2-41b0-8214-cb1b7aec367c",
+ "uuid": "b12f989c-d115-4135-aa0f-a8c28017f24e",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -8902,7 +9649,7 @@
]
},
{
- "uuid": "2f4894b5-3710-489d-8bd2-b06091a1c50e",
+ "uuid": "512e327d-a2ce-46a3-93a3-035a55dd6eca",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -8919,7 +9666,7 @@
]
},
{
- "uuid": "57a6ba07-e735-4423-8810-d30da3ea4c5f",
+ "uuid": "1b4b1471-983b-4991-aeb7-805f13d48f15",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -8936,7 +9683,7 @@
]
},
{
- "uuid": "c4dec1c4-6fe8-40c4-8330-426e8a753b47",
+ "uuid": "8a9c26d0-6c0d-4677-9f40-6b9db3730a25",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -8963,14 +9710,14 @@
]
},
{
- "uuid": "e0b21024-0ffc-4f80-ac6c-94a67af9be4c",
+ "uuid": "cb0deb54-16f5-41bd-85fe-35c003432b0f",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8985,22 +9732,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
@@ -9015,7485 +9767,8535 @@
"description": "openscap",
"props": [
{
- "name": "Rule_Id",
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "cis_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization according to the local policy.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "inactivity_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "login_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_idle_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify duration of allowed idle time.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_max_auth_tries_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of authentication attempts per connection.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable IP source routing?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv4 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enables source route verification",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent unnecessary logging",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept all router advertisements?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept default router advertisements by default?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
- "name": "Rule_Description",
+ "name": "Parameter_Description_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
- "name": "Check_Id",
+ "name": "Parameter_Value_Alternatives_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
- "name": "Check_Description",
+ "name": "Parameter_Id_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_0",
+ "name": "Parameter_Description_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "cis_banner_text",
+ "value": "Toggle IPv6 default Forwarding",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_0",
+ "name": "Parameter_Value_Alternatives_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization according to the local policy.",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_0",
+ "name": "Parameter_Id_27",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
+ "value": "var_account_disable_post_pw_expiration",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_1",
+ "name": "Parameter_Description_27",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "inactivity_timeout_value",
+ "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_1",
+ "name": "Parameter_Value_Alternatives_27",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
+ "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_1",
+ "name": "Parameter_Id_28",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
+ "value": "var_accounts_maximum_age_login_defs",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_2",
+ "name": "Parameter_Description_28",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "login_banner_text",
+ "value": "Maximum age of password in days",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_2",
+ "name": "Parameter_Value_Alternatives_28",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
+ "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_2",
+ "name": "Parameter_Id_29",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
+ "value": "var_accounts_password_warn_age_login_defs",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_3",
+ "name": "Parameter_Description_29",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_idle_timeout_value",
+ "value": "The number of days' warning given before a password expires.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_3",
+ "name": "Parameter_Value_Alternatives_29",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify duration of allowed idle time.",
+ "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_3",
+ "name": "Parameter_Id_30",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
+ "value": "var_accounts_passwords_pam_faillock_deny",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_4",
+ "name": "Parameter_Description_30",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_max_auth_tries_value",
+ "value": "Number of failed login attempts before account lockout",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_4",
+ "name": "Parameter_Value_Alternatives_30",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of authentication attempts per connection.",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_4",
+ "name": "Parameter_Id_31",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
+ "value": "var_accounts_passwords_pam_faillock_unlock_time",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_5",
+ "name": "Parameter_Description_31",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
+ "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_5",
+ "name": "Parameter_Value_Alternatives_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_32",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
+ "value": "var_accounts_tmout",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_5",
+ "name": "Parameter_Description_32",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
+ "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_6",
+ "name": "Parameter_Value_Alternatives_32",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
+ "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_6",
+ "name": "Parameter_Id_33",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
+ "value": "var_accounts_user_umask",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_6",
+ "name": "Parameter_Description_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter default user umask",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_multiple_time_servers",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The list of vendor-approved time servers",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_pam_wheel_group_for_su",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_hashing_algorithm",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_hashing_algorithm_pam",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_dictcheck",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Prevent the use of dictionary words for passwords.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 'default': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_difok",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of characters not present in old password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_maxrepeat",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum Number of Consecutive Repeating Characters in a Password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_maxsequence",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_minclass",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
+ "value": "Minimum number of categories of characters that must exist in a password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_7",
+ "name": "Parameter_Value_Alternatives_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_7",
+ "name": "Parameter_Id_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
+ "value": "var_password_pam_minlen",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_7",
+ "name": "Parameter_Description_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "Minimum number of characters in password",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_8",
+ "name": "Parameter_Value_Alternatives_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_8",
+ "name": "Parameter_Id_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "var_password_pam_remember",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_8",
+ "name": "Parameter_Description_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "Prevent password reuse using password history lookup",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_9",
+ "name": "Parameter_Value_Alternatives_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_9",
+ "name": "Parameter_Id_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "var_password_pam_remember_control_flag",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_9",
+ "name": "Parameter_Description_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_10",
+ "name": "Parameter_Value_Alternatives_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_10",
+ "name": "Parameter_Id_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "value": "var_postfix_inet_interfaces",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_10",
+ "name": "Parameter_Description_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_11",
+ "name": "Parameter_Value_Alternatives_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_11",
+ "name": "Parameter_Id_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "value": "var_screensaver_lock_delay",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_11",
+ "name": "Parameter_Description_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_12",
+ "name": "Parameter_Value_Alternatives_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_12",
+ "name": "Parameter_Id_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
+ "value": "var_selinux_policy_name",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_12",
+ "name": "Parameter_Description_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_13",
+ "name": "Parameter_Value_Alternatives_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_13",
+ "name": "Parameter_Id_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
+ "value": "var_sshd_max_sessions",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_13",
+ "name": "Parameter_Description_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "Specify the maximum number of open sessions permitted.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_14",
+ "name": "Parameter_Value_Alternatives_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_14",
+ "name": "Parameter_Id_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "var_sshd_set_keepalive",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_14",
+ "name": "Parameter_Description_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "Specify the maximum number of idle message counts before session is terminated.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_15",
+ "name": "Parameter_Value_Alternatives_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_15",
+ "name": "Parameter_Id_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
+ "value": "var_sshd_set_login_grace_time",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_15",
+ "name": "Parameter_Description_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_16",
+ "name": "Parameter_Value_Alternatives_51",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "value": "{'default': 60, 60: 60}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_16",
+ "name": "Parameter_Id_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "value": "var_sshd_set_maxstartups",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_16",
+ "name": "Parameter_Description_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_17",
+ "name": "Parameter_Value_Alternatives_52",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_17",
+ "name": "Parameter_Id_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "value": "var_sudo_timestamp_timeout",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_17",
+ "name": "Parameter_Description_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_18",
+ "name": "Parameter_Value_Alternatives_53",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_18",
+ "name": "Parameter_Id_54",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
+ "value": "var_user_initialization_files_regex",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Value_Alternatives_18",
+ "name": "Parameter_Description_54",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Id_19",
+ "name": "Parameter_Value_Alternatives_54",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
"remarks": "rule_set_000"
},
{
- "name": "Parameter_Description_19",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
- "remarks": "rule_set_000"
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Value_Alternatives_19",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Id_20",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Description_20",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
},
{
- "name": "Parameter_Value_Alternatives_20",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Id_21",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Description_21",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
- "remarks": "rule_set_000"
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Value_Alternatives_21",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
},
{
- "name": "Parameter_Id_22",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Description_22",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Value_Alternatives_22",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Id_23",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Description_23",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Value_Alternatives_23",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Id_24",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Description_24",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Value_Alternatives_24",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Id_25",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Description_25",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
- "remarks": "rule_set_000"
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Value_Alternatives_25",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Id_26",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Description_26",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Value_Alternatives_26",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Id_27",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_account_disable_post_pw_expiration",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Description_27",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Value_Alternatives_27",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Id_28",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_maximum_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Description_28",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum age of password in days",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Value_Alternatives_28",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Id_29",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_password_warn_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Description_29",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days' warning given before a password expires.",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Value_Alternatives_29",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Id_30",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Description_30",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Number of failed login attempts before account lockout",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Value_Alternatives_30",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Id_31",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Description_31",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Value_Alternatives_31",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Id_32",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_tmout",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Description_32",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Value_Alternatives_32",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Id_33",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_user_umask",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Description_33",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter default user umask",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Value_Alternatives_33",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Id_34",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_multiple_time_servers",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Description_34",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The list of vendor-approved time servers",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Value_Alternatives_34",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Id_35",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_pam_wheel_group_for_su",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Description_35",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Value_Alternatives_35",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Id_36",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Description_36",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Value_Alternatives_36",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Id_37",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm_pam",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Description_37",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Value_Alternatives_37",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Id_38",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_dictcheck",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Description_38",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent the use of dictionary words for passwords.",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Value_Alternatives_38",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 'default': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Id_39",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_difok",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Description_39",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters not present in old password",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Value_Alternatives_39",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Id_40",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_maxrepeat",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Description_40",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum Number of Consecutive Repeating Characters in a Password",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Value_Alternatives_40",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Id_41",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minclass",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Description_41",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of categories of characters that must exist in a password",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Value_Alternatives_41",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Id_42",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minlen",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Description_42",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters in password",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Value_Alternatives_42",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Id_43",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Description_43",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent password reuse using password history lookup",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Value_Alternatives_43",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Id_44",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember_control_flag",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Description_44",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Value_Alternatives_44",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Id_45",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_postfix_inet_interfaces",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Description_45",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Value_Alternatives_45",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Id_46",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_screensaver_lock_delay",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Description_46",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Value_Alternatives_46",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Id_47",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_policy_name",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Description_47",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Value_Alternatives_47",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Id_48",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_max_sessions",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Description_48",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of open sessions permitted.",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Value_Alternatives_48",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Id_49",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_keepalive",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Description_49",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of idle message counts before session is terminated.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Value_Alternatives_49",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Id_50",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_login_grace_time",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Description_50",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Value_Alternatives_50",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 60, 60: 60}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Id_51",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_maxstartups",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Description_51",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Value_Alternatives_51",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Id_52",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Description_52",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Value_Alternatives_52",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Id_53",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_user_initialization_files_regex",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Description_53",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Value_Alternatives_53",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_027"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_027"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_027"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_027"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_028"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_028"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_028"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_028"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_029"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_029"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_029"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_029"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_030"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_030"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_030"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_030"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_031"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_031"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_031"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_031"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_006"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_032"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_006"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_032"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_006"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_032"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_006"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_032"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_007"
+ "value": "grub2_password",
+ "remarks": "rule_set_033"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_007"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_033"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_007"
+ "value": "grub2_password",
+ "remarks": "rule_set_033"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_007"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_033"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_008"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_034"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_008"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_034"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_008"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_034"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_008"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_034"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_009"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_035"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_035"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_009"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_035"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_035"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_010"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_036"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_010"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_036"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_010"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_036"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_010"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_036"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_011"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_037"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_011"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_037"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_011"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_037"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_011"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_037"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_012"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_038"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_012"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_038"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_012"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_038"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_012"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_038"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_013"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_039"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_039"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_013"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_039"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_039"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_014"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_040"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_014"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_040"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_014"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_040"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_014"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_040"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_015"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_041"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_015"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_041"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_015"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_041"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_015"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_041"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_016"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_042"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_016"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_042"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_016"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_042"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_016"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_042"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_017"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_043"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_017"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_043"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_017"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_043"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_017"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_043"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_018"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_044"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_018"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_044"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_018"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_044"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_018"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_044"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_019"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_045"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_019"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_045"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_019"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_045"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_019"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_045"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_020"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_046"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_046"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_020"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_046"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_046"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_021"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_047"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_021"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_047"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_021"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_047"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_021"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_047"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_022"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_048"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_022"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_048"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_022"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_048"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_022"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_048"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_023"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_049"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_049"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_023"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_049"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_049"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_024"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_050"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_024"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_050"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_024"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_050"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_024"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_050"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_025"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_051"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_025"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_051"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_025"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_051"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_025"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_051"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_026"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_052"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_052"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_026"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_052"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_052"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_027"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_053"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_027"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_053"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_027"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_053"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_027"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_053"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_028"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_054"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_028"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_054"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_028"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_054"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_028"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_029"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_029"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_029"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_029"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_030"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_030"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_030"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_030"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_031"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_031"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_031"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_031"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_032"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_032"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_032"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_032"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_033"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_033"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_033"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_033"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_034"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_034"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_034"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_034"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_035"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_035"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_035"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_035"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_036"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_036"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_036"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_036"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_037"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_037"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_038"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_038"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_039"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_039"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_040"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_040"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_040"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_040"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_041"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_041"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_041"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_041"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_042"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_042"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_042"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_042"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_043"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_043"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_043"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_043"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_044"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_044"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_044"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_044"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_045"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_045"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_045"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_045"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_046"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_046"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_046"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_046"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_047"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_047"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_047"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_047"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_048"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_048"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_048"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_048"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_049"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_049"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_049"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_049"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_050"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_050"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_050"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_050"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_051"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_051"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_051"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_051"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_052"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_052"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_052"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_052"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_053"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_053"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_053"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_053"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_054"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_054"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_054"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_054"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_055"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_055"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_055"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_055"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_056"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_056"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_056"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_056"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_057"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_057"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_057"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_057"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_058"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_058"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_058"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_058"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_059"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_059"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_059"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_059"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_060"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_060"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_060"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_060"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_061"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_061"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_061"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_061"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_062"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_062"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_062"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_062"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_063"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_063"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_063"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_063"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_064"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_064"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_064"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_064"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_065"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_065"
+ "value": "Install the cron service",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_065"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_065"
+ "value": "Install the cron service",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_066"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_066"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_066"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_066"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_067"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_067"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_067"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_067"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_068"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_068"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_068"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_068"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_069"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_069"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_069"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_069"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_070"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_070"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_070"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_070"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_071"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_071"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_071"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_071"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_072"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_072"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_072"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_072"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_073"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_073"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_073"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_073"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_074"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_074"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_074"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_074"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_075"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_075"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_075"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_075"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_076"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_076"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_076"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_076"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_077"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_077"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_077"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_077"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_078"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_078"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_078"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_078"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_079"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_079"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_079"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_079"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_080"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_080"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_080"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_080"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_081"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_081"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_081"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_081"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_082"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_082"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_082"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_082"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_083"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_083"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_083"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_083"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_084"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_084"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_084"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_084"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_085"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_085"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_085"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_085"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_086"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_086"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_086"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_086"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_087"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_087"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_087"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_087"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_088"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_088"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_088"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_088"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_089"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_089"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_089"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_089"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_090"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_090"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_090"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_090"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_091"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_091"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_091"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_091"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_092"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_092"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_092"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_092"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_093"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_093"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_093"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_093"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_094"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_094"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_094"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_094"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_095"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_095"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_095"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_095"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_096"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_096"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_096"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_096"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_097"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_097"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_097"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_097"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_098"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_098"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_098"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_098"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_099"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_099"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_099"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_099"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_100"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_100"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_100"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_100"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_101"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_101"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_101"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_101"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_102"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_102"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_102"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_102"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_103"
+ "value": "sysctl_net_ipv4_ip_forward",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_103"
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_103"
+ "value": "sysctl_net_ipv4_ip_forward",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_103"
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_104"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_104"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_104"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_104"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_105"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_105"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_105"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_105"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_106"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_106"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_106"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_106"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_107"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_107"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_107"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_107"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_108"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_108"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_108"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_108"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_109"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_109"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_109"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_109"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_110"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_110"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_110"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_110"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_111"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_111"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_111"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_111"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
- "remarks": "rule_set_112"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
- "remarks": "rule_set_112"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
- "remarks": "rule_set_112"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
- "remarks": "rule_set_112"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_113"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_113"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_113"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_113"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_114"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_114"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_114"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_114"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_115"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_115"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_115"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_115"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_116"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_116"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_116"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_116"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_117"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_117"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_117"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_117"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_118"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_118"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_118"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_118"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_119"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_119"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_119"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_119"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_120"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_120"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_120"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_120"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_121"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_121"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_121"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_121"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_122"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_122"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_122"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_122"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_123"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_123"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_123"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_123"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_124"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_124"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_124"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_124"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_125"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_125"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_126"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_126"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_126"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_126"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_127"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_127"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_127"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_127"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_128"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_128"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_128"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_128"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_129"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_129"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_129"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_129"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_130"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_130"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_131"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_131"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_131"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_131"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_132"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_132"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_133"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_133"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_133"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_133"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_134"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_134"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_134"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_134"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_135"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_135"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_135"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_135"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_136"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_136"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_136"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_136"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_137"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_137"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_137"
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_137"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_138"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_138"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_138"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_138"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_139"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_139"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_139"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_139"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_140"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_140"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_140"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_140"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_141"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_141"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_141"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_141"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_142"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_142"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_142"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_142"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_143"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_143"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_143"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_143"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_144"
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_144"
+ "remarks": "rule_set_170"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_144"
+ "remarks": "rule_set_170"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_144"
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_145"
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_145"
+ "remarks": "rule_set_171"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_145"
+ "remarks": "rule_set_171"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_145"
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_146"
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_146"
+ "remarks": "rule_set_172"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_146"
+ "remarks": "rule_set_172"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_146"
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_147"
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_147"
+ "remarks": "rule_set_173"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_147"
+ "remarks": "rule_set_173"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_147"
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_148"
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_148"
+ "remarks": "rule_set_174"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_148"
+ "remarks": "rule_set_174"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_148"
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_149"
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_149"
+ "remarks": "rule_set_175"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_149"
+ "remarks": "rule_set_175"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_149"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_150"
- },
- {
- "name": "Rule_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_150"
- },
- {
- "name": "Check_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_150"
- },
- {
- "name": "Check_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_150"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_151"
- },
- {
- "name": "Rule_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_151"
- },
- {
- "name": "Check_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_151"
- },
- {
- "name": "Check_Description",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_151"
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_limit_user_access",
- "remarks": "rule_set_152"
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Users' SSH Access",
- "remarks": "rule_set_152"
+ "remarks": "rule_set_176"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_limit_user_access",
- "remarks": "rule_set_152"
+ "remarks": "rule_set_176"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Users' SSH Access",
- "remarks": "rule_set_152"
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable SSH Warning Banner",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_177"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_177"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable SSH Warning Banner",
- "remarks": "rule_set_153"
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_idle_timeout",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_178"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_idle_timeout",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_178"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_154"
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_keepalive",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_179"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_keepalive",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_179"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_155"
+ "remarks": "rule_set_179"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding",
+ "remarks": "rule_set_180"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable SSH Forwarding",
+ "remarks": "rule_set_180"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding",
+ "remarks": "rule_set_180"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable SSH Forwarding",
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_gssapi_auth",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable GSSAPI Authentication",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_181"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_gssapi_auth",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_181"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable GSSAPI Authentication",
- "remarks": "rule_set_156"
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "disable_host_auth",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable Host-Based Authentication",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_182"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "disable_host_auth",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_182"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable Host-Based Authentication",
- "remarks": "rule_set_157"
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_rhosts",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_183"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_rhosts",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_183"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_158"
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_login_grace_time",
- "remarks": "rule_set_159"
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_159"
+ "remarks": "rule_set_184"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_login_grace_time",
- "remarks": "rule_set_159"
+ "remarks": "rule_set_184"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_159"
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_160"
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_160"
+ "remarks": "rule_set_185"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_160"
+ "remarks": "rule_set_185"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_160"
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_161"
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_maxstartups",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_maxstartups",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_162"
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_sessions",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_set_max_sessions",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_163"
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_164"
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_root_login",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Root Login",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_disable_root_login",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable SSH Root Login",
- "remarks": "rule_set_165"
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_166"
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_pam",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable PAM",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sshd_enable_pam",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable PAM",
- "remarks": "rule_set_167"
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_sudo_installed",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install sudo Package",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_sudo_installed",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install sudo Package",
- "remarks": "rule_set_168"
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_add_use_pty",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_add_use_pty",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_169"
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_custom_logfile",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_custom_logfile",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_170"
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_171"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_171"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_171"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_171"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_require_reauthentication",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sudo_require_reauthentication",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_172"
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_173"
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_174"
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_pam_pwquality_installed",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install pam_pwquality Package",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_pam_pwquality_installed",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install pam_pwquality Package",
- "remarks": "rule_set_175"
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_176"
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_177"
+ "remarks": "rule_set_202"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_203"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_203"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_203"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_203"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_204"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_204"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_204"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_204"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_205"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_205"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_205"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_206"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_206"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_178"
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_179"
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_179"
+ "remarks": "rule_set_207"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_179"
+ "remarks": "rule_set_207"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_179"
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_difok",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_208"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_difok",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_208"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_180"
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_minlen",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_209"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_minlen",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_209"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_181"
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_minclass",
- "remarks": "rule_set_182"
+ "remarks": "rule_set_210"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_210"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_minclass",
+ "remarks": "rule_set_210"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_210"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_182"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_211"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
- "remarks": "rule_set_182"
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_211"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_182"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_183"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_183"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_212"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_183"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_212"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_183"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_213"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_213"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_184"
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_214"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_214"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_185"
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_215"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_215"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_186"
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_216"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_216"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_187"
+ "remarks": "rule_set_216"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_217"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_217"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_217"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_218"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_218"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_188"
+ "remarks": "rule_set_218"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_219"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_219"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_219"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_220"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_220"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_189"
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_190"
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_190"
+ "remarks": "rule_set_221"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_190"
+ "remarks": "rule_set_221"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_190"
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_191"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_191"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_222"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_191"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_222"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_191"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_192"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_192"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_223"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_192"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_223"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_192"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_193"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_193"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_224"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_193"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_224"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_193"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_194"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_194"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_225"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_194"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_225"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_194"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_195"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_195"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_226"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_195"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_226"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_195"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_227"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_227"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_196"
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_197"
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_198"
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_199"
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_199"
+ "remarks": "rule_set_230"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_199"
+ "remarks": "rule_set_230"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_199"
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_200"
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_200"
+ "remarks": "rule_set_231"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_200"
+ "remarks": "rule_set_231"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_200"
+ "remarks": "rule_set_231"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_232"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_232"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_232"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_201"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_201"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_201"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_201"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_root_password_configured",
- "remarks": "rule_set_202"
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_202"
+ "remarks": "rule_set_234"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "ensure_root_password_configured",
- "remarks": "rule_set_202"
+ "remarks": "rule_set_234"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_202"
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_203"
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_203"
+ "remarks": "rule_set_235"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_203"
+ "remarks": "rule_set_235"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_203"
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "root_path_no_dot",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_236"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "root_path_no_dot",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_236"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_204"
+ "remarks": "rule_set_236"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_237"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_237"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_237"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_238"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_238"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_205"
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_239"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_239"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_206"
+ "remarks": "rule_set_239"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_240"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_240"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_240"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_tmout",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Interactive Session Timeout",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_241"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_tmout",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_241"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Set Interactive Session Timeout",
- "remarks": "rule_set_207"
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_242"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_242"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_208"
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_209"
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_209"
+ "remarks": "rule_set_243"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_209"
+ "remarks": "rule_set_243"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_209"
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_profile",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_244"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_umask_etc_profile",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_244"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_210"
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_aide_installed",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install AIDE",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_245"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_aide_installed",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_245"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install AIDE",
- "remarks": "rule_set_211"
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_build_database",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Build and Test AIDE Database",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_246"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_build_database",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_246"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Build and Test AIDE Database",
- "remarks": "rule_set_212"
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_periodic_cron_checking",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_247"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_periodic_cron_checking",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_247"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_213"
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_check_audit_tools",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_248"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "aide_check_audit_tools",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_248"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_214"
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "service_systemd-journald_enabled",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable systemd-journald Service",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "service_systemd-journald_enabled",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Enable systemd-journald Service",
- "remarks": "rule_set_215"
+ "remarks": "rule_set_249"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_250"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_250"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_250"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_251"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_251"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_216"
+ "remarks": "rule_set_251"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_252"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_252"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_252"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_253"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_253"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_217"
+ "remarks": "rule_set_253"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_254"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_254"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_254"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_compress",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_255"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_compress",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_255"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_218"
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_storage",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_256"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "journald_storage",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_256"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_219"
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_groupownership",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_257"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_groupownership",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_257"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_220"
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_ownership",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_258"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_ownership",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_258"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_221"
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_permissions",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_259"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "rsyslog_files_permissions",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_259"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_222"
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_260"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_260"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_223"
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_passwd",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_261"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_passwd",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_261"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_224"
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_passwd",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on passwd File",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_262"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_passwd",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_262"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on passwd File",
- "remarks": "rule_set_225"
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_226"
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_227"
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_228"
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_group",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns group File",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_group",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns group File",
- "remarks": "rule_set_229"
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_group",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns group File",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_group",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns group File",
- "remarks": "rule_set_230"
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_group",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on group File",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_group",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on group File",
- "remarks": "rule_set_231"
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_232"
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_group",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_group",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_233"
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_234"
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_shadow",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_shadow",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_235"
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_236"
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_shadow",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on shadow File",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_shadow",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on shadow File",
- "remarks": "rule_set_237"
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_238"
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_239"
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_240"
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_241"
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_gshadow",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_etc_gshadow",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_242"
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_243"
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_244"
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_245"
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_246"
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_246"
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_283"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_284"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_285"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_286"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_287"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_288"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_288"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_246"
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_288"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_246"
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_247"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_247"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_289"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_247"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_289"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_247"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_248"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_248"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_290"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_248"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_290"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_248"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_249"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_249"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_291"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_249"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_291"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_249"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_250"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_292"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_250"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_292"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_250"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_292"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_250"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_292"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_293"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_293"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_293"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_251"
+ "remarks": "rule_set_293"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_294"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_294"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_294"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_252"
+ "remarks": "rule_set_294"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_253"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_295"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_253"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_295"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_253"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_295"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_253"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_295"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_254"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_254"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_254"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_254"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_all_shadowed",
- "remarks": "rule_set_255"
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_255"
+ "remarks": "rule_set_297"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_password_all_shadowed",
- "remarks": "rule_set_255"
+ "remarks": "rule_set_297"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_255"
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_256"
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_256"
+ "remarks": "rule_set_298"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_256"
+ "remarks": "rule_set_298"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_256"
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "gid_passwd_group_same",
- "remarks": "rule_set_257"
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_257"
+ "remarks": "rule_set_299"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "gid_passwd_group_same",
- "remarks": "rule_set_257"
+ "remarks": "rule_set_299"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_257"
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_id",
- "remarks": "rule_set_258"
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_258"
+ "remarks": "rule_set_300"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_id",
- "remarks": "rule_set_258"
+ "remarks": "rule_set_300"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_258"
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_id",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_id",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_259"
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_name",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "account_unique_name",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_260"
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_name",
- "remarks": "rule_set_261"
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_261"
+ "remarks": "rule_set_303"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "group_unique_name",
- "remarks": "rule_set_261"
+ "remarks": "rule_set_303"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_261"
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_262"
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_262"
+ "remarks": "rule_set_304"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_262"
+ "remarks": "rule_set_304"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_262"
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_home_directories",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_home_directories",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_263"
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_home_directories",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_home_directories",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_264"
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_265"
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_266"
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_267"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_267"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_309"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_267"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_309"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_267"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_268"
+ "value": "no_forward_files",
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_268"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_310"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_268"
+ "value": "no_forward_files",
+ "remarks": "rule_set_310"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_268"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_269"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_269"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_311"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_269"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_311"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_269"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_270"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_270"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_312"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_270"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_312"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_270"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_312"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_313"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_313"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_313"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_313"
}
],
"control-implementations": [
{
- "uuid": "cc7ad945-e940-4367-a7f2-2641ad930f95",
+ "uuid": "90e597d7-9910-4d1b-8520-458680202fd8",
"source": "trestle://profiles/fedora-cis_fedora-l1_workstation/profile.json",
"description": "Control implementation for cis_workstation_l1",
"props": [
@@ -16534,18 +18336,6 @@
"4"
]
},
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
{
"param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"values": [
@@ -16588,6 +18378,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
"values": [
@@ -16666,6 +18462,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "var_account_disable_post_pw_expiration",
"values": [
@@ -16723,7 +18525,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -16750,6 +18552,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -16817,9 +18625,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -16831,7 +18639,7 @@
],
"implemented-requirements": [
{
- "uuid": "57c7fa9b-5c70-4a0b-9cc5-22f67d1395de",
+ "uuid": "2c5a984d-022e-48c1-8291-1756412fb9ec",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -16848,7 +18656,7 @@
]
},
{
- "uuid": "4787c593-0a78-4eb6-8f17-fbc8ef40d518",
+ "uuid": "83d52231-b529-4aab-865f-e20831af8401",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -16865,7 +18673,7 @@
]
},
{
- "uuid": "111a2a26-a89b-49d3-9b1b-49addcddfd11",
+ "uuid": "9093735a-9eac-49a1-b9bc-b2db2be6f4e6",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -16882,7 +18690,7 @@
]
},
{
- "uuid": "88883eb2-c995-42fc-aa4a-0ba113b62b1c",
+ "uuid": "25dcd669-6096-4472-b3f2-52b5021219e7",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -16899,7 +18707,7 @@
]
},
{
- "uuid": "69975c26-2488-427f-b4dc-bf4f726a16a3",
+ "uuid": "bea83920-4380-46d5-99e1-63aa0746c172",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -16916,7 +18724,7 @@
]
},
{
- "uuid": "36a30956-8d46-4158-b251-2b48591fc502",
+ "uuid": "2841ab75-d580-4fba-9ed1-8c5d449c27d1",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -16933,7 +18741,7 @@
]
},
{
- "uuid": "6abbc324-fbc1-46e7-91a5-f77f9b892b86",
+ "uuid": "296d29bd-f050-4bd3-bf9c-d7529b6e8655",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -16946,7 +18754,7 @@
]
},
{
- "uuid": "1c19db29-5f85-4b5c-99a5-f9c06d2014d1",
+ "uuid": "9a594a26-324c-46df-ba60-d3432526ffd9",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -16963,7 +18771,7 @@
]
},
{
- "uuid": "7cb083b6-2767-48e6-8861-8951f3415d98",
+ "uuid": "b9415d40-8b86-4251-98b3-2ba07570b8e5",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -16980,7 +18788,7 @@
]
},
{
- "uuid": "d54b7b5c-6332-4ee4-a212-9e297e96a1e0",
+ "uuid": "21803202-9ff5-4fb3-9386-ee8d62fd96e4",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -16997,7 +18805,7 @@
]
},
{
- "uuid": "4815cd00-a500-413f-a42d-e22e3ddf10b1",
+ "uuid": "3774b082-8917-4acf-8e71-79215c7a1b98",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -17014,7 +18822,7 @@
]
},
{
- "uuid": "f448ed48-73c8-4de2-bc3a-f7722ed159ec",
+ "uuid": "3ea7d05b-0026-4ea4-af6f-d8a8d1cde97f",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -17031,7 +18839,7 @@
]
},
{
- "uuid": "0dfbb6fa-2921-4cbb-b5c1-95dfc132e6b4",
+ "uuid": "67052535-47de-4e0e-aca4-2360ae943e22",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -17048,7 +18856,7 @@
]
},
{
- "uuid": "7302163f-5d47-4fb1-bdc3-84e4fe064378",
+ "uuid": "f37e141d-ca2c-4930-9ffd-edaca665417f",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -17065,7 +18873,7 @@
]
},
{
- "uuid": "1ed40054-acfc-42c5-a9fc-29f13c53fdab",
+ "uuid": "f831617a-66ca-4e4f-8035-c336a9e08965",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -17082,7 +18890,7 @@
]
},
{
- "uuid": "674172d8-2ce5-4bc7-983b-1a42803caf20",
+ "uuid": "77ac6125-2a08-495b-9d8f-500f182dfcc0",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -17099,7 +18907,7 @@
]
},
{
- "uuid": "0d8f4c63-57bc-42e6-a567-8f7e5fd6af36",
+ "uuid": "d4b2f5a2-7d45-4c6a-9512-c5745bed7237",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -17116,7 +18924,7 @@
]
},
{
- "uuid": "1e5c8a47-e942-4393-9323-765a02321332",
+ "uuid": "41d936a3-2496-4e1d-9c50-89f04e443c23",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -17133,7 +18941,7 @@
]
},
{
- "uuid": "557a9897-8812-43be-98b8-0f5f462cad13",
+ "uuid": "db35ddd8-e04d-4145-8cb1-22556f417438",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -17150,7 +18958,7 @@
]
},
{
- "uuid": "d1eee194-96ed-45ab-a12e-40bb0480f13c",
+ "uuid": "866061b8-3997-4e49-adbf-303bf7cecf8b",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -17167,7 +18975,7 @@
]
},
{
- "uuid": "84e3d7fa-298e-4052-9740-0b441d5a2cea",
+ "uuid": "5448b68b-f8d5-41a0-a85a-f45c476301d5",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -17184,7 +18992,7 @@
]
},
{
- "uuid": "fe5e8796-247c-4274-ac58-6eb2af0b5de2",
+ "uuid": "bc4fa19b-c32e-4ec7-ab6a-fe6ff29c460b",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -17201,7 +19009,7 @@
]
},
{
- "uuid": "cd1a19b0-7703-44e4-bd70-a02be8940bcb",
+ "uuid": "243f486a-8fb2-4ba2-bbda-c5890e8c5cd7",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -17218,7 +19026,7 @@
]
},
{
- "uuid": "e4f8453e-efc9-4fb4-99bf-e320ccfa23af",
+ "uuid": "7be20c0a-3541-4f28-bfb8-2b6d6cfb685e",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -17235,7 +19043,7 @@
]
},
{
- "uuid": "9ef9f9fb-0f1e-419a-9242-a7b50d142a51",
+ "uuid": "7f9817f1-9011-4e0f-8a1c-88612356a040",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -17252,7 +19060,7 @@
]
},
{
- "uuid": "bec7b397-7aee-4e63-aab3-39f8d65c3755",
+ "uuid": "ef7acc98-f8c1-494e-a939-1fcc857fbb5e",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -17269,7 +19077,7 @@
]
},
{
- "uuid": "17412e8a-be6d-4b56-a22d-84ff37277252",
+ "uuid": "792450bb-93bc-46ea-9765-6ccff845e6cc",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -17286,7 +19094,7 @@
]
},
{
- "uuid": "5e3a89c7-694d-4064-8615-d4f2baeb5d48",
+ "uuid": "58d6fe37-737d-4c30-95b5-569bd870cb5b",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -17303,7 +19111,7 @@
]
},
{
- "uuid": "286e4fc0-f8a8-4406-b5cd-0af2037b7569",
+ "uuid": "f9b2e80d-288e-49d4-93f9-c178436f49a2",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -17316,7 +19124,7 @@
]
},
{
- "uuid": "ccc94ecd-d904-49ee-9567-2b419367cd43",
+ "uuid": "ab00350c-bd8a-4d18-80d1-8ac42822128a",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -17333,7 +19141,7 @@
]
},
{
- "uuid": "acbc479f-9400-4951-8712-bbf51cba33ee",
+ "uuid": "89210a6f-2ae1-43d2-a422-21c76accc584",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -17346,7 +19154,7 @@
]
},
{
- "uuid": "06c26f7c-d164-4f63-af48-d4735befe55c",
+ "uuid": "6aae5670-e85c-4dc0-9f61-27fc2f1a4492",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -17359,7 +19167,7 @@
]
},
{
- "uuid": "9ed1396d-961d-44a6-bcbf-c78897cdaed2",
+ "uuid": "9155c63e-5417-40da-acb5-be4aa31f0f6e",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -17376,7 +19184,7 @@
]
},
{
- "uuid": "9bee71ce-8882-4fab-ac1f-0ee2f10f63d0",
+ "uuid": "89806d8d-4b4e-4b2f-80ef-9cac70d4a245",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -17393,7 +19201,7 @@
]
},
{
- "uuid": "81ff6026-86e8-44af-91b7-83fa221b80ba",
+ "uuid": "04cdb8cc-b37b-4fca-a990-6dde08ec9ba7",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -17410,7 +19218,7 @@
]
},
{
- "uuid": "7b003661-e9f5-4d7d-ae3b-56848ee19567",
+ "uuid": "7fc2beae-92ea-4818-bb2e-50bc9891d3a8",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -17427,7 +19235,7 @@
]
},
{
- "uuid": "b53d97dd-7a96-4c9a-b2ad-105f277cf3ba",
+ "uuid": "1b52a38d-ae8f-4b8b-90d4-fa81cf86192f",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -17444,7 +19252,7 @@
]
},
{
- "uuid": "d10ceb0b-c28c-4863-b3df-70b122dfa7f4",
+ "uuid": "decdb615-03f1-483d-b8d0-a5e53ed65ab3",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -17461,180 +19269,204 @@
]
},
{
- "uuid": "e3ebc352-2d76-4355-b897-4e8f7cdfe9d8",
+ "uuid": "265b92d3-e870-4655-bebe-0f80cbe72deb",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "522744cc-98ac-46a2-a728-571cdda6f0d2",
+ "uuid": "0d6af326-5241-4fc4-b73b-1161f9d93dad",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "5c8c8c61-c543-4dcf-b843-6cb444e500f4",
+ "uuid": "8ae9f58a-8397-4ca7-a565-8703cb9aeda6",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "e57c94a2-5fcf-42f2-8c13-490e7f3521a9",
+ "uuid": "29c0a469-6154-4e3f-a456-5d7294f4b1c8",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "79dcd2be-1e2c-44e8-854c-66b71d01457e",
+ "uuid": "314383cb-f773-4394-9739-7b43c003ef86",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "f67c743d-ff99-4714-ad9f-e7795a2c8db5",
+ "uuid": "6c1b102c-3cb6-423c-81a2-3b450f8ec9c5",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "898e5051-0877-4576-aa41-bb8566556fba",
+ "uuid": "df105a96-a0a4-45d3-a99e-e8ea2e3fa20b",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "45982dca-243f-4fc7-baab-14d273d2a356",
+ "uuid": "6f9d9920-c4fe-4a4a-8504-c274aa7eaacf",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "2e9d3b23-43b4-4a2a-ac6a-9f3df28096a6",
+ "uuid": "d0d78223-12ca-4d05-9db0-41c40bbc800f",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "3ac5bc9f-642c-41af-bccd-55ec0231191c",
+ "uuid": "e4946f4d-0f24-4f61-867e-24c516af0b17",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "2a95b9ec-7585-453a-b218-ae2323490fb7",
+ "uuid": "2f983623-a8c6-4480-9690-b0ba3e8c547d",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "d6e357e5-ce9d-49a3-bdaf-7bf021338463",
+ "uuid": "d5c5b7f0-918f-45ff-a8ee-eca12cdc0ec1",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -17646,50 +19478,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "871a56c0-efc6-4793-862b-6b27ee13daac",
+ "uuid": "e4095825-ab08-4f25-839d-5d025dce8feb",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "dab8a701-cbe5-471f-9329-c201d8f9ee3b",
+ "uuid": "0e8c8210-a404-4efd-9293-df1d9857e536",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "eb227bc1-f9b7-41ec-beed-25d7c4c5d89b",
+ "uuid": "cd71e7e4-6a6b-47ca-b480-4253c27f4b48",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "8679ae9c-309e-49b5-875a-f32a31b1795a",
+ "uuid": "98db3a23-4996-414c-99e1-20f472677f93",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -17706,7 +19551,7 @@
]
},
{
- "uuid": "a7d9e777-45b5-46ca-ad4d-4a8d9d8b53f7",
+ "uuid": "166e7649-2e16-4c49-9229-33cf6f9db5c6",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -17723,7 +19568,7 @@
]
},
{
- "uuid": "7de57aa9-9377-421c-986f-ec83622354d6",
+ "uuid": "9ed1b09a-cf12-470a-a1d6-714bdb656b02",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -17740,7 +19585,7 @@
]
},
{
- "uuid": "d3c9a075-30ea-471c-ad59-9a77b1f0e129",
+ "uuid": "0126f732-8994-4d95-a29f-f2635586f9dd",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -17767,7 +19612,7 @@
]
},
{
- "uuid": "1a62b855-bac3-4cb1-b5ae-abf234462529",
+ "uuid": "97d848e1-1f02-4488-a245-e1a6df9e8bac",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -17794,7 +19639,7 @@
]
},
{
- "uuid": "703da25d-3604-4ebc-9f20-7258f42ce934",
+ "uuid": "b80adc2d-a57b-472c-ba98-d5c933576a78",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -17821,14 +19666,14 @@
]
},
{
- "uuid": "1a77f4e1-c57e-4698-8c0c-c4c50effb543",
+ "uuid": "1009da8e-d958-440e-ad2f-3eb2b8b3cb1b",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -17843,7 +19688,7 @@
]
},
{
- "uuid": "1af3f4d9-8554-41f5-a7cd-152799bdf662",
+ "uuid": "8ac6a5ba-f9ae-4d32-b485-d116949da74c",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -17860,14 +19705,14 @@
]
},
{
- "uuid": "04583432-3a56-4cdf-99f9-4469d51a471b",
+ "uuid": "82fd6bf6-ae78-467f-81f2-7e56e74c8fc6",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -17878,18 +19723,28 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "f21c5b3f-88fa-41a8-b6c2-9f0caf1215b3",
+ "uuid": "3130b0e3-c03e-4ec7-be52-3da18b13d8c1",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -17899,7 +19754,7 @@
]
},
{
- "uuid": "aa7ec18f-d9be-4813-8a52-9b3168d2913d",
+ "uuid": "59fd4178-64e8-4001-89f9-ea50f62b457c",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -17912,7 +19767,7 @@
]
},
{
- "uuid": "1893c1b3-c477-4d22-91eb-cc111e3710b5",
+ "uuid": "b355b29d-8ad9-422d-8461-858aed5ec676",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -17929,7 +19784,7 @@
]
},
{
- "uuid": "23048014-fbae-47d2-bb9b-eb2ead211dbe",
+ "uuid": "074d7cca-efb4-417b-ac7e-0626d6d0712c",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -17946,7 +19801,7 @@
]
},
{
- "uuid": "dc69ff1d-e7f8-493d-9471-957d229634f9",
+ "uuid": "31ae1085-7cea-4d78-a4b3-602c09cadf2b",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -17963,7 +19818,7 @@
]
},
{
- "uuid": "f536fe22-293b-450b-907b-92d70dce0254",
+ "uuid": "fcabce88-7c8d-4285-b566-eec846e719aa",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -17980,7 +19835,7 @@
]
},
{
- "uuid": "422bfc06-1d06-4544-858d-486bc83638c4",
+ "uuid": "a60a4a5e-3d52-4ceb-b0b4-b2099683df53",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -18002,7 +19857,7 @@
]
},
{
- "uuid": "8bafd078-8d0e-4d93-92e3-6854917f7ed9",
+ "uuid": "3c61cbea-fc13-41df-aa57-2913397ace32",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -18019,7 +19874,7 @@
]
},
{
- "uuid": "ca5675e1-f533-4795-bb6c-f3b0360c2323",
+ "uuid": "7c255b1d-e728-4265-850a-14939d765e36",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -18031,7 +19886,7 @@
]
},
{
- "uuid": "062f373f-37b7-451e-a1c2-c19453a386a0",
+ "uuid": "6cf6c2ef-c411-462e-931e-b7d08c748be7",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -18048,7 +19903,7 @@
]
},
{
- "uuid": "dab27900-ab53-474d-aaa5-a84d7703019c",
+ "uuid": "5b0750e4-c35c-4389-bd95-94d8fa90dc07",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -18065,7 +19920,7 @@
]
},
{
- "uuid": "cf80cd73-802f-4b02-bc38-c6a347f07457",
+ "uuid": "2cfcdded-04c2-442d-84ea-27c61618835c",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -18082,7 +19937,7 @@
]
},
{
- "uuid": "216ea6ed-356f-42b7-84dd-4e9fd328cad7",
+ "uuid": "783af7ac-a537-43a6-8b37-cdac016c4033",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -18099,7 +19954,7 @@
]
},
{
- "uuid": "5f9db7b7-4231-4c30-8319-9360dd9a656c",
+ "uuid": "e4d0aabe-aebf-4edc-8483-f807685607e6",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -18116,7 +19971,7 @@
]
},
{
- "uuid": "e4dc01db-39ab-4f64-8b7c-d2b1991565e0",
+ "uuid": "b19288c2-e50b-4009-9770-60d0fcc8a30f",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -18133,7 +19988,7 @@
]
},
{
- "uuid": "708983d7-215f-40e6-bb30-b3a16caa82c2",
+ "uuid": "776eba96-92eb-4549-a040-db3741caf78d",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -18150,7 +20005,7 @@
]
},
{
- "uuid": "5cfc39e5-8c8a-4ddc-ae76-519b32cc08b1",
+ "uuid": "a99ec89c-4165-41fb-88db-31cbf0287a96",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -18172,7 +20027,7 @@
]
},
{
- "uuid": "39f9edee-bc91-4bf6-a653-b33ca0dab362",
+ "uuid": "b89fb55e-b731-4dea-8d48-c0d4921436cf",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -18185,14 +20040,14 @@
]
},
{
- "uuid": "40d4da45-2d6d-4fd1-8224-c3be1608e6ae",
+ "uuid": "08167baf-84e0-4d1a-866e-65daec860af7",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -18207,7 +20062,7 @@
]
},
{
- "uuid": "829e8851-d0f8-4043-8cce-a007615cc1e2",
+ "uuid": "7e69aea9-6274-4b22-aa02-1789061eab60",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -18220,7 +20075,7 @@
]
},
{
- "uuid": "71d4da98-4146-42ca-904c-1da6c573ef8a",
+ "uuid": "d66b93b0-d8c7-4cac-b1d2-4cd3d18c4dd0",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -18237,7 +20092,7 @@
]
},
{
- "uuid": "c1792eea-113a-4456-acaa-9f8c3d238a5e",
+ "uuid": "5ed04384-53d3-4d2c-b2fe-f1aa8c3c678f",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -18249,7 +20104,7 @@
]
},
{
- "uuid": "82258b08-5bc7-4155-8625-582e91c3d645",
+ "uuid": "1c08abc6-f835-49aa-a89d-e341cc374192",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -18266,7 +20121,7 @@
]
},
{
- "uuid": "7431818b-335b-4184-9c0c-a1deab5e5a05",
+ "uuid": "bcf91074-aad3-4ae6-831a-8c70e960fa28",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -18283,7 +20138,7 @@
]
},
{
- "uuid": "20f2a699-e6ac-4e17-95da-8c5d7b33f453",
+ "uuid": "ff054880-3cb7-4016-8d09-d760612ea25d",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -18295,7 +20150,7 @@
]
},
{
- "uuid": "1e41a773-4aa3-4570-87bd-ae315a0686b8",
+ "uuid": "99f0bcaf-1602-4d6a-9187-90cb4ef832a6",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -18312,7 +20167,7 @@
]
},
{
- "uuid": "a4a95e68-111c-4a37-a0d9-c451f16148fd",
+ "uuid": "99697d81-e3d6-48ce-8206-ba6ab639ee03",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -18329,7 +20184,7 @@
]
},
{
- "uuid": "5351663b-c478-4ff6-a11a-959319ddf7b7",
+ "uuid": "e75d786f-cff7-4d88-8c4c-b1a3c40d8773",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -18351,7 +20206,7 @@
]
},
{
- "uuid": "50b7f38a-98d2-47d6-a8d0-a415b1e109b7",
+ "uuid": "9af20661-2abe-4de4-abf8-8a34a3499f2e",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -18378,7 +20233,7 @@
]
},
{
- "uuid": "b8aa632e-fb39-4098-b844-7e14a29cc3b5",
+ "uuid": "a4668fe9-3b2e-42c3-ac0f-0a542070e843",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -18405,7 +20260,7 @@
]
},
{
- "uuid": "a79905f7-0704-4562-857e-1eb7fba869b2",
+ "uuid": "80c73a2d-eeb1-4156-85a1-192852fb8f55",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -18432,7 +20287,7 @@
]
},
{
- "uuid": "bd268a5f-a7fa-43c6-8436-d10885659726",
+ "uuid": "9309dfb9-8624-4ece-b4d0-64d01972b950",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -18459,7 +20314,7 @@
]
},
{
- "uuid": "060d141d-246c-46ef-9ae6-99fdfad44640",
+ "uuid": "41dc215e-04ed-4eb0-9983-448239fac21a",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -18486,20 +20341,34 @@
]
},
{
- "uuid": "02fe93cc-542a-4103-b058-0fd787086935",
+ "uuid": "e3c39d4e-0017-4b73-aec0-0026d668a7a7",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "0d1a68cf-c00d-4bb8-88b4-985134fde7e1",
+ "uuid": "158405c1-fd2f-46d9-9356-32d6b6aff0ca",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -18526,7 +20395,7 @@
]
},
{
- "uuid": "9cde8690-d7ac-48c1-aed2-70bcd06dcece",
+ "uuid": "e0a0956b-5cab-48c0-a4b5-eff5b7860137",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -18563,20 +20432,25 @@
]
},
{
- "uuid": "4670357e-ef6b-4b8c-bd1c-647b97e1a003",
+ "uuid": "28a9f329-59cf-4f69-8745-d59899c6b9e8",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -18595,7 +20469,7 @@
]
},
{
- "uuid": "fa8d94e6-4596-43f7-b786-1c08901d6b3f",
+ "uuid": "77f4f3af-4228-4a92-84e0-57ed16528794",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -18608,46 +20482,58 @@
]
},
{
- "uuid": "8e726e1e-a423-4927-a49b-cc6e5d83b1d6",
+ "uuid": "c64d1a7c-ad67-4fb3-b479-21b70e1ebcc1",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "caaf5f12-b054-4b71-a25d-abde03ae2c52",
+ "uuid": "ccc6cdb2-fee3-4673-97a6-fc0d2f45579f",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "68068e5b-a7b4-4050-82a1-96988f7acd61",
+ "uuid": "421e4cc3-fdaa-4c79-83fb-bf9889ded63d",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "0ee9acfe-4e09-4fb0-b77c-fb695307f9df",
+ "uuid": "6830c90c-97da-4629-bf9a-5d30321333cc",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -18664,20 +20550,24 @@
]
},
{
- "uuid": "3daa0ec6-3b98-46a5-9be0-0e7a0865b7fc",
+ "uuid": "cec1a9f1-f4f2-423b-bfd7-54a3ead213c4",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "88a24037-4adb-4ee7-8df2-322bc444d8aa",
+ "uuid": "1a79e752-c8d8-4fcd-a92a-654d4847f7ce",
"control-id": "cis_fedora_3-3.1.1",
"description": "No notes for control-id 3.3.1.1.",
"props": [
@@ -18694,33 +20584,41 @@
]
},
{
- "uuid": "72f82a7e-5c5e-4c6c-9b0c-324939aebc24",
+ "uuid": "7abb6ed1-9d08-406c-9692-de9046aa6d5a",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "f60d3b7b-1bc6-466a-be8a-18015b156487",
+ "uuid": "8dad5eae-89e3-478c-b998-229cfbf477c8",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "14f4f642-b022-4927-bde7-ef58e8d08392",
+ "uuid": "7b2b1862-d670-4d40-a6ea-807cb1ca0915",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -18737,7 +20635,7 @@
]
},
{
- "uuid": "6ba2ac13-7f08-4dcb-9fbc-25770af71429",
+ "uuid": "b2554c89-4f01-405c-b0d5-bc4d2df2dd05",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -18754,7 +20652,7 @@
]
},
{
- "uuid": "fa0557c2-68c1-4c35-8fd2-0a0a0623559a",
+ "uuid": "b24ffc66-6649-4efd-91ba-a359c1039151",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -18771,7 +20669,7 @@
]
},
{
- "uuid": "0eaeb1b8-19b1-4e2b-8487-3e868396253c",
+ "uuid": "dbfbadcb-a9c7-4094-bf44-d096c3ac46b8",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -18788,7 +20686,7 @@
]
},
{
- "uuid": "adc350bd-f6d9-48aa-976b-e5e38c077340",
+ "uuid": "3424fd37-068d-49d3-8deb-281e3ee48905",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -18805,7 +20703,7 @@
]
},
{
- "uuid": "c2595c5d-526b-4b2e-94bc-674813628791",
+ "uuid": "296f8ab1-3413-40af-902e-40e0c6bc7c4b",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -18822,7 +20720,7 @@
]
},
{
- "uuid": "1085b7db-c25b-4ddf-b538-d9bb4539bdd2",
+ "uuid": "a1e61080-ad93-4f0b-b927-caf809437f24",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -18835,16 +20733,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "04ee7d07-3a24-4bed-9956-87c3ac4c858c",
+ "uuid": "4384941c-31f9-48d1-a612-d3557ff70e19",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -18861,7 +20754,7 @@
]
},
{
- "uuid": "1ab7c62f-21f1-4719-85cb-8ea301199221",
+ "uuid": "e2ae9357-9353-46e7-95e7-3af276cd4eb5",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -18878,7 +20771,7 @@
]
},
{
- "uuid": "85ea7915-6254-492b-953f-2192c309ed3d",
+ "uuid": "dc6da07b-26f3-46c1-a2d7-66b61d32722e",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -18895,7 +20788,7 @@
]
},
{
- "uuid": "12cde4d0-a9a6-415d-b15b-cd326c845ca7",
+ "uuid": "21c74a50-6722-4743-96c8-82b7641e26bc",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -18912,7 +20805,7 @@
]
},
{
- "uuid": "3c1a2265-4fcc-488d-8893-deac5773479a",
+ "uuid": "cc520887-06ba-4076-8efd-95142951df3f",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -18929,7 +20822,7 @@
]
},
{
- "uuid": "3ab72412-4c19-4fe0-a3a7-60a3de024420",
+ "uuid": "bf867a3e-edeb-4d9a-adb6-60e4a2237d13",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -18946,7 +20839,7 @@
]
},
{
- "uuid": "b79d162f-b166-4e1f-8474-551dcbc0acb9",
+ "uuid": "48362831-4d0a-48ba-aab4-bfa2f605ea27",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -18963,7 +20856,7 @@
]
},
{
- "uuid": "ab2a23ff-6aab-4c20-a243-4576d45ff6b5",
+ "uuid": "0afe5e91-de60-44f2-aeea-29155f426710",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -18980,7 +20873,7 @@
]
},
{
- "uuid": "9a61e53b-373e-41c4-9052-d2704e8f0f50",
+ "uuid": "4ee5f7a5-5afd-4736-9527-9d3853b51cf4",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -18997,20 +20890,24 @@
]
},
{
- "uuid": "39f3eea7-ecfd-4a4c-86b5-7bc9303bc092",
+ "uuid": "e344d9ad-7021-4f75-94e1-8a31853f79a1",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "85db9d73-b0ec-405d-92c5-556c0893793c",
+ "uuid": "e9097cf2-ecd8-4d9a-b373-17520ac10688",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -19027,7 +20924,7 @@
]
},
{
- "uuid": "c5ec335d-2b02-4545-a5c3-86bc8f269a0f",
+ "uuid": "56820ffa-d096-4662-9e7b-a10f0f3e2158",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -19044,7 +20941,7 @@
]
},
{
- "uuid": "5118110b-fbf1-4bb4-8b12-4652657b2fcd",
+ "uuid": "b83a1dc7-b7f7-4e5d-b35d-c428e0d71f6c",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -19061,7 +20958,7 @@
]
},
{
- "uuid": "1a908803-d3fc-48bc-9b09-d4995f6b90fb",
+ "uuid": "7c7e2fbe-a067-4c73-91bf-8552b9e283cc",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -19078,7 +20975,7 @@
]
},
{
- "uuid": "574bb847-3554-4840-a44e-18820c4498aa",
+ "uuid": "a04fb54c-b8d6-475f-bb0d-9ecaac3026a0",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -19095,7 +20992,7 @@
]
},
{
- "uuid": "4dcf7043-6ccd-4afe-90c4-ebdfd398b990",
+ "uuid": "218faefb-2801-4b6f-afa4-2f56daee6430",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -19112,7 +21009,7 @@
]
},
{
- "uuid": "450d1f52-3528-4bb9-9f85-0976bb8e979b",
+ "uuid": "308cf1e0-504c-4b08-8e6f-eec0a5bfa50f",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -19129,7 +21026,7 @@
]
},
{
- "uuid": "473de86f-20c9-442a-8485-83ee6d53560c",
+ "uuid": "d99acf6e-a870-4b60-911f-318fdf4346cb",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -19156,7 +21053,7 @@
]
},
{
- "uuid": "c53df70e-2cf6-459c-a135-b629bcead295",
+ "uuid": "36659b61-05f5-4d71-ab9d-ebcec65fc660",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -19169,7 +21066,7 @@
]
},
{
- "uuid": "33296351-1c25-463b-8dee-40be596c4fb7",
+ "uuid": "12e89617-64db-48ac-8c1b-a0b6c4af219e",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -19191,7 +21088,7 @@
]
},
{
- "uuid": "369e0264-f67a-400a-9d43-4d94468a4aba",
+ "uuid": "31865a67-3b8e-4f3b-87cb-920adf40cbde",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -19203,7 +21100,7 @@
]
},
{
- "uuid": "f5bbcedf-2459-4ff4-8eea-44530238be4f",
+ "uuid": "7b65e825-181d-4f7a-892f-6735e56febbe",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -19216,7 +21113,7 @@
]
},
{
- "uuid": "34ee52d7-5c08-425f-90cf-2ec35a6e4c78",
+ "uuid": "7df3225a-2129-4f93-94b3-e5645cb2d41b",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -19228,7 +21125,7 @@
]
},
{
- "uuid": "66d50266-4e09-40ac-973d-78e04cb6097d",
+ "uuid": "1abc3616-19f4-4a94-994a-6fcf0cd6f621",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -19240,7 +21137,7 @@
]
},
{
- "uuid": "3f0153bb-5e3c-4fa9-a051-b4e5a2ee5e9b",
+ "uuid": "3bb1d78e-9c0a-4799-9e86-1270e83a5571",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -19263,11 +21160,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "4c03cf75-5588-48ae-a71c-1967f12a1da9",
+ "uuid": "4654fba6-41ce-4355-8fe7-583fb4b7b410",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -19294,7 +21221,7 @@
]
},
{
- "uuid": "0c077775-772e-4168-a224-2a08f310e597",
+ "uuid": "1ce76b6c-55c1-49e0-8d6c-f1277cca6192",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -19321,56 +21248,58 @@
]
},
{
- "uuid": "153f2073-8876-485c-8f8e-52230d20e754",
+ "uuid": "5c3b15f2-5d1f-44a3-ae61-896861972f63",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "b63a76e7-9a4c-4624-a729-10037749c1ac",
+ "uuid": "e0ab74c3-a0ef-49a6-a82b-b6690696849c",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "823a399d-f5a8-4e3a-92c5-de4fe8fdb4fd",
+ "uuid": "b94d9d2b-23b9-45b1-aee4-f1219a5d4eff",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "f4f82da3-c165-4484-81b0-115c29caf283",
+ "uuid": "21adb40e-39f5-4b6c-b3ea-be5d54e18622",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -19387,7 +21316,7 @@
]
},
{
- "uuid": "58484908-515b-4e75-921d-49ee463b897a",
+ "uuid": "fef8fb75-a34b-4abc-8e99-9af55ebbaeb9",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -19404,7 +21333,7 @@
]
},
{
- "uuid": "3441a661-1d7c-415e-afba-3ffcd45ee86e",
+ "uuid": "9eb11db4-8321-4cbb-bb01-dcea96fd705f",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -19426,20 +21355,24 @@
]
},
{
- "uuid": "bc62775e-732c-4ec3-9ead-adb721b585dd",
+ "uuid": "d72f7e4b-7a0d-45bd-bd77-67b08d025ef7",
"control-id": "cis_fedora_5-1.10",
- "description": "The description for control-id cis_fedora_5-1.10.",
+ "description": "No notes for control-id 5.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary for \"disableforwarding\" option."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding"
}
]
},
{
- "uuid": "c9afcb3b-aa27-45de-a3f1-35e440eae0ae",
+ "uuid": "b2f65efa-9ff7-4060-803e-56782016ccde",
"control-id": "cis_fedora_5-1.11",
"description": "No notes for control-id 5.1.11.",
"props": [
@@ -19456,7 +21389,7 @@
]
},
{
- "uuid": "c36ccc8c-c9e0-43b2-b0a0-1acde326eb59",
+ "uuid": "58ec1c3b-184b-4273-9026-792575b8a757",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -19473,7 +21406,7 @@
]
},
{
- "uuid": "266d817b-6ba5-446b-8ecb-a45ac84e257f",
+ "uuid": "51d31f9d-3920-4b1d-b716-2c8e5b678901",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -19490,7 +21423,7 @@
]
},
{
- "uuid": "97c511fc-96ca-4310-b2aa-cad6d8440cde",
+ "uuid": "1f9a48b6-5067-47d0-a91b-07ca90c8e716",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -19507,7 +21440,7 @@
]
},
{
- "uuid": "134a4c86-0af8-42a4-a7d0-045c59b604e0",
+ "uuid": "8ed50cb6-7ff0-4334-a8cf-e0c6102cc3c8",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -19524,7 +21457,7 @@
]
},
{
- "uuid": "c2069017-6c81-4ab3-8be4-f5da3373f23f",
+ "uuid": "5640d704-cbcc-475c-b6a6-c8696b287600",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -19541,7 +21474,7 @@
]
},
{
- "uuid": "7f2ae8b2-a808-4c39-9d8b-a75e2a55f994",
+ "uuid": "383cf3f5-83e6-4200-a0e6-4b9a77514088",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -19558,7 +21491,7 @@
]
},
{
- "uuid": "c7b76cba-71ee-41c8-a7f3-69d4904df873",
+ "uuid": "b3d095e4-2f59-46dd-bd4c-8d96ae111540",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -19575,7 +21508,7 @@
]
},
{
- "uuid": "77d17d7b-bd4a-486a-b91c-dff98313c0fa",
+ "uuid": "effe18c3-e0ac-4e55-b046-6908ffa36762",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -19592,7 +21525,7 @@
]
},
{
- "uuid": "704ed9da-03dc-487f-9b44-3e143d0e707d",
+ "uuid": "5b8d9ec5-0570-414d-b14a-741a1de12cd3",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -19609,7 +21542,7 @@
]
},
{
- "uuid": "b2b74e76-0e1d-48ee-be73-a625df0c3b5a",
+ "uuid": "e6bfe9bb-6736-4401-87a1-2d63be4316e1",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -19626,7 +21559,7 @@
]
},
{
- "uuid": "59544551-69a5-4bbf-87eb-6d07a6a77b26",
+ "uuid": "43b2f7a7-e458-4ebf-aa01-7d1998e358e3",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -19643,7 +21576,7 @@
]
},
{
- "uuid": "1f7d742e-244a-49fe-b0a2-28e879c543da",
+ "uuid": "b189578a-37d3-4452-aa4a-459f27d65277",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -19660,7 +21593,7 @@
]
},
{
- "uuid": "63549b96-b183-4be7-9347-d1c0eb5a344d",
+ "uuid": "22028224-e134-47ba-980f-2aa2ce9c2fa6",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -19677,7 +21610,7 @@
]
},
{
- "uuid": "aae035a0-c874-4690-8771-d5180c3ee0c1",
+ "uuid": "3618b2c2-f2ec-4659-b1cc-cf52be541a04",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -19694,7 +21627,7 @@
]
},
{
- "uuid": "5cf37e36-9ce8-46a0-ac1f-436806533bb8",
+ "uuid": "a77bc03f-9967-4ac5-b1df-d7c2a820ecf8",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -19706,12 +21639,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "f3ec7779-db05-4e41-9f5e-2f4e6f1001d3",
+ "uuid": "633a83d8-e573-4642-bf3e-65ccaf01e521",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -19728,7 +21661,7 @@
]
},
{
- "uuid": "fb19919a-f244-4232-9904-8ad4738fa70c",
+ "uuid": "0f865d3d-2a1d-4894-9aa6-53e87d3f338b",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -19750,7 +21683,7 @@
]
},
{
- "uuid": "2697b6a6-850a-4a99-9ada-f314f5a7ef17",
+ "uuid": "7be1f57e-73ec-47c5-bec1-75a4f6d69fcd",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -19763,7 +21696,7 @@
]
},
{
- "uuid": "446e15bc-3b1a-4304-a91c-093e52c2b63a",
+ "uuid": "9789a1ec-4bd9-4ebd-9425-0466e7cb0a90",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -19776,7 +21709,7 @@
]
},
{
- "uuid": "516792a4-67a6-458f-882b-ee7d1e10aa61",
+ "uuid": "964987fe-ef78-464a-b6cf-ce98d96641ef",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -19794,7 +21727,7 @@
]
},
{
- "uuid": "2085eae7-87fe-4443-9319-5dbe9e8bb791",
+ "uuid": "237c00a3-4ff4-4588-a928-bdb1343e45aa",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -19806,7 +21739,7 @@
]
},
{
- "uuid": "e818b7d2-5674-4cd7-8cb1-ce8c444bb560",
+ "uuid": "bbf671fd-0d5a-4005-9be0-0303f1d0ee25",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -19828,7 +21761,7 @@
]
},
{
- "uuid": "7d466227-8aee-428c-a6dd-a8a78cc37f59",
+ "uuid": "05fa8d3f-8c77-4b42-ac9c-11894620957c",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -19836,11 +21769,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "e901acdc-f89e-463e-b6aa-f07a47902f3f",
+ "uuid": "1ac5afec-ff91-4672-b67c-588f26ed9aa5",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -19852,19 +21800,24 @@
]
},
{
- "uuid": "0b80d76c-ffd1-4876-a614-17e51a7a8b72",
+ "uuid": "74ce1891-7dec-451c-8857-e22d99f6df1b",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "d488ee65-e511-466e-81c8-51ca544f80fd",
+ "uuid": "bae56ad4-f27b-4c2c-a9b5-58a0db4a2198",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -19881,7 +21834,7 @@
]
},
{
- "uuid": "0507c35f-63f9-44bc-b9c6-caeaaa0b6b4b",
+ "uuid": "bf6a92a3-64e9-47b5-b6ba-f80a1af20d0e",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -19898,7 +21851,7 @@
]
},
{
- "uuid": "60fcb3ee-46ec-4707-a779-fb7cb14e2ec8",
+ "uuid": "20f77fa7-a074-4bcb-a197-30f748508356",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -19915,7 +21868,7 @@
]
},
{
- "uuid": "7a19cc81-0857-4b74-859b-bc56ccdb3a8f",
+ "uuid": "7eef61de-7dc0-4367-981b-90a86b93a244",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -19932,7 +21885,7 @@
]
},
{
- "uuid": "f6fcdf65-a842-4ae5-913f-d325e491502a",
+ "uuid": "920861d4-81f1-4516-b316-3a499aa3e1ee",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -19949,7 +21902,7 @@
]
},
{
- "uuid": "193f1d9c-11e1-4f31-9fdf-730219a26b46",
+ "uuid": "3ef7e096-ac05-4569-86ae-a2102f15d4a6",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -19966,20 +21919,24 @@
]
},
{
- "uuid": "c85fb787-4cc2-4fe8-ac11-3afb751f4ba1",
+ "uuid": "c553c145-b01f-4576-ae03-9569f5579444",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "b385694e-ee5d-4901-b4a6-57a97b2b1a67",
+ "uuid": "c67b7222-60eb-4151-abcc-1de145cd2f66",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -19996,7 +21953,7 @@
]
},
{
- "uuid": "530e3abd-a9e4-48bb-b9c2-7adc6ea1e47f",
+ "uuid": "cab79661-c398-42b5-af1e-56b891981382",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -20013,7 +21970,7 @@
]
},
{
- "uuid": "e6730b71-f92d-49d0-a688-441b2b656385",
+ "uuid": "b15f46bb-d68d-4fc9-8015-b4410414f699",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -20035,7 +21992,7 @@
]
},
{
- "uuid": "bab30bc9-5f06-44b8-aa02-cfab4940a70b",
+ "uuid": "ef57d27c-f9c8-4b03-a727-04b59a15d103",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -20048,7 +22005,7 @@
]
},
{
- "uuid": "b1196d63-21d8-4a9a-b6fe-07c3e8503d56",
+ "uuid": "e7f846b0-e589-4b51-a6f3-3d4386174cf7",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -20056,11 +22013,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "05744b88-06e7-455f-9580-4f7ce99e1e58",
+ "uuid": "65a98529-63c4-485f-9803-69de713c7295",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -20077,20 +22039,24 @@
]
},
{
- "uuid": "14dab0fc-a329-44e4-a07e-b04059d4d984",
+ "uuid": "46112139-6266-4e61-a38f-c84059fb13a3",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "4b2c3147-e981-4c9c-b0e7-b3e624801607",
+ "uuid": "cf573ccd-cf3f-4831-b413-62cce1538619",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -20112,19 +22078,24 @@
]
},
{
- "uuid": "cc1bfee1-f447-4c2d-a0ff-1b6586e5a29d",
+ "uuid": "72f524ba-4381-4300-987e-c2819a04b448",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "06be7d50-28b4-4dd0-965d-4101b872fcf3",
+ "uuid": "8dafd629-ffd3-402c-a736-702f7e7052bb",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -20146,7 +22117,7 @@
]
},
{
- "uuid": "5079c83b-aaf8-4e13-9c0c-c1e325d66bd4",
+ "uuid": "7dc36eb2-759f-4857-8bee-b942de8f2065",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -20168,20 +22139,15 @@
]
},
{
- "uuid": "5935674a-8ac5-4eaf-9ba1-a84e4c38b183",
+ "uuid": "7f690aca-1525-4638-ad95-7ea37b2e1e09",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -20190,7 +22156,7 @@
]
},
{
- "uuid": "3764cefa-5464-4a89-9c53-e58aadb4e230",
+ "uuid": "551e3c68-612f-4a0d-a30f-7eec10b536f3",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -20212,7 +22178,7 @@
]
},
{
- "uuid": "ca619bbe-8451-423f-b22e-296d0ed9b368",
+ "uuid": "ce7fc91d-5e63-4ccf-bea3-91e0e0f07dde",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -20229,7 +22195,7 @@
]
},
{
- "uuid": "548cfab2-c3f8-47e5-a380-5b38a23f2b95",
+ "uuid": "95d16aff-e25f-4b93-a8ca-bb82d79e371b",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -20246,7 +22212,7 @@
]
},
{
- "uuid": "a3bebd21-f820-465f-af8b-730698fb93e3",
+ "uuid": "060411c8-ac8e-4cf9-9738-ca4ad2cbe7a6",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -20263,20 +22229,24 @@
]
},
{
- "uuid": "0fceb9a1-a98d-442b-b6bd-1c956f98c2ed",
+ "uuid": "c2976e1c-e429-476e-b440-3a2cae671d0c",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "5ac03ad1-c3fb-4999-bab3-9c33d18e0a04",
+ "uuid": "a4904aa3-a93a-4b08-838f-c90922640777",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -20293,7 +22263,7 @@
]
},
{
- "uuid": "9d621cc9-1dd6-43be-86b0-1755aaaca8d7",
+ "uuid": "4965d3ee-fd93-4b1f-9ce5-a0acb699be61",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -20315,20 +22285,24 @@
]
},
{
- "uuid": "66d0926c-e37c-42af-bb3b-f7ad76ac9c62",
+ "uuid": "e8f7f8b9-e360-48d0-88f5-e5767896b965",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "892be311-1f9e-4cff-b297-d80d53342138",
+ "uuid": "e74c64d6-afc9-48fc-ab2f-432aa8353a17",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -20350,20 +22324,24 @@
]
},
{
- "uuid": "aa94b1c4-dce3-46c0-a366-3f84e4e3bea7",
+ "uuid": "d5e85e38-3851-47ae-9145-8775faa56a2f",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "851ab053-295f-4ed7-b4f6-87cbb086d1be",
+ "uuid": "c59a54c9-743e-4e51-a678-0171371965a8",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -20380,7 +22358,7 @@
]
},
{
- "uuid": "bfefe52a-dd9c-4284-bf60-59a3368551e7",
+ "uuid": "bbfbeeea-3e57-49d8-a81b-7534622fe27b",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -20407,7 +22385,7 @@
]
},
{
- "uuid": "e11e50e8-fae4-45cf-a62e-4c2ad4f5e47b",
+ "uuid": "9c5475b7-d32c-4ae8-850d-3f63e1631acd",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -20429,7 +22407,7 @@
]
},
{
- "uuid": "a245fa93-5ae1-4a44-8ad8-ff7d65ef552a",
+ "uuid": "2abf33ee-3038-4a21-9628-5d3fe2180d56",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -20446,7 +22424,7 @@
]
},
{
- "uuid": "dea6f85c-332f-4cf6-ba3e-afc7f647a9c7",
+ "uuid": "8417c397-be10-47ae-bcbd-fa85a1eb8a67",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -20463,7 +22441,7 @@
]
},
{
- "uuid": "a89e8df9-6b8a-4e34-b96f-2d913eceb70d",
+ "uuid": "376ae445-e79d-480b-bb87-fa682796153a",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -20480,7 +22458,7 @@
]
},
{
- "uuid": "7bf457cf-3d1a-478c-bef0-015ca3a2b409",
+ "uuid": "c19eddc5-2bba-437a-a428-08d4e3656eeb",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -20493,7 +22471,7 @@
]
},
{
- "uuid": "358c97cc-599a-478f-87aa-1834ed5fc50f",
+ "uuid": "b7998cda-7277-4d70-abb1-eb9296b4f919",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -20506,20 +22484,24 @@
]
},
{
- "uuid": "dbbbc840-672b-4a3a-a586-793a89d8682e",
+ "uuid": "9045f9a1-1c72-4b4e-ac8d-416df6aaf2b9",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "a92b5e73-3768-4233-8e45-df3e9d3927e9",
+ "uuid": "2f1d67f4-0509-479c-a75b-11a30bd454b2",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -20536,7 +22518,7 @@
]
},
{
- "uuid": "0ff3d9aa-84c7-4219-a2d7-0fe2c9c9b439",
+ "uuid": "02d7ff71-212b-4812-aef6-dd675ccbdb86",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -20549,20 +22531,24 @@
]
},
{
- "uuid": "f6380482-d3b6-478b-9b5a-4756a9a21463",
+ "uuid": "892f3d04-f776-42e2-9e03-16a45cde5faa",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "66746439-7ddc-4b12-aca5-6a05808e87ac",
+ "uuid": "321e3590-3a0f-4bc3-bad7-48a385d3f124",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -20579,20 +22565,24 @@
]
},
{
- "uuid": "4d81441b-3625-49b1-93b0-77469d8d4c78",
+ "uuid": "313c0daf-5923-458f-bc11-8665053c55d7",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "afadd8cf-f832-4837-a70b-e3c3813be9da",
+ "uuid": "bdd3bfea-4033-4e26-8beb-eefd98cdd071",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -20609,7 +22599,7 @@
]
},
{
- "uuid": "896a935a-c5e0-40b3-8e94-a76ec0f585eb",
+ "uuid": "abf76b97-392d-4cab-9962-95ab4ec57eaa",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -20626,7 +22616,7 @@
]
},
{
- "uuid": "b48ab1ad-3d01-409b-abc3-441bffcf9db2",
+ "uuid": "852a6f06-b7ab-401a-8fa3-2d1dc49d7caa",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -20638,7 +22628,7 @@
]
},
{
- "uuid": "cb528af1-038e-43ef-93a0-26bf9723c448",
+ "uuid": "cadfdf55-8e5e-49b3-9df7-1fa8773a53a7",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -20650,7 +22640,7 @@
]
},
{
- "uuid": "f2ad8b8b-3c86-4a3c-ab2e-489d3a7b5fb1",
+ "uuid": "13ae95c2-b0ae-4d4f-b950-c1e397ecc170",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -20662,7 +22652,7 @@
]
},
{
- "uuid": "c8fc1649-24fa-45f5-b0f4-a648746abb48",
+ "uuid": "133fc132-d40a-489e-9899-cd0cd0f9c645",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -20674,7 +22664,7 @@
]
},
{
- "uuid": "9a763c97-3ac5-4960-8c08-6311585e02d5",
+ "uuid": "5e5ef7c5-4c0d-4459-87dd-e6efa7f84388",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -20687,7 +22677,7 @@
]
},
{
- "uuid": "c5ce2720-afe2-4de4-8b14-78d7eee38302",
+ "uuid": "2f08c035-c692-4bd6-bde5-d4a23379c4ab",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -20700,7 +22690,7 @@
]
},
{
- "uuid": "047f7516-6c39-456f-9163-cbcfe14c5335",
+ "uuid": "01c6503d-244e-4eeb-892e-ebc6b08628cb",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -20712,7 +22702,7 @@
]
},
{
- "uuid": "502811cc-50a8-453d-884b-894f66558b8c",
+ "uuid": "7e0e2edb-5712-4aa5-8adb-c0bbfb243555",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -20725,7 +22715,7 @@
]
},
{
- "uuid": "196bd3c9-0931-4b05-8dda-2712ca390c04",
+ "uuid": "f19adf1a-3acf-4842-af9e-e2f45417efbe",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -20752,7 +22742,7 @@
]
},
{
- "uuid": "bd94a846-8f58-40ac-aae2-43d4089e0738",
+ "uuid": "1825c9b1-1908-4605-8be7-af9c434b1b5a",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -20779,7 +22769,7 @@
]
},
{
- "uuid": "0531df39-f7a4-4a1d-bc08-3be05aeaf959",
+ "uuid": "cdb591fa-51bf-4aea-8c63-7a23176cb8e3",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -20806,7 +22796,7 @@
]
},
{
- "uuid": "74adef2b-6681-44fc-814a-4e9a13a41fb8",
+ "uuid": "2c879dac-54c4-4145-902d-50db2d276626",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -20833,7 +22823,7 @@
]
},
{
- "uuid": "a287cbd8-80e1-4b4f-8fde-b3736c281e16",
+ "uuid": "579bdf7c-6f69-445f-8111-e7918c9134e0",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -20860,7 +22850,7 @@
]
},
{
- "uuid": "7bcb5848-e406-4e3e-a2b0-52fe3fc07cea",
+ "uuid": "1694cf8b-1ed0-497a-bced-f764f5f8a05f",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -20887,7 +22877,7 @@
]
},
{
- "uuid": "e8cd0f2a-59f7-417a-8d6c-8198fa9bb174",
+ "uuid": "d56e3e8c-3119-4db6-b591-f3fa07056842",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -20914,7 +22904,7 @@
]
},
{
- "uuid": "a0c6dd00-1044-449e-b130-dfc6d5e5241c",
+ "uuid": "ff8f7d9d-e0ab-4912-8296-ae0a3c2ec46a",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -20941,7 +22931,7 @@
]
},
{
- "uuid": "7fcfd62b-a3e9-41ec-9535-ccc9f9af23d2",
+ "uuid": "a49032ed-3f33-4f89-99d5-86537472dd0d",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -20968,7 +22958,7 @@
]
},
{
- "uuid": "6d0f6285-e909-4170-96b3-467cdb7abbab",
+ "uuid": "8b6b3348-ca23-4e9f-85c9-20eb67e3366a",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -20995,24 +22985,49 @@
]
},
{
- "uuid": "a7f6f9d4-db50-4598-b34e-a6509431e31f",
+ "uuid": "595cd810-fc60-4655-90e3-33f0cdeeeedd",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "864f3e19-df5e-4d32-94fa-df113d65c6d1",
+ "uuid": "c208f9ce-39fa-4b3a-8f78-b54cf8e9135d",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -21034,29 +23049,29 @@
]
},
{
- "uuid": "c036bd15-09bc-46d0-a79c-478a5a6b77dd",
+ "uuid": "42c4ca73-58cd-4393-a438-a547b1792e50",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "d63cbf3c-978b-4d90-aae0-838dab24e5f0",
+ "uuid": "42348ad7-54de-40dc-846c-08d93d96492e",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -21069,7 +23084,7 @@
]
},
{
- "uuid": "11579f30-4de3-4b8f-baa0-113716ad3b31",
+ "uuid": "74802de0-a40b-4f02-b5a1-cbd92535229e",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -21086,7 +23101,7 @@
]
},
{
- "uuid": "6ca2b3c7-1225-437c-8654-18054b860795",
+ "uuid": "18d66f3d-73e6-4260-ad62-d21e7ef68cd4",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -21103,7 +23118,7 @@
]
},
{
- "uuid": "5559ed50-14a5-4e6a-90ff-4e333c1582d8",
+ "uuid": "b106bcf0-c96c-4108-804f-71c5e19e869b",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -21120,7 +23135,7 @@
]
},
{
- "uuid": "3552aae7-cbbd-4593-bac4-3c7c6ca6f7ca",
+ "uuid": "98b18c91-ecc0-4be5-b43a-9e578b7e8f4d",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -21137,7 +23152,7 @@
]
},
{
- "uuid": "13b1d99f-d9bf-4952-b305-95fa9ccf8212",
+ "uuid": "c63d7c2b-6636-431a-90c3-51bdd40b48d8",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -21154,7 +23169,7 @@
]
},
{
- "uuid": "4f456a33-1446-40bf-8700-6c9c4e3880d4",
+ "uuid": "b6e7331d-b9be-4bc3-b146-022ed3313423",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -21171,7 +23186,7 @@
]
},
{
- "uuid": "5eb06a4a-def6-430c-a783-6de80ce03cb1",
+ "uuid": "f36e4459-0ed1-4664-b360-6fdb50f3b17e",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -21188,7 +23203,7 @@
]
},
{
- "uuid": "596aa657-b24a-4f3b-aba2-f03a10b3b31d",
+ "uuid": "4282ee6f-a094-416e-9774-6efd1a2078ed",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -21215,14 +23230,14 @@
]
},
{
- "uuid": "2e527970-ee0c-4a95-a202-a93aec52b3c4",
+ "uuid": "3513522f-2029-4922-bb38-137e4a3f0a80",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -21237,22 +23252,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
diff --git a/component-definitions/fedora/fedora-cis_fedora-l2_server/component-definition.json b/component-definitions/fedora/fedora-cis_fedora-l2_server/component-definition.json
index 6373fcf5..5faa8213 100644
--- a/component-definitions/fedora/fedora-cis_fedora-l2_server/component-definition.json
+++ b/component-definitions/fedora/fedora-cis_fedora-l2_server/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "76afcd42-7a9d-433c-b495-ef156395719c",
"metadata": {
"title": "Component definition for fedora",
- "last-modified": "2025-12-17T11:19:11.439838+00:00",
- "version": "1.8",
+ "last-modified": "2026-01-05T17:15:17.993363+00:00",
+ "version": "1.9",
"oscal-version": "1.1.3"
},
"components": [
@@ -119,121 +119,121 @@
{
"name": "Parameter_Id_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
+ "value": "Disable ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "value": "Disable ICMP Redirect Acceptance?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "value": "Disable IP source routing?",
"remarks": "rule_set_000"
},
{
@@ -245,13 +245,13 @@
{
"name": "Parameter_Id_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
+ "value": "Toggle IPv4 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -263,31 +263,31 @@
{
"name": "Parameter_Id_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enables source route verification",
"remarks": "rule_set_000"
},
{
@@ -299,49 +299,49 @@
{
"name": "Parameter_Id_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "value": "Enable to prevent unnecessary logging",
"remarks": "rule_set_000"
},
{
@@ -353,13 +353,13 @@
{
"name": "Parameter_Id_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
"remarks": "rule_set_000"
},
{
@@ -371,31 +371,31 @@
{
"name": "Parameter_Id_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
+ "value": "Accept all router advertisements?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
+ "value": "Toggle ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
@@ -407,13 +407,13 @@
{
"name": "Parameter_Id_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -425,13 +425,13 @@
{
"name": "Parameter_Id_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -443,13 +443,13 @@
{
"name": "Parameter_Id_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
+ "value": "Accept default router advertisements by default?",
"remarks": "rule_set_000"
},
{
@@ -461,13 +461,13 @@
{
"name": "Parameter_Id_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
"remarks": "rule_set_000"
},
{
@@ -479,13 +479,13 @@
{
"name": "Parameter_Id_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -497,13 +497,13 @@
{
"name": "Parameter_Id_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 default Forwarding",
"remarks": "rule_set_000"
},
{
@@ -695,247 +695,247 @@
{
"name": "Parameter_Id_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_action_mail_acct",
+ "value": "var_auditd_admin_space_left_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for action_mail_acct in /etc/audit/auditd.conf",
+ "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'admin': 'admin', 'default': 'root', 'root': 'root'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_admin_space_left_action",
+ "value": "var_auditd_disk_error_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
+ "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_fedora': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_error_action",
+ "value": "var_auditd_disk_full_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_fedora': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_full_action",
+ "value": "var_auditd_max_log_file",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "value": "The setting for max_log_file in /etc/audit/auditd.conf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
+ "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file",
+ "value": "var_auditd_max_log_file_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file in /etc/audit/auditd.conf",
+ "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
+ "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file_action",
+ "value": "var_auditd_space_left_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
+ "value": "The setting for space_left_action in /etc/audit/auditd.conf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_space_left_action",
+ "value": "var_multiple_time_servers",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for space_left_action in /etc/audit/auditd.conf",
+ "value": "The list of vendor-approved time servers",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_multiple_time_servers",
+ "value": "var_pam_wheel_group_for_su",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The list of vendor-approved time servers",
+ "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
+ "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_pam_wheel_group_for_su",
+ "value": "var_password_hashing_algorithm",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm",
+ "value": "var_password_hashing_algorithm_pam",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm_pam",
+ "value": "var_password_pam_dictcheck",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
+ "value": "Prevent the use of dictionary words for passwords.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
+ "value": "{1: 1, 'default': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_dictcheck",
+ "value": "var_password_pam_difok",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent the use of dictionary words for passwords.",
+ "value": "Minimum number of characters not present in old password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 'default': 1}",
+ "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_difok",
+ "value": "var_password_pam_maxrepeat",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters not present in old password",
+ "value": "Maximum Number of Consecutive Repeating Characters in a Password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_maxrepeat",
+ "value": "var_password_pam_maxsequence",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum Number of Consecutive Repeating Characters in a Password",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
"remarks": "rule_set_000"
},
{
@@ -1163,19 +1163,19 @@
{
"name": "Parameter_Id_63",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
+ "value": "var_sudo_timestamp_timeout",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_63",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_63",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
"remarks": "rule_set_000"
},
{
@@ -1547,4343 +1547,5039 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
+ "value": "disable_weak_deps",
"remarks": "rule_set_030"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
+ "value": "Disable Installation of Weak Dependencies in DNF",
"remarks": "rule_set_030"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
+ "value": "package_libselinux_installed",
"remarks": "rule_set_031"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "value": "Install libselinux Package",
"remarks": "rule_set_031"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
+ "value": "grub2_enable_selinux",
"remarks": "rule_set_032"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
"remarks": "rule_set_032"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
+ "value": "selinux_policytype",
"remarks": "rule_set_033"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
+ "value": "Configure SELinux Policy",
"remarks": "rule_set_033"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
+ "value": "selinux_not_disabled",
"remarks": "rule_set_034"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
+ "value": "Ensure SELinux is Not Disabled",
"remarks": "rule_set_034"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_setroubleshoot_removed",
+ "value": "package_mcstrans_removed",
"remarks": "rule_set_035"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall setroubleshoot Package",
+ "value": "Uninstall mcstrans Package",
"remarks": "rule_set_035"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
+ "value": "package_setroubleshoot_removed",
"remarks": "rule_set_036"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
+ "value": "Uninstall setroubleshoot Package",
"remarks": "rule_set_036"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
+ "value": "grub2_password",
"remarks": "rule_set_037"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
+ "value": "Set Boot Loader Password in grub2",
"remarks": "rule_set_037"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
+ "value": "file_permissions_boot_grub2",
"remarks": "rule_set_038"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
"remarks": "rule_set_038"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
+ "value": "file_owner_boot_grub2",
"remarks": "rule_set_039"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
+ "value": "All GRUB configuration files must be owned by root",
"remarks": "rule_set_039"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
+ "value": "file_groupowner_boot_grub2",
"remarks": "rule_set_040"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
+ "value": "All GRUB configuration files must be group-owned by root",
"remarks": "rule_set_040"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
+ "value": "disable_users_coredumps",
"remarks": "rule_set_041"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
+ "value": "Disable Core Dumps for All Users",
"remarks": "rule_set_041"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
+ "value": "sysctl_fs_protected_hardlinks",
"remarks": "rule_set_042"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
"remarks": "rule_set_042"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
+ "value": "sysctl_fs_protected_symlinks",
"remarks": "rule_set_043"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
"remarks": "rule_set_043"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
+ "value": "sysctl_fs_suid_dumpable",
"remarks": "rule_set_044"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
+ "value": "Disable Core Dumps for SUID programs",
"remarks": "rule_set_044"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
+ "value": "sysctl_kernel_dmesg_restrict",
"remarks": "rule_set_045"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "value": "Restrict Access to Kernel Message Buffer",
"remarks": "rule_set_045"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
+ "value": "sysctl_kernel_kptr_restrict",
"remarks": "rule_set_046"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
"remarks": "rule_set_046"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
+ "value": "sysctl_kernel_yama_ptrace_scope",
"remarks": "rule_set_047"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
+ "value": "Restrict usage of ptrace to descendant processes",
"remarks": "rule_set_047"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
+ "value": "sysctl_kernel_randomize_va_space",
"remarks": "rule_set_048"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
+ "value": "Enable Randomized Layout of Virtual Address Space",
"remarks": "rule_set_048"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
+ "value": "coredump_disable_backtraces",
"remarks": "rule_set_049"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
+ "value": "Disable core dump backtraces",
"remarks": "rule_set_049"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
+ "value": "coredump_disable_storage",
"remarks": "rule_set_050"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
+ "value": "Disable storing core dump",
"remarks": "rule_set_050"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
+ "value": "configure_custom_crypto_policy_cis",
"remarks": "rule_set_051"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
"remarks": "rule_set_051"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
+ "value": "banner_etc_motd_cis",
"remarks": "rule_set_052"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
+ "value": "Ensure Message Of The Day Is Configured Properly",
"remarks": "rule_set_052"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
+ "value": "banner_etc_issue_cis",
"remarks": "rule_set_053"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
"remarks": "rule_set_053"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
+ "value": "banner_etc_issue_net_cis",
"remarks": "rule_set_054"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
"remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
+ "value": "file_groupowner_etc_motd",
"remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
+ "value": "Verify Group Ownership of Message of the Day Banner",
"remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
+ "value": "file_owner_etc_motd",
"remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
+ "value": "Verify ownership of Message of the Day Banner",
"remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
+ "value": "file_permissions_etc_motd",
"remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
+ "value": "Verify permissions on Message of the Day Banner",
"remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
+ "value": "file_groupowner_etc_issue",
"remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
+ "value": "Verify Group Ownership of System Login Banner",
"remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
+ "value": "file_owner_etc_issue",
"remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "value": "Verify ownership of System Login Banner",
"remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
+ "value": "file_permissions_etc_issue",
"remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "value": "Verify permissions on System Login Banner",
"remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
+ "value": "file_groupowner_etc_issue_net",
"remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
+ "value": "file_owner_etc_issue_net",
"remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
+ "value": "Verify ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
+ "value": "file_permissions_etc_issue_net",
"remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
+ "value": "Verify permissions on System Login Banner for Remote Connections",
"remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
+ "value": "dconf_gnome_banner_enabled",
"remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
+ "value": "Enable GNOME3 Login Warning Banner",
"remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
+ "value": "dconf_gnome_login_banner_text",
"remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
+ "value": "Set the GNOME3 Login Warning Banner Text",
"remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
+ "value": "dconf_gnome_disable_user_list",
"remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
+ "value": "Disable the GNOME3 Login User List",
"remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
+ "value": "dconf_gnome_screensaver_idle_delay",
"remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
"remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
+ "value": "dconf_gnome_screensaver_lock_delay",
"remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
"remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
+ "value": "dconf_gnome_session_idle_user_locks",
"remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
"remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
+ "value": "dconf_gnome_screensaver_user_locks",
"remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
"remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
+ "value": "dconf_gnome_disable_automount",
"remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
+ "value": "Disable GNOME3 Automounting",
"remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
+ "value": "dconf_gnome_disable_automount_open",
"remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
+ "value": "Disable GNOME3 Automount Opening",
"remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_cups_disabled",
+ "value": "dconf_gnome_disable_autorun",
"remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the CUPS Service",
+ "value": "Disable GNOME3 Automount running",
"remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
+ "value": "service_autofs_disabled",
"remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
+ "value": "Disable the Automounter",
"remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
+ "value": "service_avahi-daemon_disabled",
"remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
+ "value": "Disable Avahi Server Software",
"remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
+ "value": "package_kea_removed",
"remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
+ "value": "Uninstall kea Package",
"remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
+ "value": "package_bind_removed",
"remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
+ "value": "Uninstall bind Package",
"remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
+ "value": "package_dnsmasq_removed",
"remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
+ "value": "Uninstall dnsmasq Package",
"remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
+ "value": "package_vsftpd_removed",
"remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
+ "value": "Uninstall vsftpd Package",
"remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
+ "value": "package_dovecot_removed",
"remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
+ "value": "Uninstall dovecot Package",
"remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
+ "value": "package_cyrus-imapd_removed",
"remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
+ "value": "Uninstall cyrus-imapd Package",
"remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
+ "value": "service_nfs_disabled",
"remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
+ "value": "Disable Network File System (nfs)",
"remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
+ "value": "service_cups_disabled",
"remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
+ "value": "Disable the CUPS Service",
"remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
+ "value": "service_rpcbind_disabled",
"remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "value": "Disable rpcbind Service",
"remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
+ "value": "package_rsync_removed",
"remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
+ "value": "Uninstall rsync Package",
"remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
+ "value": "package_samba_removed",
"remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
+ "value": "Uninstall Samba Package",
"remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
+ "value": "package_net-snmp_removed",
"remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
+ "value": "Uninstall net-snmp Package",
"remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
+ "value": "package_telnet-server_removed",
"remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
+ "value": "Uninstall telnet-server Package",
"remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
+ "value": "package_tftp-server_removed",
"remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
+ "value": "Uninstall tftp-server Package",
"remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
+ "value": "package_squid_removed",
"remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
+ "value": "Uninstall squid Package",
"remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
+ "value": "package_httpd_removed",
"remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
+ "value": "Uninstall httpd Package",
"remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
+ "value": "package_nginx_removed",
"remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
+ "value": "Uninstall nginx Package",
"remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
+ "value": "postfix_network_listening_disabled",
"remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
+ "value": "Disable Postfix Network Listening",
"remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
+ "value": "has_nonlocal_mta",
"remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
"remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
+ "value": "package_ftp_removed",
"remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
+ "value": "Remove ftp Package",
"remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
+ "value": "package_telnet_removed",
"remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
+ "value": "Remove telnet Clients",
"remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
+ "value": "package_tftp_removed",
"remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
+ "value": "Remove tftp Daemon",
"remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
+ "value": "chronyd_specify_remote_server",
"remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
+ "value": "A remote time server for Chrony is configured",
"remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
+ "value": "chronyd_run_as_chrony_user",
"remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
+ "value": "Ensure that chronyd is running under chrony user account",
"remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
+ "value": "package_cron_installed",
"remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
+ "value": "Install the cron service",
"remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
+ "value": "service_crond_enabled",
"remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
+ "value": "Enable cron Service",
"remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
+ "value": "file_groupowner_crontab",
"remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
+ "value": "Verify Group Who Owns Crontab",
"remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
+ "value": "file_owner_crontab",
"remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
+ "value": "Verify Owner on crontab",
"remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
+ "value": "file_permissions_crontab",
"remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
+ "value": "Verify Permissions on crontab",
"remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
+ "value": "file_groupowner_cron_hourly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
+ "value": "Verify Group Who Owns cron.hourly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
+ "value": "file_owner_cron_hourly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
+ "value": "Verify Owner on cron.hourly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
+ "value": "file_permissions_cron_hourly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
+ "value": "Verify Permissions on cron.hourly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
+ "value": "file_groupowner_cron_daily",
"remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
+ "value": "Verify Group Who Owns cron.daily",
"remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
+ "value": "file_owner_cron_daily",
"remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
+ "value": "Verify Owner on cron.daily",
"remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
+ "value": "file_permissions_cron_daily",
"remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
+ "value": "Verify Permissions on cron.daily",
"remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
+ "value": "file_groupowner_cron_weekly",
"remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
+ "value": "Verify Group Who Owns cron.weekly",
"remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
+ "value": "file_owner_cron_weekly",
"remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
+ "value": "Verify Owner on cron.weekly",
"remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
+ "value": "file_permissions_cron_weekly",
"remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
+ "value": "Verify Permissions on cron.weekly",
"remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
+ "value": "file_groupowner_cron_monthly",
"remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
+ "value": "Verify Group Who Owns cron.monthly",
"remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
+ "value": "file_owner_cron_monthly",
"remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
+ "value": "Verify Owner on cron.monthly",
"remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
+ "value": "file_permissions_cron_monthly",
"remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
+ "value": "Verify Permissions on cron.monthly",
"remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
+ "value": "file_groupowner_cron_yearly",
"remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
+ "value": "Verify Group Who Owns cron.yearly",
"remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
+ "value": "file_owner_cron_yearly",
"remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
+ "value": "Verify Owner on cron.yearly",
"remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "wireless_disable_interfaces",
+ "value": "file_permissions_cron_yearly",
"remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Deactivate Wireless Network Interfaces",
+ "value": "Verify Permissions on cron.yearly",
"remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
+ "value": "file_groupowner_cron_d",
"remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
+ "value": "Verify Group Who Owns cron.d",
"remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
+ "value": "file_owner_cron_d",
"remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
+ "value": "Verify Owner on cron.d",
"remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "value": "file_permissions_cron_d",
"remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "value": "Verify Permissions on cron.d",
"remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "value": "file_cron_deny_not_exist",
"remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "value": "Ensure that /etc/cron.deny does not exist",
"remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "value": "file_cron_allow_exists",
"remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "value": "Ensure that /etc/cron.allow exists",
"remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "value": "file_groupowner_cron_allow",
"remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/cron.allow file",
"remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "value": "file_owner_cron_allow",
"remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "value": "Verify User Who Owns /etc/cron.allow file",
"remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "value": "file_permissions_cron_allow",
"remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/cron.allow file",
"remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "value": "file_at_deny_not_exist",
"remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "value": "Ensure that /etc/at.deny does not exist",
"remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "value": "file_at_allow_exists",
"remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "value": "Ensure that /etc/at.allow exists",
"remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "value": "file_groupowner_at_allow",
"remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/at.allow file",
"remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "value": "file_owner_at_allow",
"remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "value": "Verify User Who Owns /etc/at.allow file",
"remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "value": "file_permissions_at_allow",
"remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/at.allow file",
"remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "value": "wireless_disable_interfaces",
"remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "value": "Deactivate Wireless Network Interfaces",
"remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "value": "service_bluetooth_disabled",
"remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "value": "Disable Bluetooth Service",
"remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "value": "kernel_module_atm_disabled",
"remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "value": "Disable ATM Support",
"remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
+ "value": "kernel_module_can_disabled",
"remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "value": "Disable CAN Support",
"remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "value": "kernel_module_dccp_disabled",
"remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "value": "Disable DCCP Support",
"remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "value": "kernel_module_tipc_disabled",
"remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "value": "Disable TIPC Support",
"remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "value": "kernel_module_rds_disabled",
"remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "value": "Disable RDS Support",
"remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
"remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
"remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
"remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
"remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
"remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
"remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
"remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
"remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
"remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
"remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
"remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
"remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
"remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
"remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
"remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
"remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
"remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
"remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
"remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
"remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
"remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
"remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
"remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
"remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
"remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
"remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
"remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
"remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
"remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
"remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
+ "value": "sysctl_net_ipv4_tcp_syncookies",
"remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
"remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
"remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
"remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
"remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
"remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
"remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
"remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
"remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
"remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
"remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
"remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
"remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
"remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
"remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
"remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
"remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
"remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
+ "value": "package_nftables_installed",
"remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
+ "value": "Install nftables Package",
"remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
+ "value": "service_firewalld_enabled",
"remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
+ "value": "Verify firewalld Enabled",
"remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
+ "value": "package_firewalld_installed",
"remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
+ "value": "Install firewalld Package",
"remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
+ "value": "service_nftables_disabled",
"remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "value": "Verify nftables Service is Disabled",
"remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
+ "value": "firewalld_loopback_traffic_trusted",
"remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
+ "value": "Configure Firewalld to Trust Loopback Traffic",
"remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
+ "value": "firewalld_loopback_traffic_restricted",
"remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
"remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
+ "value": "file_groupowner_sshd_config",
"remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
+ "value": "Verify Group Who Owns SSH Server config file",
"remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
+ "value": "file_owner_sshd_config",
"remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
+ "value": "Verify Owner on SSH Server config file",
"remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
+ "value": "file_permissions_sshd_config",
"remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
+ "value": "Verify Permissions on SSH Server config file",
"remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
+ "value": "directory_permissions_sshd_config_d",
"remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
+ "value": "file_permissions_sshd_drop_in_config",
"remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
+ "value": "directory_groupowner_sshd_config_d",
"remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
+ "value": "directory_owner_sshd_config_d",
"remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
+ "value": "file_groupowner_sshd_drop_in_config",
"remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
+ "value": "file_owner_sshd_drop_in_config",
"remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
+ "value": "file_permissions_sshd_private_key",
"remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
"remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
+ "value": "file_ownership_sshd_private_key",
"remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
+ "value": "file_groupownership_sshd_private_key",
"remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
+ "value": "file_permissions_sshd_pub_key",
"remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
"remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
+ "value": "file_ownership_sshd_pub_key",
"remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
+ "value": "file_groupownership_sshd_pub_key",
"remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
+ "value": "sshd_limit_user_access",
"remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
+ "value": "Limit Users' SSH Access",
"remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
+ "value": "sshd_enable_warning_banner_net",
"remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
+ "value": "Enable SSH Warning Banner",
"remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
+ "value": "sshd_set_idle_timeout",
"remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "value": "Set SSH Client Alive Interval",
"remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
+ "value": "sshd_set_keepalive",
"remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "value": "Set SSH Client Alive Count Max",
"remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
+ "value": "disable_host_auth",
"remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "value": "Disable Host-Based Authentication",
"remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
+ "value": "sshd_disable_rhosts",
"remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
+ "value": "Disable SSH Support for .rhosts Files",
"remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
+ "value": "sshd_set_login_grace_time",
"remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "value": "Ensure SSH LoginGraceTime is configured",
"remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
+ "value": "sshd_set_loglevel_verbose",
"remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
"remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "value": "sshd_set_max_auth_tries",
"remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
+ "value": "Set SSH authentication attempt limit",
"remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "value": "sshd_set_maxstartups",
"remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
+ "value": "Ensure SSH MaxStartups is configured",
"remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
+ "value": "sshd_set_max_sessions",
"remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
+ "value": "Set SSH MaxSessions limit",
"remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
+ "value": "sshd_disable_empty_passwords",
"remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "value": "Disable SSH Access via Empty Passwords",
"remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
+ "value": "sshd_disable_root_login",
"remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "value": "Disable SSH Root Login",
"remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
+ "value": "sshd_do_not_permit_user_env",
"remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
+ "value": "Do Not Allow SSH Environment Options",
"remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
+ "value": "sshd_enable_pam",
"remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
+ "value": "Enable PAM",
"remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
+ "value": "package_sudo_installed",
"remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
+ "value": "Install sudo Package",
"remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
+ "value": "sudo_add_use_pty",
"remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
"remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
+ "value": "sudo_custom_logfile",
"remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
"remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
+ "value": "sudo_remove_no_authenticate",
"remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
"remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
+ "value": "sudo_require_reauthentication",
"remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
+ "value": "Require Re-Authentication When Using the sudo Command",
"remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
+ "value": "use_pam_wheel_group_for_su",
"remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
"remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
+ "value": "ensure_pam_wheel_group_empty",
"remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
"remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
+ "value": "package_pam_pwquality_installed",
"remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
+ "value": "Install pam_pwquality Package",
"remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
+ "value": "account_password_pam_faillock_password_auth",
"remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
"remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
+ "value": "account_password_pam_faillock_system_auth",
"remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
"remarks": "rule_set_210"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
+ "value": "accounts_password_pam_pwquality_password_auth",
"remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
"remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
+ "value": "accounts_password_pam_pwquality_system_auth",
"remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
"remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
+ "value": "accounts_password_pam_unix_enabled",
"remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
+ "value": "Verify pam_unix module is activated",
"remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
+ "value": "accounts_passwords_pam_faillock_deny",
"remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "value": "Lock Accounts After Failed Password Attempts",
"remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
+ "value": "accounts_passwords_pam_faillock_unlock_time",
"remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
+ "value": "Set Lockout Time for Failed Password Attempts",
"remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
+ "value": "accounts_password_pam_difok",
"remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
"remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
+ "value": "accounts_password_pam_minlen",
"remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
"remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
+ "value": "accounts_password_pam_minclass",
"remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
"remarks": "rule_set_218"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
+ "value": "accounts_password_pam_maxrepeat",
"remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
+ "value": "Set Password Maximum Consecutive Repeating Characters",
"remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
+ "value": "accounts_password_pam_maxsequence",
"remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
+ "value": "Limit the maximum number of sequential characters in passwords",
"remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
+ "value": "accounts_password_pam_dictcheck",
"remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
"remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
+ "value": "accounts_password_pam_enforce_root",
"remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
"remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
"remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
+ "value": "Limit Password Reuse: password-auth",
"remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
"remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
+ "value": "Limit Password Reuse: system-auth",
"remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
"remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
+ "value": "Enforce Password History with use_authtok",
"remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
+ "value": "no_empty_passwords",
"remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
+ "value": "Prevent Login to Accounts With Empty Password",
"remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
+ "value": "accounts_password_pam_unix_no_remember",
"remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
+ "value": "Avoid using remember in pam_unix module",
"remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
+ "value": "set_password_hashing_algorithm_systemauth",
"remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
"remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
+ "value": "set_password_hashing_algorithm_passwordauth",
"remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
"remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
+ "value": "accounts_password_pam_unix_authtok",
"remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
+ "value": "Require use_authtok for pam_unix.so",
"remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
+ "value": "accounts_maximum_age_login_defs",
"remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
+ "value": "Set Password Maximum Age",
"remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
+ "value": "accounts_password_set_max_life_existing",
"remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
+ "value": "Set Existing Passwords Maximum Age",
"remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
+ "value": "accounts_password_warn_age_login_defs",
"remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
+ "value": "Set Password Warning Age",
"remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
+ "value": "accounts_password_set_warn_age_existing",
"remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
+ "value": "Set Existing Passwords Warning Age",
"remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
+ "value": "set_password_hashing_algorithm_logindefs",
"remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
"remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
+ "value": "account_disable_post_pw_expiration",
"remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
+ "value": "Set Account Expiration Following Inactivity",
"remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
+ "value": "accounts_set_post_pw_existing",
"remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
+ "value": "Set existing passwords a period of inactivity before they been locked",
"remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
+ "value": "accounts_password_last_change_is_in_past",
"remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
+ "value": "Ensure all users last password change date is in the past",
"remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
+ "value": "accounts_no_uid_except_zero",
"remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
+ "value": "Verify Only Root Has UID 0",
"remarks": "rule_set_239"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
+ "value": "accounts_root_gid_zero",
"remarks": "rule_set_240"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
+ "value": "Verify Root Has A Primary GID 0",
"remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
+ "value": "groups_no_zero_gid_except_root",
"remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
+ "value": "Verify Only Group Root Has GID 0",
"remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
+ "value": "ensure_root_password_configured",
"remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
+ "value": "Ensure Authentication Required for Single User Mode",
"remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
+ "value": "accounts_root_path_dirs_no_write",
"remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
"remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
+ "value": "root_path_no_dot",
"remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
"remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
+ "value": "accounts_umask_root",
"remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
"remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
+ "value": "no_password_auth_for_systemaccounts",
"remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Are Locked",
"remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
+ "value": "no_shelllogin_for_systemaccounts",
"remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
"remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
+ "value": "no_invalid_shell_accounts_unlocked",
"remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
+ "value": "Verify Non-Interactive Accounts Are Locked",
"remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
+ "value": "accounts_tmout",
"remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
+ "value": "Set Interactive Session Timeout",
"remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
+ "value": "accounts_umask_etc_bashrc",
"remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
+ "value": "Ensure the Default Bash Umask is Set Correctly",
"remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
+ "value": "accounts_umask_etc_login_defs",
"remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
"remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
+ "value": "accounts_umask_etc_profile",
"remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
"remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
+ "value": "package_aide_installed",
"remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
+ "value": "Install AIDE",
"remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
+ "value": "aide_build_database",
"remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
+ "value": "Build and Test AIDE Database",
"remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
+ "value": "aide_periodic_cron_checking",
"remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
+ "value": "Configure Periodic Execution of AIDE",
"remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
+ "value": "aide_check_audit_tools",
"remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
+ "value": "Configure AIDE to Verify the Audit Tools",
"remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
+ "value": "service_systemd-journald_enabled",
"remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
+ "value": "Enable systemd-journald Service",
"remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
"remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
"remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
+ "value": "package_systemd-journal-remote_installed",
"remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
+ "value": "Install systemd-journal-remote Package",
"remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
+ "value": "service_systemd-journal-upload_enabled",
"remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "value": "Enable systemd-journal-upload Service",
"remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
+ "value": "socket_systemd-journal-remote_disabled",
"remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
+ "value": "Disable systemd-journal-remote Socket",
"remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
+ "value": "journald_disable_forward_to_syslog",
"remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
+ "value": "Ensure journald ForwardToSyslog is disabled",
"remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
+ "value": "journald_compress",
"remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
+ "value": "Ensure journald is configured to compress large log files",
"remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
+ "value": "journald_storage",
"remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "value": "Ensure journald is configured to write log files to persistent disk",
"remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
+ "value": "rsyslog_files_groupownership",
"remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
"remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
+ "value": "rsyslog_files_ownership",
"remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "value": "Ensure Log Files Are Owned By Appropriate User",
"remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
+ "value": "rsyslog_files_permissions",
"remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
+ "value": "Ensure System Log Files Have Correct Permissions",
"remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
+ "value": "file_groupowner_etc_passwd",
"remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
+ "value": "Verify Group Who Owns passwd File",
"remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
+ "value": "file_owner_etc_passwd",
"remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
+ "value": "Verify User Who Owns passwd File",
"remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
+ "value": "file_permissions_etc_passwd",
"remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
+ "value": "Verify Permissions on passwd File",
"remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
+ "value": "file_groupowner_backup_etc_passwd",
"remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "value": "Verify Group Who Owns Backup passwd File",
"remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
+ "value": "file_owner_backup_etc_passwd",
"remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "value": "Verify User Who Owns Backup passwd File",
"remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
+ "value": "file_permissions_backup_etc_passwd",
"remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "value": "Verify Permissions on Backup passwd File",
"remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
+ "value": "file_groupowner_etc_group",
"remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
+ "value": "Verify Group Who Owns group File",
"remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
+ "value": "file_owner_etc_group",
"remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
+ "value": "Verify User Who Owns group File",
"remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
+ "value": "file_permissions_etc_group",
"remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "value": "Verify Permissions on group File",
"remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
+ "value": "file_groupowner_backup_etc_group",
"remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
+ "value": "Verify Group Who Owns Backup group File",
"remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
+ "value": "file_owner_backup_etc_group",
"remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
+ "value": "Verify User Who Owns Backup group File",
"remarks": "rule_set_278"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_overlayfs_disabled",
+ "value": "file_permissions_backup_etc_group",
"remarks": "rule_set_279"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure overlayfs kernel module is not available",
+ "value": "Verify Permissions on Backup group File",
"remarks": "rule_set_279"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_squashfs_disabled",
+ "value": "file_owner_etc_shadow",
"remarks": "rule_set_280"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of squashfs",
+ "value": "Verify User Who Owns shadow File",
"remarks": "rule_set_280"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_udf_disabled",
+ "value": "file_groupowner_etc_shadow",
"remarks": "rule_set_281"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of udf",
+ "value": "Verify Group Who Owns shadow File",
"remarks": "rule_set_281"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_home",
+ "value": "file_permissions_etc_shadow",
"remarks": "rule_set_282"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /home Located On Separate Partition",
+ "value": "Verify Permissions on shadow File",
"remarks": "rule_set_282"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var",
+ "value": "file_groupowner_backup_etc_shadow",
"remarks": "rule_set_283"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var Located On Separate Partition",
+ "value": "Verify User Who Owns Backup shadow File",
"remarks": "rule_set_283"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_tmp",
+ "value": "file_owner_backup_etc_shadow",
"remarks": "rule_set_284"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/tmp Located On Separate Partition",
+ "value": "Verify Group Who Owns Backup shadow File",
"remarks": "rule_set_284"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log",
+ "value": "file_permissions_backup_etc_shadow",
"remarks": "rule_set_285"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log Located On Separate Partition",
+ "value": "Verify Permissions on Backup shadow File",
"remarks": "rule_set_285"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log_audit",
+ "value": "file_groupowner_etc_gshadow",
"remarks": "rule_set_286"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log/audit Located On Separate Partition",
+ "value": "Verify Group Who Owns gshadow File",
"remarks": "rule_set_286"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_state",
+ "value": "file_owner_etc_gshadow",
"remarks": "rule_set_287"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux State is Enforcing",
+ "value": "Verify User Who Owns gshadow File",
"remarks": "rule_set_287"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_gdm_removed",
+ "value": "file_permissions_etc_gshadow",
"remarks": "rule_set_288"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove the GDM Package Group",
+ "value": "Verify Permissions on gshadow File",
"remarks": "rule_set_288"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "xwindows_runlevel_target",
+ "value": "file_groupowner_backup_etc_gshadow",
"remarks": "rule_set_289"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Graphical Environment Startup By Setting Default Target",
+ "value": "Verify Group Who Owns Backup gshadow File",
"remarks": "rule_set_289"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_openldap-clients_removed",
+ "value": "file_owner_backup_etc_gshadow",
"remarks": "rule_set_290"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure LDAP client is not installed",
+ "value": "Verify User Who Owns Backup gshadow File",
"remarks": "rule_set_290"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_sctp_disabled",
+ "value": "file_permissions_backup_etc_gshadow",
"remarks": "rule_set_291"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SCTP Support",
+ "value": "Verify Permissions on Backup gshadow File",
"remarks": "rule_set_291"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
+ "value": "file_groupowner_etc_shells",
"remarks": "rule_set_292"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/shells File",
"remarks": "rule_set_292"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
+ "value": "file_owner_etc_shells",
"remarks": "rule_set_293"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
+ "value": "Verify Who Owns /etc/shells File",
"remarks": "rule_set_293"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny_root",
+ "value": "file_permissions_etc_shells",
"remarks": "rule_set_294"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the root Account for Failed Password Attempts",
+ "value": "Verify Permissions on /etc/shells File",
"remarks": "rule_set_294"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_minimum_age_login_defs",
+ "value": "file_groupowner_etc_security_opasswd",
"remarks": "rule_set_295"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Minimum Age",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
"remarks": "rule_set_295"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_min_life_existing",
+ "value": "file_owner_etc_security_opasswd",
"remarks": "rule_set_296"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Minimum Age",
+ "value": "Verify User Who Owns /etc/security/opasswd File",
"remarks": "rule_set_296"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit_installed",
+ "value": "file_permissions_etc_security_opasswd",
"remarks": "rule_set_297"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit Subsystem is Installed",
+ "value": "Verify Permissions on /etc/security/opasswd File",
"remarks": "rule_set_297"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit-libs_installed",
+ "value": "file_groupowner_etc_security_opasswd_old",
"remarks": "rule_set_298"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
"remarks": "rule_set_298"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_argument",
+ "value": "file_owner_etc_security_opasswd_old",
"remarks": "rule_set_299"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
"remarks": "rule_set_299"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_backlog_limit_argument",
+ "value": "file_permissions_etc_security_opasswd_old",
"remarks": "rule_set_300"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Extend Audit Backlog Limit for the Audit Daemon",
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
"remarks": "rule_set_300"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_auditd_enabled",
+ "value": "file_permissions_unauthorized_world_writable",
"remarks": "rule_set_301"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable auditd Service",
+ "value": "Ensure No World-Writable Files Exist",
"remarks": "rule_set_301"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file",
+ "value": "dir_perms_world_writable_sticky_bits",
"remarks": "rule_set_302"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Max Log File Size",
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
"remarks": "rule_set_302"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file_action",
+ "value": "no_files_or_dirs_unowned_by_user",
"remarks": "rule_set_303"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
+ "value": "Ensure All Files And Directories Are Owned by a User",
"remarks": "rule_set_303"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_error_action",
+ "value": "no_files_or_dirs_ungroupowned",
"remarks": "rule_set_304"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Error Action on Disk Error",
+ "value": "Ensure All Files And Directories Are Owned by a Group",
"remarks": "rule_set_304"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_full_action",
+ "value": "accounts_password_all_shadowed",
"remarks": "rule_set_305"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Full Action when Disk Space Is Full",
+ "value": "Verify All Account Password Hashes are Shadowed",
"remarks": "rule_set_305"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct",
+ "value": "no_empty_passwords_etc_shadow",
"remarks": "rule_set_306"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd mail_acct Action on Low Disk Space",
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
"remarks": "rule_set_306"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_admin_space_left_action",
+ "value": "gid_passwd_group_same",
"remarks": "rule_set_307"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd admin_space_left Action on Low Disk Space",
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
"remarks": "rule_set_307"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_space_left_action",
+ "value": "account_unique_id",
"remarks": "rule_set_308"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd space_left Action on Low Disk Space",
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
"remarks": "rule_set_308"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_sysadmin_actions",
+ "value": "group_unique_id",
"remarks": "rule_set_309"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects System Administrator Actions",
+ "value": "Ensure All Groups on the System Have Unique Group ID",
"remarks": "rule_set_309"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_suid_auid_privilege_function",
+ "value": "account_unique_name",
"remarks": "rule_set_310"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events When Executables Are Run As Another User",
+ "value": "Ensure All Accounts on the System Have Unique Names",
"remarks": "rule_set_310"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_sudo_log_events",
+ "value": "group_unique_name",
"remarks": "rule_set_311"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to perform maintenance activities",
+ "value": "Ensure All Groups on the System Have Unique Group Names",
"remarks": "rule_set_311"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_adjtimex",
+ "value": "accounts_user_interactive_home_directory_exists",
"remarks": "rule_set_312"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through adjtimex",
+ "value": "All Interactive Users Home Directories Must Exist",
"remarks": "rule_set_312"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_settimeofday",
+ "value": "file_ownership_home_directories",
"remarks": "rule_set_313"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through settimeofday",
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
"remarks": "rule_set_313"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_clock_settime",
+ "value": "file_permissions_home_directories",
"remarks": "rule_set_314"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Time Through clock_settime",
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
"remarks": "rule_set_314"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_watch_localtime",
+ "value": "accounts_user_dot_group_ownership",
"remarks": "rule_set_315"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter the localtime File",
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
"remarks": "rule_set_315"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification",
+ "value": "accounts_user_dot_user_ownership",
"remarks": "rule_set_316"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment",
+ "value": "User Initialization Files Must Be Owned By the Primary User",
"remarks": "rule_set_316"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts",
+ "value": "file_permission_user_init_files",
"remarks": "rule_set_317"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts",
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
"remarks": "rule_set_317"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_privileged_commands",
+ "value": "no_forward_files",
"remarks": "rule_set_318"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on the Use of Privileged Commands",
+ "value": "Verify No .forward Files Exist",
"remarks": "rule_set_318"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_creat",
+ "value": "no_netrc_files",
"remarks": "rule_set_319"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - creat",
+ "value": "Verify No netrc Files Exist",
"remarks": "rule_set_319"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_ftruncate",
+ "value": "no_rhost_files",
"remarks": "rule_set_320"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - ftruncate",
+ "value": "Verify No .rhost Files Exist",
"remarks": "rule_set_320"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_open",
+ "value": "file_permission_user_bash_history",
"remarks": "rule_set_321"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - open",
+ "value": "Ensure User Bash History File Has Correct Permissions",
"remarks": "rule_set_321"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_openat",
+ "value": "kernel_module_overlayfs_disabled",
"remarks": "rule_set_322"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - openat",
+ "value": "Ensure overlayfs kernel module is not available",
"remarks": "rule_set_322"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_truncate",
+ "value": "kernel_module_squashfs_disabled",
"remarks": "rule_set_323"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - truncate",
+ "value": "Disable Mounting of squashfs",
"remarks": "rule_set_323"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_group",
+ "value": "kernel_module_udf_disabled",
"remarks": "rule_set_324"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/group",
+ "value": "Disable Mounting of udf",
"remarks": "rule_set_324"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_passwd",
+ "value": "partition_for_home",
"remarks": "rule_set_325"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/passwd",
+ "value": "Ensure /home Located On Separate Partition",
"remarks": "rule_set_325"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_gshadow",
+ "value": "partition_for_var",
"remarks": "rule_set_326"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/gshadow",
+ "value": "Ensure /var Located On Separate Partition",
"remarks": "rule_set_326"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_shadow",
+ "value": "partition_for_var_tmp",
"remarks": "rule_set_327"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/shadow",
+ "value": "Ensure /var/tmp Located On Separate Partition",
"remarks": "rule_set_327"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_opasswd",
+ "value": "partition_for_var_log",
"remarks": "rule_set_328"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
+ "value": "Ensure /var/log Located On Separate Partition",
"remarks": "rule_set_328"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_chmod",
+ "value": "partition_for_var_log_audit",
"remarks": "rule_set_329"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
+ "value": "Ensure /var/log/audit Located On Separate Partition",
"remarks": "rule_set_329"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_chown",
+ "value": "selinux_state",
"remarks": "rule_set_330"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - chown",
+ "value": "Ensure SELinux State is Enforcing",
"remarks": "rule_set_330"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchmod",
+ "value": "xwayland_disabled",
"remarks": "rule_set_331"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
+ "value": "Disable XWayland",
"remarks": "rule_set_331"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchmodat",
+ "value": "service_cockpit_disabled",
"remarks": "rule_set_332"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
+ "value": "Disable Cockpit Management Server",
"remarks": "rule_set_332"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchmodat2",
+ "value": "package_gdm_removed",
"remarks": "rule_set_333"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
+ "value": "Remove the GDM Package Group",
"remarks": "rule_set_333"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchown",
+ "value": "package_xorg-x11-server-Xwayland_removed",
"remarks": "rule_set_334"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
+ "value": "Remove the X Windows Xwayland Package",
"remarks": "rule_set_334"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchownat",
+ "value": "package_openldap-clients_removed",
"remarks": "rule_set_335"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
+ "value": "Ensure LDAP client is not installed",
"remarks": "rule_set_335"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fremovexattr",
+ "value": "kernel_module_sctp_disabled",
"remarks": "rule_set_336"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
+ "value": "Disable SCTP Support",
"remarks": "rule_set_336"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fsetxattr",
+ "value": "sysctl_net_ipv4_ip_forward",
"remarks": "rule_set_337"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
"remarks": "rule_set_337"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_lchown",
+ "value": "sshd_disable_forwarding",
"remarks": "rule_set_338"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
+ "value": "Disable SSH Forwarding",
"remarks": "rule_set_338"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_lremovexattr",
+ "value": "sshd_disable_gssapi_auth",
"remarks": "rule_set_339"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
+ "value": "Disable GSSAPI Authentication",
"remarks": "rule_set_339"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_lsetxattr",
+ "value": "sudo_remove_nopasswd",
"remarks": "rule_set_340"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD",
"remarks": "rule_set_340"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_removexattr",
+ "value": "accounts_passwords_pam_faillock_deny_root",
"remarks": "rule_set_341"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
+ "value": "Configure the root Account for Failed Password Attempts",
"remarks": "rule_set_341"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_setxattr",
+ "value": "accounts_minimum_age_login_defs",
"remarks": "rule_set_342"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
+ "value": "Set Password Minimum Age",
"remarks": "rule_set_342"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_media_export",
+ "value": "accounts_password_set_min_life_existing",
"remarks": "rule_set_343"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Exporting to Media (successful)",
+ "value": "Set Existing Passwords Minimum Age",
"remarks": "rule_set_343"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_session_events_utmp",
+ "value": "no_nologin_in_shells",
"remarks": "rule_set_344"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Process and Session Initiation Information utmp",
+ "value": "Ensure nologin Shell is Not Listed in /etc/shells",
"remarks": "rule_set_344"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_session_events_btmp",
+ "value": "package_audit_installed",
"remarks": "rule_set_345"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Process and Session Initiation Information btmp",
+ "value": "Ensure the audit Subsystem is Installed",
"remarks": "rule_set_345"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_session_events_wtmp",
+ "value": "package_audit-libs_installed",
"remarks": "rule_set_346"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
+ "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
"remarks": "rule_set_346"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_login_events_faillock",
+ "value": "grub2_audit_argument",
"remarks": "rule_set_347"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Logon and Logout Events - faillock",
+ "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
"remarks": "rule_set_347"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_login_events_lastlog",
+ "value": "grub2_audit_backlog_limit_argument",
"remarks": "rule_set_348"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Logon and Logout Events - lastlog",
+ "value": "Extend Audit Backlog Limit for the Audit Daemon",
"remarks": "rule_set_348"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_rename",
+ "value": "service_auditd_enabled",
"remarks": "rule_set_349"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - rename",
+ "value": "Enable auditd Service",
"remarks": "rule_set_349"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_renameat",
+ "value": "auditd_data_retention_max_log_file",
"remarks": "rule_set_350"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - renameat",
+ "value": "Configure auditd Max Log File Size",
"remarks": "rule_set_350"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_renameat2",
+ "value": "auditd_data_retention_max_log_file_action",
"remarks": "rule_set_351"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - renameat2",
+ "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
"remarks": "rule_set_351"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_unlink",
+ "value": "auditd_data_disk_error_action",
"remarks": "rule_set_352"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - unlink",
+ "value": "Configure auditd Disk Error Action on Disk Error",
"remarks": "rule_set_352"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_unlinkat",
+ "value": "auditd_data_disk_full_action",
"remarks": "rule_set_353"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
+ "value": "Configure auditd Disk Full Action when Disk Space Is Full",
"remarks": "rule_set_353"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_mac_modification_etc_selinux",
+ "value": "auditd_data_retention_admin_space_left_action",
"remarks": "rule_set_354"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
+ "value": "Configure auditd admin_space_left Action on Low Disk Space",
"remarks": "rule_set_354"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_mac_modification_usr_share",
+ "value": "auditd_data_retention_space_left_action",
"remarks": "rule_set_355"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
+ "value": "Configure auditd space_left Action on Low Disk Space",
"remarks": "rule_set_355"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_execution_chcon",
+ "value": "audit_rules_sysadmin_actions",
"remarks": "rule_set_356"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Any Attempts to Run chcon",
+ "value": "Ensure auditd Collects System Administrator Actions",
"remarks": "rule_set_356"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_execution_setfacl",
+ "value": "audit_rules_suid_auid_privilege_function",
"remarks": "rule_set_357"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Any Attempts to Run setfacl",
+ "value": "Record Events When Executables Are Run As Another User",
"remarks": "rule_set_357"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_execution_chacl",
+ "value": "audit_sudo_log_events",
"remarks": "rule_set_358"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Any Attempts to Run chacl",
+ "value": "Record Attempts to perform maintenance activities",
"remarks": "rule_set_358"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_privileged_commands_usermod",
+ "value": "audit_rules_time_adjtimex",
"remarks": "rule_set_359"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
+ "value": "Record attempts to alter time through adjtimex",
"remarks": "rule_set_359"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_privileged_commands_kmod",
+ "value": "audit_rules_time_settimeofday",
"remarks": "rule_set_360"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
+ "value": "Record attempts to alter time through settimeofday",
"remarks": "rule_set_360"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_finit",
+ "value": "audit_rules_time_clock_settime",
"remarks": "rule_set_361"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
+ "value": "Record Attempts to Alter Time Through clock_settime",
"remarks": "rule_set_361"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_init",
+ "value": "audit_rules_time_watch_localtime",
"remarks": "rule_set_362"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
+ "value": "Record Attempts to Alter the localtime File",
"remarks": "rule_set_362"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_delete",
+ "value": "audit_rules_networkconfig_modification_setdomainname",
"remarks": "rule_set_363"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
+ "value": "Record Events that Modify the System's Network Environment - setdomainname",
"remarks": "rule_set_363"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_create",
+ "value": "audit_rules_networkconfig_modification_sethostname",
"remarks": "rule_set_364"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
+ "value": "Record Events that Modify the System's Network Environment - sethostname",
"remarks": "rule_set_364"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_query",
+ "value": "audit_rules_networkconfig_modification_etc_issue",
"remarks": "rule_set_365"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue",
"remarks": "rule_set_365"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_immutable",
+ "value": "audit_rules_networkconfig_modification_etc_issue_net",
"remarks": "rule_set_366"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make the auditd Configuration Immutable",
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue.net",
"remarks": "rule_set_366"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "directory_permissions_var_log_audit",
+ "value": "audit_rules_networkconfig_modification_etc_hosts",
"remarks": "rule_set_367"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
+ "value": "Record Events that Modify the System's Network Environment - /etc/hosts",
"remarks": "rule_set_367"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_var_log_audit",
+ "value": "audit_rules_networkconfig_modification_hostname_file",
"remarks": "rule_set_368"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
+ "value": "Record Events that Modify the System's Network Environment - /etc/hostname",
"remarks": "rule_set_368"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_var_log_audit_stig",
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network",
"remarks": "rule_set_369"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Be Owned By Root",
+ "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network",
"remarks": "rule_set_369"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_group_ownership_var_log_audit",
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections",
"remarks": "rule_set_370"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Be Group Owned By Root",
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/",
"remarks": "rule_set_370"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_audit_configuration",
+ "value": "audit_rules_networkconfig_modification_networkmanager",
"remarks": "rule_set_371"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Audit Configuration Files Permissions are 640 or More Restrictive",
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/",
"remarks": "rule_set_371"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_audit_configuration",
+ "value": "audit_rules_privileged_commands",
"remarks": "rule_set_372"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Audit Configuration Files Must Be Owned By Root",
+ "value": "Ensure auditd Collects Information on the Use of Privileged Commands",
"remarks": "rule_set_372"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_audit_configuration",
+ "value": "audit_rules_unsuccessful_file_modification_creat",
"remarks": "rule_set_373"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Audit Configuration Files Must Be Owned By Group root",
+ "value": "Record Unsuccessful Access Attempts to Files - creat",
"remarks": "rule_set_373"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_audit_binaries",
+ "value": "audit_rules_unsuccessful_file_modification_ftruncate",
"remarks": "rule_set_374"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that audit tools Have Mode 0755 or less",
+ "value": "Record Unsuccessful Access Attempts to Files - ftruncate",
"remarks": "rule_set_374"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_audit_binaries",
+ "value": "audit_rules_unsuccessful_file_modification_open",
"remarks": "rule_set_375"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that audit tools are owned by root",
+ "value": "Record Unsuccessful Access Attempts to Files - open",
"remarks": "rule_set_375"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_audit_binaries",
+ "value": "audit_rules_unsuccessful_file_modification_openat",
"remarks": "rule_set_376"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that audit tools are owned by group root",
+ "value": "Record Unsuccessful Access Attempts to Files - openat",
"remarks": "rule_set_376"
- }
- ],
- "control-implementations": [
+ },
{
- "uuid": "11dad883-cf59-4468-a78d-f48d34d0d5e7",
- "source": "trestle://profiles/fedora-cis_fedora-l2_server/profile.json",
- "description": "Control implementation for cis",
- "props": [
- {
- "name": "Framework_Short_Name",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
- "value": "cis"
- }
- ],
- "set-parameters": [
- {
- "param-id": "cis_banner_text",
- "values": [
- "cis"
- ]
- },
- {
- "param-id": "inactivity_timeout_value",
- "values": [
- "15_minutes"
- ]
- },
- {
- "param-id": "login_banner_text",
- "values": [
- "cis_banners"
- ]
- },
- {
- "param-id": "sshd_idle_timeout_value",
- "values": [
- "5_minutes"
- ]
- },
- {
- "param-id": "sshd_max_auth_tries_value",
- "values": [
- "4"
- ]
- },
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_log_martians_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_rp_filter_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_secure_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_rp_filter_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_secure_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_tcp_syncookies_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_forwarding_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_unsuccessful_file_modification_truncate",
+ "remarks": "rule_set_377"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Unsuccessful Access Attempts to Files - truncate",
+ "remarks": "rule_set_377"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_group",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/group",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_passwd",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/passwd",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_gshadow",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/gshadow",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_shadow",
+ "remarks": "rule_set_381"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/shadow",
+ "remarks": "rule_set_381"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_opasswd",
+ "remarks": "rule_set_382"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
+ "remarks": "rule_set_382"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/nsswitch.conf",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.conf",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.d/",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_chmod",
+ "remarks": "rule_set_386"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
+ "remarks": "rule_set_386"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_chown",
+ "remarks": "rule_set_387"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - chown",
+ "remarks": "rule_set_387"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchmod",
+ "remarks": "rule_set_388"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
+ "remarks": "rule_set_388"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchmodat",
+ "remarks": "rule_set_389"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
+ "remarks": "rule_set_389"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchmodat2",
+ "remarks": "rule_set_390"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
+ "remarks": "rule_set_390"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchown",
+ "remarks": "rule_set_391"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
+ "remarks": "rule_set_391"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchownat",
+ "remarks": "rule_set_392"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
+ "remarks": "rule_set_392"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fremovexattr",
+ "remarks": "rule_set_393"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
+ "remarks": "rule_set_393"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fsetxattr",
+ "remarks": "rule_set_394"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
+ "remarks": "rule_set_394"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_lchown",
+ "remarks": "rule_set_395"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
+ "remarks": "rule_set_395"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_lremovexattr",
+ "remarks": "rule_set_396"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
+ "remarks": "rule_set_396"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_lsetxattr",
+ "remarks": "rule_set_397"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
+ "remarks": "rule_set_397"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_removexattr",
+ "remarks": "rule_set_398"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
+ "remarks": "rule_set_398"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_setxattr",
+ "remarks": "rule_set_399"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
+ "remarks": "rule_set_399"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_media_export",
+ "remarks": "rule_set_400"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Exporting to Media (successful)",
+ "remarks": "rule_set_400"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_session_events_utmp",
+ "remarks": "rule_set_401"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Process and Session Initiation Information utmp",
+ "remarks": "rule_set_401"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_session_events_btmp",
+ "remarks": "rule_set_402"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Process and Session Initiation Information btmp",
+ "remarks": "rule_set_402"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_session_events_wtmp",
+ "remarks": "rule_set_403"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
+ "remarks": "rule_set_403"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_login_events_faillock",
+ "remarks": "rule_set_404"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Logon and Logout Events - faillock",
+ "remarks": "rule_set_404"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_login_events_lastlog",
+ "remarks": "rule_set_405"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Logon and Logout Events - lastlog",
+ "remarks": "rule_set_405"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_rename",
+ "remarks": "rule_set_406"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - rename",
+ "remarks": "rule_set_406"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_renameat",
+ "remarks": "rule_set_407"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - renameat",
+ "remarks": "rule_set_407"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_renameat2",
+ "remarks": "rule_set_408"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - renameat2",
+ "remarks": "rule_set_408"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_unlink",
+ "remarks": "rule_set_409"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - unlink",
+ "remarks": "rule_set_409"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_unlinkat",
+ "remarks": "rule_set_410"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
+ "remarks": "rule_set_410"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_mac_modification_etc_selinux",
+ "remarks": "rule_set_411"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
+ "remarks": "rule_set_411"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_mac_modification_usr_share",
+ "remarks": "rule_set_412"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
+ "remarks": "rule_set_412"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_execution_chcon",
+ "remarks": "rule_set_413"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Any Attempts to Run chcon",
+ "remarks": "rule_set_413"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_execution_setfacl",
+ "remarks": "rule_set_414"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Any Attempts to Run setfacl",
+ "remarks": "rule_set_414"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_execution_chacl",
+ "remarks": "rule_set_415"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Any Attempts to Run chacl",
+ "remarks": "rule_set_415"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_privileged_commands_usermod",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_privileged_commands_kmod",
+ "remarks": "rule_set_417"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
+ "remarks": "rule_set_417"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_finit",
+ "remarks": "rule_set_418"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
+ "remarks": "rule_set_418"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_init",
+ "remarks": "rule_set_419"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
+ "remarks": "rule_set_419"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_delete",
+ "remarks": "rule_set_420"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
+ "remarks": "rule_set_420"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_create",
+ "remarks": "rule_set_421"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
+ "remarks": "rule_set_421"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_query",
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading",
+ "remarks": "rule_set_423"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Audit Configuration is Loaded Regardless of Errors",
+ "remarks": "rule_set_423"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_immutable",
+ "remarks": "rule_set_424"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make the auditd Configuration Immutable",
+ "remarks": "rule_set_424"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_var_log_audit",
+ "remarks": "rule_set_425"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
+ "remarks": "rule_set_425"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_var_log_audit",
+ "remarks": "rule_set_426"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
+ "remarks": "rule_set_426"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_var_log_audit_stig",
+ "remarks": "rule_set_427"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Be Owned By Root",
+ "remarks": "rule_set_427"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_group_ownership_var_log_audit",
+ "remarks": "rule_set_428"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Be Group Owned By Root",
+ "remarks": "rule_set_428"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_audit_configuration",
+ "remarks": "rule_set_429"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Audit Configuration Files Permissions are 640 or More Restrictive",
+ "remarks": "rule_set_429"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_audit_configuration",
+ "remarks": "rule_set_430"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Audit Configuration Files Must Be Owned By Root",
+ "remarks": "rule_set_430"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupownership_audit_configuration",
+ "remarks": "rule_set_431"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Audit Configuration Files Must Be Owned By Group root",
+ "remarks": "rule_set_431"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_audit_binaries",
+ "remarks": "rule_set_432"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that audit tools Have Mode 0755 or less",
+ "remarks": "rule_set_432"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_audit_binaries",
+ "remarks": "rule_set_433"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that audit tools are owned by root",
+ "remarks": "rule_set_433"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupownership_audit_binaries",
+ "remarks": "rule_set_434"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that audit tools are owned by group root",
+ "remarks": "rule_set_434"
+ }
+ ],
+ "control-implementations": [
+ {
+ "uuid": "01cce193-6964-40dd-9a7d-f63363c643af",
+ "source": "trestle://profiles/fedora-cis_fedora-l2_server/profile.json",
+ "description": "Control implementation for cis",
+ "props": [
+ {
+ "name": "Framework_Short_Name",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
+ "value": "cis"
+ }
+ ],
+ "set-parameters": [
+ {
+ "param-id": "cis_banner_text",
+ "values": [
+ "cis"
+ ]
+ },
+ {
+ "param-id": "inactivity_timeout_value",
+ "values": [
+ "15_minutes"
+ ]
+ },
+ {
+ "param-id": "login_banner_text",
+ "values": [
+ "cis_banners"
+ ]
+ },
+ {
+ "param-id": "sshd_idle_timeout_value",
+ "values": [
+ "5_minutes"
+ ]
+ },
+ {
+ "param-id": "sshd_max_auth_tries_value",
+ "values": [
+ "4"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_tcp_syncookies_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
"param-id": "sysctl_net_ipv6_conf_default_accept_source_route_value",
"values": [
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "var_account_disable_post_pw_expiration",
"values": [
@@ -5944,28 +6640,22 @@
"8192"
]
},
- {
- "param-id": "var_auditd_action_mail_acct",
- "values": [
- "root"
- ]
- },
{
"param-id": "var_auditd_admin_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_error_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_full_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -5983,7 +6673,7 @@
{
"param-id": "var_auditd_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -6001,7 +6691,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -6028,6 +6718,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -6101,9 +6797,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -6115,7 +6811,7 @@
],
"implemented-requirements": [
{
- "uuid": "7ea7d5a6-7db6-43dd-9077-7eb45dcd88ce",
+ "uuid": "5c4f51f7-1273-4916-a1ca-96d9654f0906",
"control-id": "cis_fedora_1-1.1.6",
"description": "No notes for control-id 1.1.1.6.",
"props": [
@@ -6132,7 +6828,7 @@
]
},
{
- "uuid": "709879af-884a-4ae6-bc30-4da2a849020a",
+ "uuid": "b9628748-28c9-4877-942f-a170a3f3e333",
"control-id": "cis_fedora_1-1.1.7",
"description": "No notes for control-id 1.1.1.7.",
"props": [
@@ -6149,7 +6845,7 @@
]
},
{
- "uuid": "190da963-a869-4ad6-9f6f-0e5a59a0dc25",
+ "uuid": "a7c3eb1d-1efc-43e4-a34a-799b81bab317",
"control-id": "cis_fedora_1-1.1.8",
"description": "No notes for control-id 1.1.1.8.",
"props": [
@@ -6166,7 +6862,7 @@
]
},
{
- "uuid": "d509ac48-2817-4d01-b9b3-7833d3e801eb",
+ "uuid": "a245a295-423f-483e-8a40-46499d4439a7",
"control-id": "cis_fedora_1-1.2.3.1",
"description": "No notes for control-id 1.1.2.3.1.",
"props": [
@@ -6183,7 +6879,7 @@
]
},
{
- "uuid": "2625b132-803d-4334-8745-7cf922ca5956",
+ "uuid": "d16e97d9-6b40-4cb0-8191-0b85eb7fe76f",
"control-id": "cis_fedora_1-1.2.4.1",
"description": "No notes for control-id 1.1.2.4.1.",
"props": [
@@ -6200,7 +6896,7 @@
]
},
{
- "uuid": "344d6937-fa00-42cc-8675-41ec76838078",
+ "uuid": "d2aec932-042f-4830-83d3-c99cccc09829",
"control-id": "cis_fedora_1-1.2.5.1",
"description": "No notes for control-id 1.1.2.5.1.",
"props": [
@@ -6217,7 +6913,7 @@
]
},
{
- "uuid": "d6981a62-947d-4fd6-a2ca-910ce7abfe79",
+ "uuid": "f80e3633-103e-4d05-ad3e-93d239a5590a",
"control-id": "cis_fedora_1-1.2.6.1",
"description": "No notes for control-id 1.1.2.6.1.",
"props": [
@@ -6234,7 +6930,7 @@
]
},
{
- "uuid": "810f7d1b-800e-4f33-97c2-27bc6547c9e1",
+ "uuid": "24644ec0-95cb-4c9e-9b10-1a7a54aea62f",
"control-id": "cis_fedora_1-1.2.7.1",
"description": "No notes for control-id 1.1.2.7.1.",
"props": [
@@ -6251,7 +6947,7 @@
]
},
{
- "uuid": "b39fd5a9-ee94-4489-a2e3-48f5e9c9f5ea",
+ "uuid": "5260d4c9-fe35-485c-bc09-9d182e542f4d",
"control-id": "cis_fedora_1-2.1.3",
"description": "The description for control-id cis_fedora_1-2.1.3.",
"props": [
@@ -6264,7 +6960,7 @@
]
},
{
- "uuid": "e6795885-ac42-43d6-8e02-a629d23d3da4",
+ "uuid": "3041f5cd-183d-4dc2-82a0-b11ef37aac79",
"control-id": "cis_fedora_1-3.1.5",
"description": "No notes for control-id 1.3.1.5.",
"props": [
@@ -6281,7 +6977,7 @@
]
},
{
- "uuid": "46468173-c79f-4920-88b4-6f0efbcef756",
+ "uuid": "5d263bc9-86d7-4bb5-9586-5630785dfd08",
"control-id": "cis_fedora_1-3.1.6",
"description": "The description for control-id cis_fedora_1-3.1.6.",
"props": [
@@ -6294,48 +6990,60 @@
]
},
{
- "uuid": "db03b520-a799-4be8-8952-380b0b1b843d",
+ "uuid": "060e7ee4-2157-4932-a65c-22ee3dc37702",
"control-id": "cis_fedora_1-8.7",
- "description": "The description for control-id cis_fedora_1-8.7.",
+ "description": "No notes for control-id 1.8.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.8.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "xwayland_disabled"
}
]
},
{
- "uuid": "0b2b5a1f-bc04-4849-af07-3108413aa7c4",
+ "uuid": "c743fb8f-4306-4a21-827f-5e5a1151aa2e",
"control-id": "cis_fedora_2-1.3",
- "description": "The description for control-id cis_fedora_2-1.3.",
+ "description": "No notes for control-id 2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_cockpit_disabled"
}
]
},
{
- "uuid": "904439af-18a8-4fa0-8240-4ae0c3377401",
+ "uuid": "f5f24026-3be8-44f8-8a19-80b3c431fe9b",
"control-id": "cis_fedora_2-1.21",
- "description": "The description for control-id cis_fedora_2-1.21.",
+ "description": "No notes for control-id 2.1.21.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.1.21."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_gdm_removed"
}
]
},
{
- "uuid": "f174b988-35a4-49ea-9605-b217a7665038",
+ "uuid": "4d606986-1641-4103-a8d5-6fe722077599",
"control-id": "cis_fedora_2-1.22",
- "description": "Review the availability of xorg-x11-server-common package when the product is out.\nThe rule also configures correct run level to prevent unbootable system.",
+ "description": "No notes for control-id 2.1.22.",
"props": [
{
"name": "implementation-status",
@@ -6345,17 +7053,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_gdm_removed"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "xwindows_runlevel_target"
+ "value": "package_xorg-x11-server-Xwayland_removed"
}
]
},
{
- "uuid": "997a9493-dca0-4508-9a6e-c03d5b113a38",
+ "uuid": "2702dc15-fae6-4488-b66b-c88b5b76a0be",
"control-id": "cis_fedora_2-2.2",
"description": "No notes for control-id 2.2.2.",
"props": [
@@ -6372,7 +7075,7 @@
]
},
{
- "uuid": "ccc46bfb-929f-48a9-9624-212acfe88cc2",
+ "uuid": "36f8b01a-0038-41cf-a0e6-db35eb9168e0",
"control-id": "cis_fedora_3-2.6",
"description": "No notes for control-id 3.2.6.",
"props": [
@@ -6389,7 +7092,7 @@
]
},
{
- "uuid": "083ff145-d0e9-48fa-88c3-7ad25d8d7408",
+ "uuid": "b5021f70-0241-446f-93b4-b2f829523f94",
"control-id": "cis_fedora_3-3.1.1",
"description": "No notes for control-id 3.3.1.1.",
"props": [
@@ -6406,20 +7109,24 @@
]
},
{
- "uuid": "292fda0b-c4c3-4e00-b1b4-74dd0365004f",
+ "uuid": "c5dd5d35-1c65-4a3c-9612-7bf2bc415669",
"control-id": "cis_fedora_5-1.10",
- "description": "The description for control-id cis_fedora_5-1.10.",
+ "description": "No notes for control-id 5.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary for \"disableforwarding\" option."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding"
}
]
},
{
- "uuid": "dfa579ca-c6fe-4adf-be47-ef97e1b75617",
+ "uuid": "9b1db962-b0c5-40ec-b8f7-5279c531b00d",
"control-id": "cis_fedora_5-1.11",
"description": "No notes for control-id 5.1.11.",
"props": [
@@ -6436,7 +7143,7 @@
]
},
{
- "uuid": "625e7717-77a2-4211-8267-4f4345b0ac7f",
+ "uuid": "2a1d65ee-7fee-47c1-8185-22d9f19652fb",
"control-id": "cis_fedora_5-2.4",
"description": "No notes for control-id 5.2.4.",
"props": [
@@ -6448,12 +7155,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_nopasswd"
}
]
},
{
- "uuid": "6023c888-2a79-45f2-a263-d95f5d0ff3cf",
+ "uuid": "dd5c264d-d4c6-4308-b4fb-144e6e81c409",
"control-id": "cis_fedora_5-3.3.1.3",
"description": "No notes for control-id 5.3.3.1.3.",
"props": [
@@ -6470,7 +7177,7 @@
]
},
{
- "uuid": "38807b65-7ff5-4c12-82fb-92f38dbf2cd4",
+ "uuid": "3ec71920-4096-44d5-924e-f86c531a057b",
"control-id": "cis_fedora_5-4.1.2",
"description": "No notes for control-id 5.4.1.2.",
"props": [
@@ -6492,20 +7199,24 @@
]
},
{
- "uuid": "413bd43a-5730-444d-9c13-f960f0e75925",
+ "uuid": "ada80180-5a74-47b7-aa24-c69faf615c74",
"control-id": "cis_fedora_5-4.3.1",
- "description": "The description for control-id cis_fedora_5-4.3.1.",
+ "description": "No notes for control-id 5.4.3.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check and remove nologin from /etc/shells.\nThe no_tmux_in_shells rule can be used as referece."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_nologin_in_shells"
}
]
},
{
- "uuid": "c8566e54-599e-4526-8f69-5330e04b96c9",
+ "uuid": "13322e5e-5da6-4d6e-b378-d30a81a96ebb",
"control-id": "cis_fedora_6-3.1.1",
"description": "No notes for control-id 6.3.1.1.",
"props": [
@@ -6527,7 +7238,7 @@
]
},
{
- "uuid": "b6142a2b-fbb1-463e-a37f-aafc04ce39b7",
+ "uuid": "f288c21f-775c-4b8d-ac77-4c605cd6bd19",
"control-id": "cis_fedora_6-3.1.2",
"description": "No notes for control-id 6.3.1.2.",
"props": [
@@ -6544,7 +7255,7 @@
]
},
{
- "uuid": "19534d06-5c95-4641-9473-2cb7d29843a1",
+ "uuid": "0d8f55c2-39da-4b3a-8fd8-7cd4c1ae7b0d",
"control-id": "cis_fedora_6-3.1.3",
"description": "No notes for control-id 6.3.1.3.",
"props": [
@@ -6561,7 +7272,7 @@
]
},
{
- "uuid": "305a8e4a-6697-47db-acb8-624bec5e77b1",
+ "uuid": "be1ea20c-fc19-4179-aac1-9e9bbcf09e9a",
"control-id": "cis_fedora_6-3.1.4",
"description": "No notes for control-id 6.3.1.4.",
"props": [
@@ -6578,7 +7289,7 @@
]
},
{
- "uuid": "5bd205db-e3ac-4f12-83ca-9a9585ecd99b",
+ "uuid": "7cea24f9-abe8-498a-9213-a436d1b514d9",
"control-id": "cis_fedora_6-3.2.1",
"description": "No notes for control-id 6.3.2.1.",
"props": [
@@ -6595,7 +7306,7 @@
]
},
{
- "uuid": "da80d25d-e83c-4066-b1be-efccc8755c44",
+ "uuid": "cb1302db-1805-4c00-9434-9352d8195148",
"control-id": "cis_fedora_6-3.2.2",
"description": "No notes for control-id 6.3.2.2.",
"props": [
@@ -6612,7 +7323,7 @@
]
},
{
- "uuid": "64c105ae-2835-4976-a1d0-cb2efc72835c",
+ "uuid": "647b24f9-fe04-4b2b-973d-e4e22a373618",
"control-id": "cis_fedora_6-3.2.3",
"description": "No notes for control-id 6.3.2.3.",
"props": [
@@ -6634,7 +7345,7 @@
]
},
{
- "uuid": "68f2cc51-e993-4157-8208-a744a79f2281",
+ "uuid": "bbd879fb-b75e-40a5-acd5-b81ba73f79ef",
"control-id": "cis_fedora_6-3.2.4",
"description": "No notes for control-id 6.3.2.4.",
"props": [
@@ -6643,11 +7354,6 @@
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -6661,7 +7367,7 @@
]
},
{
- "uuid": "5ad16e2c-183f-4128-857e-155e46655c85",
+ "uuid": "f17f54e4-0f7e-444b-8215-57a792096203",
"control-id": "cis_fedora_6-3.3.1",
"description": "No notes for control-id 6.3.3.1.",
"props": [
@@ -6678,7 +7384,7 @@
]
},
{
- "uuid": "8dcb3682-fc77-4dab-9c66-6846251a31f0",
+ "uuid": "1c4e9828-d2c8-4f44-ab28-c8e825cb4ad7",
"control-id": "cis_fedora_6-3.3.2",
"description": "No notes for control-id 6.3.3.2.",
"props": [
@@ -6695,7 +7401,7 @@
]
},
{
- "uuid": "af1fbdf9-2b36-4ed7-a3c3-643cd897c1ec",
+ "uuid": "cdc0b23f-fb23-40e1-892c-d7d05d1b7e0e",
"control-id": "cis_fedora_6-3.3.3",
"description": "No notes for control-id 6.3.3.3.",
"props": [
@@ -6712,7 +7418,7 @@
]
},
{
- "uuid": "3f083679-8e04-41d2-b215-f8b1fb4793f7",
+ "uuid": "0b87fb29-2d99-4b39-8e87-998c2cb78d27",
"control-id": "cis_fedora_6-3.3.4",
"description": "No notes for control-id 6.3.3.4.",
"props": [
@@ -6744,81 +7450,112 @@
]
},
{
- "uuid": "1b916a9f-5606-4dbe-9ced-51d57af176e1",
+ "uuid": "320b921c-70a7-4a6b-8e84-816831a62c39",
"control-id": "cis_fedora_6-3.3.5",
- "description": "The description for control-id cis_fedora_6-3.3.5.",
+ "description": "No notes for control-id 6.3.3.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_setdomainname"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_sethostname"
}
]
},
{
- "uuid": "29281526-836d-4c1d-a17b-e39f4fa90ec1",
+ "uuid": "ea3033e3-8377-4660-8c88-0ccd2c322009",
"control-id": "cis_fedora_6-3.3.6",
- "description": "The description for control-id cis_fedora_6-3.3.6.",
+ "description": "No notes for control-id 6.3.3.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue_net"
}
]
},
{
- "uuid": "f764420a-0fd6-49dd-a080-f2a2bbfed6b1",
+ "uuid": "2a363844-6634-46f1-89ab-2e38880d4d47",
"control-id": "cis_fedora_6-3.3.7",
- "description": "These rules are not covering \"/etc/hostname\" and \"/etc/NetworkManager/\".",
+ "description": "No notes for control-id 6.3.3.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification"
+ "value": "audit_rules_networkconfig_modification_etc_hosts"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts"
+ "value": "audit_rules_networkconfig_modification_hostname_file"
}
]
},
{
- "uuid": "627a5cdd-c799-4d2a-ab87-ceb479d3a64a",
+ "uuid": "00fb31d4-1473-453b-b448-2c1ec43e24e1",
"control-id": "cis_fedora_6-3.3.8",
- "description": "The description for control-id cis_fedora_6-3.3.8.",
+ "description": "No notes for control-id 6.3.3.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections"
}
]
},
{
- "uuid": "cd4a015b-89dc-4ccc-99b5-fd65264ab04b",
+ "uuid": "38f66c56-9917-407d-b20c-3ef62cc260af",
"control-id": "cis_fedora_6-3.3.9",
- "description": "The description for control-id cis_fedora_6-3.3.9.",
+ "description": "No notes for control-id 6.3.3.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_networkmanager"
}
]
},
{
- "uuid": "42ac5804-c335-4bce-9549-362178ccf8e7",
+ "uuid": "4ce579e0-1905-463b-b45e-18388ed5a9a5",
"control-id": "cis_fedora_6-3.3.10",
"description": "No notes for control-id 6.3.3.10.",
"props": [
@@ -6835,7 +7572,7 @@
]
},
{
- "uuid": "7fe0873c-f509-4fea-8170-d78b63648c82",
+ "uuid": "a3173411-4cb6-4ee5-bb24-bbae926aba0d",
"control-id": "cis_fedora_6-3.3.11",
"description": "No notes for control-id 6.3.3.11.",
"props": [
@@ -6872,7 +7609,7 @@
]
},
{
- "uuid": "05d4b189-7110-49c5-a422-d11b0340e849",
+ "uuid": "bfc24d83-a2d1-4710-b698-580027d55d67",
"control-id": "cis_fedora_6-3.3.12",
"description": "No notes for control-id 6.3.3.12.",
"props": [
@@ -6889,7 +7626,7 @@
]
},
{
- "uuid": "233af7b2-c16d-4295-9c66-e760186bde01",
+ "uuid": "93a1193f-444b-4afa-93c0-7271cf83ee19",
"control-id": "cis_fedora_6-3.3.13",
"description": "No notes for control-id 6.3.3.13.",
"props": [
@@ -6906,7 +7643,7 @@
]
},
{
- "uuid": "976119d8-6aab-4072-aa60-9820496066b0",
+ "uuid": "bb6d3609-cb42-40c8-b2ed-13b30524ef53",
"control-id": "cis_fedora_6-3.3.14",
"description": "No notes for control-id 6.3.3.14.",
"props": [
@@ -6928,7 +7665,7 @@
]
},
{
- "uuid": "6a0b1cfd-e84a-4b00-9378-f50aac06a583",
+ "uuid": "4a960314-899d-4fa7-9421-5cb0bd923c42",
"control-id": "cis_fedora_6-3.3.15",
"description": "No notes for control-id 6.3.3.15.",
"props": [
@@ -6945,33 +7682,46 @@
]
},
{
- "uuid": "2a659df1-b44b-4909-8726-f6cafb30d4ea",
+ "uuid": "8253b87e-5e28-4a9b-9b64-2ece82d33f4f",
"control-id": "cis_fedora_6-3.3.16",
- "description": "The description for control-id cis_fedora_6-3.3.16.",
+ "description": "No notes for control-id 6.3.3.16.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.16."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf"
}
]
},
{
- "uuid": "5b68f0e5-4439-4b7c-827e-8e035e31d35c",
+ "uuid": "1db367c2-611c-43ef-a18d-585eee772ab3",
"control-id": "cis_fedora_6-3.3.17",
- "description": "The description for control-id cis_fedora_6-3.3.17.",
+ "description": "No notes for control-id 6.3.3.17.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.17."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd"
}
]
},
{
- "uuid": "eead3464-58e5-47d1-bd57-8a83d22c1f2d",
+ "uuid": "389ee15a-16f6-402f-9ce8-742991a8839a",
"control-id": "cis_fedora_6-3.3.18",
"description": "No notes for control-id 6.3.3.18.",
"props": [
@@ -7053,7 +7803,7 @@
]
},
{
- "uuid": "da335546-884d-4ae3-b5d3-e5459f4a96b0",
+ "uuid": "0f9ca8cf-fc5d-4156-b9be-f9b327327131",
"control-id": "cis_fedora_6-3.3.19",
"description": "No notes for control-id 6.3.3.19.",
"props": [
@@ -7070,7 +7820,7 @@
]
},
{
- "uuid": "6e1b7298-a8fa-49ce-8b57-6e2a4f831ba1",
+ "uuid": "b8e1e108-310f-4fd7-a2a7-bbf90fcd3d0b",
"control-id": "cis_fedora_6-3.3.20",
"description": "No notes for control-id 6.3.3.20.",
"props": [
@@ -7097,7 +7847,7 @@
]
},
{
- "uuid": "7b880920-41e4-446b-af73-46c5bae03fc6",
+ "uuid": "97b79a3d-cc3d-4eb0-94ff-36fd1f80e970",
"control-id": "cis_fedora_6-3.3.21",
"description": "No notes for control-id 6.3.3.21.",
"props": [
@@ -7119,7 +7869,7 @@
]
},
{
- "uuid": "f3aec58e-1b13-4855-8d1b-3ae24d360bc9",
+ "uuid": "4fc387d5-c859-4493-94e5-d6a40a95e0e5",
"control-id": "cis_fedora_6-3.3.22",
"description": "No notes for control-id 6.3.3.22.",
"props": [
@@ -7156,7 +7906,7 @@
]
},
{
- "uuid": "c3c20765-ba8e-41e6-9296-57af996d4bff",
+ "uuid": "47da3839-75ed-4629-9631-43807055361f",
"control-id": "cis_fedora_6-3.3.23",
"description": "No notes for control-id 6.3.3.23.",
"props": [
@@ -7178,7 +7928,7 @@
]
},
{
- "uuid": "9a6c282c-542b-4a21-ae14-bf334c8c5f09",
+ "uuid": "5da6fce5-8d6e-4872-808d-5862c848f3a9",
"control-id": "cis_fedora_6-3.3.24",
"description": "No notes for control-id 6.3.3.24.",
"props": [
@@ -7195,7 +7945,7 @@
]
},
{
- "uuid": "e03c8d8f-6490-4c62-b6b2-481443653bad",
+ "uuid": "fcd9d90e-c620-4900-af6c-6b377676381f",
"control-id": "cis_fedora_6-3.3.25",
"description": "No notes for control-id 6.3.3.25.",
"props": [
@@ -7212,7 +7962,7 @@
]
},
{
- "uuid": "15af729f-307b-44fc-819c-5af0ed403ed6",
+ "uuid": "bcfc913d-2091-4946-8fc0-8ceb2c9fbb8f",
"control-id": "cis_fedora_6-3.3.26",
"description": "No notes for control-id 6.3.3.26.",
"props": [
@@ -7229,7 +7979,7 @@
]
},
{
- "uuid": "b1fbccb9-909c-46b1-aeee-f65b4b056a32",
+ "uuid": "34d27a48-9f7a-4a92-b835-bc45f445aeb0",
"control-id": "cis_fedora_6-3.3.27",
"description": "No notes for control-id 6.3.3.27.",
"props": [
@@ -7246,7 +7996,7 @@
]
},
{
- "uuid": "b0027bd1-3933-4f53-9155-ef1a2c28162c",
+ "uuid": "0e53ec1e-85d0-4b5f-870d-ac2a2852278e",
"control-id": "cis_fedora_6-3.3.28",
"description": "No notes for control-id 6.3.3.28.",
"props": [
@@ -7263,7 +8013,7 @@
]
},
{
- "uuid": "a108d188-4d25-48b6-93eb-3adb393a9ddf",
+ "uuid": "2941368a-4c3d-4dc3-ad5a-9ff0c28ac100",
"control-id": "cis_fedora_6-3.3.29",
"description": "No notes for control-id 6.3.3.29.",
"props": [
@@ -7285,7 +8035,7 @@
]
},
{
- "uuid": "12d82c4d-b1ca-42fa-8207-e11b3fe571e4",
+ "uuid": "c0f45ba5-a072-4fde-bc99-f64b3c8f341e",
"control-id": "cis_fedora_6-3.3.30",
"description": "No notes for control-id 6.3.3.30.",
"props": [
@@ -7302,7 +8052,7 @@
]
},
{
- "uuid": "8b8620c0-cdaf-45e3-be37-a52b2a60fd7c",
+ "uuid": "64ca5092-3cb6-4796-910d-10abf99d756b",
"control-id": "cis_fedora_6-3.3.31",
"description": "No notes for control-id 6.3.3.31.",
"props": [
@@ -7324,20 +8074,24 @@
]
},
{
- "uuid": "c24b12b5-f6e6-4015-ab94-08f6102a1e8f",
+ "uuid": "9be3b680-f514-4b9f-9282-fe2c15207649",
"control-id": "cis_fedora_6-3.3.32",
- "description": "The description for control-id cis_fedora_6-3.3.32.",
+ "description": "No notes for control-id 6.3.3.32.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.32."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading"
}
]
},
{
- "uuid": "acfdd63d-4fd0-4c1c-be3d-e7c8c360e09d",
+ "uuid": "9ca8679c-1fd8-4433-9b1a-b00006a4a4fb",
"control-id": "cis_fedora_6-3.3.33",
"description": "No notes for control-id 6.3.3.33.",
"props": [
@@ -7354,7 +8108,7 @@
]
},
{
- "uuid": "13ad6fbb-9bd2-4bfa-af07-54a9a13752ac",
+ "uuid": "466e4b8a-4b83-499f-a09d-6347ff0efdfe",
"control-id": "cis_fedora_6-3.3.34",
"description": "The description for control-id cis_fedora_6-3.3.34.",
"props": [
@@ -7367,7 +8121,7 @@
]
},
{
- "uuid": "bec01c19-c739-4ab9-ad22-844c031f04bf",
+ "uuid": "d2e0b3ab-7a43-4da8-985d-0725f1bcc222",
"control-id": "cis_fedora_6-3.4.1",
"description": "No notes for control-id 6.3.4.1.",
"props": [
@@ -7384,7 +8138,7 @@
]
},
{
- "uuid": "848f1811-4e22-4e57-832a-922d4d884111",
+ "uuid": "42e978a3-b231-4359-be67-5681656d5639",
"control-id": "cis_fedora_6-3.4.2",
"description": "No notes for control-id 6.3.4.2.",
"props": [
@@ -7401,7 +8155,7 @@
]
},
{
- "uuid": "64f192b6-78ca-4a92-a571-d42c15cdec55",
+ "uuid": "29833f31-33cc-4e1c-852b-2939d0cc67d2",
"control-id": "cis_fedora_6-3.4.3",
"description": "No notes for control-id 6.3.4.3.",
"props": [
@@ -7418,7 +8172,7 @@
]
},
{
- "uuid": "7613acfe-7ebf-467e-91f4-56c20ca70e5c",
+ "uuid": "decd370c-9306-46c2-941f-6c23a7030cbd",
"control-id": "cis_fedora_6-3.4.4",
"description": "No notes for control-id 6.3.4.4.",
"props": [
@@ -7435,7 +8189,7 @@
]
},
{
- "uuid": "222c8b09-ce7e-4b04-b648-6858ce0a29b0",
+ "uuid": "dc1f1c18-ac22-4dd7-83ec-c407bc6ed55b",
"control-id": "cis_fedora_6-3.4.5",
"description": "No notes for control-id 6.3.4.5.",
"props": [
@@ -7452,7 +8206,7 @@
]
},
{
- "uuid": "6f82188b-5db0-4478-9d1e-fe8ebac3876d",
+ "uuid": "f40f9b7a-bd70-4ca4-91b5-754e392b4305",
"control-id": "cis_fedora_6-3.4.6",
"description": "No notes for control-id 6.3.4.6.",
"props": [
@@ -7469,7 +8223,7 @@
]
},
{
- "uuid": "5e16fdbd-a4f0-49cd-9e17-47da757176c7",
+ "uuid": "178760e5-ddf0-4616-90e6-569f0b846ed7",
"control-id": "cis_fedora_6-3.4.7",
"description": "No notes for control-id 6.3.4.7.",
"props": [
@@ -7486,7 +8240,7 @@
]
},
{
- "uuid": "74b95012-93e4-40c3-a175-ce0bbff4efb2",
+ "uuid": "1c43fa28-258f-46a4-a75f-e450829bff77",
"control-id": "cis_fedora_6-3.4.8",
"description": "No notes for control-id 6.3.4.8.",
"props": [
@@ -7503,7 +8257,7 @@
]
},
{
- "uuid": "4e5de1bc-99cf-48ea-a55c-276223643fb8",
+ "uuid": "46d1b1bd-9a8d-4908-93bc-7140fb1babd0",
"control-id": "cis_fedora_6-3.4.9",
"description": "No notes for control-id 6.3.4.9.",
"props": [
@@ -7520,7 +8274,7 @@
]
},
{
- "uuid": "661568a8-c31d-4e0b-9f25-2bce1a630cfe",
+ "uuid": "a793b10e-4e6f-4a1d-b427-2817dd31a3b1",
"control-id": "cis_fedora_6-3.4.10",
"description": "No notes for control-id 6.3.4.10.",
"props": [
@@ -7537,7 +8291,7 @@
]
},
{
- "uuid": "b4218862-0ec2-48a6-85fa-71aa54d48d93",
+ "uuid": "38bd637a-a813-41d6-ad04-f68cfba7f049",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -7554,7 +8308,7 @@
]
},
{
- "uuid": "6b7be75f-78c1-4c5c-ac57-764f73b17c0c",
+ "uuid": "932df398-112c-466e-af3a-8bd3a0c6c82b",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -7571,7 +8325,7 @@
]
},
{
- "uuid": "6142e7f4-b7ad-43f2-b78e-222137a56f28",
+ "uuid": "9d5a6f97-879d-44ee-afca-e3bbd2b56e34",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -7588,7 +8342,7 @@
]
},
{
- "uuid": "a9e87574-ce31-49ac-b4b0-b49968917de2",
+ "uuid": "5f277edd-e7ce-43ba-9c37-dae22c79dd76",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -7605,7 +8359,7 @@
]
},
{
- "uuid": "422ef774-563f-455c-af52-d424647276e5",
+ "uuid": "89321eb4-6f5c-41d4-9d29-45255796e6ef",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -7622,7 +8376,7 @@
]
},
{
- "uuid": "c9bf2c06-9265-430f-8fdf-1e674d4b098f",
+ "uuid": "b52179c4-f01d-4a38-b307-0150f4b20f49",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -7639,7 +8393,7 @@
]
},
{
- "uuid": "da765232-3cbe-4a4e-87f1-b2fce3bb26c6",
+ "uuid": "cf50ca7a-cb6a-4677-9f82-cf01dc4dfa08",
"control-id": "cis_fedora_1-1.1.9",
"description": "No notes for control-id 1.1.1.9.",
"props": [
@@ -7656,7 +8410,7 @@
]
},
{
- "uuid": "de3a8dd7-c191-4830-935c-d218f34b7e98",
+ "uuid": "54685bd5-0924-4270-8cde-8b297eaf13ae",
"control-id": "cis_fedora_1-1.1.10",
"description": "No notes for control-id 1.1.1.10.",
"props": [
@@ -7673,7 +8427,7 @@
]
},
{
- "uuid": "746d3965-36dc-4762-ba25-c7ef64920185",
+ "uuid": "9b54b72e-05e4-426c-96ad-98215760cb8b",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -7686,7 +8440,7 @@
]
},
{
- "uuid": "a7dfdd53-6a9c-4d63-810b-c8b599745bc5",
+ "uuid": "3a23e16d-9497-4fe7-a5fd-fe12dda973df",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -7703,7 +8457,7 @@
]
},
{
- "uuid": "1a7539e3-0181-4ca1-b583-2607bd0b4d18",
+ "uuid": "4b188bf6-7d9b-4e90-9c87-6396f3db203d",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -7720,7 +8474,7 @@
]
},
{
- "uuid": "cb798b05-c968-4ad3-b4c7-de7ffb6709a0",
+ "uuid": "81bbaa1d-aed7-4660-bc89-29cc10f0df1d",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -7737,7 +8491,7 @@
]
},
{
- "uuid": "22d8417a-3d76-4e5f-93a7-d69329d67c87",
+ "uuid": "ea4cb531-cafa-4a5e-95c4-cd040ff37ed1",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -7754,7 +8508,7 @@
]
},
{
- "uuid": "9d4a71c1-22c7-4ed1-8af2-171c2ecb91d3",
+ "uuid": "07d4f057-6b4e-4b10-98b0-6f2350576657",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -7771,7 +8525,7 @@
]
},
{
- "uuid": "72015663-a01f-47ce-b605-f257cc280cb6",
+ "uuid": "9ea08e7e-702c-4dec-90c2-e666033d2cbf",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -7788,7 +8542,7 @@
]
},
{
- "uuid": "da479305-9b39-4dea-96f4-606b65fb085a",
+ "uuid": "f298bf25-c6d0-4a3f-8815-d0d23060f983",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -7805,7 +8559,7 @@
]
},
{
- "uuid": "f87d4b68-39dd-41f8-bf9d-56970e8efa68",
+ "uuid": "18856be0-3cea-481e-a70a-5d1b0a5120ea",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -7822,7 +8576,7 @@
]
},
{
- "uuid": "539d8a59-8a2c-4d03-9f8a-787dce4a339a",
+ "uuid": "2dcf8ac6-a32e-4727-a05a-6c71356c845e",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -7839,7 +8593,7 @@
]
},
{
- "uuid": "3bffcc33-0d56-4708-be8b-4a13f88785c7",
+ "uuid": "26c942b7-b696-4025-b075-a526876b7bea",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -7856,7 +8610,7 @@
]
},
{
- "uuid": "c024c12b-2941-4f31-82b3-f0206c172f15",
+ "uuid": "fbbda529-3ccc-4853-b6a4-70dbb3527adb",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -7873,7 +8627,7 @@
]
},
{
- "uuid": "ff418d04-d2b8-45b0-95b1-bb73d6525240",
+ "uuid": "3a073891-3fb2-489c-91a5-7d040058065e",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -7890,7 +8644,7 @@
]
},
{
- "uuid": "9a7ebcc1-643c-425a-be88-69baa884292a",
+ "uuid": "ea142211-1f69-44c4-87d9-34edd6d5b2e8",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -7907,7 +8661,7 @@
]
},
{
- "uuid": "e559f239-90bd-4671-8a54-81f59f852b48",
+ "uuid": "4c8d4863-ea5e-4cff-957c-87f63287139e",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -7924,7 +8678,7 @@
]
},
{
- "uuid": "9c966444-2ce2-4037-8db6-9e461dc096e0",
+ "uuid": "db220f65-b8de-4ef6-9444-873a056c7f8c",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -7941,7 +8695,7 @@
]
},
{
- "uuid": "36453a05-5e1a-46ad-b53f-c1a2f51f07f5",
+ "uuid": "3a02c23b-3ec1-4ccb-aa24-8963036afc48",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -7958,7 +8712,7 @@
]
},
{
- "uuid": "95e48686-bdde-42fc-b8c8-1d11b27fc8dc",
+ "uuid": "2619a1fd-abcb-4868-9c46-6c857abc90c0",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -7975,7 +8729,7 @@
]
},
{
- "uuid": "adf7506b-67c7-45ad-8203-b88613ccd870",
+ "uuid": "72aad199-33d8-48c7-85b4-ddff29aea49b",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -7992,7 +8746,7 @@
]
},
{
- "uuid": "471965a7-2de5-46a1-b531-cf282af56b90",
+ "uuid": "fffd1ea1-81ef-4299-8065-78ef126f4234",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -8009,7 +8763,7 @@
]
},
{
- "uuid": "ca88237f-3cb3-4a56-94e3-be13f1c79d0b",
+ "uuid": "4a4006b4-906d-4760-8290-7c885a7b7c82",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -8026,7 +8780,7 @@
]
},
{
- "uuid": "46ea9d1f-ab4b-4a28-8c94-cf799379a577",
+ "uuid": "498d5786-56e6-4822-9662-18c3db94e57f",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -8043,7 +8797,7 @@
]
},
{
- "uuid": "83e10641-9600-4ed9-9e73-b817b2ce169a",
+ "uuid": "7e2c4307-2dbd-4f64-8033-275ddd219f25",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -8056,7 +8810,7 @@
]
},
{
- "uuid": "b8472ca2-e53e-4147-b502-8a79da6c0c6d",
+ "uuid": "abd7f6b4-ccfc-4c83-bb53-bc711d1f6f88",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -8073,7 +8827,7 @@
]
},
{
- "uuid": "6e8ea64f-d342-420c-94d7-e3e11c683aa5",
+ "uuid": "2cfb0a30-cb5d-4f8f-aecd-ce580e632831",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -8086,20 +8840,24 @@
]
},
{
- "uuid": "76648bd4-61c9-4215-949f-437c35c85f9b",
+ "uuid": "53b397e9-5ebf-4046-bc45-c24675be733d",
"control-id": "cis_fedora_1-2.1.5",
- "description": "The description for control-id cis_fedora_1-2.1.5.",
+ "description": "No notes for control-id 1.2.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.2.1.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_weak_deps"
}
]
},
{
- "uuid": "9bdf47b0-26c3-4c65-a03a-f56ef26c4caa",
+ "uuid": "054b4a13-f1da-4b0a-80e9-fc539e3ea3c7",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -8112,7 +8870,7 @@
]
},
{
- "uuid": "f8837f07-8e85-4577-8bc9-0380c0f71411",
+ "uuid": "e77bbc9a-fdfb-4172-92d0-4afa4bfbf9f1",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -8129,7 +8887,7 @@
]
},
{
- "uuid": "342bcc47-91ad-4126-a0b9-7f9bcc7fc8a0",
+ "uuid": "01a1b0d0-778b-4412-997b-ae9444f647b7",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -8146,7 +8904,7 @@
]
},
{
- "uuid": "887d53e3-a3d6-411a-8c4f-5ffd621e89fd",
+ "uuid": "2338ce16-965e-446c-a802-d4f64d5071e9",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -8163,7 +8921,7 @@
]
},
{
- "uuid": "3468705d-4fec-4d5d-b616-6c6ffaf7a64c",
+ "uuid": "67461fa1-005d-4d0a-9346-ae4d47073ace",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -8180,7 +8938,7 @@
]
},
{
- "uuid": "4286b828-c813-4a02-b685-bb1000f7e657",
+ "uuid": "f775f734-65b8-4e95-a409-8c09ad697c01",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -8197,7 +8955,7 @@
]
},
{
- "uuid": "810e42ad-f3d1-458a-b113-6ac16fbeaa35",
+ "uuid": "4ca23dea-961f-4b90-af72-d385e2e8435e",
"control-id": "cis_fedora_1-3.1.8",
"description": "No notes for control-id 1.3.1.8.",
"props": [
@@ -8214,7 +8972,7 @@
]
},
{
- "uuid": "fb6861ca-d50e-4557-906a-ff561fe91f93",
+ "uuid": "306ba5e3-9615-446d-94ab-332bd5b35655",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -8231,180 +8989,204 @@
]
},
{
- "uuid": "891a6259-1d96-4e07-9ed6-a824e8799b45",
+ "uuid": "f57e0c30-0d8e-4db7-a263-c55bc3dee438",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "e99442de-3f76-4791-ae17-178f9fa92ce5",
+ "uuid": "61ef1fb9-b8ab-493c-aa20-a1d9a671b314",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "a965a94f-ce11-443c-88b4-d5988e901a87",
+ "uuid": "7a788086-a0e6-45be-990a-83cf252252e6",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "f359efd9-7a39-4597-a068-084529d5c7a0",
+ "uuid": "f8137a7e-b00d-4675-a5c6-8c86e835b9b7",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "f7c1f7b7-eb33-43d0-8863-3fda962252ab",
+ "uuid": "fb7ea4a5-3aaf-4021-bf6f-d0dc074eccd8",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "1b66c7ec-5df3-48f3-ae8e-f08abd43937a",
+ "uuid": "a2fe704f-7654-4ada-a298-730ef6a5eaf4",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "42afccb3-7909-4ae7-93dd-95a8adcb3c93",
+ "uuid": "d4c0e09f-fc92-40a3-841b-4c5ff689427a",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "b5787951-3853-4e62-96d3-cbfb75898ad5",
+ "uuid": "9a4ce29e-46ca-4540-b7d1-3cbfa150e906",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "884b2197-ea94-489c-990f-2ab8b18db3b2",
+ "uuid": "b6bdb4dd-bbd5-4aae-9527-66b1843d9d2c",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "ccda3268-dca6-49e3-bf97-3ba109c6ee34",
+ "uuid": "110bd3b3-10a0-44d7-abac-834433c6ea20",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "ad315382-3804-43b6-a168-438945be1abc",
+ "uuid": "205d7933-854d-4513-93f6-3116484d0f38",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "d8c85615-f5f7-489b-a294-0a5c45a61cd7",
+ "uuid": "6fe9fd6c-ad19-44e6-9113-af2e7bd80c5b",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -8416,50 +9198,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "3e998df4-edd1-4123-9742-9145e770cb16",
+ "uuid": "6185ac3b-a01e-4c84-9b7a-4b9a5ee4f3f1",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "1e46d93f-3396-4c86-949c-d669e54338f7",
+ "uuid": "3d54aadd-bcb8-4f0e-9ca3-51370c105d5e",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "89c5180a-13d9-4ceb-a47c-af5fa9d89c5d",
+ "uuid": "f7d79538-271e-43ab-ae67-7a3e460ba71c",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "1126bd76-1832-4c85-973c-f6bb19fc85fc",
+ "uuid": "9604a2c8-303a-4c48-9973-df3079b9bc97",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -8476,7 +9271,7 @@
]
},
{
- "uuid": "d8d70ed2-1fc1-46a4-af94-73f470d50fc7",
+ "uuid": "cff67785-391b-42e7-92d3-8e08144346b0",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -8493,7 +9288,7 @@
]
},
{
- "uuid": "4d0e6314-1ef1-4984-886b-4f42e05f5ff0",
+ "uuid": "fbe580d4-cf3f-4bbd-86ef-c56dc84b6308",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -8510,7 +9305,7 @@
]
},
{
- "uuid": "edcdb938-3bc2-45ed-82f2-92043dc303fa",
+ "uuid": "c5bedb51-0e03-4cd3-9789-b9fd69707906",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -8537,7 +9332,7 @@
]
},
{
- "uuid": "21493f33-23a1-4123-aa7b-dfe6ca34ef4b",
+ "uuid": "373640f5-6ba5-4a56-b5bd-6c9e6e9ff970",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -8564,7 +9359,7 @@
]
},
{
- "uuid": "70df5f74-bbfc-4628-904d-402a6aedb425",
+ "uuid": "02ded42f-5b75-492c-a399-d7588a40b461",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -8591,14 +9386,14 @@
]
},
{
- "uuid": "7375ce42-f938-47a4-af43-e46779cc9fa9",
+ "uuid": "1f6f7606-2862-4192-a7a6-e5a062378f48",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8613,7 +9408,7 @@
]
},
{
- "uuid": "433fad03-2cc0-4d37-b39f-5c5869430a6b",
+ "uuid": "0e6c6699-a5fe-47ed-a48e-e24ab2b2037e",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -8630,14 +9425,14 @@
]
},
{
- "uuid": "41eee75c-18ee-4209-bf58-b145021eae43",
+ "uuid": "50478136-ca50-467e-8454-8b19d4d40a04",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8648,11 +9443,21 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "6a670856-2460-4c0b-b5e5-f522e03317b4",
+ "uuid": "2ccc24bc-79f2-43de-9032-350c97c38905",
"control-id": "cis_fedora_1-8.4",
"description": "No notes for control-id 1.8.4.",
"props": [
@@ -8674,14 +9479,14 @@
]
},
{
- "uuid": "d97c5344-6278-4ce3-a7bf-df7561c14f61",
+ "uuid": "3fbfb6f0-2ee2-4d1c-be1b-4a2c007a608d",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8691,7 +9496,7 @@
]
},
{
- "uuid": "26d74a22-0eea-46b2-9aa8-b4d012f51ba0",
+ "uuid": "0b313c78-18d1-4af6-9cce-490fc8b96484",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -8704,7 +9509,7 @@
]
},
{
- "uuid": "06a09035-a72b-43a1-9cb6-17647a43e972",
+ "uuid": "f3295f7d-30e6-4ac2-b730-e82354825b0d",
"control-id": "cis_fedora_2-1.1",
"description": "No notes for control-id 2.1.1.",
"props": [
@@ -8721,7 +9526,7 @@
]
},
{
- "uuid": "b978664c-e5f4-4894-bd3d-74c0e6c5b304",
+ "uuid": "21cdb208-6b53-42d4-9b26-2cf37edaf328",
"control-id": "cis_fedora_2-1.2",
"description": "No notes for control-id 2.1.2.",
"props": [
@@ -8738,7 +9543,7 @@
]
},
{
- "uuid": "b15b73e9-f676-419d-a502-afc828905824",
+ "uuid": "476bf20a-a2e4-4e72-a9f8-af66ace0f3d5",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -8755,7 +9560,7 @@
]
},
{
- "uuid": "a9fbe639-d1e5-40da-ab4c-4e644d62ebd1",
+ "uuid": "cce9414d-a1ad-46dd-ac53-6a53cb724580",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -8772,7 +9577,7 @@
]
},
{
- "uuid": "15e7e7ed-ba71-4ea0-86af-74760848ccfb",
+ "uuid": "decef81d-a42f-46a6-84eb-5ddf302fdc9b",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -8789,7 +9594,7 @@
]
},
{
- "uuid": "0877776d-69cf-40d3-a6f8-4d6f6326e25b",
+ "uuid": "b03c73d1-06e0-457f-bb04-b0764cfba6ae",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -8806,7 +9611,7 @@
]
},
{
- "uuid": "41ef1a4b-0e33-4196-b36f-f0b167d9803c",
+ "uuid": "1313c432-1793-4051-897a-62bcf0c9c0da",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -8828,7 +9633,7 @@
]
},
{
- "uuid": "9bf5e21a-7d56-49f9-9bb7-1e14f75dc5e1",
+ "uuid": "b502924d-7041-4ac9-ba65-393f78a123a0",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -8845,7 +9650,7 @@
]
},
{
- "uuid": "0eb83c74-c015-48d5-b46a-f3b80e4af826",
+ "uuid": "21c492dc-ddc9-4480-8de7-2148a9e0a1b4",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -8857,7 +9662,7 @@
]
},
{
- "uuid": "ac954814-df4e-45dd-b699-1f5303461754",
+ "uuid": "8533e019-6958-4b32-8205-49b12b7ad360",
"control-id": "cis_fedora_2-1.11",
"description": "No notes for control-id 2.1.11.",
"props": [
@@ -8874,7 +9679,7 @@
]
},
{
- "uuid": "dc7184b0-007a-4e9f-b12e-446aa8251460",
+ "uuid": "eef6794f-b493-462b-8b21-2caf0b58ae0b",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -8891,7 +9696,7 @@
]
},
{
- "uuid": "4a3a9f5e-96bc-4b49-8429-cc69be7949c5",
+ "uuid": "98a2a8a9-db1d-4355-9ce4-b7d46ef94b1d",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -8908,7 +9713,7 @@
]
},
{
- "uuid": "08e2e0a0-755c-4c28-8d6a-78bd424f67ed",
+ "uuid": "ad57c7de-9803-4047-81f6-57aee57cf402",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -8925,7 +9730,7 @@
]
},
{
- "uuid": "b1f74a2a-1acb-4f01-b305-25ce743bd140",
+ "uuid": "c5d3012e-da08-42ad-8eb3-d603c3fbe843",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -8942,7 +9747,7 @@
]
},
{
- "uuid": "97b46711-800e-415a-972a-f2134257964a",
+ "uuid": "17dc2ed3-1f6b-4921-80a3-83ea2dc6d30f",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -8959,7 +9764,7 @@
]
},
{
- "uuid": "84fa6548-b55a-4a85-ad78-3870bb053fb4",
+ "uuid": "7ab2f73f-0d05-4b49-9958-a27d4fc2ab98",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -8976,7 +9781,7 @@
]
},
{
- "uuid": "2daf224f-fc0f-4d51-83cd-da47e42f2462",
+ "uuid": "86a869c7-be77-44ce-ae0a-da7885e46fe6",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -8993,7 +9798,7 @@
]
},
{
- "uuid": "a1ff569f-778f-47d7-ae0a-01385b6b76a5",
+ "uuid": "787f9ab0-98c3-4176-90a9-cc56d8d9a6a3",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -9015,7 +9820,7 @@
]
},
{
- "uuid": "2938fa7b-bcf9-42c1-80b5-fe0a4802dc14",
+ "uuid": "fed8c4d0-0819-4ab5-8edb-aa28b5964cdb",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -9028,14 +9833,14 @@
]
},
{
- "uuid": "1abc50ad-4cec-404f-9ddd-ae05b135a22c",
+ "uuid": "bbc68787-c86d-42b9-8f02-b1b8e9baec62",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -9050,7 +9855,7 @@
]
},
{
- "uuid": "376407c5-c595-4eda-ab8f-784a06cb7114",
+ "uuid": "23b1db9f-086e-4ffb-b8f5-849efb252db5",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -9063,7 +9868,7 @@
]
},
{
- "uuid": "2e2035c9-7245-410a-a0e1-7b20822aacbc",
+ "uuid": "cc555d3f-0b42-4233-82bc-b20c3bdb5027",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -9080,7 +9885,7 @@
]
},
{
- "uuid": "7fb22054-3b1a-4d2c-8f13-e3e91318c7c4",
+ "uuid": "4b300004-f1ce-43ed-994c-f75c234cd8ef",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -9092,7 +9897,7 @@
]
},
{
- "uuid": "b98f990c-d71e-4f7d-bfca-432fff7b746e",
+ "uuid": "478741fe-1bf1-4aca-b8b2-e77b3e192b12",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -9109,7 +9914,7 @@
]
},
{
- "uuid": "4793569b-c6c4-4013-8856-3fc6d35f8546",
+ "uuid": "457a4ec3-d50d-4962-b75b-651fde667a10",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -9126,7 +9931,7 @@
]
},
{
- "uuid": "4c146265-dca3-477f-af4c-5eca735b1e62",
+ "uuid": "7a7682d4-4b82-40d5-a0ed-af446d2652ed",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -9138,7 +9943,7 @@
]
},
{
- "uuid": "c87af0e0-e27e-4d68-adce-237ef3d682e2",
+ "uuid": "e4eb0228-afa9-4107-b67d-2696e7c356d2",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -9155,7 +9960,7 @@
]
},
{
- "uuid": "30453c05-d073-4337-94b3-9c661a367e25",
+ "uuid": "066a3294-3c4a-436a-aa59-d4aaa09ed2f5",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -9172,7 +9977,7 @@
]
},
{
- "uuid": "b7285354-3868-47cb-adae-564d6ba06cac",
+ "uuid": "5263fca0-cc23-4dfd-a0d3-5ea686652a46",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -9194,7 +9999,7 @@
]
},
{
- "uuid": "0cd05f0a-c9d2-4fa0-b182-ea8d60d6c4f2",
+ "uuid": "5e42ec8d-69a2-47c1-8e4c-474f8911b318",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -9221,7 +10026,7 @@
]
},
{
- "uuid": "a8fb9f60-c3a7-4a4b-a9f8-de39725a51c6",
+ "uuid": "9f84aa0e-796e-461e-9513-e7e81b5bd2cd",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -9248,7 +10053,7 @@
]
},
{
- "uuid": "2a38c406-da6f-46a9-911f-1008dd66add9",
+ "uuid": "fe74ad39-589e-4efa-83d7-54ded0d71e05",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -9275,7 +10080,7 @@
]
},
{
- "uuid": "9604005e-537f-4f08-b12e-5f9569362b03",
+ "uuid": "7d4f36c1-6ad7-41a3-b292-6f9398f4baa8",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -9302,7 +10107,7 @@
]
},
{
- "uuid": "228e00b0-39f2-4f06-abbe-01fad5ba37c5",
+ "uuid": "ad4a3ebf-7f92-496b-b456-3f012f5f4f29",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -9329,20 +10134,34 @@
]
},
{
- "uuid": "016eb4e6-91bd-44fd-8019-1d1e9cf6724f",
+ "uuid": "5b613ce6-370d-42f2-81ca-6b780b07a15e",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "63e33683-7c09-4b8b-89bf-c328996f24b0",
+ "uuid": "f9e7d5f9-9001-4921-b779-2794ab048bf8",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -9369,7 +10188,7 @@
]
},
{
- "uuid": "fabaf73d-2f4c-4a57-ac7d-440316b40f97",
+ "uuid": "411b9555-d2b8-417c-a103-df337fc870a6",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -9406,20 +10225,25 @@
]
},
{
- "uuid": "25ecf719-c179-4cbb-a8bc-49cd61b75cbd",
+ "uuid": "55912105-6482-4e1c-8098-0314110c94c1",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -9438,7 +10262,7 @@
]
},
{
- "uuid": "dc21d512-d711-4a68-8b9e-d958af45e73a",
+ "uuid": "66e25404-2b31-4022-8b85-643c575f98d0",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -9451,7 +10275,7 @@
]
},
{
- "uuid": "d01c0d59-8884-4215-9437-7d72b7d68bb8",
+ "uuid": "b18f55d9-f12a-4a36-883e-6c2da5d0d7e2",
"control-id": "cis_fedora_3-1.2",
"description": "No notes for control-id 3.1.2.",
"props": [
@@ -9468,7 +10292,7 @@
]
},
{
- "uuid": "0d394c38-064a-4f8b-b800-a919ccc23cf6",
+ "uuid": "677f4f9f-e8ba-4de7-99d8-7159a72841c4",
"control-id": "cis_fedora_3-1.3",
"description": "No notes for control-id 3.1.3.",
"props": [
@@ -9485,46 +10309,58 @@
]
},
{
- "uuid": "7f8a523d-6ca1-48d2-9be4-8d13ddb95bcd",
+ "uuid": "0b2d5485-1479-4790-8f2f-5e7f218ea045",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "da797f01-56e9-4f72-8a46-67f1a926197e",
+ "uuid": "6a156a4e-5620-46a8-91c6-502efa8739c6",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "070398cf-b5a7-4080-81cf-28618d262e32",
+ "uuid": "ebde1e70-a499-45e0-a80e-4facec609da7",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "3eec3f74-779f-4040-8f0b-75da6d572660",
+ "uuid": "bbccbf87-8957-478a-b6a3-d65d4465ecae",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -9541,46 +10377,58 @@
]
},
{
- "uuid": "76e7f83f-b55f-4724-b8ef-9729c6c59d4c",
+ "uuid": "de7ccf8b-9c5f-4d54-a906-85a19152c634",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "4f7cdd65-3a5c-4b1a-a599-1bb1496cf7c7",
+ "uuid": "cc827c91-e900-4509-92c2-596d0e180312",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "2ffad874-9bed-4981-9d5e-8b50a14225b5",
+ "uuid": "cc9f542f-3527-4dbb-9d6c-27b3f0155091",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "711ec2f3-b08b-4bc0-910a-41f4dd27a103",
+ "uuid": "c60082c9-3645-4f60-99f4-0409e07ea7ef",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -9597,7 +10445,7 @@
]
},
{
- "uuid": "0569af45-3243-4292-9eb1-9321a0c8b17e",
+ "uuid": "c6204c87-f307-4e90-8ebc-f1120ad24ae5",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -9614,7 +10462,7 @@
]
},
{
- "uuid": "1a455106-8cce-43f8-b03b-c49cdffce534",
+ "uuid": "a28c7f23-ceac-4826-9f50-d09e53ec011f",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -9631,7 +10479,7 @@
]
},
{
- "uuid": "ed5f2bab-26ec-4f35-b51b-afc121ccd9f8",
+ "uuid": "6dcb6d30-5fcc-4843-9b9b-9f8cf14d949f",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -9648,7 +10496,7 @@
]
},
{
- "uuid": "cf43ee6a-9045-4cbe-a1a2-436d083c5f1e",
+ "uuid": "4723a0fe-763f-4ae9-b10a-057690aa6a8c",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -9665,7 +10513,7 @@
]
},
{
- "uuid": "97c7537e-91b6-4689-8f2b-1a8dd2f2367c",
+ "uuid": "cecbb648-c932-4cfa-9af0-7509443792ab",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -9682,7 +10530,7 @@
]
},
{
- "uuid": "eaac1acf-7076-4256-a66a-3ec70fdd20c7",
+ "uuid": "ccab2c72-1ce0-4a32-8e80-e07dce9b84ed",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -9695,16 +10543,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "a5cf48d6-b9f6-4ee1-9126-cd2e2de85776",
+ "uuid": "028fbc6e-6854-40fe-bc29-d3f9baadac6e",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -9721,7 +10564,7 @@
]
},
{
- "uuid": "ff8e67bc-5474-4b52-a26d-a092689f5293",
+ "uuid": "27d3f878-1b1f-49a4-993d-3ab947e47dc5",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -9738,7 +10581,7 @@
]
},
{
- "uuid": "d464ba81-c16d-469b-bf72-f9cad7cc0d91",
+ "uuid": "35003f04-921d-4717-8c8c-c02332f4ec50",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -9755,7 +10598,7 @@
]
},
{
- "uuid": "2f7f6af5-c5ae-4e0e-af02-cd907302f7d7",
+ "uuid": "885ad99d-da3a-4813-9c2b-231f70107841",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -9772,7 +10615,7 @@
]
},
{
- "uuid": "8580a058-54cf-494e-b9e2-762cffb96113",
+ "uuid": "2b7a2dce-1c9a-4fa0-8ac7-afe8e965afb8",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -9789,7 +10632,7 @@
]
},
{
- "uuid": "9d3cdd26-a680-43d7-abb0-f4b24fcff747",
+ "uuid": "b53812ba-1495-4cff-b5f5-fd40237599c6",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -9806,7 +10649,7 @@
]
},
{
- "uuid": "fcda1bc7-4af8-47f8-97cd-c6ac920ce1e7",
+ "uuid": "080ad91e-8c90-41c6-bdea-ed894fd73fd4",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -9823,7 +10666,7 @@
]
},
{
- "uuid": "466fc736-9eb5-466f-b71a-2469248a468f",
+ "uuid": "5ec124ab-0818-4c94-81be-8de9adf95c08",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -9840,7 +10683,7 @@
]
},
{
- "uuid": "05a7820f-2a6f-4b1c-9ff4-6ceda94cdb17",
+ "uuid": "969bce3d-a4bd-45b2-b4a2-939ad8b97f05",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -9857,20 +10700,24 @@
]
},
{
- "uuid": "f624175f-d48f-42c5-8ee5-954660389cb7",
+ "uuid": "4fa509b0-380e-4ce6-b6ed-b5a145834619",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "2ac0f4ae-8a06-4b04-82e6-018d029814a2",
+ "uuid": "02d0e43e-40a7-4607-880d-8b8c7e4f9c04",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -9887,7 +10734,7 @@
]
},
{
- "uuid": "6a6d9c3c-15ec-46fe-ba06-0279e62ffc13",
+ "uuid": "87df5d67-fb54-445b-b363-65e30222e2c2",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -9904,7 +10751,7 @@
]
},
{
- "uuid": "13395a71-4caa-4542-b012-5a95663b41f4",
+ "uuid": "e208e94e-3f95-4ea1-920b-93ba8bdde6ab",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -9921,7 +10768,7 @@
]
},
{
- "uuid": "6fb97034-fc39-4711-ba5d-3966b5a8791f",
+ "uuid": "fd4a0d85-cc0f-4499-ac3e-e34f693df419",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -9938,7 +10785,7 @@
]
},
{
- "uuid": "172f1d11-6e5d-4b5f-894d-47b0e5c493b7",
+ "uuid": "8e07f730-d79a-453b-8155-e7d8d9131a61",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -9955,7 +10802,7 @@
]
},
{
- "uuid": "6c8579c9-7250-4378-9e7f-98c01d6d909d",
+ "uuid": "3bf43a51-1196-4899-81bc-0e351e02f4a5",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -9972,7 +10819,7 @@
]
},
{
- "uuid": "8be3e058-113b-4c2c-a7d7-bab869d4bbda",
+ "uuid": "a1d9e11b-b1b4-4be1-82ac-3725106f504c",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -9989,7 +10836,7 @@
]
},
{
- "uuid": "0f872962-3809-4e14-93fd-905f4670e317",
+ "uuid": "f34ad4dd-c4ed-4d72-a421-f5fe503a6e7c",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -10016,7 +10863,7 @@
]
},
{
- "uuid": "11e1a83a-a044-415e-b1f9-397b91cf5c84",
+ "uuid": "6ac5e328-883d-41ee-8504-9624088e1b44",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -10029,7 +10876,7 @@
]
},
{
- "uuid": "1e0c0344-ee6b-494b-a4c6-8ce1a2ba266a",
+ "uuid": "1581845e-fca5-447e-acc4-f19924cc73d4",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -10051,7 +10898,7 @@
]
},
{
- "uuid": "91dacf4b-280a-4ce6-81fe-685946bdb696",
+ "uuid": "bc614979-6422-4fe5-9008-db0455c795e6",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -10063,7 +10910,7 @@
]
},
{
- "uuid": "6063a933-9511-4bd3-8307-9864f69e31d4",
+ "uuid": "703210c6-7f3a-43df-a144-98b1aa5e3da6",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -10076,7 +10923,7 @@
]
},
{
- "uuid": "90b4b982-e287-4e20-adfb-33e99211aeea",
+ "uuid": "2345b59e-0179-4b65-b8c7-381d8ea49516",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -10088,7 +10935,7 @@
]
},
{
- "uuid": "89bc6eaf-0477-457b-b24c-c436cfe428e3",
+ "uuid": "e143d558-41bb-4647-aaee-3fb4ad990e8e",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -10100,7 +10947,7 @@
]
},
{
- "uuid": "564d9858-58ef-470a-8500-d2000cee24eb",
+ "uuid": "7236a8eb-32d6-468d-af1e-ecf50753d2c9",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -10123,11 +10970,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "8a2dc5e2-c76b-4d4c-bc3c-4fa021e42063",
+ "uuid": "a36f0c35-3731-4549-afad-a11109f9b9b4",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -10154,7 +11031,7 @@
]
},
{
- "uuid": "7384b80d-6bfc-4c5e-b032-6f8122536759",
+ "uuid": "7862bc2f-316e-4cc1-803d-27311821f63f",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -10181,56 +11058,58 @@
]
},
{
- "uuid": "92499a0e-b433-4891-8481-61dc4f7e6fbe",
+ "uuid": "41ee21ce-f0b5-4767-86b4-f7d2d3e10fa3",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "cda07660-d7c0-449b-b047-4efcc9a9302d",
+ "uuid": "d2b12e75-cbd5-40d8-988e-6f8f2755ed05",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "4e6fe15b-0193-4e1c-a3a0-c3459618152e",
+ "uuid": "c087ab62-a106-4448-a8c5-e7cb351d8073",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "179f6fb6-6aca-4e04-9ede-8de9a7dbf0d9",
+ "uuid": "f6ec80bf-a357-4e48-81fd-d95421264cf7",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -10247,7 +11126,7 @@
]
},
{
- "uuid": "8c3952af-2436-451e-ba78-cc97002af2b7",
+ "uuid": "3cde7276-80f7-4fdd-8981-7a0bd348f56c",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -10264,7 +11143,7 @@
]
},
{
- "uuid": "35207a44-7cb8-4f0d-9185-54c3f1f35d8a",
+ "uuid": "7c01ff0d-8dc0-41fd-9dd3-69656a985f19",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -10286,7 +11165,7 @@
]
},
{
- "uuid": "2b0b4175-7c82-4757-8449-241bf81addaa",
+ "uuid": "af456644-d5c7-4bc6-8562-b33589a2c4e1",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -10303,7 +11182,7 @@
]
},
{
- "uuid": "b4079d28-19b5-461f-b9f6-0bacdeacea80",
+ "uuid": "68431362-a732-466c-8351-a77103627030",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -10320,7 +11199,7 @@
]
},
{
- "uuid": "ff3ee11d-cea9-4ca0-95f9-e0cc8db9f866",
+ "uuid": "53bd5fbb-0e8e-483b-b3d0-f444e2e4a4ce",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -10337,7 +11216,7 @@
]
},
{
- "uuid": "775f7495-7994-49e6-9dcc-5b1d38523a23",
+ "uuid": "ab7eceb1-8c7d-4733-8fa3-c6c382797a40",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -10354,7 +11233,7 @@
]
},
{
- "uuid": "cecd3f1e-e27a-4239-bd44-ff045795ac81",
+ "uuid": "3b4be840-58ab-4c55-bbb1-73e93ff7e666",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -10371,7 +11250,7 @@
]
},
{
- "uuid": "2ae49f0f-b5ec-43b6-b93b-f018032884b1",
+ "uuid": "d78b75a6-95d7-499f-b2e9-872002be5f6d",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -10388,7 +11267,7 @@
]
},
{
- "uuid": "8cea5c8f-8dd8-4305-8cbc-b061e543e4fd",
+ "uuid": "d52afd0b-34a3-426e-89f1-fa8f13cb2fc5",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -10405,7 +11284,7 @@
]
},
{
- "uuid": "48575c38-bb72-4d2b-84c7-58fe2c1e188f",
+ "uuid": "03178987-a094-4ab3-85f3-81855ea9d247",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -10422,7 +11301,7 @@
]
},
{
- "uuid": "4e296851-3f2f-4b8a-bb4e-238113bcaa48",
+ "uuid": "7ba58238-63ff-4df7-9982-1d9352774564",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -10439,7 +11318,7 @@
]
},
{
- "uuid": "b75a7683-d865-4995-aed1-81412371d569",
+ "uuid": "daee5655-df21-4ba8-a68d-2bac32d99eb8",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -10456,7 +11335,7 @@
]
},
{
- "uuid": "e256a472-53cd-4097-bc68-7e7ffe1b1452",
+ "uuid": "a09cd1f0-ef0a-4704-8fb3-3c10e6420298",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -10473,7 +11352,7 @@
]
},
{
- "uuid": "1afde903-300e-45b9-b6d2-00379f04b8ef",
+ "uuid": "c09f4d3d-165e-4024-8695-c140f5ace950",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -10490,7 +11369,7 @@
]
},
{
- "uuid": "5351e067-ffee-4eaf-b49d-7cd3d62173e9",
+ "uuid": "aab73b30-457b-4d6f-9ca5-d108001c6368",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -10507,7 +11386,7 @@
]
},
{
- "uuid": "da7832d3-1aeb-466a-8312-76cd55b73b2b",
+ "uuid": "b3988b71-4aa6-4122-a51e-fb3c0a3d8139",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -10524,7 +11403,7 @@
]
},
{
- "uuid": "c900f14b-cdf0-46db-bb64-bcd355ac228f",
+ "uuid": "a911108c-3724-4616-9936-b49e1da72750",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -10536,12 +11415,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "6cd261b9-12c5-46a4-aa97-1b6f9e3878b8",
+ "uuid": "be7c7bd7-77db-4ff6-8ec9-a1df3e328f66",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -10558,7 +11437,7 @@
]
},
{
- "uuid": "15785c8a-eb94-44c1-95cd-1aced1dfbb7e",
+ "uuid": "a426f51b-45f8-4b11-bd33-eb8d5b75ac9f",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -10580,7 +11459,7 @@
]
},
{
- "uuid": "1c195ca0-0dbd-4bbe-b177-9bed860455ef",
+ "uuid": "8ecbb2a0-0887-46f0-a4ed-c0e5868d89bd",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -10593,7 +11472,7 @@
]
},
{
- "uuid": "2099f870-7f31-4fce-b725-9c3fa5ce8c11",
+ "uuid": "51c03d2e-96e8-4d55-8f4d-9d69d1f813ca",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -10606,7 +11485,7 @@
]
},
{
- "uuid": "63f7eb17-77fd-480a-911e-b06e595e12b7",
+ "uuid": "8c361a44-6c20-4d54-9390-689da186f2e0",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -10624,7 +11503,7 @@
]
},
{
- "uuid": "0e60f549-ddb3-41f0-b9f3-b73fa1f92eac",
+ "uuid": "97db2466-4a28-4995-a2e2-fc7cd8d479d4",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -10636,7 +11515,7 @@
]
},
{
- "uuid": "621eb06f-92f2-4616-ae97-d7e53a03ac57",
+ "uuid": "6d2cc9c1-267d-4912-b420-1c7163af2bba",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -10658,7 +11537,7 @@
]
},
{
- "uuid": "982de17d-881f-494a-86e2-d852a39ed584",
+ "uuid": "cd01a4fd-fd04-4c11-9c3a-200d5bd1b272",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -10666,11 +11545,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "32c26a7e-922b-49fe-a1e5-a1427c9736df",
+ "uuid": "4e4c33d0-35ab-413f-b9b3-a03ed9409773",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -10682,19 +11576,24 @@
]
},
{
- "uuid": "ccc4c111-f969-4c86-9491-bf381d4f17b7",
+ "uuid": "7a49e748-1cbc-49f6-99a0-9e4ee792ee25",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "6c2d40f2-64a6-4d9f-8b5a-5249b646b4f0",
+ "uuid": "3c7ff4a3-dd13-4016-a2fe-41831bfd3e4e",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -10711,7 +11610,7 @@
]
},
{
- "uuid": "67412082-f6b5-468f-937f-622e32a7ec10",
+ "uuid": "1c0b876d-0bea-42df-9172-963ad0638727",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -10728,7 +11627,7 @@
]
},
{
- "uuid": "46346322-a276-4a49-b69d-655805ec4179",
+ "uuid": "6a99de70-56c8-4870-b153-c6d632dc8101",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -10745,7 +11644,7 @@
]
},
{
- "uuid": "45cbaf4b-53d9-4871-b05d-6a84cf4f86ac",
+ "uuid": "68bad0be-e6fb-49b0-a308-91bd3f418d4d",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -10762,7 +11661,7 @@
]
},
{
- "uuid": "18948b20-4a7a-4be0-b62f-77bfc519efe1",
+ "uuid": "460a8a65-0ef6-4273-97b2-13c9d47cc819",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -10779,7 +11678,7 @@
]
},
{
- "uuid": "0fbd42df-ce01-4863-8eb6-a781bbac3f13",
+ "uuid": "0321cf54-f0e8-402f-a8cc-3b9dd3ac94e1",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -10796,20 +11695,24 @@
]
},
{
- "uuid": "f6700415-f6be-41f1-b591-049077e7ece9",
+ "uuid": "4bda6535-d7cc-4590-a291-2a68f2eeb2b0",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "553d5a4f-c9e1-42d6-8b62-8406726bd007",
+ "uuid": "9423c070-9ace-449a-a7b0-2813a70317de",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -10826,7 +11729,7 @@
]
},
{
- "uuid": "5881f485-85f1-4cbb-95a8-363e018035f9",
+ "uuid": "ae260a84-3622-449c-8d01-7922838f3c3f",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -10843,7 +11746,7 @@
]
},
{
- "uuid": "50c04010-d353-40e4-8761-0ae91e2e058f",
+ "uuid": "7fb9498b-e2e1-4ad4-9140-f57e5b9d87c8",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -10865,7 +11768,7 @@
]
},
{
- "uuid": "15f95101-c844-465e-ba87-091a7eba8c47",
+ "uuid": "07c98999-edc4-48ca-8b38-5e9ca781488f",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -10878,7 +11781,7 @@
]
},
{
- "uuid": "09fe594e-4039-42bc-9c54-f24f475cf599",
+ "uuid": "131228bb-da85-4ce0-86f2-afd1cb3972a2",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -10886,11 +11789,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "297118b2-b046-4dca-b68c-d752d1faa4b8",
+ "uuid": "113ea5d4-948c-4feb-a05b-b4815b5cacd9",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -10907,20 +11815,24 @@
]
},
{
- "uuid": "eca4e96e-8dbb-4adc-b926-cd852b68c7a2",
+ "uuid": "6cb5cc5a-5dac-4788-a94b-ec87376c01f4",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "23215be7-47be-4acf-a0ee-38d2b9635975",
+ "uuid": "df20f406-3a69-4b27-888e-98d50af6402a",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -10942,19 +11854,24 @@
]
},
{
- "uuid": "e3b56e18-4e23-45cd-ada0-eb86cf6ddd19",
+ "uuid": "18b7964b-21da-45de-b4ae-ca906953e9d7",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "b417d351-3c12-4e63-99ae-ae76e3b29419",
+ "uuid": "6dcc0b4c-22d1-4123-965e-051dda3d5eb8",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -10976,7 +11893,7 @@
]
},
{
- "uuid": "2ac2ef69-2c6c-4e38-97e7-698c8941c3ee",
+ "uuid": "23887bd1-7a2a-4940-9e41-4ab6baab314d",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -10998,20 +11915,15 @@
]
},
{
- "uuid": "fbc8ab5f-71a7-4404-956a-f94d089fcbf2",
+ "uuid": "2846b0af-9790-434f-bf9a-094d3b8cb08c",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -11020,7 +11932,7 @@
]
},
{
- "uuid": "f7573c09-975a-4fd2-bcf0-720f1f00e6c3",
+ "uuid": "43e1f68f-fdbd-48fd-9aa5-8ec413a9736f",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -11042,7 +11954,7 @@
]
},
{
- "uuid": "a389039a-f1c0-4c8b-a9de-7d521fd98034",
+ "uuid": "e2511855-dff8-4619-b800-96b5debec05f",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -11059,7 +11971,7 @@
]
},
{
- "uuid": "52f71f71-1f4c-4a60-8b02-384233f8ceb2",
+ "uuid": "5003d737-e50e-490b-afd2-2cf658f59b78",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -11076,7 +11988,7 @@
]
},
{
- "uuid": "5b15c734-64a7-40e4-85d2-fd77450374ae",
+ "uuid": "4a705c1a-e57b-46b2-91b4-0f7e70a26ce3",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -11093,20 +12005,24 @@
]
},
{
- "uuid": "625b4c72-8c08-4a49-a177-8dc81ee23fb3",
+ "uuid": "85d9f9d1-d142-4a62-83f2-5df6ba953f0c",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "d2320ca1-54a7-4dbb-9c6e-8a0ea8aff663",
+ "uuid": "3f2911e6-9314-4619-8e03-7c0563c83629",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -11123,7 +12039,7 @@
]
},
{
- "uuid": "4469a68a-528b-4e26-9886-26453a6a7399",
+ "uuid": "3f44e5de-8148-4f92-98d4-ac8657dcde8c",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -11145,20 +12061,24 @@
]
},
{
- "uuid": "ec75ad13-4284-49d1-a7a0-e7454203da57",
+ "uuid": "da97c978-8023-44b5-8c2a-78fc07ff58a8",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "ec8464f6-9d26-4e22-82e5-5eeeb0908cf2",
+ "uuid": "e557f106-ef54-4551-ad89-9d2e17a39d32",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -11180,20 +12100,24 @@
]
},
{
- "uuid": "5bae524c-5958-4c64-a79c-0e56c26e9355",
+ "uuid": "238fc5a2-556d-44d2-8012-b4133d3d255c",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "9ce81c06-e7d0-4fb9-ab9d-8eec68c635d5",
+ "uuid": "ae78e816-0a95-40fa-8eb1-0c5a3e45b236",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -11210,7 +12134,7 @@
]
},
{
- "uuid": "ba319c20-09e7-4814-b8a6-a2b873f7f8b3",
+ "uuid": "a2381df1-32ed-4589-9723-e43c6c8ac469",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -11237,7 +12161,7 @@
]
},
{
- "uuid": "606dbd4c-a381-4024-ba50-3dc79a438693",
+ "uuid": "dac60305-454d-41ff-955d-3d749ec0cf52",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -11259,7 +12183,7 @@
]
},
{
- "uuid": "0852709b-aa7d-495d-9b48-ad3fad5b22ba",
+ "uuid": "8b1a2b18-2ee2-4f61-b7b8-c7a87e016bbd",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -11276,7 +12200,7 @@
]
},
{
- "uuid": "125ec890-591e-481a-b27f-148ecf806e6f",
+ "uuid": "3934eb31-baea-4903-a96c-22ea53fd24c1",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -11293,7 +12217,7 @@
]
},
{
- "uuid": "e155b526-7dd7-4784-b6a1-3ed11c0832b1",
+ "uuid": "4df95915-415d-4809-8bf4-23536c40a8d9",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -11310,7 +12234,7 @@
]
},
{
- "uuid": "f7d1e587-4c49-4ccd-b32f-a2bc0f9f5436",
+ "uuid": "738f84a7-3db9-4cae-8bf5-2567dfbca6a6",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -11323,7 +12247,7 @@
]
},
{
- "uuid": "f8062e42-90e2-493b-b8b4-ed49dbac9bd1",
+ "uuid": "e4c0e73a-6b2d-4884-ac2d-0ffb0eacc41f",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -11336,20 +12260,24 @@
]
},
{
- "uuid": "3a6f1c8f-8dae-4747-a69f-ef17808a889e",
+ "uuid": "7600c393-8825-4a1d-b959-6119fec3f026",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "d49eba95-1d3e-46ba-b91c-256e10ae42af",
+ "uuid": "e7bb629a-8e61-470f-b735-836782b35380",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -11366,7 +12294,7 @@
]
},
{
- "uuid": "47dbc9af-8343-4fc6-9b7f-d96d2beccefa",
+ "uuid": "8d267919-a46e-40ed-b70c-91972a14a37b",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -11379,20 +12307,24 @@
]
},
{
- "uuid": "0d8ec607-3bed-44fa-847d-b910b7fe55bb",
+ "uuid": "1c81d687-136f-4b45-ad70-c92f69b28b0e",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "43fe574e-dab9-44ca-9fe8-27ba4d153fac",
+ "uuid": "ffbe0803-bae8-43a8-b021-8ef68c77268d",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -11409,20 +12341,24 @@
]
},
{
- "uuid": "2cd0149e-359d-459c-a383-9f904c931867",
+ "uuid": "ee6c2c4b-cb70-4438-9fbb-b1c65b169583",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "ccc9b889-c5ef-4ae1-ae2e-22dd88535447",
+ "uuid": "f3d74146-c88c-46cc-b438-c6f59109f7ab",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -11439,7 +12375,7 @@
]
},
{
- "uuid": "ad784abe-cff5-4f3e-828a-6ae0ac75f1be",
+ "uuid": "50987ad3-c107-42ee-9b86-00acc089266b",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -11456,7 +12392,7 @@
]
},
{
- "uuid": "e8c9377f-e32f-4bdd-910f-54341606d789",
+ "uuid": "005b240e-a72a-4500-8195-6c564dddd3d8",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -11468,7 +12404,7 @@
]
},
{
- "uuid": "4e31d9f2-b280-4399-92d3-238fd0157995",
+ "uuid": "dfabc29c-4ea1-44f5-ba3b-98da417ca556",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -11480,7 +12416,7 @@
]
},
{
- "uuid": "0a8fe3f6-5012-4412-8e4c-a65bfbfc8ce8",
+ "uuid": "08faeefd-48c4-452e-987d-2b15b4e02ddf",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -11492,7 +12428,7 @@
]
},
{
- "uuid": "b4895a34-8f5e-4fde-850f-15299c9b40fa",
+ "uuid": "dfc3a7a3-a0ac-4f00-a1f4-226cb03b10a6",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -11504,7 +12440,7 @@
]
},
{
- "uuid": "ce3bd145-3303-444a-995e-49e1968aeb00",
+ "uuid": "caa17ecd-503c-4e20-ba59-5b5da83b07ad",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -11517,7 +12453,7 @@
]
},
{
- "uuid": "3856e32a-fc47-4454-8dd6-c74a43d2a5d3",
+ "uuid": "e079292a-0c25-4501-a5aa-f10ab5aacbcb",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -11530,7 +12466,7 @@
]
},
{
- "uuid": "54cf2852-4b85-495e-ac7d-eed7234f3e37",
+ "uuid": "377699e9-aa49-467e-b317-6f71424f7529",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -11542,7 +12478,7 @@
]
},
{
- "uuid": "840d3373-b8e9-4b52-b7e3-47f2e3b65939",
+ "uuid": "1d778c5b-862b-43ca-a04b-138af86ff12c",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -11555,7 +12491,7 @@
]
},
{
- "uuid": "0a10954f-8a8d-4630-b981-a279455891c6",
+ "uuid": "c94ad410-9e32-46d2-b3c2-e74611fc3014",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -11582,7 +12518,7 @@
]
},
{
- "uuid": "355294c1-631e-4f70-9cd0-49d00315e39c",
+ "uuid": "e8d36612-3df2-4616-8e6c-77fad91a2a70",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -11609,7 +12545,7 @@
]
},
{
- "uuid": "94094f5f-22e1-4c77-bc53-b50831e01279",
+ "uuid": "e24590bb-5a8c-43c2-ba92-ed5e2bd6153b",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -11636,7 +12572,7 @@
]
},
{
- "uuid": "338d6efe-b1c9-4b9c-88f1-a830813ec935",
+ "uuid": "9153efd3-077f-458f-8b9e-0fae0bec096c",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -11663,7 +12599,7 @@
]
},
{
- "uuid": "384feafe-679b-4dc2-9e7e-1ce8129152e4",
+ "uuid": "2e69aa75-e087-42bb-9711-0dee3209731b",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -11690,7 +12626,7 @@
]
},
{
- "uuid": "ce4f8b49-0ec9-49da-b5c2-740414dc34ee",
+ "uuid": "8f31570d-24a4-4af8-afa3-ade79de19462",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -11717,7 +12653,7 @@
]
},
{
- "uuid": "54f3d66c-785b-441a-8c51-9454ef01159e",
+ "uuid": "d39fcef7-15ff-485c-a7ff-2675e651a5b0",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -11744,7 +12680,7 @@
]
},
{
- "uuid": "4cc4b128-1860-4a33-b094-b04cb0719e3f",
+ "uuid": "c8c88227-fe2e-4d05-a713-bedd7b3ffd28",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -11771,7 +12707,7 @@
]
},
{
- "uuid": "fa8b7bc0-0a58-48cd-82cc-f4c67fba5313",
+ "uuid": "0d56985d-7ec9-42b5-8381-4ef99951157a",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -11798,7 +12734,7 @@
]
},
{
- "uuid": "bafed17e-e61b-4590-85ca-bad4ef785ffc",
+ "uuid": "c3b3ca5e-31ff-489c-a18b-62335b265e01",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -11825,24 +12761,49 @@
]
},
{
- "uuid": "d7a5852e-44d8-4a4c-b33c-b306c82b832d",
+ "uuid": "b37d9433-f237-46e6-93e1-116679038d3b",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "2afc7d57-334d-4363-abc5-ed4424d2ae7b",
+ "uuid": "99ec10c1-c3ee-4eaa-afd7-abd237491535",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -11864,29 +12825,29 @@
]
},
{
- "uuid": "69ae1d3a-217c-44a0-8aae-8f4dc7d5b5ce",
+ "uuid": "8c43fc1a-d730-4ae9-869f-0821d6ea3c86",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "5715ae81-87c3-457b-a32f-3c4246955e3a",
+ "uuid": "2fff3c5a-736f-4599-98b1-c35c996b73a5",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -11899,7 +12860,7 @@
]
},
{
- "uuid": "cab16e7b-622f-4fc1-9f20-a9c24565cd15",
+ "uuid": "70447fec-f25b-4ca8-be5e-9d4a9d269e53",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -11916,7 +12877,7 @@
]
},
{
- "uuid": "829dd917-0ce4-44ff-8b12-ed61d83d06ff",
+ "uuid": "f58f4069-67b3-4dba-ae00-582c6ed005d9",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -11933,7 +12894,7 @@
]
},
{
- "uuid": "122d9fd7-af4f-497c-826a-6bffa7c37a0a",
+ "uuid": "b6cf2a63-b39d-46d2-977d-b932f1c1316b",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -11950,7 +12911,7 @@
]
},
{
- "uuid": "341a203b-6a83-4a4c-9e50-9135e8f9f4ee",
+ "uuid": "6c032afa-8e5c-4a37-ab60-dee0c5cd1e4b",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -11967,7 +12928,7 @@
]
},
{
- "uuid": "d7bd51bd-47e4-45e9-aed7-0903c2fa7264",
+ "uuid": "b4a4efb7-cd38-4d5a-8815-856cb21fc31d",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -11984,7 +12945,7 @@
]
},
{
- "uuid": "56db36c6-7bf6-4d16-810f-b87e9f15c01f",
+ "uuid": "1b03c483-19a9-43a1-8871-c54d3a17620d",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -12001,7 +12962,7 @@
]
},
{
- "uuid": "b1171724-2676-42fa-9410-c212f288099e",
+ "uuid": "3aac9337-eff8-4ca4-9be3-87f257f73437",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -12018,7 +12979,7 @@
]
},
{
- "uuid": "07a51255-4c9d-4f6e-89ad-84159dbb96e8",
+ "uuid": "4c136fdb-49e8-471c-9b00-c9103d8ccef6",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -12045,14 +13006,14 @@
]
},
{
- "uuid": "c0c70c58-e100-471c-9bc1-95e74865ce90",
+ "uuid": "4509d361-75d0-4f2f-8bce-b4ffc33ebd55",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -12067,22 +13028,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
@@ -12097,10227 +13063,11619 @@
"description": "openscap",
"props": [
{
- "name": "Rule_Id",
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "cis_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization according to the local policy.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "inactivity_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "login_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_idle_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify duration of allowed idle time.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_max_auth_tries_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of authentication attempts per connection.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable IP source routing?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv4 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enables source route verification",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent unnecessary logging",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept all router advertisements?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept default router advertisements by default?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 default Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_account_disable_post_pw_expiration",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_maximum_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum age of password in days",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_minimum_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum age of password in days",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 'default': 7}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The number of days' warning given before a password expires.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Number of failed login attempts before account lockout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_dir",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The directory where the user files with the failure records are kept",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'ol8': '/var/log/faillock', 'default': '/var/log/faillock', 'run': '/var/run/faillock'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_tmout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_user_umask",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter default user umask",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_audit_backlog_limit",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Value of the audit_backlog_limit argument in GRUB 2 configuration. The audit_backlog_limit parameter determines how auditd records can be held in the auditd backlog.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 8192, 8192: 8192}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_admin_space_left_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_disk_error_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_fedora': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_disk_full_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_fedora': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_max_log_file",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for max_log_file in /etc/audit/auditd.conf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_max_log_file_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_space_left_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for space_left_action in /etc/audit/auditd.conf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_43",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_multiple_time_servers",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_43",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The list of vendor-approved time servers",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_43",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_44",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_pam_wheel_group_for_su",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_44",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_44",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_45",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_hashing_algorithm",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_45",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_45",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_46",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_hashing_algorithm_pam",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_46",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_46",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_47",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_dictcheck",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_47",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Prevent the use of dictionary words for passwords.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_47",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 'default': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_48",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_difok",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_48",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of characters not present in old password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_48",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_49",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_maxrepeat",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_49",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum Number of Consecutive Repeating Characters in a Password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_49",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_50",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_maxsequence",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_50",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_50",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_minclass",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of categories of characters that must exist in a password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_minlen",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of characters in password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_remember",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Prevent password reuse using password history lookup",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_remember_control_flag",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_55",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_postfix_inet_interfaces",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_55",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_55",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_56",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_screensaver_lock_delay",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_56",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_56",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
+ "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
"remarks": "rule_set_000"
},
{
- "name": "Rule_Description",
+ "name": "Parameter_Id_57",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "value": "var_selinux_policy_name",
"remarks": "rule_set_000"
},
{
- "name": "Check_Id",
+ "name": "Parameter_Description_57",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
+ "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_57",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_58",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_selinux_state",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_58",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_58",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'enforcing', 'disabled': 'disabled', 'enforcing': 'enforcing', 'permissive': 'permissive'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_59",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_max_sessions",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_59",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of open sessions permitted.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_59",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_60",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_keepalive",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_60",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of idle message counts before session is terminated.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_60",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_61",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_login_grace_time",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_61",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_61",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 60, 60: 60}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_62",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_maxstartups",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_62",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_62",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_63",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sudo_timestamp_timeout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_63",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_63",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_64",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_user_initialization_files_regex",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_64",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_64",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
"remarks": "rule_set_000"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
+ },
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Id_0",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "cis_banner_text",
- "remarks": "rule_set_000"
+ "value": "kernel_module_firewire-core_disabled",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Description_0",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization according to the local policy.",
- "remarks": "rule_set_000"
+ "value": "Disable IEEE 1394 (FireWire) Support",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Value_Alternatives_0",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_firewire-core_disabled",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Id_1",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "inactivity_timeout_value",
- "remarks": "rule_set_000"
+ "value": "Disable IEEE 1394 (FireWire) Support",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Description_1",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
- "remarks": "rule_set_000"
+ "value": "kernel_module_usb-storage_disabled",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Value_Alternatives_1",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
- "remarks": "rule_set_000"
+ "value": "Disable Modprobe Loading of USB Storage Driver",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Id_2",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "login_banner_text",
- "remarks": "rule_set_000"
+ "value": "kernel_module_usb-storage_disabled",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Description_2",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
- "remarks": "rule_set_000"
+ "value": "Disable Modprobe Loading of USB Storage Driver",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Value_Alternatives_2",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Id_3",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_idle_timeout_value",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Description_3",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify duration of allowed idle time.",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Value_Alternatives_3",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Id_4",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_max_auth_tries_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Description_4",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of authentication attempts per connection.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Value_Alternatives_4",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Id_5",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Description_5",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Value_Alternatives_5",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Id_6",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Description_6",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Value_Alternatives_6",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Id_7",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Description_7",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Value_Alternatives_7",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Id_8",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Description_8",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Value_Alternatives_8",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Id_9",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_012"
},
{
- "name": "Parameter_Description_9",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Value_Alternatives_9",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Id_10",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Description_10",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Value_Alternatives_10",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Id_11",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Description_11",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Value_Alternatives_11",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Id_12",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Description_12",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Value_Alternatives_12",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Id_13",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Description_13",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Value_Alternatives_13",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Id_14",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Description_14",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Value_Alternatives_14",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Id_15",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Description_15",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Value_Alternatives_15",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Id_16",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Description_16",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Value_Alternatives_16",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Id_17",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Description_17",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Value_Alternatives_17",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Id_18",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Description_18",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Value_Alternatives_18",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Id_19",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Description_19",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Value_Alternatives_19",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Id_20",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Description_20",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Value_Alternatives_20",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Id_21",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Description_21",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Value_Alternatives_21",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Id_22",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Description_22",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Value_Alternatives_22",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Id_23",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Description_23",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Value_Alternatives_23",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Id_24",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Description_24",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Value_Alternatives_24",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Id_25",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Description_25",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Value_Alternatives_25",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Id_26",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Description_26",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Value_Alternatives_26",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Id_27",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_account_disable_post_pw_expiration",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Description_27",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Value_Alternatives_27",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Id_28",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_maximum_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Description_28",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum age of password in days",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Value_Alternatives_28",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Id_29",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_minimum_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Description_29",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum age of password in days",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Value_Alternatives_29",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 'default': 7}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Id_30",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_password_warn_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Description_30",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days' warning given before a password expires.",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Value_Alternatives_30",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
- "remarks": "rule_set_000"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Id_31",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_000"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Description_31",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Number of failed login attempts before account lockout",
- "remarks": "rule_set_000"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Value_Alternatives_31",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Id_32",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_dir",
- "remarks": "rule_set_000"
+ "value": "disable_weak_deps",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Description_32",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The directory where the user files with the failure records are kept",
- "remarks": "rule_set_000"
+ "value": "Disable Installation of Weak Dependencies in DNF",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Value_Alternatives_32",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'ol8': '/var/log/faillock', 'default': '/var/log/faillock', 'run': '/var/run/faillock'}",
- "remarks": "rule_set_000"
+ "value": "disable_weak_deps",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Id_33",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_000"
+ "value": "Disable Installation of Weak Dependencies in DNF",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Description_33",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
- "remarks": "rule_set_000"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Value_Alternatives_33",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
- "remarks": "rule_set_000"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Id_34",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_tmout",
- "remarks": "rule_set_000"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Description_34",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
- "remarks": "rule_set_000"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Value_Alternatives_34",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
- "remarks": "rule_set_000"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Id_35",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_user_umask",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Description_35",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter default user umask",
- "remarks": "rule_set_000"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Value_Alternatives_35",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Id_36",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_audit_backlog_limit",
- "remarks": "rule_set_000"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Description_36",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Value of the audit_backlog_limit argument in GRUB 2 configuration. The audit_backlog_limit parameter determines how auditd records can be held in the auditd backlog.",
- "remarks": "rule_set_000"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Value_Alternatives_36",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 8192, 8192: 8192}",
- "remarks": "rule_set_000"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Id_37",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_action_mail_acct",
- "remarks": "rule_set_000"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Description_37",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for action_mail_acct in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Value_Alternatives_37",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'admin': 'admin', 'default': 'root', 'root': 'root'}",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Id_38",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_admin_space_left_action",
- "remarks": "rule_set_000"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Description_38",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Value_Alternatives_38",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
- "remarks": "rule_set_000"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Id_39",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_error_action",
- "remarks": "rule_set_000"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Description_39",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Value_Alternatives_39",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
- "remarks": "rule_set_000"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Id_40",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_full_action",
- "remarks": "rule_set_000"
+ "value": "package_setroubleshoot_removed",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Description_40",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "Uninstall setroubleshoot Package",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Value_Alternatives_40",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
- "remarks": "rule_set_000"
+ "value": "package_setroubleshoot_removed",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Id_41",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file",
- "remarks": "rule_set_000"
+ "value": "Uninstall setroubleshoot Package",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Description_41",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "grub2_password",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Value_Alternatives_41",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
- "remarks": "rule_set_000"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Id_42",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file_action",
- "remarks": "rule_set_000"
+ "value": "grub2_password",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Description_42",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
- "remarks": "rule_set_000"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Value_Alternatives_42",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
- "remarks": "rule_set_000"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Id_43",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_space_left_action",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Description_43",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for space_left_action in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Value_Alternatives_43",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Id_44",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_multiple_time_servers",
- "remarks": "rule_set_000"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Description_44",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The list of vendor-approved time servers",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Value_Alternatives_44",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
- "remarks": "rule_set_000"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Id_45",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_pam_wheel_group_for_su",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Description_45",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Value_Alternatives_45",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Id_46",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Description_46",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Value_Alternatives_46",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
- "remarks": "rule_set_000"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Id_47",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm_pam",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Description_47",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
- "remarks": "rule_set_000"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Value_Alternatives_47",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Id_48",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_dictcheck",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Description_48",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent the use of dictionary words for passwords.",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Value_Alternatives_48",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 'default': 1}",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Id_49",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_difok",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Description_49",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters not present in old password",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Value_Alternatives_49",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Id_50",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_maxrepeat",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Description_50",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum Number of Consecutive Repeating Characters in a Password",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Value_Alternatives_50",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Id_51",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minclass",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Description_51",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of categories of characters that must exist in a password",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Value_Alternatives_51",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Id_52",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minlen",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Description_52",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters in password",
- "remarks": "rule_set_000"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Value_Alternatives_52",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Id_53",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember",
- "remarks": "rule_set_000"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Description_53",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent password reuse using password history lookup",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Value_Alternatives_53",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
- "remarks": "rule_set_000"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Id_54",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember_control_flag",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Description_54",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Value_Alternatives_54",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Id_55",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_postfix_inet_interfaces",
- "remarks": "rule_set_000"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Description_55",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Value_Alternatives_55",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
- "remarks": "rule_set_000"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Id_56",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_screensaver_lock_delay",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Description_56",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
- "remarks": "rule_set_000"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Value_Alternatives_56",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Id_57",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_policy_name",
- "remarks": "rule_set_000"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Description_57",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Value_Alternatives_57",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
- "remarks": "rule_set_000"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Id_58",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_state",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Description_58",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.",
- "remarks": "rule_set_000"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Value_Alternatives_58",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'enforcing', 'disabled': 'disabled', 'enforcing': 'enforcing', 'permissive': 'permissive'}",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Id_59",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_max_sessions",
- "remarks": "rule_set_000"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Description_59",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of open sessions permitted.",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Value_Alternatives_59",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
- "remarks": "rule_set_000"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Id_60",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_keepalive",
- "remarks": "rule_set_000"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_051"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Description_60",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of idle message counts before session is terminated.",
- "remarks": "rule_set_000"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Value_Alternatives_60",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
- "remarks": "rule_set_000"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Id_61",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_login_grace_time",
- "remarks": "rule_set_000"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Description_61",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
- "remarks": "rule_set_000"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Value_Alternatives_61",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 60, 60: 60}",
- "remarks": "rule_set_000"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Id_62",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_maxstartups",
- "remarks": "rule_set_000"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Description_62",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Value_Alternatives_62",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
- "remarks": "rule_set_000"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Id_63",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Description_63",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
- "remarks": "rule_set_000"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Value_Alternatives_63",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_054"
},
{
- "name": "Parameter_Id_64",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_user_initialization_files_regex",
- "remarks": "rule_set_000"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_054"
},
{
- "name": "Parameter_Description_64",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_054"
},
{
- "name": "Parameter_Value_Alternatives_64",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
- "remarks": "rule_set_000"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
- "remarks": "rule_set_006"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
- "remarks": "rule_set_006"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
- "remarks": "rule_set_006"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
- "remarks": "rule_set_006"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
- "remarks": "rule_set_007"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
- "remarks": "rule_set_007"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
- "remarks": "rule_set_007"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
- "remarks": "rule_set_007"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_008"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_008"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_008"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_008"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_009"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_009"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_010"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_010"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_010"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_010"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_011"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_011"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_011"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_011"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_012"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_012"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_012"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_012"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_013"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_013"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_014"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_014"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_014"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_014"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_015"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_015"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_015"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_015"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_016"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_016"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_016"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_016"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_017"
+ "value": "dconf_gnome_disable_automount",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_017"
+ "value": "Disable GNOME3 Automounting",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_017"
+ "value": "dconf_gnome_disable_automount",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_017"
+ "value": "Disable GNOME3 Automounting",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_018"
+ "value": "dconf_gnome_disable_automount_open",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_018"
+ "value": "Disable GNOME3 Automount Opening",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_018"
+ "value": "dconf_gnome_disable_automount_open",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_018"
+ "value": "Disable GNOME3 Automount Opening",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_019"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_019"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_019"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_019"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_020"
+ "value": "service_autofs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Disable the Automounter",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_020"
+ "value": "service_autofs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Disable the Automounter",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_021"
+ "value": "service_avahi-daemon_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_021"
+ "value": "Disable Avahi Server Software",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_021"
+ "value": "service_avahi-daemon_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_021"
+ "value": "Disable Avahi Server Software",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_022"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_022"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_022"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_022"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_023"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_023"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_024"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_024"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_024"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_024"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_025"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_025"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_025"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_025"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_026"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_026"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_027"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_027"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_027"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_027"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_028"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_028"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_028"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_028"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_029"
+ "value": "service_cups_disabled",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_029"
+ "value": "Disable the CUPS Service",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_029"
+ "value": "service_cups_disabled",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_029"
+ "value": "Disable the CUPS Service",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_030"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_030"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_030"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_030"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_031"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_031"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_031"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_031"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_032"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_032"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_032"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_032"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_033"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_033"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_033"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_033"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_034"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_034"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_034"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_034"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_setroubleshoot_removed",
- "remarks": "rule_set_035"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall setroubleshoot Package",
- "remarks": "rule_set_035"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_setroubleshoot_removed",
- "remarks": "rule_set_035"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall setroubleshoot Package",
- "remarks": "rule_set_035"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_036"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_036"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_036"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_036"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_037"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_037"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_038"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_038"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_039"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_039"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_040"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_040"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_040"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_040"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_041"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_041"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_041"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_041"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_042"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_042"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_042"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_042"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_043"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_043"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_043"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_043"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_044"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_044"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_044"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_044"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_045"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_045"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_045"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_045"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_046"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_046"
+ "value": "Install the cron service",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_046"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_046"
+ "value": "Install the cron service",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_047"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_047"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_047"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_047"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_048"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_048"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_048"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_048"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_049"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_049"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_049"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_049"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_050"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_050"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_050"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_050"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_051"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_051"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_051"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_051"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_052"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_052"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_052"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_052"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_053"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_053"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_053"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_053"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_054"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_054"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_054"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_054"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_055"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_055"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_055"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_055"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_056"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_056"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_056"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_056"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_057"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_057"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_057"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_057"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_058"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_058"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_058"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_058"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_059"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_059"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_059"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_059"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_060"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_060"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_060"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_060"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
- "remarks": "rule_set_061"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
- "remarks": "rule_set_061"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
- "remarks": "rule_set_061"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
- "remarks": "rule_set_061"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
- "remarks": "rule_set_062"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
- "remarks": "rule_set_062"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
- "remarks": "rule_set_062"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
- "remarks": "rule_set_062"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_063"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_063"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_063"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_063"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
- "remarks": "rule_set_064"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
- "remarks": "rule_set_064"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
- "remarks": "rule_set_064"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
- "remarks": "rule_set_064"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
- "remarks": "rule_set_065"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
- "remarks": "rule_set_065"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
- "remarks": "rule_set_065"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
- "remarks": "rule_set_065"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_066"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_066"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_066"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_066"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_067"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_067"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_067"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_067"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_068"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_068"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_068"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_068"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_069"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_069"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_069"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_069"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_070"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_070"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_070"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_070"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_071"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_071"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_071"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_071"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_072"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_072"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_072"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_072"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_cups_disabled",
- "remarks": "rule_set_073"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the CUPS Service",
- "remarks": "rule_set_073"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_cups_disabled",
- "remarks": "rule_set_073"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the CUPS Service",
- "remarks": "rule_set_073"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_074"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_074"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_074"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_074"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_075"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_075"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_075"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_075"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_076"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_076"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_076"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_076"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_077"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_077"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_077"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_077"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_078"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_078"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_078"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_078"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_079"
+ "value": "wireless_disable_interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_079"
+ "value": "Deactivate Wireless Network Interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_079"
+ "value": "wireless_disable_interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_079"
+ "value": "Deactivate Wireless Network Interfaces",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_080"
+ "value": "service_bluetooth_disabled",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_080"
+ "value": "Disable Bluetooth Service",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_080"
+ "value": "service_bluetooth_disabled",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_080"
+ "value": "Disable Bluetooth Service",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_081"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_081"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_081"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_081"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_082"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_082"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_082"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_082"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_083"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_083"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_083"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_083"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_084"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_084"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_084"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_084"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_085"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_085"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_085"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_085"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_086"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_086"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_086"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_086"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_087"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_087"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_087"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_087"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_088"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_088"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_088"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_088"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_089"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_089"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_089"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_089"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_090"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_090"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_090"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_090"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_091"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_091"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_091"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_091"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_092"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_092"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_092"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_092"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_093"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_093"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_093"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_093"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_094"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_094"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_094"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_094"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_095"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_095"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_095"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_095"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_096"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_096"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_096"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_096"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_097"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_097"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_097"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_097"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_098"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_098"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_098"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_098"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_099"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_099"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_099"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_099"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_100"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_100"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_100"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_100"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_101"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_101"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_101"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_101"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_102"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_102"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_102"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_102"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_103"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_103"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_103"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_103"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_104"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_104"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_104"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_104"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_105"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_105"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_105"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_105"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_106"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_106"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_106"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_106"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_107"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_107"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_107"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_107"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_108"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_108"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_108"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_108"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_109"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_109"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_109"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_109"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_110"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_110"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_110"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_110"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_111"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_111"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_111"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_111"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_112"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_112"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_112"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_112"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_113"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_113"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_113"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_113"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_114"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_114"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_114"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_114"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_115"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_115"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_115"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_115"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_116"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_116"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_170"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_116"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_170"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_116"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_117"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_117"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_171"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_117"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_171"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_117"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_118"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_118"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_172"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_118"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_172"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_118"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "wireless_disable_interfaces",
- "remarks": "rule_set_119"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Deactivate Wireless Network Interfaces",
- "remarks": "rule_set_119"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_173"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "wireless_disable_interfaces",
- "remarks": "rule_set_119"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_173"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Deactivate Wireless Network Interfaces",
- "remarks": "rule_set_119"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
- "remarks": "rule_set_120"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
- "remarks": "rule_set_120"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_174"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
- "remarks": "rule_set_120"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_174"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
- "remarks": "rule_set_120"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_121"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_121"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_175"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_121"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_175"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_121"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_122"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_122"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_176"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_122"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_176"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_122"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_123"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_123"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_177"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_123"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_177"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_123"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_124"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_124"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_178"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_124"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_178"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_124"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_125"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_179"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_125"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_179"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_126"
+ "value": "file_permissions_sshd_private_key",
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_126"
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_180"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_126"
+ "value": "file_permissions_sshd_private_key",
+ "remarks": "rule_set_180"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_126"
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_127"
+ "value": "file_ownership_sshd_private_key",
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_127"
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_181"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_127"
+ "value": "file_ownership_sshd_private_key",
+ "remarks": "rule_set_181"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_127"
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_128"
+ "value": "file_groupownership_sshd_private_key",
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_128"
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_182"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_128"
+ "value": "file_groupownership_sshd_private_key",
+ "remarks": "rule_set_182"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_128"
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_129"
+ "value": "file_permissions_sshd_pub_key",
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_129"
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_183"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_129"
+ "value": "file_permissions_sshd_pub_key",
+ "remarks": "rule_set_183"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_129"
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_130"
+ "value": "file_ownership_sshd_pub_key",
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_184"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_130"
+ "value": "file_ownership_sshd_pub_key",
+ "remarks": "rule_set_184"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_131"
+ "value": "file_groupownership_sshd_pub_key",
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_131"
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_185"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_131"
+ "value": "file_groupownership_sshd_pub_key",
+ "remarks": "rule_set_185"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_131"
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "sshd_limit_user_access",
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_132"
+ "value": "Limit Users' SSH Access",
+ "remarks": "rule_set_186"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "sshd_limit_user_access",
+ "remarks": "rule_set_186"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_132"
+ "value": "Limit Users' SSH Access",
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_133"
+ "value": "sshd_enable_warning_banner_net",
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_133"
+ "value": "Enable SSH Warning Banner",
+ "remarks": "rule_set_187"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_133"
+ "value": "sshd_enable_warning_banner_net",
+ "remarks": "rule_set_187"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_133"
+ "value": "Enable SSH Warning Banner",
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_134"
+ "value": "sshd_set_idle_timeout",
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_134"
+ "value": "Set SSH Client Alive Interval",
+ "remarks": "rule_set_188"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_134"
+ "value": "sshd_set_idle_timeout",
+ "remarks": "rule_set_188"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_134"
+ "value": "Set SSH Client Alive Interval",
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_135"
+ "value": "sshd_set_keepalive",
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_135"
+ "value": "Set SSH Client Alive Count Max",
+ "remarks": "rule_set_189"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_135"
+ "value": "sshd_set_keepalive",
+ "remarks": "rule_set_189"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_135"
+ "value": "Set SSH Client Alive Count Max",
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_136"
+ "value": "disable_host_auth",
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_136"
+ "value": "Disable Host-Based Authentication",
+ "remarks": "rule_set_190"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_136"
+ "value": "disable_host_auth",
+ "remarks": "rule_set_190"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_136"
+ "value": "Disable Host-Based Authentication",
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_137"
+ "value": "sshd_disable_rhosts",
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_137"
+ "value": "Disable SSH Support for .rhosts Files",
+ "remarks": "rule_set_191"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_137"
+ "value": "sshd_disable_rhosts",
+ "remarks": "rule_set_191"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_137"
+ "value": "Disable SSH Support for .rhosts Files",
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_138"
+ "value": "sshd_set_login_grace_time",
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_138"
+ "value": "Ensure SSH LoginGraceTime is configured",
+ "remarks": "rule_set_192"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_138"
+ "value": "sshd_set_login_grace_time",
+ "remarks": "rule_set_192"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_138"
+ "value": "Ensure SSH LoginGraceTime is configured",
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_139"
+ "value": "sshd_set_loglevel_verbose",
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_139"
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "remarks": "rule_set_193"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_139"
+ "value": "sshd_set_loglevel_verbose",
+ "remarks": "rule_set_193"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_139"
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_140"
+ "value": "sshd_set_max_auth_tries",
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_140"
+ "value": "Set SSH authentication attempt limit",
+ "remarks": "rule_set_194"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_140"
+ "value": "sshd_set_max_auth_tries",
+ "remarks": "rule_set_194"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_140"
+ "value": "Set SSH authentication attempt limit",
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_141"
+ "value": "sshd_set_maxstartups",
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_141"
+ "value": "Ensure SSH MaxStartups is configured",
+ "remarks": "rule_set_195"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_141"
+ "value": "sshd_set_maxstartups",
+ "remarks": "rule_set_195"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_141"
+ "value": "Ensure SSH MaxStartups is configured",
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_142"
+ "value": "sshd_set_max_sessions",
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_142"
+ "value": "Set SSH MaxSessions limit",
+ "remarks": "rule_set_196"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_142"
+ "value": "sshd_set_max_sessions",
+ "remarks": "rule_set_196"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_142"
+ "value": "Set SSH MaxSessions limit",
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_143"
+ "value": "sshd_disable_empty_passwords",
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_143"
+ "value": "Disable SSH Access via Empty Passwords",
+ "remarks": "rule_set_197"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_143"
+ "value": "sshd_disable_empty_passwords",
+ "remarks": "rule_set_197"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_143"
+ "value": "Disable SSH Access via Empty Passwords",
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_144"
+ "value": "sshd_disable_root_login",
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_144"
+ "value": "Disable SSH Root Login",
+ "remarks": "rule_set_198"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_144"
+ "value": "sshd_disable_root_login",
+ "remarks": "rule_set_198"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_144"
+ "value": "Disable SSH Root Login",
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_145"
+ "value": "sshd_do_not_permit_user_env",
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_145"
+ "value": "Do Not Allow SSH Environment Options",
+ "remarks": "rule_set_199"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_145"
+ "value": "sshd_do_not_permit_user_env",
+ "remarks": "rule_set_199"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_145"
+ "value": "Do Not Allow SSH Environment Options",
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_146"
+ "value": "sshd_enable_pam",
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_146"
+ "value": "Enable PAM",
+ "remarks": "rule_set_200"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_146"
+ "value": "sshd_enable_pam",
+ "remarks": "rule_set_200"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_146"
+ "value": "Enable PAM",
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_147"
+ "value": "package_sudo_installed",
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_147"
+ "value": "Install sudo Package",
+ "remarks": "rule_set_201"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_147"
+ "value": "package_sudo_installed",
+ "remarks": "rule_set_201"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_147"
+ "value": "Install sudo Package",
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_148"
+ "value": "sudo_add_use_pty",
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_148"
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "remarks": "rule_set_202"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_148"
+ "value": "sudo_add_use_pty",
+ "remarks": "rule_set_202"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_148"
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_149"
+ "value": "sudo_custom_logfile",
+ "remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_149"
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "remarks": "rule_set_203"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_149"
+ "value": "sudo_custom_logfile",
+ "remarks": "rule_set_203"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_149"
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_150"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_150"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_150"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_150"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_151"
+ "value": "sudo_require_reauthentication",
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_151"
+ "value": "Require Re-Authentication When Using the sudo Command",
+ "remarks": "rule_set_205"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_151"
+ "value": "sudo_require_reauthentication",
+ "remarks": "rule_set_205"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_151"
+ "value": "Require Re-Authentication When Using the sudo Command",
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_152"
+ "value": "use_pam_wheel_group_for_su",
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_152"
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "remarks": "rule_set_206"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_152"
+ "value": "use_pam_wheel_group_for_su",
+ "remarks": "rule_set_206"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_152"
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_153"
+ "value": "ensure_pam_wheel_group_empty",
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_153"
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "remarks": "rule_set_207"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_153"
+ "value": "ensure_pam_wheel_group_empty",
+ "remarks": "rule_set_207"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_153"
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_154"
+ "value": "package_pam_pwquality_installed",
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_154"
+ "value": "Install pam_pwquality Package",
+ "remarks": "rule_set_208"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_154"
+ "value": "package_pam_pwquality_installed",
+ "remarks": "rule_set_208"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_154"
+ "value": "Install pam_pwquality Package",
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_155"
+ "value": "account_password_pam_faillock_password_auth",
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_155"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "remarks": "rule_set_209"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_155"
+ "value": "account_password_pam_faillock_password_auth",
+ "remarks": "rule_set_209"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_155"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_156"
+ "value": "account_password_pam_faillock_system_auth",
+ "remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_156"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "remarks": "rule_set_210"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_156"
+ "value": "account_password_pam_faillock_system_auth",
+ "remarks": "rule_set_210"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_156"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "remarks": "rule_set_210"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_157"
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_157"
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_211"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_157"
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_211"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_157"
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_158"
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_158"
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_212"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_158"
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_212"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_158"
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_159"
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_159"
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_213"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_159"
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_213"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_159"
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_160"
+ "value": "accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_160"
+ "value": "Lock Accounts After Failed Password Attempts",
+ "remarks": "rule_set_214"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_160"
+ "value": "accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_214"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_160"
+ "value": "Lock Accounts After Failed Password Attempts",
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
- "remarks": "rule_set_161"
+ "value": "accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
- "remarks": "rule_set_161"
+ "value": "Set Lockout Time for Failed Password Attempts",
+ "remarks": "rule_set_215"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
- "remarks": "rule_set_161"
+ "value": "accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_215"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
- "remarks": "rule_set_161"
+ "value": "Set Lockout Time for Failed Password Attempts",
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_162"
+ "value": "accounts_password_pam_difok",
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
- "remarks": "rule_set_162"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "remarks": "rule_set_216"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_162"
+ "value": "accounts_password_pam_difok",
+ "remarks": "rule_set_216"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
- "remarks": "rule_set_162"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
- "remarks": "rule_set_163"
+ "value": "accounts_password_pam_minlen",
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_163"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "remarks": "rule_set_217"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
- "remarks": "rule_set_163"
+ "value": "accounts_password_pam_minlen",
+ "remarks": "rule_set_217"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_163"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
- "remarks": "rule_set_164"
+ "value": "accounts_password_pam_minclass",
+ "remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_164"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_218"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
- "remarks": "rule_set_164"
+ "value": "accounts_password_pam_minclass",
+ "remarks": "rule_set_218"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_164"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_218"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
- "remarks": "rule_set_165"
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
- "remarks": "rule_set_165"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_219"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
- "remarks": "rule_set_165"
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_219"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
- "remarks": "rule_set_165"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
- "remarks": "rule_set_166"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_166"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_220"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
- "remarks": "rule_set_166"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_220"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_166"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
- "remarks": "rule_set_167"
+ "value": "accounts_password_pam_dictcheck",
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_167"
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "remarks": "rule_set_221"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
- "remarks": "rule_set_167"
+ "value": "accounts_password_pam_dictcheck",
+ "remarks": "rule_set_221"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_167"
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_168"
+ "value": "accounts_password_pam_enforce_root",
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_168"
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "remarks": "rule_set_222"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_168"
+ "value": "accounts_password_pam_enforce_root",
+ "remarks": "rule_set_222"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_168"
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_169"
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_169"
+ "value": "Limit Password Reuse: password-auth",
+ "remarks": "rule_set_223"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_169"
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "remarks": "rule_set_223"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_169"
+ "value": "Limit Password Reuse: password-auth",
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
- "remarks": "rule_set_170"
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_170"
+ "value": "Limit Password Reuse: system-auth",
+ "remarks": "rule_set_224"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
- "remarks": "rule_set_170"
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "remarks": "rule_set_224"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_170"
+ "value": "Limit Password Reuse: system-auth",
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
- "remarks": "rule_set_171"
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_171"
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_225"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
- "remarks": "rule_set_171"
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_225"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_171"
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_172"
+ "value": "no_empty_passwords",
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_172"
+ "value": "Prevent Login to Accounts With Empty Password",
+ "remarks": "rule_set_226"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_172"
+ "value": "no_empty_passwords",
+ "remarks": "rule_set_226"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_172"
+ "value": "Prevent Login to Accounts With Empty Password",
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
- "remarks": "rule_set_173"
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
- "remarks": "rule_set_173"
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_227"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
- "remarks": "rule_set_173"
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_227"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
- "remarks": "rule_set_173"
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_174"
+ "value": "set_password_hashing_algorithm_systemauth",
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_174"
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "remarks": "rule_set_228"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_174"
+ "value": "set_password_hashing_algorithm_systemauth",
+ "remarks": "rule_set_228"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_174"
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
- "remarks": "rule_set_175"
+ "value": "set_password_hashing_algorithm_passwordauth",
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
- "remarks": "rule_set_175"
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "remarks": "rule_set_229"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
- "remarks": "rule_set_175"
+ "value": "set_password_hashing_algorithm_passwordauth",
+ "remarks": "rule_set_229"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
- "remarks": "rule_set_175"
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
- "remarks": "rule_set_176"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
- "remarks": "rule_set_176"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_230"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
- "remarks": "rule_set_176"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_230"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
- "remarks": "rule_set_176"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
- "remarks": "rule_set_177"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_177"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_231"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
- "remarks": "rule_set_177"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_231"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_177"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
- "remarks": "rule_set_178"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_178"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_232"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
- "remarks": "rule_set_178"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_232"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_178"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_179"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_179"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_179"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_179"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
- "remarks": "rule_set_180"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_180"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_234"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
- "remarks": "rule_set_180"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_234"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_180"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_181"
+ "value": "set_password_hashing_algorithm_logindefs",
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_181"
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "remarks": "rule_set_235"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_181"
+ "value": "set_password_hashing_algorithm_logindefs",
+ "remarks": "rule_set_235"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_181"
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_182"
+ "value": "account_disable_post_pw_expiration",
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_182"
+ "value": "Set Account Expiration Following Inactivity",
+ "remarks": "rule_set_236"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_182"
+ "value": "account_disable_post_pw_expiration",
+ "remarks": "rule_set_236"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_182"
+ "value": "Set Account Expiration Following Inactivity",
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
- "remarks": "rule_set_183"
+ "value": "accounts_set_post_pw_existing",
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
- "remarks": "rule_set_183"
+ "value": "Set existing passwords a period of inactivity before they been locked",
+ "remarks": "rule_set_237"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
- "remarks": "rule_set_183"
+ "value": "accounts_set_post_pw_existing",
+ "remarks": "rule_set_237"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
- "remarks": "rule_set_183"
+ "value": "Set existing passwords a period of inactivity before they been locked",
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_184"
+ "value": "accounts_password_last_change_is_in_past",
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_184"
+ "value": "Ensure all users last password change date is in the past",
+ "remarks": "rule_set_238"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_184"
+ "value": "accounts_password_last_change_is_in_past",
+ "remarks": "rule_set_238"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_184"
+ "value": "Ensure all users last password change date is in the past",
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_185"
+ "value": "accounts_no_uid_except_zero",
+ "remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_185"
+ "value": "Verify Only Root Has UID 0",
+ "remarks": "rule_set_239"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_185"
+ "value": "accounts_no_uid_except_zero",
+ "remarks": "rule_set_239"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_185"
+ "value": "Verify Only Root Has UID 0",
+ "remarks": "rule_set_239"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_186"
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_240"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_186"
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_240"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_186"
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_240"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_186"
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_187"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_187"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_241"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_187"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_241"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_187"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
- "remarks": "rule_set_188"
+ "value": "ensure_root_password_configured",
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_188"
+ "value": "Ensure Authentication Required for Single User Mode",
+ "remarks": "rule_set_242"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
- "remarks": "rule_set_188"
+ "value": "ensure_root_password_configured",
+ "remarks": "rule_set_242"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_188"
+ "value": "Ensure Authentication Required for Single User Mode",
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
- "remarks": "rule_set_189"
+ "value": "accounts_root_path_dirs_no_write",
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_189"
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "remarks": "rule_set_243"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
- "remarks": "rule_set_189"
+ "value": "accounts_root_path_dirs_no_write",
+ "remarks": "rule_set_243"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_189"
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
- "remarks": "rule_set_190"
+ "value": "root_path_no_dot",
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_190"
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "remarks": "rule_set_244"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
- "remarks": "rule_set_190"
+ "value": "root_path_no_dot",
+ "remarks": "rule_set_244"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_190"
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_191"
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_191"
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_245"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_191"
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_245"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_191"
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_192"
+ "value": "no_password_auth_for_systemaccounts",
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_192"
+ "value": "Ensure that System Accounts Are Locked",
+ "remarks": "rule_set_246"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_192"
+ "value": "no_password_auth_for_systemaccounts",
+ "remarks": "rule_set_246"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_192"
+ "value": "Ensure that System Accounts Are Locked",
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_193"
+ "value": "no_shelllogin_for_systemaccounts",
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_193"
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "remarks": "rule_set_247"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_193"
+ "value": "no_shelllogin_for_systemaccounts",
+ "remarks": "rule_set_247"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_193"
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_194"
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_194"
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_248"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_194"
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_248"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_194"
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_195"
+ "value": "accounts_tmout",
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_195"
+ "value": "Set Interactive Session Timeout",
+ "remarks": "rule_set_249"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_195"
+ "value": "accounts_tmout",
+ "remarks": "rule_set_249"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_195"
+ "value": "Set Interactive Session Timeout",
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
- "remarks": "rule_set_196"
+ "value": "accounts_umask_etc_bashrc",
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_196"
+ "value": "Ensure the Default Bash Umask is Set Correctly",
+ "remarks": "rule_set_250"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
- "remarks": "rule_set_196"
+ "value": "accounts_umask_etc_bashrc",
+ "remarks": "rule_set_250"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_196"
+ "value": "Ensure the Default Bash Umask is Set Correctly",
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_197"
+ "value": "accounts_umask_etc_login_defs",
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_197"
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "remarks": "rule_set_251"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_197"
+ "value": "accounts_umask_etc_login_defs",
+ "remarks": "rule_set_251"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_197"
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_198"
+ "value": "accounts_umask_etc_profile",
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_198"
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "remarks": "rule_set_252"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_198"
+ "value": "accounts_umask_etc_profile",
+ "remarks": "rule_set_252"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_198"
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_199"
+ "value": "package_aide_installed",
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_199"
+ "value": "Install AIDE",
+ "remarks": "rule_set_253"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_199"
+ "value": "package_aide_installed",
+ "remarks": "rule_set_253"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_199"
+ "value": "Install AIDE",
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_200"
+ "value": "aide_build_database",
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_200"
+ "value": "Build and Test AIDE Database",
+ "remarks": "rule_set_254"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_200"
+ "value": "aide_build_database",
+ "remarks": "rule_set_254"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_200"
+ "value": "Build and Test AIDE Database",
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_201"
+ "value": "aide_periodic_cron_checking",
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_201"
+ "value": "Configure Periodic Execution of AIDE",
+ "remarks": "rule_set_255"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_201"
+ "value": "aide_periodic_cron_checking",
+ "remarks": "rule_set_255"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_201"
+ "value": "Configure Periodic Execution of AIDE",
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_202"
+ "value": "aide_check_audit_tools",
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_202"
+ "value": "Configure AIDE to Verify the Audit Tools",
+ "remarks": "rule_set_256"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_202"
+ "value": "aide_check_audit_tools",
+ "remarks": "rule_set_256"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_202"
+ "value": "Configure AIDE to Verify the Audit Tools",
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_203"
+ "value": "service_systemd-journald_enabled",
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_203"
+ "value": "Enable systemd-journald Service",
+ "remarks": "rule_set_257"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_203"
+ "value": "service_systemd-journald_enabled",
+ "remarks": "rule_set_257"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_203"
+ "value": "Enable systemd-journald Service",
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_204"
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_204"
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_258"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_204"
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_258"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_204"
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_205"
+ "value": "package_systemd-journal-remote_installed",
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_205"
+ "value": "Install systemd-journal-remote Package",
+ "remarks": "rule_set_259"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_205"
+ "value": "package_systemd-journal-remote_installed",
+ "remarks": "rule_set_259"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_205"
+ "value": "Install systemd-journal-remote Package",
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_206"
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_206"
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_260"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_206"
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_260"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_206"
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_207"
+ "value": "socket_systemd-journal-remote_disabled",
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_207"
+ "value": "Disable systemd-journal-remote Socket",
+ "remarks": "rule_set_261"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_207"
+ "value": "socket_systemd-journal-remote_disabled",
+ "remarks": "rule_set_261"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_207"
+ "value": "Disable systemd-journal-remote Socket",
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_208"
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_208"
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_262"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_208"
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_262"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_208"
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_209"
+ "value": "journald_compress",
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_209"
+ "value": "Ensure journald is configured to compress large log files",
+ "remarks": "rule_set_263"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_209"
+ "value": "journald_compress",
+ "remarks": "rule_set_263"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_209"
+ "value": "Ensure journald is configured to compress large log files",
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
- "remarks": "rule_set_210"
+ "value": "journald_storage",
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_210"
+ "value": "Ensure journald is configured to write log files to persistent disk",
+ "remarks": "rule_set_264"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
- "remarks": "rule_set_210"
+ "value": "journald_storage",
+ "remarks": "rule_set_264"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_210"
+ "value": "Ensure journald is configured to write log files to persistent disk",
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_211"
+ "value": "rsyslog_files_groupownership",
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_211"
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "remarks": "rule_set_265"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_211"
+ "value": "rsyslog_files_groupownership",
+ "remarks": "rule_set_265"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_211"
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
- "remarks": "rule_set_212"
+ "value": "rsyslog_files_ownership",
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_212"
+ "value": "Ensure Log Files Are Owned By Appropriate User",
+ "remarks": "rule_set_266"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
- "remarks": "rule_set_212"
+ "value": "rsyslog_files_ownership",
+ "remarks": "rule_set_266"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_212"
+ "value": "Ensure Log Files Are Owned By Appropriate User",
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_213"
+ "value": "rsyslog_files_permissions",
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_213"
+ "value": "Ensure System Log Files Have Correct Permissions",
+ "remarks": "rule_set_267"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_213"
+ "value": "rsyslog_files_permissions",
+ "remarks": "rule_set_267"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_213"
+ "value": "Ensure System Log Files Have Correct Permissions",
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_214"
+ "value": "file_groupowner_etc_passwd",
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_214"
+ "value": "Verify Group Who Owns passwd File",
+ "remarks": "rule_set_268"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_214"
+ "value": "file_groupowner_etc_passwd",
+ "remarks": "rule_set_268"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_214"
+ "value": "Verify Group Who Owns passwd File",
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
- "remarks": "rule_set_215"
+ "value": "file_owner_etc_passwd",
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
- "remarks": "rule_set_215"
+ "value": "Verify User Who Owns passwd File",
+ "remarks": "rule_set_269"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
- "remarks": "rule_set_215"
+ "value": "file_owner_etc_passwd",
+ "remarks": "rule_set_269"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
- "remarks": "rule_set_215"
+ "value": "Verify User Who Owns passwd File",
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_216"
+ "value": "file_permissions_etc_passwd",
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_216"
+ "value": "Verify Permissions on passwd File",
+ "remarks": "rule_set_270"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_216"
+ "value": "file_permissions_etc_passwd",
+ "remarks": "rule_set_270"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_216"
+ "value": "Verify Permissions on passwd File",
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_217"
+ "value": "file_groupowner_backup_etc_passwd",
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_217"
+ "value": "Verify Group Who Owns Backup passwd File",
+ "remarks": "rule_set_271"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_217"
+ "value": "file_groupowner_backup_etc_passwd",
+ "remarks": "rule_set_271"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_217"
+ "value": "Verify Group Who Owns Backup passwd File",
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
- "remarks": "rule_set_218"
+ "value": "file_owner_backup_etc_passwd",
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_218"
+ "value": "Verify User Who Owns Backup passwd File",
+ "remarks": "rule_set_272"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
- "remarks": "rule_set_218"
+ "value": "file_owner_backup_etc_passwd",
+ "remarks": "rule_set_272"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_218"
+ "value": "Verify User Who Owns Backup passwd File",
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
- "remarks": "rule_set_219"
+ "value": "file_permissions_backup_etc_passwd",
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
- "remarks": "rule_set_219"
+ "value": "Verify Permissions on Backup passwd File",
+ "remarks": "rule_set_273"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
- "remarks": "rule_set_219"
+ "value": "file_permissions_backup_etc_passwd",
+ "remarks": "rule_set_273"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
- "remarks": "rule_set_219"
+ "value": "Verify Permissions on Backup passwd File",
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
- "remarks": "rule_set_220"
+ "value": "file_groupowner_etc_group",
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
- "remarks": "rule_set_220"
+ "value": "Verify Group Who Owns group File",
+ "remarks": "rule_set_274"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
- "remarks": "rule_set_220"
+ "value": "file_groupowner_etc_group",
+ "remarks": "rule_set_274"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
- "remarks": "rule_set_220"
+ "value": "Verify Group Who Owns group File",
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
- "remarks": "rule_set_221"
+ "value": "file_owner_etc_group",
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_221"
+ "value": "Verify User Who Owns group File",
+ "remarks": "rule_set_275"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
- "remarks": "rule_set_221"
+ "value": "file_owner_etc_group",
+ "remarks": "rule_set_275"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_221"
+ "value": "Verify User Who Owns group File",
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
- "remarks": "rule_set_222"
+ "value": "file_permissions_etc_group",
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_222"
+ "value": "Verify Permissions on group File",
+ "remarks": "rule_set_276"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
- "remarks": "rule_set_222"
+ "value": "file_permissions_etc_group",
+ "remarks": "rule_set_276"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_222"
+ "value": "Verify Permissions on group File",
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
- "remarks": "rule_set_223"
+ "value": "file_groupowner_backup_etc_group",
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
- "remarks": "rule_set_223"
+ "value": "Verify Group Who Owns Backup group File",
+ "remarks": "rule_set_277"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
- "remarks": "rule_set_223"
+ "value": "file_groupowner_backup_etc_group",
+ "remarks": "rule_set_277"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
- "remarks": "rule_set_223"
+ "value": "Verify Group Who Owns Backup group File",
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_224"
+ "value": "file_owner_backup_etc_group",
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_224"
+ "value": "Verify User Who Owns Backup group File",
+ "remarks": "rule_set_278"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_224"
+ "value": "file_owner_backup_etc_group",
+ "remarks": "rule_set_278"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_224"
+ "value": "Verify User Who Owns Backup group File",
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_225"
+ "value": "file_permissions_backup_etc_group",
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_225"
+ "value": "Verify Permissions on Backup group File",
+ "remarks": "rule_set_279"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_225"
+ "value": "file_permissions_backup_etc_group",
+ "remarks": "rule_set_279"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_225"
+ "value": "Verify Permissions on Backup group File",
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
- "remarks": "rule_set_226"
+ "value": "file_owner_etc_shadow",
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_226"
+ "value": "Verify User Who Owns shadow File",
+ "remarks": "rule_set_280"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
- "remarks": "rule_set_226"
+ "value": "file_owner_etc_shadow",
+ "remarks": "rule_set_280"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_226"
+ "value": "Verify User Who Owns shadow File",
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
- "remarks": "rule_set_227"
+ "value": "file_groupowner_etc_shadow",
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_227"
+ "value": "Verify Group Who Owns shadow File",
+ "remarks": "rule_set_281"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
- "remarks": "rule_set_227"
+ "value": "file_groupowner_etc_shadow",
+ "remarks": "rule_set_281"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_227"
+ "value": "Verify Group Who Owns shadow File",
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
- "remarks": "rule_set_228"
+ "value": "file_permissions_etc_shadow",
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_228"
+ "value": "Verify Permissions on shadow File",
+ "remarks": "rule_set_282"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
- "remarks": "rule_set_228"
+ "value": "file_permissions_etc_shadow",
+ "remarks": "rule_set_282"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_228"
+ "value": "Verify Permissions on shadow File",
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
- "remarks": "rule_set_229"
+ "value": "file_groupowner_backup_etc_shadow",
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_229"
+ "value": "Verify User Who Owns Backup shadow File",
+ "remarks": "rule_set_283"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
- "remarks": "rule_set_229"
+ "value": "file_groupowner_backup_etc_shadow",
+ "remarks": "rule_set_283"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_229"
+ "value": "Verify User Who Owns Backup shadow File",
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
- "remarks": "rule_set_230"
+ "value": "file_owner_backup_etc_shadow",
+ "remarks": "rule_set_284"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_230"
+ "value": "Verify Group Who Owns Backup shadow File",
+ "remarks": "rule_set_284"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
- "remarks": "rule_set_230"
+ "value": "file_owner_backup_etc_shadow",
+ "remarks": "rule_set_284"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_230"
+ "value": "Verify Group Who Owns Backup shadow File",
+ "remarks": "rule_set_284"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_231"
+ "value": "file_permissions_backup_etc_shadow",
+ "remarks": "rule_set_285"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_231"
+ "value": "Verify Permissions on Backup shadow File",
+ "remarks": "rule_set_285"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_231"
+ "value": "file_permissions_backup_etc_shadow",
+ "remarks": "rule_set_285"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_231"
+ "value": "Verify Permissions on Backup shadow File",
+ "remarks": "rule_set_285"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
- "remarks": "rule_set_232"
+ "value": "file_groupowner_etc_gshadow",
+ "remarks": "rule_set_286"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_232"
+ "value": "Verify Group Who Owns gshadow File",
+ "remarks": "rule_set_286"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
- "remarks": "rule_set_232"
+ "value": "file_groupowner_etc_gshadow",
+ "remarks": "rule_set_286"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_232"
+ "value": "Verify Group Who Owns gshadow File",
+ "remarks": "rule_set_286"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
- "remarks": "rule_set_233"
+ "value": "file_owner_etc_gshadow",
+ "remarks": "rule_set_287"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
- "remarks": "rule_set_233"
+ "value": "Verify User Who Owns gshadow File",
+ "remarks": "rule_set_287"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
- "remarks": "rule_set_233"
+ "value": "file_owner_etc_gshadow",
+ "remarks": "rule_set_287"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
- "remarks": "rule_set_233"
+ "value": "Verify User Who Owns gshadow File",
+ "remarks": "rule_set_287"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_234"
+ "value": "file_permissions_etc_gshadow",
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_234"
+ "value": "Verify Permissions on gshadow File",
+ "remarks": "rule_set_288"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_234"
+ "value": "file_permissions_etc_gshadow",
+ "remarks": "rule_set_288"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_234"
+ "value": "Verify Permissions on gshadow File",
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_235"
+ "value": "file_groupowner_backup_etc_gshadow",
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_235"
+ "value": "Verify Group Who Owns Backup gshadow File",
+ "remarks": "rule_set_289"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_235"
+ "value": "file_groupowner_backup_etc_gshadow",
+ "remarks": "rule_set_289"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_235"
+ "value": "Verify Group Who Owns Backup gshadow File",
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_236"
+ "value": "file_owner_backup_etc_gshadow",
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_236"
+ "value": "Verify User Who Owns Backup gshadow File",
+ "remarks": "rule_set_290"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_236"
+ "value": "file_owner_backup_etc_gshadow",
+ "remarks": "rule_set_290"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_236"
+ "value": "Verify User Who Owns Backup gshadow File",
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
- "remarks": "rule_set_237"
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
- "remarks": "rule_set_237"
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_291"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
- "remarks": "rule_set_237"
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_291"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
- "remarks": "rule_set_237"
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
- "remarks": "rule_set_238"
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_292"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
- "remarks": "rule_set_238"
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_292"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
- "remarks": "rule_set_238"
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_292"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
- "remarks": "rule_set_238"
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_292"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
- "remarks": "rule_set_239"
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_293"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
- "remarks": "rule_set_239"
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_293"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
- "remarks": "rule_set_239"
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_293"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
- "remarks": "rule_set_239"
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_293"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_240"
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_294"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_240"
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_294"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_240"
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_294"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_240"
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_294"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
- "remarks": "rule_set_241"
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_295"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_241"
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_295"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
- "remarks": "rule_set_241"
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_295"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_241"
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_295"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_242"
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_242"
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_242"
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_242"
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
- "remarks": "rule_set_243"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_243"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_297"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
- "remarks": "rule_set_243"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_297"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_243"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_244"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_244"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_298"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_244"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_298"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_244"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
- "remarks": "rule_set_245"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
- "remarks": "rule_set_245"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_299"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
- "remarks": "rule_set_245"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_299"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
- "remarks": "rule_set_245"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_246"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_246"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_300"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_246"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_300"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_246"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_247"
+ "value": "file_permissions_unauthorized_world_writable",
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_247"
+ "value": "Ensure No World-Writable Files Exist",
+ "remarks": "rule_set_301"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_247"
+ "value": "file_permissions_unauthorized_world_writable",
+ "remarks": "rule_set_301"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_247"
+ "value": "Ensure No World-Writable Files Exist",
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_248"
+ "value": "dir_perms_world_writable_sticky_bits",
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_248"
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "remarks": "rule_set_302"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_248"
+ "value": "dir_perms_world_writable_sticky_bits",
+ "remarks": "rule_set_302"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_248"
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_249"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_249"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_303"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_249"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_303"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_249"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
- "remarks": "rule_set_250"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_250"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_304"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
- "remarks": "rule_set_250"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_304"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_250"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_251"
+ "value": "accounts_password_all_shadowed",
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_251"
+ "value": "Verify All Account Password Hashes are Shadowed",
+ "remarks": "rule_set_305"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_251"
+ "value": "accounts_password_all_shadowed",
+ "remarks": "rule_set_305"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_251"
+ "value": "Verify All Account Password Hashes are Shadowed",
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_252"
+ "value": "no_empty_passwords_etc_shadow",
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_252"
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "remarks": "rule_set_306"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_252"
+ "value": "no_empty_passwords_etc_shadow",
+ "remarks": "rule_set_306"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_252"
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_253"
+ "value": "gid_passwd_group_same",
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_253"
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "remarks": "rule_set_307"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_253"
+ "value": "gid_passwd_group_same",
+ "remarks": "rule_set_307"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_253"
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_254"
+ "value": "account_unique_id",
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_254"
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "remarks": "rule_set_308"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_254"
+ "value": "account_unique_id",
+ "remarks": "rule_set_308"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_254"
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_255"
+ "value": "group_unique_id",
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_255"
+ "value": "Ensure All Groups on the System Have Unique Group ID",
+ "remarks": "rule_set_309"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_255"
+ "value": "group_unique_id",
+ "remarks": "rule_set_309"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_255"
+ "value": "Ensure All Groups on the System Have Unique Group ID",
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_256"
+ "value": "account_unique_name",
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_256"
+ "value": "Ensure All Accounts on the System Have Unique Names",
+ "remarks": "rule_set_310"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_256"
+ "value": "account_unique_name",
+ "remarks": "rule_set_310"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_256"
+ "value": "Ensure All Accounts on the System Have Unique Names",
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_257"
+ "value": "group_unique_name",
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_257"
+ "value": "Ensure All Groups on the System Have Unique Group Names",
+ "remarks": "rule_set_311"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_257"
+ "value": "group_unique_name",
+ "remarks": "rule_set_311"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_257"
+ "value": "Ensure All Groups on the System Have Unique Group Names",
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_258"
+ "value": "accounts_user_interactive_home_directory_exists",
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_258"
+ "value": "All Interactive Users Home Directories Must Exist",
+ "remarks": "rule_set_312"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_258"
+ "value": "accounts_user_interactive_home_directory_exists",
+ "remarks": "rule_set_312"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_258"
+ "value": "All Interactive Users Home Directories Must Exist",
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_259"
+ "value": "file_ownership_home_directories",
+ "remarks": "rule_set_313"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_259"
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "remarks": "rule_set_313"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_259"
+ "value": "file_ownership_home_directories",
+ "remarks": "rule_set_313"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_259"
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "remarks": "rule_set_313"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_260"
+ "value": "file_permissions_home_directories",
+ "remarks": "rule_set_314"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_260"
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "remarks": "rule_set_314"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_260"
+ "value": "file_permissions_home_directories",
+ "remarks": "rule_set_314"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_260"
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "remarks": "rule_set_314"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_261"
+ "value": "accounts_user_dot_group_ownership",
+ "remarks": "rule_set_315"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_261"
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "remarks": "rule_set_315"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_261"
+ "value": "accounts_user_dot_group_ownership",
+ "remarks": "rule_set_315"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_261"
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "remarks": "rule_set_315"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_262"
+ "value": "accounts_user_dot_user_ownership",
+ "remarks": "rule_set_316"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_262"
+ "value": "User Initialization Files Must Be Owned By the Primary User",
+ "remarks": "rule_set_316"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_262"
+ "value": "accounts_user_dot_user_ownership",
+ "remarks": "rule_set_316"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_262"
+ "value": "User Initialization Files Must Be Owned By the Primary User",
+ "remarks": "rule_set_316"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
- "remarks": "rule_set_263"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_317"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_263"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_317"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
- "remarks": "rule_set_263"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_317"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_263"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_317"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_264"
+ "value": "no_forward_files",
+ "remarks": "rule_set_318"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_264"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_318"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_264"
+ "value": "no_forward_files",
+ "remarks": "rule_set_318"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_264"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_318"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
- "remarks": "rule_set_265"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_319"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_265"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_319"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
- "remarks": "rule_set_265"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_319"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_265"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_319"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
- "remarks": "rule_set_266"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_320"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_266"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_320"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
- "remarks": "rule_set_266"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_320"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_266"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_320"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
- "remarks": "rule_set_267"
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_321"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_267"
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_321"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
- "remarks": "rule_set_267"
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_321"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_267"
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_321"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
- "remarks": "rule_set_268"
+ "value": "kernel_module_overlayfs_disabled",
+ "remarks": "rule_set_322"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_268"
+ "value": "Ensure overlayfs kernel module is not available",
+ "remarks": "rule_set_322"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
- "remarks": "rule_set_268"
+ "value": "kernel_module_overlayfs_disabled",
+ "remarks": "rule_set_322"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_268"
+ "value": "Ensure overlayfs kernel module is not available",
+ "remarks": "rule_set_322"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
- "remarks": "rule_set_269"
+ "value": "kernel_module_squashfs_disabled",
+ "remarks": "rule_set_323"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_269"
+ "value": "Disable Mounting of squashfs",
+ "remarks": "rule_set_323"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
- "remarks": "rule_set_269"
+ "value": "kernel_module_squashfs_disabled",
+ "remarks": "rule_set_323"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_269"
+ "value": "Disable Mounting of squashfs",
+ "remarks": "rule_set_323"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_270"
+ "value": "kernel_module_udf_disabled",
+ "remarks": "rule_set_324"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_270"
+ "value": "Disable Mounting of udf",
+ "remarks": "rule_set_324"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_270"
+ "value": "kernel_module_udf_disabled",
+ "remarks": "rule_set_324"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_270"
+ "value": "Disable Mounting of udf",
+ "remarks": "rule_set_324"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
- "remarks": "rule_set_271"
+ "value": "partition_for_home",
+ "remarks": "rule_set_325"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_271"
+ "value": "Ensure /home Located On Separate Partition",
+ "remarks": "rule_set_325"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
- "remarks": "rule_set_271"
+ "value": "partition_for_home",
+ "remarks": "rule_set_325"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_271"
+ "value": "Ensure /home Located On Separate Partition",
+ "remarks": "rule_set_325"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
- "remarks": "rule_set_272"
+ "value": "partition_for_var",
+ "remarks": "rule_set_326"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_272"
+ "value": "Ensure /var Located On Separate Partition",
+ "remarks": "rule_set_326"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
- "remarks": "rule_set_272"
+ "value": "partition_for_var",
+ "remarks": "rule_set_326"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_272"
+ "value": "Ensure /var Located On Separate Partition",
+ "remarks": "rule_set_326"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_273"
+ "value": "partition_for_var_tmp",
+ "remarks": "rule_set_327"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_273"
+ "value": "Ensure /var/tmp Located On Separate Partition",
+ "remarks": "rule_set_327"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_273"
+ "value": "partition_for_var_tmp",
+ "remarks": "rule_set_327"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_273"
+ "value": "Ensure /var/tmp Located On Separate Partition",
+ "remarks": "rule_set_327"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_274"
+ "value": "partition_for_var_log",
+ "remarks": "rule_set_328"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_274"
+ "value": "Ensure /var/log Located On Separate Partition",
+ "remarks": "rule_set_328"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_274"
+ "value": "partition_for_var_log",
+ "remarks": "rule_set_328"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_274"
+ "value": "Ensure /var/log Located On Separate Partition",
+ "remarks": "rule_set_328"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_275"
+ "value": "partition_for_var_log_audit",
+ "remarks": "rule_set_329"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_275"
+ "value": "Ensure /var/log/audit Located On Separate Partition",
+ "remarks": "rule_set_329"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_275"
+ "value": "partition_for_var_log_audit",
+ "remarks": "rule_set_329"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_275"
+ "value": "Ensure /var/log/audit Located On Separate Partition",
+ "remarks": "rule_set_329"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_276"
+ "value": "selinux_state",
+ "remarks": "rule_set_330"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_276"
+ "value": "Ensure SELinux State is Enforcing",
+ "remarks": "rule_set_330"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_276"
+ "value": "selinux_state",
+ "remarks": "rule_set_330"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_276"
+ "value": "Ensure SELinux State is Enforcing",
+ "remarks": "rule_set_330"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_277"
+ "value": "xwayland_disabled",
+ "remarks": "rule_set_331"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_277"
+ "value": "Disable XWayland",
+ "remarks": "rule_set_331"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_277"
+ "value": "xwayland_disabled",
+ "remarks": "rule_set_331"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_277"
+ "value": "Disable XWayland",
+ "remarks": "rule_set_331"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_278"
+ "value": "service_cockpit_disabled",
+ "remarks": "rule_set_332"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_278"
+ "value": "Disable Cockpit Management Server",
+ "remarks": "rule_set_332"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_278"
+ "value": "service_cockpit_disabled",
+ "remarks": "rule_set_332"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_278"
+ "value": "Disable Cockpit Management Server",
+ "remarks": "rule_set_332"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_overlayfs_disabled",
- "remarks": "rule_set_279"
+ "value": "package_gdm_removed",
+ "remarks": "rule_set_333"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure overlayfs kernel module is not available",
- "remarks": "rule_set_279"
+ "value": "Remove the GDM Package Group",
+ "remarks": "rule_set_333"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_overlayfs_disabled",
- "remarks": "rule_set_279"
+ "value": "package_gdm_removed",
+ "remarks": "rule_set_333"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure overlayfs kernel module is not available",
- "remarks": "rule_set_279"
+ "value": "Remove the GDM Package Group",
+ "remarks": "rule_set_333"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_squashfs_disabled",
- "remarks": "rule_set_280"
+ "value": "package_xorg-x11-server-Xwayland_removed",
+ "remarks": "rule_set_334"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of squashfs",
- "remarks": "rule_set_280"
+ "value": "Remove the X Windows Xwayland Package",
+ "remarks": "rule_set_334"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_squashfs_disabled",
- "remarks": "rule_set_280"
+ "value": "package_xorg-x11-server-Xwayland_removed",
+ "remarks": "rule_set_334"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of squashfs",
- "remarks": "rule_set_280"
+ "value": "Remove the X Windows Xwayland Package",
+ "remarks": "rule_set_334"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_udf_disabled",
- "remarks": "rule_set_281"
+ "value": "package_openldap-clients_removed",
+ "remarks": "rule_set_335"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of udf",
- "remarks": "rule_set_281"
+ "value": "Ensure LDAP client is not installed",
+ "remarks": "rule_set_335"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_udf_disabled",
- "remarks": "rule_set_281"
+ "value": "package_openldap-clients_removed",
+ "remarks": "rule_set_335"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of udf",
- "remarks": "rule_set_281"
+ "value": "Ensure LDAP client is not installed",
+ "remarks": "rule_set_335"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_home",
- "remarks": "rule_set_282"
+ "value": "kernel_module_sctp_disabled",
+ "remarks": "rule_set_336"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /home Located On Separate Partition",
- "remarks": "rule_set_282"
+ "value": "Disable SCTP Support",
+ "remarks": "rule_set_336"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_home",
- "remarks": "rule_set_282"
+ "value": "kernel_module_sctp_disabled",
+ "remarks": "rule_set_336"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /home Located On Separate Partition",
- "remarks": "rule_set_282"
+ "value": "Disable SCTP Support",
+ "remarks": "rule_set_336"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var",
- "remarks": "rule_set_283"
+ "value": "sysctl_net_ipv4_ip_forward",
+ "remarks": "rule_set_337"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var Located On Separate Partition",
- "remarks": "rule_set_283"
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "remarks": "rule_set_337"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var",
- "remarks": "rule_set_283"
+ "value": "sysctl_net_ipv4_ip_forward",
+ "remarks": "rule_set_337"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var Located On Separate Partition",
- "remarks": "rule_set_283"
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "remarks": "rule_set_337"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_tmp",
- "remarks": "rule_set_284"
+ "value": "sshd_disable_forwarding",
+ "remarks": "rule_set_338"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/tmp Located On Separate Partition",
- "remarks": "rule_set_284"
+ "value": "Disable SSH Forwarding",
+ "remarks": "rule_set_338"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_tmp",
- "remarks": "rule_set_284"
+ "value": "sshd_disable_forwarding",
+ "remarks": "rule_set_338"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/tmp Located On Separate Partition",
- "remarks": "rule_set_284"
+ "value": "Disable SSH Forwarding",
+ "remarks": "rule_set_338"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log",
- "remarks": "rule_set_285"
+ "value": "sshd_disable_gssapi_auth",
+ "remarks": "rule_set_339"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log Located On Separate Partition",
- "remarks": "rule_set_285"
+ "value": "Disable GSSAPI Authentication",
+ "remarks": "rule_set_339"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log",
- "remarks": "rule_set_285"
+ "value": "sshd_disable_gssapi_auth",
+ "remarks": "rule_set_339"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log Located On Separate Partition",
- "remarks": "rule_set_285"
+ "value": "Disable GSSAPI Authentication",
+ "remarks": "rule_set_339"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log_audit",
- "remarks": "rule_set_286"
+ "value": "sudo_remove_nopasswd",
+ "remarks": "rule_set_340"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log/audit Located On Separate Partition",
- "remarks": "rule_set_286"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD",
+ "remarks": "rule_set_340"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log_audit",
- "remarks": "rule_set_286"
+ "value": "sudo_remove_nopasswd",
+ "remarks": "rule_set_340"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log/audit Located On Separate Partition",
- "remarks": "rule_set_286"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD",
+ "remarks": "rule_set_340"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_state",
- "remarks": "rule_set_287"
+ "value": "accounts_passwords_pam_faillock_deny_root",
+ "remarks": "rule_set_341"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux State is Enforcing",
- "remarks": "rule_set_287"
+ "value": "Configure the root Account for Failed Password Attempts",
+ "remarks": "rule_set_341"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_state",
- "remarks": "rule_set_287"
+ "value": "accounts_passwords_pam_faillock_deny_root",
+ "remarks": "rule_set_341"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux State is Enforcing",
- "remarks": "rule_set_287"
+ "value": "Configure the root Account for Failed Password Attempts",
+ "remarks": "rule_set_341"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_gdm_removed",
- "remarks": "rule_set_288"
+ "value": "accounts_minimum_age_login_defs",
+ "remarks": "rule_set_342"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove the GDM Package Group",
- "remarks": "rule_set_288"
+ "value": "Set Password Minimum Age",
+ "remarks": "rule_set_342"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_gdm_removed",
- "remarks": "rule_set_288"
+ "value": "accounts_minimum_age_login_defs",
+ "remarks": "rule_set_342"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove the GDM Package Group",
- "remarks": "rule_set_288"
+ "value": "Set Password Minimum Age",
+ "remarks": "rule_set_342"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "xwindows_runlevel_target",
- "remarks": "rule_set_289"
+ "value": "accounts_password_set_min_life_existing",
+ "remarks": "rule_set_343"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Graphical Environment Startup By Setting Default Target",
- "remarks": "rule_set_289"
+ "value": "Set Existing Passwords Minimum Age",
+ "remarks": "rule_set_343"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "xwindows_runlevel_target",
- "remarks": "rule_set_289"
+ "value": "accounts_password_set_min_life_existing",
+ "remarks": "rule_set_343"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Graphical Environment Startup By Setting Default Target",
- "remarks": "rule_set_289"
+ "value": "Set Existing Passwords Minimum Age",
+ "remarks": "rule_set_343"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_openldap-clients_removed",
- "remarks": "rule_set_290"
+ "value": "no_nologin_in_shells",
+ "remarks": "rule_set_344"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure LDAP client is not installed",
- "remarks": "rule_set_290"
+ "value": "Ensure nologin Shell is Not Listed in /etc/shells",
+ "remarks": "rule_set_344"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_openldap-clients_removed",
- "remarks": "rule_set_290"
+ "value": "no_nologin_in_shells",
+ "remarks": "rule_set_344"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure LDAP client is not installed",
- "remarks": "rule_set_290"
+ "value": "Ensure nologin Shell is Not Listed in /etc/shells",
+ "remarks": "rule_set_344"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_sctp_disabled",
- "remarks": "rule_set_291"
+ "value": "package_audit_installed",
+ "remarks": "rule_set_345"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SCTP Support",
- "remarks": "rule_set_291"
+ "value": "Ensure the audit Subsystem is Installed",
+ "remarks": "rule_set_345"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_sctp_disabled",
- "remarks": "rule_set_291"
+ "value": "package_audit_installed",
+ "remarks": "rule_set_345"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SCTP Support",
- "remarks": "rule_set_291"
+ "value": "Ensure the audit Subsystem is Installed",
+ "remarks": "rule_set_345"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
- "remarks": "rule_set_292"
+ "value": "package_audit-libs_installed",
+ "remarks": "rule_set_346"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
- "remarks": "rule_set_292"
+ "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
+ "remarks": "rule_set_346"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
- "remarks": "rule_set_292"
+ "value": "package_audit-libs_installed",
+ "remarks": "rule_set_346"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
- "remarks": "rule_set_292"
+ "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
+ "remarks": "rule_set_346"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
- "remarks": "rule_set_293"
+ "value": "grub2_audit_argument",
+ "remarks": "rule_set_347"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
- "remarks": "rule_set_293"
+ "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
+ "remarks": "rule_set_347"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
- "remarks": "rule_set_293"
+ "value": "grub2_audit_argument",
+ "remarks": "rule_set_347"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
- "remarks": "rule_set_293"
+ "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
+ "remarks": "rule_set_347"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny_root",
- "remarks": "rule_set_294"
+ "value": "grub2_audit_backlog_limit_argument",
+ "remarks": "rule_set_348"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the root Account for Failed Password Attempts",
- "remarks": "rule_set_294"
+ "value": "Extend Audit Backlog Limit for the Audit Daemon",
+ "remarks": "rule_set_348"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny_root",
- "remarks": "rule_set_294"
+ "value": "grub2_audit_backlog_limit_argument",
+ "remarks": "rule_set_348"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the root Account for Failed Password Attempts",
- "remarks": "rule_set_294"
+ "value": "Extend Audit Backlog Limit for the Audit Daemon",
+ "remarks": "rule_set_348"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_minimum_age_login_defs",
- "remarks": "rule_set_295"
+ "value": "service_auditd_enabled",
+ "remarks": "rule_set_349"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Minimum Age",
- "remarks": "rule_set_295"
+ "value": "Enable auditd Service",
+ "remarks": "rule_set_349"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_minimum_age_login_defs",
- "remarks": "rule_set_295"
+ "value": "service_auditd_enabled",
+ "remarks": "rule_set_349"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Minimum Age",
- "remarks": "rule_set_295"
+ "value": "Enable auditd Service",
+ "remarks": "rule_set_349"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_min_life_existing",
- "remarks": "rule_set_296"
+ "value": "auditd_data_retention_max_log_file",
+ "remarks": "rule_set_350"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Minimum Age",
- "remarks": "rule_set_296"
+ "value": "Configure auditd Max Log File Size",
+ "remarks": "rule_set_350"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_min_life_existing",
- "remarks": "rule_set_296"
+ "value": "auditd_data_retention_max_log_file",
+ "remarks": "rule_set_350"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Minimum Age",
- "remarks": "rule_set_296"
+ "value": "Configure auditd Max Log File Size",
+ "remarks": "rule_set_350"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit_installed",
- "remarks": "rule_set_297"
+ "value": "auditd_data_retention_max_log_file_action",
+ "remarks": "rule_set_351"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit Subsystem is Installed",
- "remarks": "rule_set_297"
+ "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
+ "remarks": "rule_set_351"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit_installed",
- "remarks": "rule_set_297"
+ "value": "auditd_data_retention_max_log_file_action",
+ "remarks": "rule_set_351"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit Subsystem is Installed",
- "remarks": "rule_set_297"
+ "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
+ "remarks": "rule_set_351"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit-libs_installed",
- "remarks": "rule_set_298"
+ "value": "auditd_data_disk_error_action",
+ "remarks": "rule_set_352"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
- "remarks": "rule_set_298"
+ "value": "Configure auditd Disk Error Action on Disk Error",
+ "remarks": "rule_set_352"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit-libs_installed",
- "remarks": "rule_set_298"
+ "value": "auditd_data_disk_error_action",
+ "remarks": "rule_set_352"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
- "remarks": "rule_set_298"
+ "value": "Configure auditd Disk Error Action on Disk Error",
+ "remarks": "rule_set_352"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_argument",
- "remarks": "rule_set_299"
+ "value": "auditd_data_disk_full_action",
+ "remarks": "rule_set_353"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
- "remarks": "rule_set_299"
+ "value": "Configure auditd Disk Full Action when Disk Space Is Full",
+ "remarks": "rule_set_353"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_argument",
- "remarks": "rule_set_299"
+ "value": "auditd_data_disk_full_action",
+ "remarks": "rule_set_353"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
- "remarks": "rule_set_299"
+ "value": "Configure auditd Disk Full Action when Disk Space Is Full",
+ "remarks": "rule_set_353"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_backlog_limit_argument",
- "remarks": "rule_set_300"
+ "value": "auditd_data_retention_admin_space_left_action",
+ "remarks": "rule_set_354"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Extend Audit Backlog Limit for the Audit Daemon",
- "remarks": "rule_set_300"
+ "value": "Configure auditd admin_space_left Action on Low Disk Space",
+ "remarks": "rule_set_354"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_backlog_limit_argument",
- "remarks": "rule_set_300"
+ "value": "auditd_data_retention_admin_space_left_action",
+ "remarks": "rule_set_354"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Extend Audit Backlog Limit for the Audit Daemon",
- "remarks": "rule_set_300"
+ "value": "Configure auditd admin_space_left Action on Low Disk Space",
+ "remarks": "rule_set_354"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_auditd_enabled",
- "remarks": "rule_set_301"
+ "value": "auditd_data_retention_space_left_action",
+ "remarks": "rule_set_355"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable auditd Service",
- "remarks": "rule_set_301"
+ "value": "Configure auditd space_left Action on Low Disk Space",
+ "remarks": "rule_set_355"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_auditd_enabled",
- "remarks": "rule_set_301"
+ "value": "auditd_data_retention_space_left_action",
+ "remarks": "rule_set_355"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable auditd Service",
- "remarks": "rule_set_301"
+ "value": "Configure auditd space_left Action on Low Disk Space",
+ "remarks": "rule_set_355"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file",
- "remarks": "rule_set_302"
+ "value": "audit_rules_sysadmin_actions",
+ "remarks": "rule_set_356"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Max Log File Size",
- "remarks": "rule_set_302"
+ "value": "Ensure auditd Collects System Administrator Actions",
+ "remarks": "rule_set_356"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file",
- "remarks": "rule_set_302"
+ "value": "audit_rules_sysadmin_actions",
+ "remarks": "rule_set_356"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Max Log File Size",
- "remarks": "rule_set_302"
+ "value": "Ensure auditd Collects System Administrator Actions",
+ "remarks": "rule_set_356"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file_action",
- "remarks": "rule_set_303"
+ "value": "audit_rules_suid_auid_privilege_function",
+ "remarks": "rule_set_357"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
- "remarks": "rule_set_303"
+ "value": "Record Events When Executables Are Run As Another User",
+ "remarks": "rule_set_357"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file_action",
- "remarks": "rule_set_303"
+ "value": "audit_rules_suid_auid_privilege_function",
+ "remarks": "rule_set_357"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
- "remarks": "rule_set_303"
+ "value": "Record Events When Executables Are Run As Another User",
+ "remarks": "rule_set_357"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_error_action",
- "remarks": "rule_set_304"
+ "value": "audit_sudo_log_events",
+ "remarks": "rule_set_358"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Error Action on Disk Error",
- "remarks": "rule_set_304"
+ "value": "Record Attempts to perform maintenance activities",
+ "remarks": "rule_set_358"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_error_action",
- "remarks": "rule_set_304"
+ "value": "audit_sudo_log_events",
+ "remarks": "rule_set_358"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Error Action on Disk Error",
- "remarks": "rule_set_304"
+ "value": "Record Attempts to perform maintenance activities",
+ "remarks": "rule_set_358"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_full_action",
- "remarks": "rule_set_305"
+ "value": "audit_rules_time_adjtimex",
+ "remarks": "rule_set_359"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Full Action when Disk Space Is Full",
- "remarks": "rule_set_305"
+ "value": "Record attempts to alter time through adjtimex",
+ "remarks": "rule_set_359"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_full_action",
- "remarks": "rule_set_305"
+ "value": "audit_rules_time_adjtimex",
+ "remarks": "rule_set_359"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Full Action when Disk Space Is Full",
- "remarks": "rule_set_305"
+ "value": "Record attempts to alter time through adjtimex",
+ "remarks": "rule_set_359"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct",
- "remarks": "rule_set_306"
+ "value": "audit_rules_time_settimeofday",
+ "remarks": "rule_set_360"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd mail_acct Action on Low Disk Space",
- "remarks": "rule_set_306"
+ "value": "Record attempts to alter time through settimeofday",
+ "remarks": "rule_set_360"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct",
- "remarks": "rule_set_306"
+ "value": "audit_rules_time_settimeofday",
+ "remarks": "rule_set_360"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd mail_acct Action on Low Disk Space",
- "remarks": "rule_set_306"
+ "value": "Record attempts to alter time through settimeofday",
+ "remarks": "rule_set_360"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_admin_space_left_action",
- "remarks": "rule_set_307"
+ "value": "audit_rules_time_clock_settime",
+ "remarks": "rule_set_361"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd admin_space_left Action on Low Disk Space",
- "remarks": "rule_set_307"
+ "value": "Record Attempts to Alter Time Through clock_settime",
+ "remarks": "rule_set_361"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_admin_space_left_action",
- "remarks": "rule_set_307"
+ "value": "audit_rules_time_clock_settime",
+ "remarks": "rule_set_361"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd admin_space_left Action on Low Disk Space",
- "remarks": "rule_set_307"
+ "value": "Record Attempts to Alter Time Through clock_settime",
+ "remarks": "rule_set_361"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_space_left_action",
- "remarks": "rule_set_308"
+ "value": "audit_rules_time_watch_localtime",
+ "remarks": "rule_set_362"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd space_left Action on Low Disk Space",
- "remarks": "rule_set_308"
+ "value": "Record Attempts to Alter the localtime File",
+ "remarks": "rule_set_362"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_space_left_action",
- "remarks": "rule_set_308"
+ "value": "audit_rules_time_watch_localtime",
+ "remarks": "rule_set_362"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd space_left Action on Low Disk Space",
- "remarks": "rule_set_308"
+ "value": "Record Attempts to Alter the localtime File",
+ "remarks": "rule_set_362"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_sysadmin_actions",
- "remarks": "rule_set_309"
+ "value": "audit_rules_networkconfig_modification_setdomainname",
+ "remarks": "rule_set_363"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects System Administrator Actions",
- "remarks": "rule_set_309"
+ "value": "Record Events that Modify the System's Network Environment - setdomainname",
+ "remarks": "rule_set_363"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_sysadmin_actions",
- "remarks": "rule_set_309"
+ "value": "audit_rules_networkconfig_modification_setdomainname",
+ "remarks": "rule_set_363"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects System Administrator Actions",
- "remarks": "rule_set_309"
+ "value": "Record Events that Modify the System's Network Environment - setdomainname",
+ "remarks": "rule_set_363"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_suid_auid_privilege_function",
- "remarks": "rule_set_310"
+ "value": "audit_rules_networkconfig_modification_sethostname",
+ "remarks": "rule_set_364"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events When Executables Are Run As Another User",
- "remarks": "rule_set_310"
+ "value": "Record Events that Modify the System's Network Environment - sethostname",
+ "remarks": "rule_set_364"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_suid_auid_privilege_function",
- "remarks": "rule_set_310"
+ "value": "audit_rules_networkconfig_modification_sethostname",
+ "remarks": "rule_set_364"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events When Executables Are Run As Another User",
- "remarks": "rule_set_310"
+ "value": "Record Events that Modify the System's Network Environment - sethostname",
+ "remarks": "rule_set_364"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_sudo_log_events",
- "remarks": "rule_set_311"
+ "value": "audit_rules_networkconfig_modification_etc_issue",
+ "remarks": "rule_set_365"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to perform maintenance activities",
- "remarks": "rule_set_311"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue",
+ "remarks": "rule_set_365"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_sudo_log_events",
- "remarks": "rule_set_311"
+ "value": "audit_rules_networkconfig_modification_etc_issue",
+ "remarks": "rule_set_365"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to perform maintenance activities",
- "remarks": "rule_set_311"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue",
+ "remarks": "rule_set_365"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_adjtimex",
- "remarks": "rule_set_312"
+ "value": "audit_rules_networkconfig_modification_etc_issue_net",
+ "remarks": "rule_set_366"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through adjtimex",
- "remarks": "rule_set_312"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue.net",
+ "remarks": "rule_set_366"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_adjtimex",
- "remarks": "rule_set_312"
+ "value": "audit_rules_networkconfig_modification_etc_issue_net",
+ "remarks": "rule_set_366"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through adjtimex",
- "remarks": "rule_set_312"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue.net",
+ "remarks": "rule_set_366"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_settimeofday",
- "remarks": "rule_set_313"
+ "value": "audit_rules_networkconfig_modification_etc_hosts",
+ "remarks": "rule_set_367"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through settimeofday",
- "remarks": "rule_set_313"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hosts",
+ "remarks": "rule_set_367"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_settimeofday",
- "remarks": "rule_set_313"
+ "value": "audit_rules_networkconfig_modification_etc_hosts",
+ "remarks": "rule_set_367"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through settimeofday",
- "remarks": "rule_set_313"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hosts",
+ "remarks": "rule_set_367"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_clock_settime",
- "remarks": "rule_set_314"
+ "value": "audit_rules_networkconfig_modification_hostname_file",
+ "remarks": "rule_set_368"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Time Through clock_settime",
- "remarks": "rule_set_314"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hostname",
+ "remarks": "rule_set_368"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_clock_settime",
- "remarks": "rule_set_314"
+ "value": "audit_rules_networkconfig_modification_hostname_file",
+ "remarks": "rule_set_368"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Time Through clock_settime",
- "remarks": "rule_set_314"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hostname",
+ "remarks": "rule_set_368"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_watch_localtime",
- "remarks": "rule_set_315"
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network",
+ "remarks": "rule_set_369"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter the localtime File",
- "remarks": "rule_set_315"
+ "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network",
+ "remarks": "rule_set_369"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_watch_localtime",
- "remarks": "rule_set_315"
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network",
+ "remarks": "rule_set_369"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter the localtime File",
- "remarks": "rule_set_315"
+ "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network",
+ "remarks": "rule_set_369"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification",
- "remarks": "rule_set_316"
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections",
+ "remarks": "rule_set_370"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment",
- "remarks": "rule_set_316"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/",
+ "remarks": "rule_set_370"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification",
- "remarks": "rule_set_316"
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections",
+ "remarks": "rule_set_370"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment",
- "remarks": "rule_set_316"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/",
+ "remarks": "rule_set_370"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts",
- "remarks": "rule_set_317"
+ "value": "audit_rules_networkconfig_modification_networkmanager",
+ "remarks": "rule_set_371"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts",
- "remarks": "rule_set_317"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/",
+ "remarks": "rule_set_371"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts",
- "remarks": "rule_set_317"
+ "value": "audit_rules_networkconfig_modification_networkmanager",
+ "remarks": "rule_set_371"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts",
- "remarks": "rule_set_317"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/",
+ "remarks": "rule_set_371"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_creat",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - creat",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_creat",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - creat",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_ftruncate",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - ftruncate",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_ftruncate",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - ftruncate",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_open",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - open",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_open",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - open",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_openat",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - openat",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_openat",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - openat",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_truncate",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - truncate",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_truncate",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - truncate",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_group",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_378"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/group",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_378"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_group",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_378"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/group",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_378"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_passwd",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_379"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/passwd",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_379"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_passwd",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_379"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/passwd",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_379"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_gshadow",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_380"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/gshadow",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_380"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_gshadow",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_380"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/gshadow",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_380"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_shadow",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_381"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/shadow",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_381"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_shadow",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_381"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/shadow",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_381"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_opasswd",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_382"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_382"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_opasswd",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_382"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_382"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/nsswitch.conf",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/nsswitch.conf",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.conf",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.conf",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.d/",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.d/",
+ "remarks": "rule_set_385"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chmod",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chmod",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chown",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chown",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chown",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chown",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmod",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmod",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat2",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat2",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchown",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchown",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchownat",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchownat",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fremovexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fremovexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fsetxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fsetxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lchown",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lchown",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lremovexattr",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lremovexattr",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lsetxattr",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lsetxattr",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_removexattr",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_removexattr",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_setxattr",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_setxattr",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_media_export",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Exporting to Media (successful)",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_media_export",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Exporting to Media (successful)",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_utmp",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information utmp",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_utmp",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information utmp",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_btmp",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information btmp",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_btmp",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information btmp",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_wtmp",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_wtmp",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_faillock",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - faillock",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_faillock",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - faillock",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_lastlog",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - lastlog",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_lastlog",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - lastlog",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_rename",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - rename",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_rename",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - rename",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat2",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat2",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat2",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat2",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlink",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlink",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlink",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlink",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlinkat",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlinkat",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_etc_selinux",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_etc_selinux",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_usr_share",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_usr_share",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chcon",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chcon",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chcon",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chcon",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_setfacl",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run setfacl",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_setfacl",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run setfacl",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chacl",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chacl",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chacl",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chacl",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_usermod",
- "remarks": "rule_set_359"
+ "remarks": "rule_set_416"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
- "remarks": "rule_set_359"
+ "remarks": "rule_set_416"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_usermod",
- "remarks": "rule_set_359"
+ "remarks": "rule_set_416"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
- "remarks": "rule_set_359"
+ "remarks": "rule_set_416"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_kmod",
- "remarks": "rule_set_360"
+ "remarks": "rule_set_417"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
- "remarks": "rule_set_360"
+ "remarks": "rule_set_417"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_kmod",
- "remarks": "rule_set_360"
+ "remarks": "rule_set_417"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
- "remarks": "rule_set_360"
+ "remarks": "rule_set_417"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_finit",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_418"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_418"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_finit",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_418"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_418"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_init",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_419"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_419"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_init",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_419"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_419"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_delete",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_420"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_420"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_delete",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_420"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_420"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_create",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_421"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_421"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_create",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_421"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_421"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_query",
- "remarks": "rule_set_365"
+ "remarks": "rule_set_422"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
- "remarks": "rule_set_365"
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_query",
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading",
+ "remarks": "rule_set_423"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Audit Configuration is Loaded Regardless of Errors",
+ "remarks": "rule_set_423"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_query",
- "remarks": "rule_set_365"
+ "value": "audit_rules_continue_loading",
+ "remarks": "rule_set_423"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
- "remarks": "rule_set_365"
+ "value": "Ensure the Audit Configuration is Loaded Regardless of Errors",
+ "remarks": "rule_set_423"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_immutable",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Make the auditd Configuration Immutable",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_immutable",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Make the auditd Configuration Immutable",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "directory_permissions_var_log_audit",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "directory_permissions_var_log_audit",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_var_log_audit",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_var_log_audit",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_var_log_audit_stig",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Owned By Root",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_var_log_audit_stig",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Owned By Root",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_group_ownership_var_log_audit",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Group Owned By Root",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_group_ownership_var_log_audit",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Group Owned By Root",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_configuration",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Permissions are 640 or More Restrictive",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_configuration",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Permissions are 640 or More Restrictive",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_configuration",
- "remarks": "rule_set_372"
+ "remarks": "rule_set_430"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Root",
- "remarks": "rule_set_372"
+ "remarks": "rule_set_430"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_configuration",
- "remarks": "rule_set_372"
+ "remarks": "rule_set_430"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Root",
- "remarks": "rule_set_372"
+ "remarks": "rule_set_430"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_configuration",
- "remarks": "rule_set_373"
+ "remarks": "rule_set_431"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Group root",
- "remarks": "rule_set_373"
+ "remarks": "rule_set_431"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_configuration",
- "remarks": "rule_set_373"
+ "remarks": "rule_set_431"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Group root",
- "remarks": "rule_set_373"
+ "remarks": "rule_set_431"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_binaries",
- "remarks": "rule_set_374"
+ "remarks": "rule_set_432"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools Have Mode 0755 or less",
- "remarks": "rule_set_374"
+ "remarks": "rule_set_432"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_binaries",
- "remarks": "rule_set_374"
+ "remarks": "rule_set_432"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools Have Mode 0755 or less",
- "remarks": "rule_set_374"
+ "remarks": "rule_set_432"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_binaries",
- "remarks": "rule_set_375"
+ "remarks": "rule_set_433"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by root",
- "remarks": "rule_set_375"
+ "remarks": "rule_set_433"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_binaries",
- "remarks": "rule_set_375"
+ "remarks": "rule_set_433"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by root",
- "remarks": "rule_set_375"
+ "remarks": "rule_set_433"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_binaries",
- "remarks": "rule_set_376"
+ "remarks": "rule_set_434"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by group root",
- "remarks": "rule_set_376"
+ "remarks": "rule_set_434"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_binaries",
- "remarks": "rule_set_376"
+ "remarks": "rule_set_434"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by group root",
- "remarks": "rule_set_376"
+ "remarks": "rule_set_434"
}
],
"control-implementations": [
{
- "uuid": "a40a37e5-5c65-448c-9f81-07a081db4388",
+ "uuid": "329fb39e-9aeb-4a0f-bccd-64acf0003c5c",
"source": "trestle://profiles/fedora-cis_fedora-l2_server/profile.json",
"description": "Control implementation for cis",
"props": [
@@ -22358,18 +24716,6 @@
"4"
]
},
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
{
"param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"values": [
@@ -22412,6 +24758,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
"values": [
@@ -22490,6 +24842,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "var_account_disable_post_pw_expiration",
"values": [
@@ -22550,28 +24908,22 @@
"8192"
]
},
- {
- "param-id": "var_auditd_action_mail_acct",
- "values": [
- "root"
- ]
- },
{
"param-id": "var_auditd_admin_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_error_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_full_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -22589,7 +24941,7 @@
{
"param-id": "var_auditd_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -22607,7 +24959,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -22634,6 +24986,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -22707,9 +25065,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -22721,7 +25079,7 @@
],
"implemented-requirements": [
{
- "uuid": "aaed77e1-3e91-42b8-ab7b-dd98762170ed",
+ "uuid": "db172818-3456-4fa6-b89a-b40cc8b1c285",
"control-id": "cis_fedora_1-1.1.6",
"description": "No notes for control-id 1.1.1.6.",
"props": [
@@ -22738,7 +25096,7 @@
]
},
{
- "uuid": "3755bf47-b70e-46d1-94b6-c94221fbd80f",
+ "uuid": "bd020871-3519-43de-ad61-65343d664203",
"control-id": "cis_fedora_1-1.1.7",
"description": "No notes for control-id 1.1.1.7.",
"props": [
@@ -22755,7 +25113,7 @@
]
},
{
- "uuid": "d8018782-4656-45a8-994c-657cd1cfe25b",
+ "uuid": "694506a7-aad3-49ff-a46a-d52c6db8623e",
"control-id": "cis_fedora_1-1.1.8",
"description": "No notes for control-id 1.1.1.8.",
"props": [
@@ -22772,7 +25130,7 @@
]
},
{
- "uuid": "ac112915-9520-4ac9-a98c-49e300a97cc6",
+ "uuid": "e12e3c9e-ff3d-4772-839b-49c3f1bfd6c7",
"control-id": "cis_fedora_1-1.2.3.1",
"description": "No notes for control-id 1.1.2.3.1.",
"props": [
@@ -22789,7 +25147,7 @@
]
},
{
- "uuid": "ecb7d0fe-1d6c-4f58-8e38-205373e46f4d",
+ "uuid": "8b8dcf36-25bc-4488-a275-f3c766b5d250",
"control-id": "cis_fedora_1-1.2.4.1",
"description": "No notes for control-id 1.1.2.4.1.",
"props": [
@@ -22806,7 +25164,7 @@
]
},
{
- "uuid": "f38ded88-b525-4b1c-9965-5529bc366ca4",
+ "uuid": "f157914b-abb0-433b-bcc4-b1f105935df4",
"control-id": "cis_fedora_1-1.2.5.1",
"description": "No notes for control-id 1.1.2.5.1.",
"props": [
@@ -22823,7 +25181,7 @@
]
},
{
- "uuid": "2064a66a-c181-4558-95d7-577defad7c07",
+ "uuid": "4bf5f9a6-227b-42df-9338-3b0c5dce9b8e",
"control-id": "cis_fedora_1-1.2.6.1",
"description": "No notes for control-id 1.1.2.6.1.",
"props": [
@@ -22840,7 +25198,7 @@
]
},
{
- "uuid": "af95dbca-9d40-4425-a43e-cf3aa19c1bcf",
+ "uuid": "74c82275-83e6-4a28-a0b0-7b60d9b307f5",
"control-id": "cis_fedora_1-1.2.7.1",
"description": "No notes for control-id 1.1.2.7.1.",
"props": [
@@ -22857,7 +25215,7 @@
]
},
{
- "uuid": "663993c2-1a99-484d-8b06-c875c0ae950b",
+ "uuid": "d03174ed-e882-4490-9fe5-0c24ce705bad",
"control-id": "cis_fedora_1-2.1.3",
"description": "The description for control-id cis_fedora_1-2.1.3.",
"props": [
@@ -22870,7 +25228,7 @@
]
},
{
- "uuid": "e69782c6-4ba8-43bf-9d68-3fc7a54473da",
+ "uuid": "e7422eb2-5562-475c-9d5a-94595ac8da28",
"control-id": "cis_fedora_1-3.1.5",
"description": "No notes for control-id 1.3.1.5.",
"props": [
@@ -22887,7 +25245,7 @@
]
},
{
- "uuid": "6d34c2be-d634-42ae-b03e-e9d2427b508d",
+ "uuid": "d9d02bba-5f5a-4000-b71a-b93d0a70b8f8",
"control-id": "cis_fedora_1-3.1.6",
"description": "The description for control-id cis_fedora_1-3.1.6.",
"props": [
@@ -22900,48 +25258,60 @@
]
},
{
- "uuid": "67505e67-dc00-4985-ab07-efd6a0fa8c0e",
+ "uuid": "203cf865-5696-43c1-a820-c6819658378c",
"control-id": "cis_fedora_1-8.7",
- "description": "The description for control-id cis_fedora_1-8.7.",
+ "description": "No notes for control-id 1.8.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.8.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "xwayland_disabled"
}
]
},
{
- "uuid": "83beafc5-6266-4a54-85cc-999f788f391e",
+ "uuid": "a65b8762-98a1-4817-9605-9944bb37a59f",
"control-id": "cis_fedora_2-1.3",
- "description": "The description for control-id cis_fedora_2-1.3.",
+ "description": "No notes for control-id 2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_cockpit_disabled"
}
]
},
{
- "uuid": "54c290e5-31b2-4f29-a901-3caf54e1425f",
+ "uuid": "8d7842e4-4ca8-498e-9ba0-f5e5a45c73fe",
"control-id": "cis_fedora_2-1.21",
- "description": "The description for control-id cis_fedora_2-1.21.",
+ "description": "No notes for control-id 2.1.21.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.1.21."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_gdm_removed"
}
]
},
{
- "uuid": "71099da2-aa33-4a62-94e6-687611d04ae2",
+ "uuid": "3f932f6b-0b80-46cd-8964-f3ca5cd476f2",
"control-id": "cis_fedora_2-1.22",
- "description": "Review the availability of xorg-x11-server-common package when the product is out.\nThe rule also configures correct run level to prevent unbootable system.",
+ "description": "No notes for control-id 2.1.22.",
"props": [
{
"name": "implementation-status",
@@ -22951,17 +25321,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_gdm_removed"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "xwindows_runlevel_target"
+ "value": "package_xorg-x11-server-Xwayland_removed"
}
]
},
{
- "uuid": "2c0bb3dd-0b61-45c1-b407-775e0fb1a5c4",
+ "uuid": "852b47f3-396c-44bf-b6ff-829082803e3c",
"control-id": "cis_fedora_2-2.2",
"description": "No notes for control-id 2.2.2.",
"props": [
@@ -22978,7 +25343,7 @@
]
},
{
- "uuid": "4bcdca8a-c0b1-4fad-9e8f-ee82c2f38330",
+ "uuid": "dff25e3b-548e-43c1-bfb9-415c9fe7b3a5",
"control-id": "cis_fedora_3-2.6",
"description": "No notes for control-id 3.2.6.",
"props": [
@@ -22995,7 +25360,7 @@
]
},
{
- "uuid": "168fdc8c-3015-44e7-9ab4-75d1619dfa51",
+ "uuid": "c841c0d6-9b6f-4e54-b261-08bf962fb332",
"control-id": "cis_fedora_3-3.1.1",
"description": "No notes for control-id 3.3.1.1.",
"props": [
@@ -23012,20 +25377,24 @@
]
},
{
- "uuid": "91797208-e686-4ffa-84c9-b68c73233dee",
+ "uuid": "354155ba-443e-4dc3-b447-d202af9f2922",
"control-id": "cis_fedora_5-1.10",
- "description": "The description for control-id cis_fedora_5-1.10.",
+ "description": "No notes for control-id 5.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary for \"disableforwarding\" option."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding"
}
]
},
{
- "uuid": "82cbe6fa-6541-4425-94a6-25fe275cc3f7",
+ "uuid": "c1819c20-fa06-4935-8c70-149a78087068",
"control-id": "cis_fedora_5-1.11",
"description": "No notes for control-id 5.1.11.",
"props": [
@@ -23042,7 +25411,7 @@
]
},
{
- "uuid": "f9e7b1a9-f97a-4070-b741-cef37652136a",
+ "uuid": "a23ff81b-7d4c-4cc7-b157-48d936e580b5",
"control-id": "cis_fedora_5-2.4",
"description": "No notes for control-id 5.2.4.",
"props": [
@@ -23054,12 +25423,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_nopasswd"
}
]
},
{
- "uuid": "c8cfef6e-5746-4d53-88cc-4a4f8490325a",
+ "uuid": "c8250e8b-fe1e-4fda-9eb2-ebcc55f36869",
"control-id": "cis_fedora_5-3.3.1.3",
"description": "No notes for control-id 5.3.3.1.3.",
"props": [
@@ -23076,7 +25445,7 @@
]
},
{
- "uuid": "9eb8dc59-7c79-4502-a5eb-80c029d3589f",
+ "uuid": "e0bfa3e0-452b-48a2-8a27-83d2941e4499",
"control-id": "cis_fedora_5-4.1.2",
"description": "No notes for control-id 5.4.1.2.",
"props": [
@@ -23098,20 +25467,24 @@
]
},
{
- "uuid": "fcd10acb-a0c9-4397-abfa-acbd9b071c78",
+ "uuid": "a7736439-e9a3-4c90-94d9-395bc630843c",
"control-id": "cis_fedora_5-4.3.1",
- "description": "The description for control-id cis_fedora_5-4.3.1.",
+ "description": "No notes for control-id 5.4.3.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check and remove nologin from /etc/shells.\nThe no_tmux_in_shells rule can be used as referece."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_nologin_in_shells"
}
]
},
{
- "uuid": "8d2cccdc-16a3-433d-9eef-89f612ad91a6",
+ "uuid": "df57816b-0f1f-4396-a5f2-a8300ab84360",
"control-id": "cis_fedora_6-3.1.1",
"description": "No notes for control-id 6.3.1.1.",
"props": [
@@ -23133,7 +25506,7 @@
]
},
{
- "uuid": "6a4902d3-51aa-4ab2-ab65-7aac70d9989d",
+ "uuid": "c610a141-0ad6-4fa4-83be-5019f92e7823",
"control-id": "cis_fedora_6-3.1.2",
"description": "No notes for control-id 6.3.1.2.",
"props": [
@@ -23150,7 +25523,7 @@
]
},
{
- "uuid": "80b03c0f-153d-4d18-9b98-22a9d4d3ff05",
+ "uuid": "e98a0a96-ef2f-4fa8-a342-8089b6b3d63b",
"control-id": "cis_fedora_6-3.1.3",
"description": "No notes for control-id 6.3.1.3.",
"props": [
@@ -23167,7 +25540,7 @@
]
},
{
- "uuid": "a4368c45-c211-4028-b75a-e39f1f8a549c",
+ "uuid": "1e0b3f9c-0e79-4d02-9b56-a28b5f56857f",
"control-id": "cis_fedora_6-3.1.4",
"description": "No notes for control-id 6.3.1.4.",
"props": [
@@ -23184,7 +25557,7 @@
]
},
{
- "uuid": "ffb8896b-d8b9-4877-ae7a-bf1c9e485451",
+ "uuid": "520cce54-6f07-401a-beb2-e72c561f9e22",
"control-id": "cis_fedora_6-3.2.1",
"description": "No notes for control-id 6.3.2.1.",
"props": [
@@ -23201,7 +25574,7 @@
]
},
{
- "uuid": "57639c9c-7b49-4165-9211-4b7875275a89",
+ "uuid": "576db7f6-0159-44d1-bc41-dbb0080acf74",
"control-id": "cis_fedora_6-3.2.2",
"description": "No notes for control-id 6.3.2.2.",
"props": [
@@ -23218,7 +25591,7 @@
]
},
{
- "uuid": "41267ad0-7139-47dc-8ef6-8c9d9a788a19",
+ "uuid": "7b528b8a-9cf6-4c7d-a9e9-f150c7767cd2",
"control-id": "cis_fedora_6-3.2.3",
"description": "No notes for control-id 6.3.2.3.",
"props": [
@@ -23240,7 +25613,7 @@
]
},
{
- "uuid": "321dd9c7-335c-48a0-a963-9f88debc66a4",
+ "uuid": "449cf43e-2bc5-4bb3-bf3f-0a560901b8ae",
"control-id": "cis_fedora_6-3.2.4",
"description": "No notes for control-id 6.3.2.4.",
"props": [
@@ -23249,11 +25622,6 @@
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -23267,7 +25635,7 @@
]
},
{
- "uuid": "d877bf37-ef5d-4a4f-9893-63b97282041c",
+ "uuid": "94e1d6f6-0c59-4d63-864a-4ded9d52a1d4",
"control-id": "cis_fedora_6-3.3.1",
"description": "No notes for control-id 6.3.3.1.",
"props": [
@@ -23284,7 +25652,7 @@
]
},
{
- "uuid": "c3ffd6b0-fbeb-4a78-8527-b0b98182bf64",
+ "uuid": "d5f31592-e588-45cc-b659-fa9495ca57b0",
"control-id": "cis_fedora_6-3.3.2",
"description": "No notes for control-id 6.3.3.2.",
"props": [
@@ -23301,7 +25669,7 @@
]
},
{
- "uuid": "689851da-89b5-4341-bf61-db04b840f890",
+ "uuid": "0ad8eea8-9081-481c-9e62-5f4556cd1165",
"control-id": "cis_fedora_6-3.3.3",
"description": "No notes for control-id 6.3.3.3.",
"props": [
@@ -23318,7 +25686,7 @@
]
},
{
- "uuid": "63cdafbd-e6b4-4721-be82-ed81df275a6a",
+ "uuid": "9242ba63-7f15-4c4b-95ed-8000b7288a5c",
"control-id": "cis_fedora_6-3.3.4",
"description": "No notes for control-id 6.3.3.4.",
"props": [
@@ -23350,81 +25718,112 @@
]
},
{
- "uuid": "f115c889-c3ef-4988-9d89-1d9ebf87cfd6",
+ "uuid": "a88074a9-8b73-42d0-8200-abc48fc08a18",
"control-id": "cis_fedora_6-3.3.5",
- "description": "The description for control-id cis_fedora_6-3.3.5.",
+ "description": "No notes for control-id 6.3.3.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_setdomainname"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_sethostname"
}
]
},
{
- "uuid": "8ef690b4-aa3e-4c15-9c8c-600d7677655c",
+ "uuid": "4fab2e86-4e4d-4d45-b938-89f3e5292129",
"control-id": "cis_fedora_6-3.3.6",
- "description": "The description for control-id cis_fedora_6-3.3.6.",
+ "description": "No notes for control-id 6.3.3.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue_net"
}
]
},
{
- "uuid": "65335b8d-2503-4833-99f6-f8c42f74b787",
+ "uuid": "457886d0-077a-45a4-b59f-d06a8b3771ad",
"control-id": "cis_fedora_6-3.3.7",
- "description": "These rules are not covering \"/etc/hostname\" and \"/etc/NetworkManager/\".",
+ "description": "No notes for control-id 6.3.3.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification"
+ "value": "audit_rules_networkconfig_modification_etc_hosts"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts"
+ "value": "audit_rules_networkconfig_modification_hostname_file"
}
]
},
{
- "uuid": "ba88940e-b127-4e99-b4c2-7bb88893bc3c",
+ "uuid": "00823bf8-3fa8-45ef-a2e2-4e37c43c3a68",
"control-id": "cis_fedora_6-3.3.8",
- "description": "The description for control-id cis_fedora_6-3.3.8.",
+ "description": "No notes for control-id 6.3.3.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections"
}
]
},
{
- "uuid": "f7000ce7-549c-4b1d-a855-40a5234d170e",
+ "uuid": "3105645f-bb71-4a03-a9b1-b574e0bae89c",
"control-id": "cis_fedora_6-3.3.9",
- "description": "The description for control-id cis_fedora_6-3.3.9.",
+ "description": "No notes for control-id 6.3.3.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_networkmanager"
}
]
},
{
- "uuid": "188c844f-be3e-4199-baa9-86d333879586",
+ "uuid": "5e57a881-1b35-442f-a3d0-2a1912cc946f",
"control-id": "cis_fedora_6-3.3.10",
"description": "No notes for control-id 6.3.3.10.",
"props": [
@@ -23441,7 +25840,7 @@
]
},
{
- "uuid": "53a5494a-904b-4ad0-9a63-e7f1b38c8fa5",
+ "uuid": "6c3da5c4-5fd9-4bee-b8ed-5b703597314f",
"control-id": "cis_fedora_6-3.3.11",
"description": "No notes for control-id 6.3.3.11.",
"props": [
@@ -23478,7 +25877,7 @@
]
},
{
- "uuid": "aafdd6de-bd25-4260-985d-0ccc70c34165",
+ "uuid": "d2a76561-10d5-4ab0-b46d-dc6e0eb466d4",
"control-id": "cis_fedora_6-3.3.12",
"description": "No notes for control-id 6.3.3.12.",
"props": [
@@ -23495,7 +25894,7 @@
]
},
{
- "uuid": "609d6df2-b411-43be-bf92-6b9c1fdcd82e",
+ "uuid": "0c13a509-19ab-4ba7-9d7b-c33fffd3c737",
"control-id": "cis_fedora_6-3.3.13",
"description": "No notes for control-id 6.3.3.13.",
"props": [
@@ -23512,7 +25911,7 @@
]
},
{
- "uuid": "002505e7-2870-406a-a8d5-9cea489f1db9",
+ "uuid": "0365d01f-6298-41dd-85ce-200bf14c008b",
"control-id": "cis_fedora_6-3.3.14",
"description": "No notes for control-id 6.3.3.14.",
"props": [
@@ -23534,7 +25933,7 @@
]
},
{
- "uuid": "c9207214-3bf1-413a-b974-40c071acd1a0",
+ "uuid": "07e78a90-8e28-446b-aca1-10385e841c5e",
"control-id": "cis_fedora_6-3.3.15",
"description": "No notes for control-id 6.3.3.15.",
"props": [
@@ -23551,33 +25950,46 @@
]
},
{
- "uuid": "02e89aa2-c07d-49cb-a67c-f9db2cc14a94",
+ "uuid": "714a4a3c-0cd4-475f-b41f-36c393a2aa93",
"control-id": "cis_fedora_6-3.3.16",
- "description": "The description for control-id cis_fedora_6-3.3.16.",
+ "description": "No notes for control-id 6.3.3.16.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.16."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf"
}
]
},
{
- "uuid": "fedddfbd-6f4d-4006-ac59-3157140acf3d",
+ "uuid": "c47789e0-3192-413a-b5ee-f340540cc0d2",
"control-id": "cis_fedora_6-3.3.17",
- "description": "The description for control-id cis_fedora_6-3.3.17.",
+ "description": "No notes for control-id 6.3.3.17.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.17."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd"
}
]
},
{
- "uuid": "3d43d015-e55c-4ebb-9d30-e37632983934",
+ "uuid": "91483e2a-39ef-47ad-9fb2-615eb36a4c1e",
"control-id": "cis_fedora_6-3.3.18",
"description": "No notes for control-id 6.3.3.18.",
"props": [
@@ -23659,7 +26071,7 @@
]
},
{
- "uuid": "e7f897fe-1a1f-4294-a86b-7a459f853424",
+ "uuid": "bb77ef15-7ce0-40d8-a188-5e91cc2e3864",
"control-id": "cis_fedora_6-3.3.19",
"description": "No notes for control-id 6.3.3.19.",
"props": [
@@ -23676,7 +26088,7 @@
]
},
{
- "uuid": "376a99d6-f952-46f8-aefd-a6ead4639997",
+ "uuid": "1d4efb52-76ec-416a-a0a0-452517774ff9",
"control-id": "cis_fedora_6-3.3.20",
"description": "No notes for control-id 6.3.3.20.",
"props": [
@@ -23703,7 +26115,7 @@
]
},
{
- "uuid": "f54e72b1-9964-4707-bfeb-dd7cff95a6a1",
+ "uuid": "6529cad8-be1c-45a7-8c6c-faec97d58660",
"control-id": "cis_fedora_6-3.3.21",
"description": "No notes for control-id 6.3.3.21.",
"props": [
@@ -23725,7 +26137,7 @@
]
},
{
- "uuid": "ca828b0b-a7d2-4981-8657-bae6a195f39a",
+ "uuid": "23d9af22-2c6b-4d36-9b8a-ebf89aec5217",
"control-id": "cis_fedora_6-3.3.22",
"description": "No notes for control-id 6.3.3.22.",
"props": [
@@ -23762,7 +26174,7 @@
]
},
{
- "uuid": "afb590b5-e4cf-45b0-9772-d81cb3c74c5a",
+ "uuid": "4d75fcf5-5e28-463c-b145-c3f81f305c80",
"control-id": "cis_fedora_6-3.3.23",
"description": "No notes for control-id 6.3.3.23.",
"props": [
@@ -23784,7 +26196,7 @@
]
},
{
- "uuid": "3691d1e8-df07-4f90-98b9-0738c64b242a",
+ "uuid": "c7220a80-b8e9-42b1-8b6d-ed81f026715a",
"control-id": "cis_fedora_6-3.3.24",
"description": "No notes for control-id 6.3.3.24.",
"props": [
@@ -23801,7 +26213,7 @@
]
},
{
- "uuid": "63fc06d0-44f3-413a-bc7e-5206cc379bb2",
+ "uuid": "db78af3d-eacc-4fc5-8215-de4e6f015176",
"control-id": "cis_fedora_6-3.3.25",
"description": "No notes for control-id 6.3.3.25.",
"props": [
@@ -23818,7 +26230,7 @@
]
},
{
- "uuid": "2e87b124-3f73-4ac7-a0e5-7c058b173811",
+ "uuid": "f03078e9-b94d-43dd-aaf1-da48ba1696cc",
"control-id": "cis_fedora_6-3.3.26",
"description": "No notes for control-id 6.3.3.26.",
"props": [
@@ -23835,7 +26247,7 @@
]
},
{
- "uuid": "ca777305-9b57-4627-981d-e60364707f0b",
+ "uuid": "16b6cbe8-a9f0-445b-9891-dcd074d835f3",
"control-id": "cis_fedora_6-3.3.27",
"description": "No notes for control-id 6.3.3.27.",
"props": [
@@ -23852,7 +26264,7 @@
]
},
{
- "uuid": "f9bd4a15-c820-4ec3-9514-8ccb3d632ca7",
+ "uuid": "10d3f916-2f96-46a5-946d-14b7ffb9a512",
"control-id": "cis_fedora_6-3.3.28",
"description": "No notes for control-id 6.3.3.28.",
"props": [
@@ -23869,7 +26281,7 @@
]
},
{
- "uuid": "0544bea4-d039-44a6-832b-0627c57e10e8",
+ "uuid": "2fddd8fb-74f6-48e5-91e3-9dc9232c9b60",
"control-id": "cis_fedora_6-3.3.29",
"description": "No notes for control-id 6.3.3.29.",
"props": [
@@ -23891,7 +26303,7 @@
]
},
{
- "uuid": "f74b3fb6-ec16-4aea-9053-91e019fc4f4b",
+ "uuid": "46be74b7-b76b-4edd-b29c-04aacd39d7f1",
"control-id": "cis_fedora_6-3.3.30",
"description": "No notes for control-id 6.3.3.30.",
"props": [
@@ -23908,7 +26320,7 @@
]
},
{
- "uuid": "59bdc97a-e9ee-4c17-a4d5-fedbf111ba74",
+ "uuid": "de0f5092-953f-430f-a68d-205ee58e38de",
"control-id": "cis_fedora_6-3.3.31",
"description": "No notes for control-id 6.3.3.31.",
"props": [
@@ -23930,20 +26342,24 @@
]
},
{
- "uuid": "eb14933e-65d0-448f-940b-441f5b13fa12",
+ "uuid": "4838b356-c900-4529-8ff6-78cb0f674a1d",
"control-id": "cis_fedora_6-3.3.32",
- "description": "The description for control-id cis_fedora_6-3.3.32.",
+ "description": "No notes for control-id 6.3.3.32.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.32."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading"
}
]
},
{
- "uuid": "f81ec1a0-efb5-4f46-be3a-5d7b3acbda96",
+ "uuid": "5b402898-18fc-4e63-becf-d057d00fe665",
"control-id": "cis_fedora_6-3.3.33",
"description": "No notes for control-id 6.3.3.33.",
"props": [
@@ -23960,7 +26376,7 @@
]
},
{
- "uuid": "40cdcf2b-4201-4abc-8a3e-465393613042",
+ "uuid": "df99dfdf-399a-4a14-aea9-aa3d5f59c035",
"control-id": "cis_fedora_6-3.3.34",
"description": "The description for control-id cis_fedora_6-3.3.34.",
"props": [
@@ -23973,7 +26389,7 @@
]
},
{
- "uuid": "2639e1ac-b5c8-4ab7-8b43-1f7fffaae23d",
+ "uuid": "13deb7e5-c926-4942-892f-993cb72ab765",
"control-id": "cis_fedora_6-3.4.1",
"description": "No notes for control-id 6.3.4.1.",
"props": [
@@ -23990,7 +26406,7 @@
]
},
{
- "uuid": "463e9144-982b-4e13-a0a8-a6847367e371",
+ "uuid": "335de056-fc4d-43e9-9f82-15a1d4ef2529",
"control-id": "cis_fedora_6-3.4.2",
"description": "No notes for control-id 6.3.4.2.",
"props": [
@@ -24007,7 +26423,7 @@
]
},
{
- "uuid": "5f5de0c3-1bcf-4220-a09b-adf29d6515ac",
+ "uuid": "1a29e45f-304d-44da-8fc0-db35f265399e",
"control-id": "cis_fedora_6-3.4.3",
"description": "No notes for control-id 6.3.4.3.",
"props": [
@@ -24024,7 +26440,7 @@
]
},
{
- "uuid": "84eea5f5-ac78-4641-b6c7-deaa8c93941a",
+ "uuid": "388c5b84-b802-4908-8449-03de42e4470e",
"control-id": "cis_fedora_6-3.4.4",
"description": "No notes for control-id 6.3.4.4.",
"props": [
@@ -24041,7 +26457,7 @@
]
},
{
- "uuid": "f2ea3eaf-b1b3-4af1-af07-cf1e62f1f657",
+ "uuid": "a23bf6f4-bb6c-47b8-bc6d-c67f61d4f268",
"control-id": "cis_fedora_6-3.4.5",
"description": "No notes for control-id 6.3.4.5.",
"props": [
@@ -24058,7 +26474,7 @@
]
},
{
- "uuid": "2da8ae81-1807-462f-ad04-eb1b38f79c16",
+ "uuid": "501736fa-f361-43d5-8dbe-e72d73350f2f",
"control-id": "cis_fedora_6-3.4.6",
"description": "No notes for control-id 6.3.4.6.",
"props": [
@@ -24075,7 +26491,7 @@
]
},
{
- "uuid": "13eb3a99-062e-4db7-8116-88ac999cc455",
+ "uuid": "b3e867e9-9ad9-4d46-9d75-f5ac4ab6e25c",
"control-id": "cis_fedora_6-3.4.7",
"description": "No notes for control-id 6.3.4.7.",
"props": [
@@ -24092,7 +26508,7 @@
]
},
{
- "uuid": "8739fdac-b7a0-4d7c-aad6-58c193dfc44b",
+ "uuid": "4332e55e-e2a6-4669-b6a4-e57fa91e4816",
"control-id": "cis_fedora_6-3.4.8",
"description": "No notes for control-id 6.3.4.8.",
"props": [
@@ -24109,7 +26525,7 @@
]
},
{
- "uuid": "4d13d5a1-5623-4c34-b504-a01909bc2700",
+ "uuid": "ace8645e-be3c-4089-9c55-8a3263958579",
"control-id": "cis_fedora_6-3.4.9",
"description": "No notes for control-id 6.3.4.9.",
"props": [
@@ -24126,7 +26542,7 @@
]
},
{
- "uuid": "4b3104cb-da3b-42ef-b1e0-68859c31497c",
+ "uuid": "1f9a49bf-6b26-4b8e-be77-7779e7c018af",
"control-id": "cis_fedora_6-3.4.10",
"description": "No notes for control-id 6.3.4.10.",
"props": [
@@ -24143,7 +26559,7 @@
]
},
{
- "uuid": "5362069d-a7ef-451d-a50c-bf21d13b8134",
+ "uuid": "4602f4ff-6e88-4600-a5a6-71bdab5446e7",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -24160,7 +26576,7 @@
]
},
{
- "uuid": "5e65f78f-19ac-4fcb-8dad-a05f8661c0d0",
+ "uuid": "fbe9a10e-25cc-405e-8fe0-d08313bcecf4",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -24177,7 +26593,7 @@
]
},
{
- "uuid": "81daa974-09d2-4167-b2ce-2e76a7bddf47",
+ "uuid": "eabff86b-6205-4506-b4e4-4ba3bf9feabf",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -24194,7 +26610,7 @@
]
},
{
- "uuid": "fd34fd8d-11c7-4991-9b53-f91df899c9e8",
+ "uuid": "b53ab652-4778-42cf-aa31-cb0c30b8c632",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -24211,7 +26627,7 @@
]
},
{
- "uuid": "8c28b20f-d283-44f8-8a04-e97681f2ae89",
+ "uuid": "06ff62e0-7c0b-4870-85a7-1c8d4c1c27ae",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -24228,7 +26644,7 @@
]
},
{
- "uuid": "472920e5-dff4-4cc7-bbd9-d95d800f25e7",
+ "uuid": "35980056-3629-46b3-b868-95537d257398",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -24245,7 +26661,7 @@
]
},
{
- "uuid": "45c89648-18d2-4556-9f3e-9578e88889b1",
+ "uuid": "67a16072-1a6d-4e66-a9c3-fc3a60e79f74",
"control-id": "cis_fedora_1-1.1.9",
"description": "No notes for control-id 1.1.1.9.",
"props": [
@@ -24262,7 +26678,7 @@
]
},
{
- "uuid": "b5e7950b-eaa1-417f-a3fb-00c691163ebe",
+ "uuid": "39bd8b39-852b-4bb5-ad7c-e01688d44464",
"control-id": "cis_fedora_1-1.1.10",
"description": "No notes for control-id 1.1.1.10.",
"props": [
@@ -24279,7 +26695,7 @@
]
},
{
- "uuid": "8e75e062-dc56-436d-a68c-a3dcbcf06955",
+ "uuid": "029967e9-5f63-4d98-89ac-a9721ef0009c",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -24292,7 +26708,7 @@
]
},
{
- "uuid": "42a1b47c-b010-4143-94b2-6072e953304c",
+ "uuid": "3ff76427-6530-4220-940b-08adf1773490",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -24309,7 +26725,7 @@
]
},
{
- "uuid": "353c5bd3-c272-4995-9661-291fff9095ee",
+ "uuid": "564e5a6e-276e-4783-ae14-36782a4afbc6",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -24326,7 +26742,7 @@
]
},
{
- "uuid": "6e752536-4715-4dc1-86c9-d0a145ab0e46",
+ "uuid": "f3c4ab1c-95db-4d1f-9425-110a0d84b012",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -24343,7 +26759,7 @@
]
},
{
- "uuid": "f21047c7-ed31-4ad8-a9bb-01bdaaa03318",
+ "uuid": "8574b113-caef-4e64-8a68-24b6a2bf5925",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -24360,7 +26776,7 @@
]
},
{
- "uuid": "5ab29395-c3cc-42b6-92c7-f9b75572e846",
+ "uuid": "c77cf6e8-5788-4b6f-b8e1-6995a042fff2",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -24377,7 +26793,7 @@
]
},
{
- "uuid": "331d5c3b-1732-4f8e-91ed-8ec916238102",
+ "uuid": "fd657462-7816-4883-8fef-49b753e6ede6",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -24394,7 +26810,7 @@
]
},
{
- "uuid": "7c655ff9-4294-437e-b4fe-688dbce7300b",
+ "uuid": "4920d4a1-30d3-447e-afe3-ad27e67f35ca",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -24411,7 +26827,7 @@
]
},
{
- "uuid": "96807854-bbf9-476e-a39c-2e8fdae2dbcb",
+ "uuid": "eed5084b-56c8-4a03-87fb-c693377eaa40",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -24428,7 +26844,7 @@
]
},
{
- "uuid": "5f68874a-19d2-4753-bf75-271856239bbd",
+ "uuid": "f6c19b62-bb94-4312-a1b4-995e1442604e",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -24445,7 +26861,7 @@
]
},
{
- "uuid": "02309db2-21cd-44bb-ba95-7a3a74a21d9d",
+ "uuid": "24b5810b-e2b3-439c-ada7-f19397862d32",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -24462,7 +26878,7 @@
]
},
{
- "uuid": "9b78e132-9f32-491d-bce0-e3adf26db93d",
+ "uuid": "9bf048f1-c7ba-4840-a3f6-a1b0df694256",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -24479,7 +26895,7 @@
]
},
{
- "uuid": "71fc0120-475b-445b-81e8-a5215884d765",
+ "uuid": "808c8032-ceec-43e8-b997-74ac27e41dfa",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -24496,7 +26912,7 @@
]
},
{
- "uuid": "c834eb9f-5a8d-4dc9-b3ac-6323549957c4",
+ "uuid": "df0b37f1-2b4a-473f-89ef-24a17d3b5481",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -24513,7 +26929,7 @@
]
},
{
- "uuid": "dd165d67-73d8-4e02-89d2-ba0c9c57fb77",
+ "uuid": "cb41b113-b229-476a-9274-adb8397bd819",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -24530,7 +26946,7 @@
]
},
{
- "uuid": "d5c1dadc-d3c2-4591-ac3a-663cebd9034b",
+ "uuid": "86cb2b43-46e8-4ba1-9025-13b706024745",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -24547,7 +26963,7 @@
]
},
{
- "uuid": "f00db5c2-e2d0-4f1b-a9ff-e45859acb44a",
+ "uuid": "890b4796-bc79-4167-bfaa-e0756917a7c8",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -24564,7 +26980,7 @@
]
},
{
- "uuid": "87b1ae10-7a71-47ad-b69b-e1cd05618bd7",
+ "uuid": "ae660714-1c43-441c-9d38-9b13ce3dc2fb",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -24581,7 +26997,7 @@
]
},
{
- "uuid": "be2055f7-2dd3-4765-b1d5-b7785d8d1dcc",
+ "uuid": "12102ef3-a9fb-46de-9aea-d63773c43cfe",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -24598,7 +27014,7 @@
]
},
{
- "uuid": "06bc01a6-1bd7-4eaf-9479-110d23759ebf",
+ "uuid": "d7e03886-7743-42da-add8-9a14ef6b8a05",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -24615,7 +27031,7 @@
]
},
{
- "uuid": "a88c01da-3a23-4f6b-8b08-6877e096cb7f",
+ "uuid": "9ddce6a3-bd93-4f3e-b674-0746cbbf4598",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -24632,7 +27048,7 @@
]
},
{
- "uuid": "f755876c-97a3-43ed-9fcf-12341cbe39af",
+ "uuid": "ca354256-f028-4ac0-9043-ffecf6b478c7",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -24649,7 +27065,7 @@
]
},
{
- "uuid": "ea71e875-5f75-4e00-8025-30888ce10701",
+ "uuid": "46f5613a-a440-4ffc-a05d-510dd239fcd4",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -24662,7 +27078,7 @@
]
},
{
- "uuid": "235decce-e4bf-46c8-beb3-f9b9fc9a026d",
+ "uuid": "21a6d85d-d6e4-44c9-99c3-228ca4b865f5",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -24679,7 +27095,7 @@
]
},
{
- "uuid": "91b9d16b-1046-4b72-a990-e2cc796432bf",
+ "uuid": "47eeb890-1da3-4813-b838-703e0f6d76c6",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -24692,20 +27108,24 @@
]
},
{
- "uuid": "b6ee8221-4363-4c46-b206-ea5a16c05831",
+ "uuid": "0171d5c0-7246-430e-bf60-91544d0eec95",
"control-id": "cis_fedora_1-2.1.5",
- "description": "The description for control-id cis_fedora_1-2.1.5.",
+ "description": "No notes for control-id 1.2.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.2.1.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_weak_deps"
}
]
},
{
- "uuid": "44034a13-4df1-4e40-a318-3a9d1df559fe",
+ "uuid": "3b0d7360-e32e-4524-a225-751250834a53",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -24718,7 +27138,7 @@
]
},
{
- "uuid": "c8814396-5d8c-4f15-9870-cad51a164e69",
+ "uuid": "eb1bd8d7-447c-4f6c-9715-b314d7d7cd59",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -24735,7 +27155,7 @@
]
},
{
- "uuid": "84478946-24a6-48d4-8607-f72519811a34",
+ "uuid": "6de72fb4-d4ad-411e-b3da-c053efd3d22f",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -24752,7 +27172,7 @@
]
},
{
- "uuid": "2bf89285-a849-46f3-a10b-17bcabae0f91",
+ "uuid": "15149375-9ec6-4101-b434-787450fb7b22",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -24769,7 +27189,7 @@
]
},
{
- "uuid": "97cba288-c018-4f5a-b37d-45149d3938a6",
+ "uuid": "6aeea037-5a76-4284-a013-6bd310536caa",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -24786,7 +27206,7 @@
]
},
{
- "uuid": "d9f686d3-ec27-42fd-924a-f2c8e1c913a1",
+ "uuid": "5a5319de-cafd-4640-93aa-b7ed54a66dee",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -24803,7 +27223,7 @@
]
},
{
- "uuid": "1bd0b032-7bb0-4988-bb08-d0d145a2d1ad",
+ "uuid": "4b2ffe7d-f761-41d9-8465-002bdd70d293",
"control-id": "cis_fedora_1-3.1.8",
"description": "No notes for control-id 1.3.1.8.",
"props": [
@@ -24820,7 +27240,7 @@
]
},
{
- "uuid": "7b6078af-fa3c-420f-ae6b-a195f00589f9",
+ "uuid": "38fb4e87-d4bb-41e7-bfd3-c052c60082f9",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -24837,180 +27257,204 @@
]
},
{
- "uuid": "97d61f6e-e4fd-4936-b504-276838f44298",
+ "uuid": "54256ed9-5b91-4fdb-bcfc-8496dbc998d7",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "b0dd16d2-c76e-43c1-b7cc-ec02a0502354",
+ "uuid": "c1b25485-142c-41e3-bc1a-5733fccf9ab4",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "2cf7832e-bd4e-4df0-bb16-a068d9e712e5",
+ "uuid": "68ff91af-fa9c-43e2-9fcc-d9778a8ede19",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "459aa1ed-6e49-41d5-9f8e-9f5a22afd6e5",
+ "uuid": "897579d0-7439-4e7f-ace8-32ae99df2284",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "a839b902-b553-4363-a12e-4ae0f4ce173b",
+ "uuid": "345f6744-80f7-45b1-b6ee-3c53c68a41e7",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "a569c546-113c-4d1e-8d46-3d2211cd9323",
+ "uuid": "e0885469-2ba9-44e0-8ba3-f3bd4dee079f",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "4e1dff6e-56a4-47cc-9d7e-5e05fa6f5805",
+ "uuid": "4525c5c2-c562-4143-ac6b-35188e30a945",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "d2d9ab7f-1bb5-4e47-81f2-22b5db7bed93",
+ "uuid": "efbe86c6-7485-49b1-b459-ef6fcd85a24c",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "adee71e9-5754-49ec-b2fa-3481e173abd5",
+ "uuid": "1b71ddba-85a7-4f1f-bad9-09383cf790b6",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "ca03fc87-ca80-4496-ad0c-04f88daf8d61",
+ "uuid": "b41caf67-791a-4497-8dba-f07fc8686d39",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "888907be-d46b-48d1-a107-e3cd7d2b97fd",
+ "uuid": "0852f2c1-ce5d-462e-a937-d7a9d9f28623",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "317128f0-c65a-476d-a02a-a109415cda41",
+ "uuid": "954095fe-102a-4e61-859e-8022b50eeca8",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -25022,50 +27466,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "f2343150-3c96-4c5a-a8c3-ac7da95d2394",
+ "uuid": "49f7388b-6705-4267-9287-abdaa19eb8c6",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "ee030d08-33f1-4832-b442-b4cfdfa8ea79",
+ "uuid": "6f5286be-9395-4e12-aa75-b242ce8a1891",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "6e952850-cb85-4c79-9987-c6a85cdfcf3b",
+ "uuid": "01b71549-3acd-4a94-826e-ad191feda149",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "35af945f-7a27-40c0-aa4d-6df53be63bdf",
+ "uuid": "1ee65d2c-6f8c-40f9-80c4-f241b6081e9c",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -25082,7 +27539,7 @@
]
},
{
- "uuid": "abeb4853-83d3-448e-b8a7-e4b3ecf1fea1",
+ "uuid": "63effa02-c302-4d69-828f-49ec1dc96993",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -25099,7 +27556,7 @@
]
},
{
- "uuid": "82881313-73c8-4921-bb1f-8b251dff4dca",
+ "uuid": "91064d3c-36cb-4b0f-972f-12b2f26c0364",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -25116,7 +27573,7 @@
]
},
{
- "uuid": "f648f229-fed8-471e-a7de-2bec14b2939b",
+ "uuid": "af54acdc-d4f1-4010-ae7d-4eca205b87c9",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -25143,7 +27600,7 @@
]
},
{
- "uuid": "5c8480b6-3a39-4b86-83ec-8ac5f55e7572",
+ "uuid": "cc80c3be-7002-4afb-84dc-0079a4c4e4e3",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -25170,7 +27627,7 @@
]
},
{
- "uuid": "9ef1d71c-7584-40e2-a482-2a6982b347d6",
+ "uuid": "ca40f592-2a90-4bc0-8805-46b28c4ccb90",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -25197,14 +27654,14 @@
]
},
{
- "uuid": "9ec49aa4-d1c0-4d6d-9adc-e68e1cca10d1",
+ "uuid": "d2564ae2-a5dd-497c-ad0f-36014fa89f7c",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -25219,7 +27676,7 @@
]
},
{
- "uuid": "fc4a1a26-67b8-4642-a989-411c1d746c9e",
+ "uuid": "9114f14a-1669-4d9c-940e-b5b718edb631",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -25236,14 +27693,14 @@
]
},
{
- "uuid": "41ad76af-2069-4144-85bc-15d5bfbc26b3",
+ "uuid": "97a28e75-de38-410b-bc53-5c6c224bd68c",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -25254,11 +27711,21 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "87a81a48-443d-4929-b4da-07835fdfa352",
+ "uuid": "b521ba4f-d075-484d-8fe9-032d33b39f82",
"control-id": "cis_fedora_1-8.4",
"description": "No notes for control-id 1.8.4.",
"props": [
@@ -25280,14 +27747,14 @@
]
},
{
- "uuid": "d0f2638c-4a33-4c98-9d81-72a996bb9090",
+ "uuid": "5556badc-1af8-4187-a9f9-e013a41767c7",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -25297,7 +27764,7 @@
]
},
{
- "uuid": "6f2b9820-e38a-4299-9724-adeb900a1aca",
+ "uuid": "dce69e36-65b3-4dcf-9ae9-42285de4d0e9",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -25310,7 +27777,7 @@
]
},
{
- "uuid": "f0075223-aff6-439a-b070-5e4dcfed1de6",
+ "uuid": "510c72e7-1c57-4d78-b7b9-3f7d72c385e7",
"control-id": "cis_fedora_2-1.1",
"description": "No notes for control-id 2.1.1.",
"props": [
@@ -25327,7 +27794,7 @@
]
},
{
- "uuid": "79b0ddb4-c720-401f-b5b3-c1d056a6b29e",
+ "uuid": "339f8e2e-7fdc-4997-b645-d405fa0bbe07",
"control-id": "cis_fedora_2-1.2",
"description": "No notes for control-id 2.1.2.",
"props": [
@@ -25344,7 +27811,7 @@
]
},
{
- "uuid": "895d4215-59e5-40e4-850b-00b78dcfca5e",
+ "uuid": "ebd40395-69f5-476f-9f26-e97b053c679d",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -25361,7 +27828,7 @@
]
},
{
- "uuid": "c39ac6c3-97d8-4406-b912-c4582c948716",
+ "uuid": "ccc2c840-e3de-4e00-98ac-c0c2b64a53e7",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -25378,7 +27845,7 @@
]
},
{
- "uuid": "4d4d8ec1-b46c-4a39-b6e9-c99d01514d47",
+ "uuid": "7e8af24a-c435-4ee6-b9ba-72ee4cf83a3b",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -25395,7 +27862,7 @@
]
},
{
- "uuid": "8d34e094-8d26-4573-b24d-e0874788da1d",
+ "uuid": "b0e7634c-6a20-4d4a-bc53-f9cb459c9e21",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -25412,7 +27879,7 @@
]
},
{
- "uuid": "f42b712f-314a-411f-b1a4-b4285fc3ae09",
+ "uuid": "2092e3f5-0cde-4471-82a2-fe7faea33d01",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -25434,7 +27901,7 @@
]
},
{
- "uuid": "b6e06a13-3aac-4953-8939-7753cdfb324c",
+ "uuid": "936e863c-352b-4182-9717-bc6e8f9c82ca",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -25451,7 +27918,7 @@
]
},
{
- "uuid": "306840bf-2d68-4f02-8aef-38ecfa38b131",
+ "uuid": "9ed237ff-8ac3-45e1-adbc-b50797a2a0b5",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -25463,7 +27930,7 @@
]
},
{
- "uuid": "40f74935-2b28-44ae-b6aa-4365ef294332",
+ "uuid": "a4100418-7f9e-4a3c-9c60-9869a8d8aee1",
"control-id": "cis_fedora_2-1.11",
"description": "No notes for control-id 2.1.11.",
"props": [
@@ -25480,7 +27947,7 @@
]
},
{
- "uuid": "f59abd35-2700-4226-bd38-25190eada134",
+ "uuid": "947f829a-fc24-48b2-aa4f-f55d6621e027",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -25497,7 +27964,7 @@
]
},
{
- "uuid": "4077b535-d32f-4bfd-94d8-f5971a5deef7",
+ "uuid": "c72723dc-507f-4182-bf06-9bac0a1491f3",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -25514,7 +27981,7 @@
]
},
{
- "uuid": "c0a4227c-8b8a-4afd-95d9-a9ff482d2bf6",
+ "uuid": "2b2ea17e-a814-4435-8442-c33526567e20",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -25531,7 +27998,7 @@
]
},
{
- "uuid": "4a7746bb-5755-449a-a6ed-0e824171656e",
+ "uuid": "3123a77b-0285-48a1-b8a2-eb588416aba5",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -25548,7 +28015,7 @@
]
},
{
- "uuid": "6558176f-a88a-4b1e-a69d-d1ab9976ba20",
+ "uuid": "2c2f9378-7879-49ba-ac1a-04167742709e",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -25565,7 +28032,7 @@
]
},
{
- "uuid": "435bc517-07ea-4317-9d42-ede855d8f9af",
+ "uuid": "50eee483-964d-4bea-aa0b-2b46ba59bae3",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -25582,7 +28049,7 @@
]
},
{
- "uuid": "35cf5bab-1a11-4734-b58e-4a870d62acf1",
+ "uuid": "8c91cc11-7a37-4b64-b04f-f7e88735280c",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -25599,7 +28066,7 @@
]
},
{
- "uuid": "5c1ebf8c-39ba-40f9-ae3c-9ad79855c314",
+ "uuid": "67dcb094-9b13-49ac-a959-a4a2610c6b1b",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -25621,7 +28088,7 @@
]
},
{
- "uuid": "303b6974-b77c-4be6-a375-6d5ffd659c19",
+ "uuid": "1c995bd1-961d-4b2b-920f-3e9758d06dc4",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -25634,14 +28101,14 @@
]
},
{
- "uuid": "7a2907b2-30d6-400e-b966-ddadce9ad90b",
+ "uuid": "65d82edd-dd52-454a-b546-aea71856af30",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -25656,7 +28123,7 @@
]
},
{
- "uuid": "49afdd6c-1fcf-494a-9053-865d9a5666f5",
+ "uuid": "c30ea40c-c21e-4b9f-85c4-1d496a0b934d",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -25669,7 +28136,7 @@
]
},
{
- "uuid": "7d8f7489-b12c-45e4-883c-5c8598f1b619",
+ "uuid": "0da438c1-47ba-4c93-844d-0fed45fbcf18",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -25686,7 +28153,7 @@
]
},
{
- "uuid": "5ba57a7d-0397-4e45-ad0d-e727dc7750fd",
+ "uuid": "8b9c5c77-f23b-48bf-ae74-4581624f5232",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -25698,7 +28165,7 @@
]
},
{
- "uuid": "42a448fb-1669-4e77-8926-e0d85b905406",
+ "uuid": "69822fa3-9b02-4999-900e-cd7afe7b57eb",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -25715,7 +28182,7 @@
]
},
{
- "uuid": "31f879a8-ed66-48a8-aac5-fa1c47d155b7",
+ "uuid": "7f49d14f-8ac2-40ec-b537-9cebd83b0c1c",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -25732,7 +28199,7 @@
]
},
{
- "uuid": "fe6d7aa0-f335-4b4c-be23-bb0c8a83011f",
+ "uuid": "62a9d10b-b82b-4f9d-887f-8de4b639e01c",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -25744,7 +28211,7 @@
]
},
{
- "uuid": "a3c41f36-5085-4e9f-957d-a411feaf3a17",
+ "uuid": "1694666e-2e69-421a-aeec-714ca19c9331",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -25761,7 +28228,7 @@
]
},
{
- "uuid": "d7ffb852-7070-44eb-ab85-20f4ff8b5322",
+ "uuid": "90697aa7-4a0a-46ce-b1cf-aa962c1255e5",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -25778,7 +28245,7 @@
]
},
{
- "uuid": "a6516a3d-5475-413b-a6ee-89c111e451bc",
+ "uuid": "233eb010-f471-4984-8028-d090e3b579af",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -25800,7 +28267,7 @@
]
},
{
- "uuid": "f6da5536-670d-42c9-b2f6-3ec61bb65431",
+ "uuid": "ff3ff147-7941-4455-a0b1-431cc8696c63",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -25827,7 +28294,7 @@
]
},
{
- "uuid": "8368b57e-1f38-4f1c-8a53-f184820f89a4",
+ "uuid": "0ad099b2-b846-457c-9ac1-4a875410a25c",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -25854,7 +28321,7 @@
]
},
{
- "uuid": "c1c58315-272a-4e10-8751-8006b3d27e2d",
+ "uuid": "96e8eb1c-b10b-4e26-8e43-462ee279881e",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -25881,7 +28348,7 @@
]
},
{
- "uuid": "07a26543-b3a9-47ad-8972-0df043ec8960",
+ "uuid": "c88c3b3a-07d5-4c3c-82ef-84c9061f676a",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -25908,7 +28375,7 @@
]
},
{
- "uuid": "51311f39-9d64-49ac-a90a-0c356b717509",
+ "uuid": "49cfbcfc-f0ac-4279-a9d9-02d6c12e88a2",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -25935,20 +28402,34 @@
]
},
{
- "uuid": "f6ab9d7b-e5e7-42c4-b82e-784f5c04021a",
+ "uuid": "d510da71-6549-411f-baba-143f78c5e462",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "9505614f-f55d-47bc-800b-7fc79ad3cff4",
+ "uuid": "1ac7f7be-53ea-47dd-8379-1d231c7fc426",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -25975,7 +28456,7 @@
]
},
{
- "uuid": "fe44847e-c232-4fb9-b5b5-e3367b9d7fb0",
+ "uuid": "0b5b28ff-1450-4158-b6b8-e1ef0c133ee8",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -26012,20 +28493,25 @@
]
},
{
- "uuid": "0d5e385c-d740-431e-8925-9e6cd47a0f5f",
+ "uuid": "ce767b32-247f-40e6-8157-644ed8316237",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -26044,7 +28530,7 @@
]
},
{
- "uuid": "34465293-e633-4e85-b97c-7c24516524ac",
+ "uuid": "4f87bfb0-6b0a-4c77-a57e-539d017eae53",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -26057,7 +28543,7 @@
]
},
{
- "uuid": "aa2349aa-030b-4de0-9250-0361a7ab1247",
+ "uuid": "444defcf-5e2b-4a5b-8c56-de9cae6765b8",
"control-id": "cis_fedora_3-1.2",
"description": "No notes for control-id 3.1.2.",
"props": [
@@ -26074,7 +28560,7 @@
]
},
{
- "uuid": "24b34b17-4cf2-4f41-9090-14407de6bc48",
+ "uuid": "8f1157b8-3d70-465b-ba40-e5e9741b557d",
"control-id": "cis_fedora_3-1.3",
"description": "No notes for control-id 3.1.3.",
"props": [
@@ -26091,46 +28577,58 @@
]
},
{
- "uuid": "7daab4f4-ca21-4646-935c-b55fbac5f5cd",
+ "uuid": "95412388-33d7-4351-90a6-95f48a7f5942",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "5a6b9e4a-23d4-47f4-97eb-a1555724901d",
+ "uuid": "7584e3b2-a547-4b04-8002-faa037b5d78b",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "4ed72d3f-414d-4566-9b4c-26769edeebf8",
+ "uuid": "6360021e-085e-401f-b552-3090555fed4d",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "9c9aa12c-574a-46ef-ae15-37e8ddf721a1",
+ "uuid": "b42f99f7-5e23-4d21-8156-da8fa62e67e9",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -26147,46 +28645,58 @@
]
},
{
- "uuid": "991f216d-232c-4d5c-8e77-7029d4ab2e06",
+ "uuid": "1610e6e9-749a-4249-9942-1b84cf998d6f",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "ffe5dfb3-6a5a-4c55-be0e-ac752f621746",
+ "uuid": "7827a3f8-6c94-49a5-b347-f879fd7c474a",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "c7065bcd-2cf2-402e-bf0c-e1612eb92d7c",
+ "uuid": "fa3a3a5e-967f-4c40-8e36-290762a5eeb7",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "c4bbc381-2374-4306-a000-d05a9cb0c15f",
+ "uuid": "27cea7bb-68a8-4b1e-b2c3-9fbd545d4f8e",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -26203,7 +28713,7 @@
]
},
{
- "uuid": "e2765da2-04e4-4d94-abd2-74b60e314890",
+ "uuid": "fe4e3b2e-9d6e-4256-a28c-6f8efb597f3d",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -26220,7 +28730,7 @@
]
},
{
- "uuid": "6ad8fbc8-00ed-4d64-9c0b-8beb440ed940",
+ "uuid": "3ad0cbdb-e2cc-4264-9c8b-56356fedccf1",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -26237,7 +28747,7 @@
]
},
{
- "uuid": "ac1e77dd-2092-420b-b4e0-447301bd9802",
+ "uuid": "5be428cd-4597-4976-b4b5-685d7af6c5d8",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -26254,7 +28764,7 @@
]
},
{
- "uuid": "5368a9f2-ea0e-4196-bc4e-6c85d6ffe732",
+ "uuid": "9b7c5181-3910-4746-8374-f02567519992",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -26271,7 +28781,7 @@
]
},
{
- "uuid": "3c384597-0b43-4705-b847-5f2322e1ba88",
+ "uuid": "01fa06f3-a1fe-43cb-a443-6921002815a6",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -26288,7 +28798,7 @@
]
},
{
- "uuid": "7d283845-5e54-4048-b4a1-90de7330eca6",
+ "uuid": "64f1d2cd-de05-4aa1-9e91-95aafe228e95",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -26301,16 +28811,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "7739d1a2-ed0b-468c-9bcf-aa9a759f8beb",
+ "uuid": "01665132-3c11-4b39-89a4-802eba77322c",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -26327,7 +28832,7 @@
]
},
{
- "uuid": "9c06a42b-ece3-4b6e-bb95-93f803df7298",
+ "uuid": "a4757f33-2276-40d8-8d70-9f4b01c80885",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -26344,7 +28849,7 @@
]
},
{
- "uuid": "81deea4d-0de7-4758-8c87-e2e51950fb02",
+ "uuid": "177e6002-f674-4c2d-9c6d-c5c4ec21589f",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -26361,7 +28866,7 @@
]
},
{
- "uuid": "a931c5c0-c547-4ac5-a08c-918bda0ff0cc",
+ "uuid": "e0bcc664-4d5c-4f2e-a26c-f83fa1eeb6ee",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -26378,7 +28883,7 @@
]
},
{
- "uuid": "80e4ce7e-c677-432c-ba0b-50f2f085a756",
+ "uuid": "c9ee9b53-249c-43a7-ae6e-d2f666aad65c",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -26395,7 +28900,7 @@
]
},
{
- "uuid": "34a1ab2e-2a91-472c-898b-031d69faaa35",
+ "uuid": "df96840c-de06-4f73-8f81-3cd056dbbaf6",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -26412,7 +28917,7 @@
]
},
{
- "uuid": "21589e53-fe5d-48d7-8b39-14683cad8a60",
+ "uuid": "01fcc81f-6837-4ab8-8eb3-7fadb5569da4",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -26429,7 +28934,7 @@
]
},
{
- "uuid": "6c0e5e13-2777-40c8-9fc9-72fde68dd9c3",
+ "uuid": "cf961f21-0a2c-4cd6-a1bf-55161844c536",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -26446,7 +28951,7 @@
]
},
{
- "uuid": "88677db4-4c8a-4bec-b9ac-3f75c4dca79b",
+ "uuid": "b93381ff-6cf9-46d9-beb6-15f923db2e7a",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -26463,20 +28968,24 @@
]
},
{
- "uuid": "e78ea197-02a0-457f-b805-83a0390c705b",
+ "uuid": "ff7319f4-6053-43bd-b157-ab60ee94e83f",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "b188b07c-cf0e-4679-8280-e30aa6398d39",
+ "uuid": "9acfa8ae-a680-485c-b899-693f4fd77f5e",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -26493,7 +29002,7 @@
]
},
{
- "uuid": "579ffc6f-3428-45f4-a143-3bc05c098d9f",
+ "uuid": "dc3c6033-4800-460d-b0dd-8f713cf305df",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -26510,7 +29019,7 @@
]
},
{
- "uuid": "b183dd0e-774f-416c-874e-5a58324b550d",
+ "uuid": "e592c60f-57fd-4931-8c33-ace6ba93ff48",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -26527,7 +29036,7 @@
]
},
{
- "uuid": "10c9c71b-7f7d-4df7-88c2-70fff729d5b0",
+ "uuid": "510d43c7-cdf2-4223-b528-9b07c19e24e5",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -26544,7 +29053,7 @@
]
},
{
- "uuid": "6847634a-d2c2-49c2-b01f-018f74bdf176",
+ "uuid": "9ba3b23f-9f5e-4146-a4c6-7d6426bfa7fc",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -26561,7 +29070,7 @@
]
},
{
- "uuid": "2c23c60d-29ce-4ebf-a52f-7283b2ede42f",
+ "uuid": "96a8d6ef-f65f-4caf-970a-db455899ac82",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -26578,7 +29087,7 @@
]
},
{
- "uuid": "ae21d35e-2a30-4584-8745-d26c3282a7e7",
+ "uuid": "fdb98cc0-2e6f-4e06-b3c2-a699fa0668d2",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -26595,7 +29104,7 @@
]
},
{
- "uuid": "54ee03c7-a501-48a9-b1b9-d8e14ad51f0c",
+ "uuid": "f923858e-3aef-4864-a76c-371ff0624b8f",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -26622,7 +29131,7 @@
]
},
{
- "uuid": "e95a1e16-341d-4782-b427-3abb504b1d5a",
+ "uuid": "aed2e997-54fb-4e67-9b02-512315e8cc03",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -26635,7 +29144,7 @@
]
},
{
- "uuid": "2677d7fa-c814-4913-948e-09bad4b1115a",
+ "uuid": "3026c502-ef1d-4754-9ca3-38b1fc2fc458",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -26657,7 +29166,7 @@
]
},
{
- "uuid": "dbf15e75-bce7-402b-8140-dc21cf34c714",
+ "uuid": "c6e7a27e-f55b-478a-9d1c-15b3e41f7fb6",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -26669,7 +29178,7 @@
]
},
{
- "uuid": "535a79d6-341c-475d-bb02-4475af98cd82",
+ "uuid": "9e865be0-d954-43de-a1ec-2da169179123",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -26682,7 +29191,7 @@
]
},
{
- "uuid": "371d6a32-8b42-40f4-9816-a10454fdbb18",
+ "uuid": "9669fe6e-5a4b-494e-bfff-75df79de6c22",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -26694,7 +29203,7 @@
]
},
{
- "uuid": "4b18f9a5-c40e-4b14-8451-1e0b6a7a79a8",
+ "uuid": "19dac7ca-ae4f-4c85-bede-a88b8227c7ca",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -26706,7 +29215,7 @@
]
},
{
- "uuid": "e471a736-77be-4f9f-bb00-8501566ad726",
+ "uuid": "3dd00a17-5972-4e5e-8556-e61796662d73",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -26729,11 +29238,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "467cf8ab-898f-4c4f-af85-68e03383f495",
+ "uuid": "d17f94cc-2d0f-4eec-8ecd-349c2895dc21",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -26760,7 +29299,7 @@
]
},
{
- "uuid": "848cfb73-e6e0-49a1-8cf0-c1fb1c6f6318",
+ "uuid": "18555a2b-a2d9-4ac6-a3f2-56f2bb371f7d",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -26787,56 +29326,58 @@
]
},
{
- "uuid": "cf9cf42f-da91-4fd0-9b0c-e68db8096005",
+ "uuid": "9b8b13df-7160-4641-a317-f08dbc0f38e9",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "36cc637d-7442-4c68-8dd8-3d4a8af85a02",
+ "uuid": "54fe73e1-4d63-4a97-8888-9f0d5c54db86",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "b9362bfa-5ed4-4829-b4f5-fe05416f46c3",
+ "uuid": "b1020b80-cddc-4051-a9e9-8a7d3627aadf",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "d1c9da37-0191-4d49-a0b5-7e6ab484cf52",
+ "uuid": "25d653b5-2e53-4a01-b97c-557eb9103b97",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -26853,7 +29394,7 @@
]
},
{
- "uuid": "8e3313bc-90b6-4fae-934e-929acb9514b3",
+ "uuid": "27eb4c49-9318-49fe-beab-b09c2ad883b2",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -26870,7 +29411,7 @@
]
},
{
- "uuid": "a23a53f4-2ab8-4728-8fc5-3aa1c9c90ba5",
+ "uuid": "a56bdfc7-b196-46ac-bd28-046946af5779",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -26892,7 +29433,7 @@
]
},
{
- "uuid": "0449a26a-6f24-4f76-ba5e-e559742b0f26",
+ "uuid": "1359971c-c908-46b5-be5d-6b3d943701d0",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -26909,7 +29450,7 @@
]
},
{
- "uuid": "4c92c527-17a0-46e4-a562-5b61cf25795e",
+ "uuid": "768c1e93-a356-4ef8-a79d-bc6819d0a2e0",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -26926,7 +29467,7 @@
]
},
{
- "uuid": "46399570-00b9-4283-babe-562bdbb869e4",
+ "uuid": "6af6a79e-33b1-4611-bc5b-72486eced603",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -26943,7 +29484,7 @@
]
},
{
- "uuid": "d8d891d5-35b0-4823-abc8-2abacb0de71e",
+ "uuid": "6d49d320-c334-4214-90a8-3cd7dbc217eb",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -26960,7 +29501,7 @@
]
},
{
- "uuid": "c15c7456-f443-4ca0-af29-d0eba7d177d5",
+ "uuid": "39a2d599-d298-4b08-9534-3a085f7e3fe9",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -26977,7 +29518,7 @@
]
},
{
- "uuid": "b692b605-66f7-40d2-9fb1-3f54a81c223d",
+ "uuid": "18b75657-3cb1-487b-a8b1-e8d73772dac0",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -26994,7 +29535,7 @@
]
},
{
- "uuid": "51486f2b-fbd2-407f-a686-fd2c78d350d8",
+ "uuid": "0f295ac3-e500-4cc3-9c9f-79de8777ed0d",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -27011,7 +29552,7 @@
]
},
{
- "uuid": "5ccb4362-dfd1-4a8a-b9d9-7a956ffb1ba8",
+ "uuid": "1057bdf7-961a-42b1-88f2-19de877bce06",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -27028,7 +29569,7 @@
]
},
{
- "uuid": "a7d09a5f-6e57-4df2-90a8-74956a8b25bc",
+ "uuid": "e0de9dc3-14a3-4bd0-883a-90d90d11b1f0",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -27045,7 +29586,7 @@
]
},
{
- "uuid": "c3c8dc2f-3408-4f4c-9125-1b207566aab3",
+ "uuid": "028359dc-8a00-4120-8215-3e07b4088a64",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -27062,7 +29603,7 @@
]
},
{
- "uuid": "0d241017-b5e6-4d8f-938a-35422c2a5a0a",
+ "uuid": "8806732c-6bc0-47ee-abe5-c8b4b20b7bc8",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -27079,7 +29620,7 @@
]
},
{
- "uuid": "d4a55f63-4f06-450a-95cd-8164bba3ad0c",
+ "uuid": "37ba2f46-6bee-4df3-aacc-f4c3044c7922",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -27096,7 +29637,7 @@
]
},
{
- "uuid": "38473654-fead-49eb-84e8-1429bd007a79",
+ "uuid": "360dbdbf-50d2-4f63-9912-0984dc4798ee",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -27113,7 +29654,7 @@
]
},
{
- "uuid": "104df3a0-a3d5-4844-b2aa-1cb383c273a8",
+ "uuid": "0a22d3df-cbfc-4a44-b523-b9af030e7480",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -27130,7 +29671,7 @@
]
},
{
- "uuid": "67102633-82d5-4d8c-9dee-c89be8192bb4",
+ "uuid": "5817499c-33cb-4b6a-ad0d-016bc2f2b572",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -27142,12 +29683,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "69bf6211-3523-442e-98aa-80cdc946d528",
+ "uuid": "850f118f-7ff7-4f32-a2cd-931cde6e56f7",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -27164,7 +29705,7 @@
]
},
{
- "uuid": "81a06111-1134-46ce-a8d4-07aabc81975b",
+ "uuid": "8986a566-d6d8-4f94-88e2-9c4538da1136",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -27186,7 +29727,7 @@
]
},
{
- "uuid": "3372b4f8-9b5f-41e2-a530-300457ef7616",
+ "uuid": "b863c3a5-b019-4cd5-9889-2a12860a0c47",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -27199,7 +29740,7 @@
]
},
{
- "uuid": "8d814436-ce27-448b-a202-a0b9efc344d7",
+ "uuid": "8a9206a0-c6fb-43e0-891a-b8a7351474c5",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -27212,7 +29753,7 @@
]
},
{
- "uuid": "1d3d6027-974b-47ba-ac10-54669f9e4162",
+ "uuid": "68fbc104-7710-4b9f-8583-bac5ba37614b",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -27230,7 +29771,7 @@
]
},
{
- "uuid": "1d7339a7-76d5-4033-9dc1-58e38e95c4e8",
+ "uuid": "20495277-4690-42ae-a8b4-cca2db3227b5",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -27242,7 +29783,7 @@
]
},
{
- "uuid": "8ebd9b9b-8d9e-4bc3-ac53-ab0fb8339318",
+ "uuid": "203e08b2-532c-4690-88fe-df1ed6436a4c",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -27264,7 +29805,7 @@
]
},
{
- "uuid": "e56b16cc-dcfc-4059-81be-54cd7d1a8af0",
+ "uuid": "82250085-a29c-4d54-9158-0a7c5842f0f8",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -27272,11 +29813,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "823e7d58-3b56-490b-acaa-2d4d55f26a3c",
+ "uuid": "0b1ad051-156a-4ff6-b05e-026824f9e948",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -27288,19 +29844,24 @@
]
},
{
- "uuid": "e4d8a3c5-f014-4dfe-a410-b6b391fc8e1a",
+ "uuid": "f84920a8-fc01-42e0-a371-2f8dea2bc918",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "7b134240-7f6c-440b-a045-cf997881ff20",
+ "uuid": "374466c1-e906-408d-b626-40d50a8aa24e",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -27317,7 +29878,7 @@
]
},
{
- "uuid": "30ee2d20-a059-4bcd-bb66-7d8e605c2d6f",
+ "uuid": "0f1db2b6-1b4d-403c-b8b1-d1c11e7d225e",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -27334,7 +29895,7 @@
]
},
{
- "uuid": "7166070b-aa43-4940-a575-6faad40955de",
+ "uuid": "023a0c67-1b31-40bc-b3cf-51959fa63716",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -27351,7 +29912,7 @@
]
},
{
- "uuid": "172c9bbc-8315-4f32-97ae-ea4b4835c828",
+ "uuid": "708d02d5-8923-4b8d-b62f-11732a088209",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -27368,7 +29929,7 @@
]
},
{
- "uuid": "f7577970-dad7-44d2-987e-4b2c12916efb",
+ "uuid": "7c53ad7f-b83c-472d-82b9-6794a69362df",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -27385,7 +29946,7 @@
]
},
{
- "uuid": "4222306d-6f1f-41a3-9139-b637d2daa804",
+ "uuid": "911d7eda-7cc2-4064-8b56-c76f5ab76bc3",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -27402,20 +29963,24 @@
]
},
{
- "uuid": "8e92ea0e-b971-45ea-b340-39b91713ee33",
+ "uuid": "2e65d35e-4a7a-4d10-a252-bf1e72058a37",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "5ada0e30-0003-45d3-a2c3-45c60fccff28",
+ "uuid": "3e540cb2-fff2-4b9b-9658-89f7b4688677",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -27432,7 +29997,7 @@
]
},
{
- "uuid": "2271828e-2238-4376-8f1f-b98bd0c79155",
+ "uuid": "d43dbd40-a35c-491c-8e26-f432599dfa0a",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -27449,7 +30014,7 @@
]
},
{
- "uuid": "ac4d5515-0726-4356-ba6e-b087d78f3d53",
+ "uuid": "2aed2f0f-af18-4f1c-a77e-86aa10336a0d",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -27471,7 +30036,7 @@
]
},
{
- "uuid": "7cc6e827-3d74-4066-8a67-c247de9cab54",
+ "uuid": "a502b4a1-89ff-48ed-8fa2-877d535ce0d1",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -27484,7 +30049,7 @@
]
},
{
- "uuid": "5d4216e6-aedc-4562-87da-df9f70963639",
+ "uuid": "00c30595-8694-479f-9dae-948bfc704ae0",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -27492,11 +30057,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "4d49c800-60b8-492e-b0bf-a94b9ceb07d3",
+ "uuid": "05d04ad4-71c3-44ac-9d42-99b872f8edbb",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -27513,20 +30083,24 @@
]
},
{
- "uuid": "db870ce7-bb76-4c89-94dc-fadde654d00f",
+ "uuid": "284dbbba-1e27-432d-a6f5-20041117bad5",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "462825fe-24b6-4446-a5aa-e087ff871714",
+ "uuid": "4fb91181-e041-4840-84ad-fd45c7c846bf",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -27548,19 +30122,24 @@
]
},
{
- "uuid": "aa4c22f7-c5c3-4a75-bf00-0ca86555012f",
+ "uuid": "ff69029b-f89f-484f-a019-e6ff00be0d4a",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "561d5745-3ba9-4280-a58f-0dbaee4e2110",
+ "uuid": "4469f951-7b44-4a97-8c98-1f4393f4952e",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -27582,7 +30161,7 @@
]
},
{
- "uuid": "1f6a3038-3844-430d-bdd0-1b73a101e119",
+ "uuid": "b4480b4b-1def-4b8d-975d-bbf5646507d2",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -27604,20 +30183,15 @@
]
},
{
- "uuid": "d043add3-32ca-4b31-8d36-ec5b453cfc38",
+ "uuid": "1539c464-d541-4016-9e33-677b281d421d",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -27626,7 +30200,7 @@
]
},
{
- "uuid": "7e37995c-1e91-4766-9d0a-02782aa28266",
+ "uuid": "2ce17096-b601-413a-8215-360b782659f3",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -27648,7 +30222,7 @@
]
},
{
- "uuid": "13193b94-43a7-4ae8-8625-85172a1d3b67",
+ "uuid": "a16e549d-1f4a-467d-b87b-c184a1d4620f",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -27665,7 +30239,7 @@
]
},
{
- "uuid": "b66b465b-32c8-498e-95a4-2081eb5a8df2",
+ "uuid": "9ad5941e-c882-4f7e-a556-dff04f58e859",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -27682,7 +30256,7 @@
]
},
{
- "uuid": "4b6a9829-63a2-4ab3-aa12-7232a19f5d4c",
+ "uuid": "50194a1e-2ad0-4df8-948a-fa899920271f",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -27699,20 +30273,24 @@
]
},
{
- "uuid": "fc5e698b-848b-42dd-aae7-d82c0543144a",
+ "uuid": "3c67e9a3-5a36-4a2d-893b-31f785e282ad",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "b40ad457-9b6b-4a2f-b439-2fa7ebf56be5",
+ "uuid": "bcb8737d-1efe-4b32-a081-cb0bba317362",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -27729,7 +30307,7 @@
]
},
{
- "uuid": "fe792edd-f759-4c29-b237-c146a5894ff0",
+ "uuid": "f9dabeb6-8685-4246-b98a-72274021c635",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -27751,20 +30329,24 @@
]
},
{
- "uuid": "6f3b84ce-8932-498b-b8cc-082b6c38db87",
+ "uuid": "52530196-8306-41bb-9832-d74e6535255c",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "30e315fb-6daf-4af8-b5da-b8ce8c88b650",
+ "uuid": "a01f928a-958a-4ec9-bdb6-d95dcc9d9f00",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -27786,20 +30368,24 @@
]
},
{
- "uuid": "d922e0d5-c876-4cd2-9fbf-f9e4405e3320",
+ "uuid": "1e68cc61-9fe9-4a9e-a5b1-13dffe54e153",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "6197869a-bb60-4635-b7b3-397ab620fa3e",
+ "uuid": "41646d64-2056-45c1-83f5-68b79414e370",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -27816,7 +30402,7 @@
]
},
{
- "uuid": "ce749f01-4968-4368-bde4-d0abcba3b136",
+ "uuid": "5318b58b-b2d4-4222-b754-48f34a8b9b92",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -27843,7 +30429,7 @@
]
},
{
- "uuid": "74cda8f0-53d5-4e22-9f19-41d37babe32b",
+ "uuid": "bd8436a6-da38-468d-9d99-0436bf8d2f23",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -27865,7 +30451,7 @@
]
},
{
- "uuid": "e6400f86-fb27-48a5-87f0-6a2b0ce031ae",
+ "uuid": "10ce2286-b5d4-4e70-8e13-a023804e13f4",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -27882,7 +30468,7 @@
]
},
{
- "uuid": "a86c00bb-a74d-4ca2-bc37-5195ed853547",
+ "uuid": "d7f42190-c105-4a02-9b08-4887da0bcfbe",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -27899,7 +30485,7 @@
]
},
{
- "uuid": "45f46d09-410a-478c-8177-3a76433fa594",
+ "uuid": "265ac530-3ec8-4b73-b320-efad5392aa7d",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -27916,7 +30502,7 @@
]
},
{
- "uuid": "20e97d73-4890-44dc-b6e1-a6df45db457e",
+ "uuid": "1394526c-1dc4-49ad-a130-ae73ec597f9f",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -27929,7 +30515,7 @@
]
},
{
- "uuid": "fa82e296-428e-43f5-9e7b-ef97bf10ba3f",
+ "uuid": "b64a5701-78bf-4b67-a1c5-e659d9fd14fd",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -27942,20 +30528,24 @@
]
},
{
- "uuid": "c2f2815f-789b-407c-8088-679179373ac6",
+ "uuid": "8ceea80a-7ad4-4e35-b873-4c6a7c9421b4",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "d6b1b7aa-7b32-4c2a-9187-6deaf33b74f8",
+ "uuid": "b6dfe4e5-679d-4212-94e7-f6c52f2f2ffe",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -27972,7 +30562,7 @@
]
},
{
- "uuid": "5d3d8c00-490c-4521-848a-e4f73e5c0b9e",
+ "uuid": "f45e9ec5-f16c-47e4-a85e-521a5fd4a14f",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -27985,20 +30575,24 @@
]
},
{
- "uuid": "1c4e592d-01d4-4be6-b9f6-7d1ede483a8e",
+ "uuid": "ccfffe67-3b23-4eea-897d-0304cc30e014",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "cccb0467-ca85-4b74-869e-adef238d3bff",
+ "uuid": "6b856023-76c6-4900-bf48-8587a6e558ad",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -28015,20 +30609,24 @@
]
},
{
- "uuid": "ad815dc7-b556-42d2-a2af-969bcf331fcf",
+ "uuid": "1a31f927-1d20-4e7e-8d56-c1b753822d4a",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "b333df64-a5e2-43a4-82ad-716d718126e7",
+ "uuid": "87752d4e-355e-4a8c-97e9-8a49d5ba37f5",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -28045,7 +30643,7 @@
]
},
{
- "uuid": "32275240-1697-4cae-b756-7eb8e3b8c682",
+ "uuid": "038d45f2-84ea-4786-b7b5-78f86313b5c8",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -28062,7 +30660,7 @@
]
},
{
- "uuid": "01b61c05-a7d9-40e0-876c-b094d3e3aee4",
+ "uuid": "65c22621-375a-4518-ac4c-a44971b40946",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -28074,7 +30672,7 @@
]
},
{
- "uuid": "77b3451f-2096-422c-bf3d-b980af0a6061",
+ "uuid": "ccca68f8-9f63-40a2-b93d-55c1c67158e9",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -28086,7 +30684,7 @@
]
},
{
- "uuid": "f7fb0675-ea03-4452-b0e8-28b470f23fe7",
+ "uuid": "e6aa4d1c-28e9-498d-b342-ce9369030246",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -28098,7 +30696,7 @@
]
},
{
- "uuid": "fc6611d3-a26f-4263-93e8-4d38108dd3c4",
+ "uuid": "f2fbc2a5-4102-4a3d-bd19-d28d4cdbba59",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -28110,7 +30708,7 @@
]
},
{
- "uuid": "d7bc0ae2-b9a7-4265-88ad-aee0ee31e1d3",
+ "uuid": "1db24228-6658-4127-acef-38efa54c26ad",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -28123,7 +30721,7 @@
]
},
{
- "uuid": "24a38f76-4834-470b-bc5e-069902a9b92e",
+ "uuid": "9002c716-3ae1-4519-8036-8b1937db8527",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -28136,7 +30734,7 @@
]
},
{
- "uuid": "47113761-912f-4a38-a24a-4f52a6e075d2",
+ "uuid": "2632ee14-8e7d-4ac7-a19e-515073dea1f5",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -28148,7 +30746,7 @@
]
},
{
- "uuid": "6b47bb98-f7bf-4f8d-a8cb-723d87ff9a8b",
+ "uuid": "bdc07a77-211e-46f8-8fbc-fa17518f7469",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -28161,7 +30759,7 @@
]
},
{
- "uuid": "8a22efe1-3b09-44a8-b3df-9daabd8f3b24",
+ "uuid": "2cd03433-cffe-46dc-bde1-47c8c6ef4147",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -28188,7 +30786,7 @@
]
},
{
- "uuid": "221918d7-22ab-49c4-90d4-66f8917a8bf3",
+ "uuid": "2b67aadc-eaaf-41fd-92d4-61e3bfdcda59",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -28215,7 +30813,7 @@
]
},
{
- "uuid": "8ab5e924-17a6-4802-8971-6e6ef6056065",
+ "uuid": "18cc0fa7-d1af-4a00-8b84-ddf91c22146d",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -28242,7 +30840,7 @@
]
},
{
- "uuid": "ae6110b6-3d5b-4a56-8522-d9106ce0bb48",
+ "uuid": "b2a75600-dd1b-477c-ae78-72cb825dd2b9",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -28269,7 +30867,7 @@
]
},
{
- "uuid": "dd9d0823-a3fb-4176-84f9-1ba481419729",
+ "uuid": "81c7009c-40dc-415d-8e1b-f2d4fbe3c4cd",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -28296,7 +30894,7 @@
]
},
{
- "uuid": "8bc13d08-b684-4b5c-85b8-3e37673327c4",
+ "uuid": "38aa9dc5-17fc-40ba-9908-cec90f55fec5",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -28323,7 +30921,7 @@
]
},
{
- "uuid": "8f299c2d-1f72-4d6f-8143-eb9c81cec4d5",
+ "uuid": "af33505f-de66-4dc2-b541-fe8a64780b91",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -28350,7 +30948,7 @@
]
},
{
- "uuid": "f90ac22b-2349-4098-989f-3515fd62e7d2",
+ "uuid": "6dd453fe-4ea9-41d1-b261-260b42cd096e",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -28377,7 +30975,7 @@
]
},
{
- "uuid": "481e58bb-5424-45f7-98de-4f2c82660881",
+ "uuid": "b2383e5e-7e04-4d16-ae8c-c6dbf6c19ed2",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -28404,7 +31002,7 @@
]
},
{
- "uuid": "876a41b9-7a51-47a7-8d23-b7c45438dbff",
+ "uuid": "0f5ada3c-6587-4542-9d49-1680a47a7a8d",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -28431,24 +31029,49 @@
]
},
{
- "uuid": "3bbdc20a-9a99-4a91-9aa5-0b277adce65d",
+ "uuid": "7bc37cc8-e1ac-4b31-afef-8b462f33f935",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "5c0b5785-76bd-4560-a727-fd70808e2e74",
+ "uuid": "a8acde92-de96-4746-9455-1a482678ecce",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -28470,29 +31093,29 @@
]
},
{
- "uuid": "b4ea627a-7acf-4f6f-8b8f-b7289afdc581",
+ "uuid": "5f901df3-bcc9-42d9-9f92-15dc486b23ce",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "675804f3-4241-420b-a7da-9168fc721052",
+ "uuid": "4a50fbfd-7421-4407-aefa-1fcd796c3569",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -28505,7 +31128,7 @@
]
},
{
- "uuid": "cb8abb67-a70d-43df-90b6-fa46eabd9a8f",
+ "uuid": "5604657c-cff9-429d-a1e1-d41adbb1b829",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -28522,7 +31145,7 @@
]
},
{
- "uuid": "64cf444a-7df9-4557-9133-8e3dbeaf78fe",
+ "uuid": "4b086a59-71d7-4dcb-aaf8-d38351b313f2",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -28539,7 +31162,7 @@
]
},
{
- "uuid": "448c5e9f-58fd-4178-adcf-90da654d66cf",
+ "uuid": "421e6aa8-a7e6-4694-be37-5d9e718e886f",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -28556,7 +31179,7 @@
]
},
{
- "uuid": "776c82d7-8086-4a17-859b-13dbadfc4a33",
+ "uuid": "2686f355-e992-4add-b64b-64c4785bead3",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -28573,7 +31196,7 @@
]
},
{
- "uuid": "9197c968-9391-46b0-a2f6-9207b0040a3a",
+ "uuid": "83b55545-16c7-4014-9297-44327a1dd7ce",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -28590,7 +31213,7 @@
]
},
{
- "uuid": "71cda807-0781-4db4-bb71-111dedfccf32",
+ "uuid": "250351a0-0432-40de-9f44-a247115db472",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -28607,7 +31230,7 @@
]
},
{
- "uuid": "0c2efcc7-13da-4b5f-9883-0cd33e6178d7",
+ "uuid": "009d4bca-68d8-4e9e-8670-e7a2fb917be0",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -28624,7 +31247,7 @@
]
},
{
- "uuid": "a8f7f911-e720-4818-bf64-d42bdd0b0d30",
+ "uuid": "c95f82ba-8670-4b47-9c0f-3a3ee905250c",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -28651,14 +31274,14 @@
]
},
{
- "uuid": "d7aead18-46ff-4cf8-a3cc-609cd9adaa20",
+ "uuid": "c25bcc69-8468-4654-b05f-409520b077f1",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -28673,22 +31296,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
diff --git a/component-definitions/fedora/fedora-cis_fedora-l2_workstation/component-definition.json b/component-definitions/fedora/fedora-cis_fedora-l2_workstation/component-definition.json
index 93a5f7f8..12a09cef 100644
--- a/component-definitions/fedora/fedora-cis_fedora-l2_workstation/component-definition.json
+++ b/component-definitions/fedora/fedora-cis_fedora-l2_workstation/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "5c3c7cf2-7b25-40ff-b6fe-74a80316f83a",
"metadata": {
"title": "Component definition for fedora",
- "last-modified": "2025-12-17T11:21:49.392170+00:00",
- "version": "1.8",
+ "last-modified": "2026-01-05T17:17:51.936769+00:00",
+ "version": "1.9",
"oscal-version": "1.1.3"
},
"components": [
@@ -119,121 +119,121 @@
{
"name": "Parameter_Id_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
+ "value": "Disable ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_5",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_8",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "value": "Disable ICMP Redirect Acceptance?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_10",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_11",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "value": "Disable IP source routing?",
"remarks": "rule_set_000"
},
{
@@ -245,13 +245,13 @@
{
"name": "Parameter_Id_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
+ "value": "Toggle IPv4 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -263,31 +263,31 @@
{
"name": "Parameter_Id_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_13",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_14",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "value": "Enables source route verification",
"remarks": "rule_set_000"
},
{
@@ -299,49 +299,49 @@
{
"name": "Parameter_Id_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "value": "Enable to prevent unnecessary logging",
"remarks": "rule_set_000"
},
{
@@ -353,13 +353,13 @@
{
"name": "Parameter_Id_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
"remarks": "rule_set_000"
},
{
@@ -371,31 +371,31 @@
{
"name": "Parameter_Id_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
+ "value": "Accept all router advertisements?",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_20",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
+ "value": "Toggle ICMP Redirect Acceptance",
"remarks": "rule_set_000"
},
{
@@ -407,13 +407,13 @@
{
"name": "Parameter_Id_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_21",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -425,13 +425,13 @@
{
"name": "Parameter_Id_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_22",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 Forwarding",
"remarks": "rule_set_000"
},
{
@@ -443,13 +443,13 @@
{
"name": "Parameter_Id_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_23",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
+ "value": "Accept default router advertisements by default?",
"remarks": "rule_set_000"
},
{
@@ -461,13 +461,13 @@
{
"name": "Parameter_Id_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
"remarks": "rule_set_000"
},
{
@@ -479,13 +479,13 @@
{
"name": "Parameter_Id_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_25",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
"remarks": "rule_set_000"
},
{
@@ -497,13 +497,13 @@
{
"name": "Parameter_Id_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_26",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "value": "Toggle IPv6 default Forwarding",
"remarks": "rule_set_000"
},
{
@@ -695,247 +695,247 @@
{
"name": "Parameter_Id_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_action_mail_acct",
+ "value": "var_auditd_admin_space_left_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for action_mail_acct in /etc/audit/auditd.conf",
+ "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_37",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'admin': 'admin', 'default': 'root', 'root': 'root'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_admin_space_left_action",
+ "value": "var_auditd_disk_error_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
+ "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_38",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_fedora': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_error_action",
+ "value": "var_auditd_disk_full_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_39",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_fedora': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_full_action",
+ "value": "var_auditd_max_log_file",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "value": "The setting for max_log_file in /etc/audit/auditd.conf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_40",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
+ "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file",
+ "value": "var_auditd_max_log_file_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file in /etc/audit/auditd.conf",
+ "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_41",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
+ "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file_action",
+ "value": "var_auditd_space_left_action",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
+ "value": "The setting for space_left_action in /etc/audit/auditd.conf",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_42",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_space_left_action",
+ "value": "var_multiple_time_servers",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for space_left_action in /etc/audit/auditd.conf",
+ "value": "The list of vendor-approved time servers",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_43",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_multiple_time_servers",
+ "value": "var_pam_wheel_group_for_su",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The list of vendor-approved time servers",
+ "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_44",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
+ "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_pam_wheel_group_for_su",
+ "value": "var_password_hashing_algorithm",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_45",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm",
+ "value": "var_password_hashing_algorithm_pam",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_46",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm_pam",
+ "value": "var_password_pam_dictcheck",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
+ "value": "Prevent the use of dictionary words for passwords.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_47",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
+ "value": "{1: 1, 'default': 1}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_dictcheck",
+ "value": "var_password_pam_difok",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent the use of dictionary words for passwords.",
+ "value": "Minimum number of characters not present in old password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_48",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 'default': 1}",
+ "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_difok",
+ "value": "var_password_pam_maxrepeat",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters not present in old password",
+ "value": "Maximum Number of Consecutive Repeating Characters in a Password",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_49",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Id_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_maxrepeat",
+ "value": "var_password_pam_maxsequence",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_50",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum Number of Consecutive Repeating Characters in a Password",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
"remarks": "rule_set_000"
},
{
@@ -1163,19 +1163,19 @@
{
"name": "Parameter_Id_63",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
+ "value": "var_sudo_timestamp_timeout",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Description_63",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
"remarks": "rule_set_000"
},
{
"name": "Parameter_Value_Alternatives_63",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
"remarks": "rule_set_000"
},
{
@@ -1595,4262 +1595,4958 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
+ "value": "file_permissions_boot_grub2",
"remarks": "rule_set_034"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
"remarks": "rule_set_034"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
+ "value": "file_owner_boot_grub2",
"remarks": "rule_set_035"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
+ "value": "All GRUB configuration files must be owned by root",
"remarks": "rule_set_035"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
+ "value": "file_groupowner_boot_grub2",
"remarks": "rule_set_036"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
+ "value": "All GRUB configuration files must be group-owned by root",
"remarks": "rule_set_036"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
+ "value": "disable_users_coredumps",
"remarks": "rule_set_037"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
+ "value": "Disable Core Dumps for All Users",
"remarks": "rule_set_037"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
+ "value": "sysctl_fs_protected_hardlinks",
"remarks": "rule_set_038"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
"remarks": "rule_set_038"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
+ "value": "sysctl_fs_protected_symlinks",
"remarks": "rule_set_039"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
"remarks": "rule_set_039"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
+ "value": "sysctl_fs_suid_dumpable",
"remarks": "rule_set_040"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
+ "value": "Disable Core Dumps for SUID programs",
"remarks": "rule_set_040"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
+ "value": "sysctl_kernel_dmesg_restrict",
"remarks": "rule_set_041"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
+ "value": "Restrict Access to Kernel Message Buffer",
"remarks": "rule_set_041"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
+ "value": "sysctl_kernel_kptr_restrict",
"remarks": "rule_set_042"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
"remarks": "rule_set_042"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
+ "value": "sysctl_kernel_yama_ptrace_scope",
"remarks": "rule_set_043"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "value": "Restrict usage of ptrace to descendant processes",
"remarks": "rule_set_043"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
+ "value": "sysctl_kernel_randomize_va_space",
"remarks": "rule_set_044"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
+ "value": "Enable Randomized Layout of Virtual Address Space",
"remarks": "rule_set_044"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
+ "value": "coredump_disable_backtraces",
"remarks": "rule_set_045"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
+ "value": "Disable core dump backtraces",
"remarks": "rule_set_045"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
+ "value": "coredump_disable_storage",
"remarks": "rule_set_046"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
+ "value": "Disable storing core dump",
"remarks": "rule_set_046"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
+ "value": "configure_custom_crypto_policy_cis",
"remarks": "rule_set_047"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
"remarks": "rule_set_047"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
+ "value": "banner_etc_motd_cis",
"remarks": "rule_set_048"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
+ "value": "Ensure Message Of The Day Is Configured Properly",
"remarks": "rule_set_048"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
+ "value": "banner_etc_issue_cis",
"remarks": "rule_set_049"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
"remarks": "rule_set_049"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
+ "value": "banner_etc_issue_net_cis",
"remarks": "rule_set_050"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
"remarks": "rule_set_050"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
+ "value": "file_groupowner_etc_motd",
"remarks": "rule_set_051"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
+ "value": "Verify Group Ownership of Message of the Day Banner",
"remarks": "rule_set_051"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
+ "value": "file_owner_etc_motd",
"remarks": "rule_set_052"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
+ "value": "Verify ownership of Message of the Day Banner",
"remarks": "rule_set_052"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
+ "value": "file_permissions_etc_motd",
"remarks": "rule_set_053"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
+ "value": "Verify permissions on Message of the Day Banner",
"remarks": "rule_set_053"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
+ "value": "file_groupowner_etc_issue",
"remarks": "rule_set_054"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
+ "value": "Verify Group Ownership of System Login Banner",
"remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
+ "value": "file_owner_etc_issue",
"remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
+ "value": "Verify ownership of System Login Banner",
"remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
+ "value": "file_permissions_etc_issue",
"remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "value": "Verify permissions on System Login Banner",
"remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
+ "value": "file_groupowner_etc_issue_net",
"remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
+ "value": "file_owner_etc_issue_net",
"remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
+ "value": "Verify ownership of System Login Banner for Remote Connections",
"remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
+ "value": "file_permissions_etc_issue_net",
"remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
+ "value": "Verify permissions on System Login Banner for Remote Connections",
"remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
+ "value": "dconf_gnome_banner_enabled",
"remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
+ "value": "Enable GNOME3 Login Warning Banner",
"remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
+ "value": "dconf_gnome_login_banner_text",
"remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
+ "value": "Set the GNOME3 Login Warning Banner Text",
"remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
+ "value": "dconf_gnome_disable_user_list",
"remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
+ "value": "Disable the GNOME3 Login User List",
"remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
+ "value": "dconf_gnome_screensaver_idle_delay",
"remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
"remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
+ "value": "dconf_gnome_screensaver_lock_delay",
"remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
"remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
+ "value": "dconf_gnome_session_idle_user_locks",
"remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
"remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
+ "value": "dconf_gnome_screensaver_user_locks",
"remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
"remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
+ "value": "dconf_gnome_disable_autorun",
"remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
+ "value": "Disable GNOME3 Automount running",
"remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
+ "value": "package_kea_removed",
"remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
+ "value": "Uninstall kea Package",
"remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
+ "value": "package_bind_removed",
"remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
+ "value": "Uninstall bind Package",
"remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
+ "value": "package_dnsmasq_removed",
"remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
+ "value": "Uninstall dnsmasq Package",
"remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
+ "value": "package_vsftpd_removed",
"remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
+ "value": "Uninstall vsftpd Package",
"remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
+ "value": "package_dovecot_removed",
"remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
+ "value": "Uninstall dovecot Package",
"remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
+ "value": "package_cyrus-imapd_removed",
"remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
+ "value": "Uninstall cyrus-imapd Package",
"remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
+ "value": "service_nfs_disabled",
"remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
+ "value": "Disable Network File System (nfs)",
"remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
+ "value": "service_rpcbind_disabled",
"remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
+ "value": "Disable rpcbind Service",
"remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
+ "value": "package_rsync_removed",
"remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "value": "Uninstall rsync Package",
"remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
+ "value": "package_samba_removed",
"remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
+ "value": "Uninstall Samba Package",
"remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
+ "value": "package_net-snmp_removed",
"remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
+ "value": "Uninstall net-snmp Package",
"remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
+ "value": "package_telnet-server_removed",
"remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
+ "value": "Uninstall telnet-server Package",
"remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
+ "value": "package_tftp-server_removed",
"remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
+ "value": "Uninstall tftp-server Package",
"remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
+ "value": "package_squid_removed",
"remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
+ "value": "Uninstall squid Package",
"remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
+ "value": "package_httpd_removed",
"remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
+ "value": "Uninstall httpd Package",
"remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
+ "value": "package_nginx_removed",
"remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
+ "value": "Uninstall nginx Package",
"remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
+ "value": "postfix_network_listening_disabled",
"remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
+ "value": "Disable Postfix Network Listening",
"remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
+ "value": "has_nonlocal_mta",
"remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
"remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
+ "value": "package_ftp_removed",
"remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
+ "value": "Remove ftp Package",
"remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
+ "value": "package_telnet_removed",
"remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
+ "value": "Remove telnet Clients",
"remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
+ "value": "package_tftp_removed",
"remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
+ "value": "Remove tftp Daemon",
"remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
+ "value": "chronyd_specify_remote_server",
"remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
+ "value": "A remote time server for Chrony is configured",
"remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
+ "value": "chronyd_run_as_chrony_user",
"remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
+ "value": "Ensure that chronyd is running under chrony user account",
"remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
+ "value": "package_cron_installed",
"remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
+ "value": "Install the cron service",
"remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
+ "value": "service_crond_enabled",
"remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
+ "value": "Enable cron Service",
"remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
+ "value": "file_groupowner_crontab",
"remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
+ "value": "Verify Group Who Owns Crontab",
"remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
+ "value": "file_owner_crontab",
"remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
+ "value": "Verify Owner on crontab",
"remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
+ "value": "file_permissions_crontab",
"remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
+ "value": "Verify Permissions on crontab",
"remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
+ "value": "file_groupowner_cron_hourly",
"remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
+ "value": "Verify Group Who Owns cron.hourly",
"remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
+ "value": "file_owner_cron_hourly",
"remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
+ "value": "Verify Owner on cron.hourly",
"remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
+ "value": "file_permissions_cron_hourly",
"remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
+ "value": "Verify Permissions on cron.hourly",
"remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
+ "value": "file_groupowner_cron_daily",
"remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
+ "value": "Verify Group Who Owns cron.daily",
"remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
+ "value": "file_owner_cron_daily",
"remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
+ "value": "Verify Owner on cron.daily",
"remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
+ "value": "file_permissions_cron_daily",
"remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
+ "value": "Verify Permissions on cron.daily",
"remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
+ "value": "file_groupowner_cron_weekly",
"remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
+ "value": "Verify Group Who Owns cron.weekly",
"remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
+ "value": "file_owner_cron_weekly",
"remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
+ "value": "Verify Owner on cron.weekly",
"remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
+ "value": "file_permissions_cron_weekly",
"remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
+ "value": "Verify Permissions on cron.weekly",
"remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
+ "value": "file_groupowner_cron_monthly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
+ "value": "Verify Group Who Owns cron.monthly",
"remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
+ "value": "file_owner_cron_monthly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
+ "value": "Verify Owner on cron.monthly",
"remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
+ "value": "file_permissions_cron_monthly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
+ "value": "Verify Permissions on cron.monthly",
"remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
+ "value": "file_groupowner_cron_yearly",
"remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
+ "value": "Verify Group Who Owns cron.yearly",
"remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
+ "value": "file_owner_cron_yearly",
"remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
+ "value": "Verify Owner on cron.yearly",
"remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
+ "value": "file_permissions_cron_yearly",
"remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
+ "value": "Verify Permissions on cron.yearly",
"remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
+ "value": "file_groupowner_cron_d",
"remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
+ "value": "Verify Group Who Owns cron.d",
"remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
+ "value": "file_owner_cron_d",
"remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "value": "Verify Owner on cron.d",
"remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "value": "file_permissions_cron_d",
"remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "value": "Verify Permissions on cron.d",
"remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "value": "file_cron_deny_not_exist",
"remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "value": "Ensure that /etc/cron.deny does not exist",
"remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "value": "file_cron_allow_exists",
"remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "value": "Ensure that /etc/cron.allow exists",
"remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "value": "file_groupowner_cron_allow",
"remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/cron.allow file",
"remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "value": "file_owner_cron_allow",
"remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "value": "Verify User Who Owns /etc/cron.allow file",
"remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "value": "file_permissions_cron_allow",
"remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/cron.allow file",
"remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "value": "file_at_deny_not_exist",
"remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "value": "Ensure that /etc/at.deny does not exist",
"remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "value": "file_at_allow_exists",
"remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "value": "Ensure that /etc/at.allow exists",
"remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "value": "file_groupowner_at_allow",
"remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "value": "Verify Group Who Owns /etc/at.allow file",
"remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "value": "file_owner_at_allow",
"remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "value": "Verify User Who Owns /etc/at.allow file",
"remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "value": "file_permissions_at_allow",
"remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "value": "Verify Permissions on /etc/at.allow file",
"remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "value": "kernel_module_atm_disabled",
"remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "value": "Disable ATM Support",
"remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "value": "kernel_module_can_disabled",
"remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "value": "Disable CAN Support",
"remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "value": "kernel_module_dccp_disabled",
"remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "value": "Disable DCCP Support",
"remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
+ "value": "kernel_module_tipc_disabled",
"remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "value": "Disable TIPC Support",
"remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "value": "kernel_module_rds_disabled",
"remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "value": "Disable RDS Support",
"remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "value": "sysctl_net_ipv4_ip_forward",
"remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
"remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
"remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
"remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
"remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
"remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
"remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
"remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
"remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
"remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
"remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
"remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
"remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
"remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
"remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
"remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
"remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
"remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
"remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
"remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
"remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
"remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
"remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
"remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
"remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
"remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
"remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
"remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
"remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
"remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
"remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
"remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
"remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
+ "value": "sysctl_net_ipv4_tcp_syncookies",
"remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
"remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
"remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
"remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
"remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
"remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
"remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
"remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
"remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
"remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
"remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
"remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
"remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
"remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
"remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
"remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
"remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
"remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
+ "value": "package_nftables_installed",
"remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
+ "value": "Install nftables Package",
"remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
+ "value": "service_firewalld_enabled",
"remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
+ "value": "Verify firewalld Enabled",
"remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
+ "value": "package_firewalld_installed",
"remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
+ "value": "Install firewalld Package",
"remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
+ "value": "service_nftables_disabled",
"remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
+ "value": "Verify nftables Service is Disabled",
"remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
+ "value": "firewalld_loopback_traffic_trusted",
"remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
+ "value": "Configure Firewalld to Trust Loopback Traffic",
"remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
+ "value": "firewalld_loopback_traffic_restricted",
"remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
"remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
+ "value": "file_groupowner_sshd_config",
"remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
+ "value": "Verify Group Who Owns SSH Server config file",
"remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
+ "value": "file_owner_sshd_config",
"remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
+ "value": "Verify Owner on SSH Server config file",
"remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
+ "value": "file_permissions_sshd_config",
"remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
+ "value": "Verify Permissions on SSH Server config file",
"remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
+ "value": "directory_permissions_sshd_config_d",
"remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
+ "value": "file_permissions_sshd_drop_in_config",
"remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
+ "value": "Verify Permissions on SSH Server Config File",
"remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
+ "value": "directory_groupowner_sshd_config_d",
"remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
+ "value": "directory_owner_sshd_config_d",
"remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
+ "value": "file_groupowner_sshd_drop_in_config",
"remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
"remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
+ "value": "file_owner_sshd_drop_in_config",
"remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "value": "Verify Owner on SSH Server Configuration Files",
"remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
+ "value": "file_permissions_sshd_private_key",
"remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
"remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
+ "value": "file_ownership_sshd_private_key",
"remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
+ "value": "file_groupownership_sshd_private_key",
"remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
"remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
+ "value": "file_permissions_sshd_pub_key",
"remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
"remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
+ "value": "file_ownership_sshd_pub_key",
"remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
+ "value": "file_groupownership_sshd_pub_key",
"remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
"remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
+ "value": "sshd_limit_user_access",
"remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "value": "Limit Users' SSH Access",
"remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
+ "value": "sshd_enable_warning_banner_net",
"remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "value": "Enable SSH Warning Banner",
"remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
+ "value": "sshd_set_idle_timeout",
"remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
+ "value": "Set SSH Client Alive Interval",
"remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
+ "value": "sshd_set_keepalive",
"remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
+ "value": "Set SSH Client Alive Count Max",
"remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
+ "value": "sshd_disable_forwarding",
"remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "value": "Disable SSH Forwarding",
"remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
+ "value": "sshd_disable_gssapi_auth",
"remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "value": "Disable GSSAPI Authentication",
"remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
+ "value": "disable_host_auth",
"remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "value": "Disable Host-Based Authentication",
"remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
+ "value": "sshd_disable_rhosts",
"remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
+ "value": "Disable SSH Support for .rhosts Files",
"remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
+ "value": "sshd_set_login_grace_time",
"remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "value": "Ensure SSH LoginGraceTime is configured",
"remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
+ "value": "sshd_set_loglevel_verbose",
"remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
"remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "value": "sshd_set_max_auth_tries",
"remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
+ "value": "Set SSH authentication attempt limit",
"remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "value": "sshd_set_maxstartups",
"remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
+ "value": "Ensure SSH MaxStartups is configured",
"remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
+ "value": "sshd_set_max_sessions",
"remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
+ "value": "Set SSH MaxSessions limit",
"remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
+ "value": "sshd_disable_empty_passwords",
"remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "value": "Disable SSH Access via Empty Passwords",
"remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
+ "value": "sshd_disable_root_login",
"remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "value": "Disable SSH Root Login",
"remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
+ "value": "sshd_do_not_permit_user_env",
"remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
+ "value": "Do Not Allow SSH Environment Options",
"remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
+ "value": "sshd_enable_pam",
"remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
+ "value": "Enable PAM",
"remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
+ "value": "package_sudo_installed",
"remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
+ "value": "Install sudo Package",
"remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
+ "value": "sudo_add_use_pty",
"remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
"remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
+ "value": "sudo_custom_logfile",
"remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
"remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
+ "value": "sudo_remove_no_authenticate",
"remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
"remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
+ "value": "sudo_require_reauthentication",
"remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
+ "value": "Require Re-Authentication When Using the sudo Command",
"remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
+ "value": "use_pam_wheel_group_for_su",
"remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
"remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
+ "value": "ensure_pam_wheel_group_empty",
"remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
"remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
+ "value": "package_pam_pwquality_installed",
"remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
+ "value": "Install pam_pwquality Package",
"remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
+ "value": "account_password_pam_faillock_password_auth",
"remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
"remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
+ "value": "account_password_pam_faillock_system_auth",
"remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
"remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
+ "value": "accounts_password_pam_pwquality_password_auth",
"remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
"remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
+ "value": "accounts_password_pam_pwquality_system_auth",
"remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
"remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
+ "value": "accounts_password_pam_unix_enabled",
"remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
+ "value": "Verify pam_unix module is activated",
"remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
+ "value": "accounts_passwords_pam_faillock_deny",
"remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "value": "Lock Accounts After Failed Password Attempts",
"remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
+ "value": "accounts_passwords_pam_faillock_unlock_time",
"remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
+ "value": "Set Lockout Time for Failed Password Attempts",
"remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
+ "value": "accounts_password_pam_difok",
"remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
"remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
+ "value": "accounts_password_pam_minlen",
"remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
"remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
+ "value": "accounts_password_pam_minclass",
"remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
"remarks": "rule_set_210"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
+ "value": "accounts_password_pam_maxrepeat",
"remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
+ "value": "Set Password Maximum Consecutive Repeating Characters",
"remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
+ "value": "accounts_password_pam_maxsequence",
"remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
+ "value": "Limit the maximum number of sequential characters in passwords",
"remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
+ "value": "accounts_password_pam_dictcheck",
"remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
"remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
+ "value": "accounts_password_pam_enforce_root",
"remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
"remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
"remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
+ "value": "Limit Password Reuse: password-auth",
"remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
"remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
+ "value": "Limit Password Reuse: system-auth",
"remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
+ "value": "accounts_password_pam_pwhistory_use_authtok",
"remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
+ "value": "Enforce Password History with use_authtok",
"remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
+ "value": "no_empty_passwords",
"remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
+ "value": "Prevent Login to Accounts With Empty Password",
"remarks": "rule_set_218"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
+ "value": "accounts_password_pam_unix_no_remember",
"remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
+ "value": "Avoid using remember in pam_unix module",
"remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
+ "value": "set_password_hashing_algorithm_systemauth",
"remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
"remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
+ "value": "set_password_hashing_algorithm_passwordauth",
"remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
"remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
+ "value": "accounts_password_pam_unix_authtok",
"remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
+ "value": "Require use_authtok for pam_unix.so",
"remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
+ "value": "accounts_maximum_age_login_defs",
"remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
+ "value": "Set Password Maximum Age",
"remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
+ "value": "accounts_password_set_max_life_existing",
"remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
+ "value": "Set Existing Passwords Maximum Age",
"remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
+ "value": "accounts_password_warn_age_login_defs",
"remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
+ "value": "Set Password Warning Age",
"remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
+ "value": "accounts_password_set_warn_age_existing",
"remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
+ "value": "Set Existing Passwords Warning Age",
"remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
+ "value": "set_password_hashing_algorithm_logindefs",
"remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
"remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
+ "value": "account_disable_post_pw_expiration",
"remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
+ "value": "Set Account Expiration Following Inactivity",
"remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
+ "value": "accounts_set_post_pw_existing",
"remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
+ "value": "Set existing passwords a period of inactivity before they been locked",
"remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
+ "value": "accounts_password_last_change_is_in_past",
"remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
+ "value": "Ensure all users last password change date is in the past",
"remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
+ "value": "accounts_no_uid_except_zero",
"remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
+ "value": "Verify Only Root Has UID 0",
"remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
+ "value": "accounts_root_gid_zero",
"remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
+ "value": "Verify Root Has A Primary GID 0",
"remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
+ "value": "groups_no_zero_gid_except_root",
"remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
+ "value": "Verify Only Group Root Has GID 0",
"remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
+ "value": "ensure_root_password_configured",
"remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
+ "value": "Ensure Authentication Required for Single User Mode",
"remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
+ "value": "accounts_root_path_dirs_no_write",
"remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
"remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
+ "value": "root_path_no_dot",
"remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
"remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
+ "value": "accounts_umask_root",
"remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
+ "value": "Ensure the Root Bash Umask is Set Correctly",
"remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
+ "value": "no_password_auth_for_systemaccounts",
"remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Are Locked",
"remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
+ "value": "no_shelllogin_for_systemaccounts",
"remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
"remarks": "rule_set_239"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
+ "value": "no_invalid_shell_accounts_unlocked",
"remarks": "rule_set_240"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
+ "value": "Verify Non-Interactive Accounts Are Locked",
"remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
+ "value": "accounts_tmout",
"remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
+ "value": "Set Interactive Session Timeout",
"remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
+ "value": "accounts_umask_etc_bashrc",
"remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
+ "value": "Ensure the Default Bash Umask is Set Correctly",
"remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
+ "value": "accounts_umask_etc_login_defs",
"remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
"remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
+ "value": "accounts_umask_etc_profile",
"remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
"remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
+ "value": "package_aide_installed",
"remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
+ "value": "Install AIDE",
"remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
+ "value": "aide_build_database",
"remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
+ "value": "Build and Test AIDE Database",
"remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
+ "value": "aide_periodic_cron_checking",
"remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
+ "value": "Configure Periodic Execution of AIDE",
"remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
+ "value": "aide_check_audit_tools",
"remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
+ "value": "Configure AIDE to Verify the Audit Tools",
"remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
+ "value": "service_systemd-journald_enabled",
"remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
+ "value": "Enable systemd-journald Service",
"remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
+ "value": "ensure_journald_and_rsyslog_not_active_together",
"remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
+ "value": "Ensure journald and rsyslog Are Not Active Together",
"remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
+ "value": "package_systemd-journal-remote_installed",
"remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
+ "value": "Install systemd-journal-remote Package",
"remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
+ "value": "service_systemd-journal-upload_enabled",
"remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "value": "Enable systemd-journal-upload Service",
"remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
+ "value": "socket_systemd-journal-remote_disabled",
"remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
+ "value": "Disable systemd-journal-remote Socket",
"remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
+ "value": "journald_disable_forward_to_syslog",
"remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
+ "value": "Ensure journald ForwardToSyslog is disabled",
"remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
+ "value": "journald_compress",
"remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
+ "value": "Ensure journald is configured to compress large log files",
"remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
+ "value": "journald_storage",
"remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "value": "Ensure journald is configured to write log files to persistent disk",
"remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
+ "value": "rsyslog_files_groupownership",
"remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
"remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
+ "value": "rsyslog_files_ownership",
"remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "value": "Ensure Log Files Are Owned By Appropriate User",
"remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
+ "value": "rsyslog_files_permissions",
"remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
+ "value": "Ensure System Log Files Have Correct Permissions",
"remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
+ "value": "file_groupowner_etc_passwd",
"remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
+ "value": "Verify Group Who Owns passwd File",
"remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
+ "value": "file_owner_etc_passwd",
"remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
+ "value": "Verify User Who Owns passwd File",
"remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
+ "value": "file_permissions_etc_passwd",
"remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
+ "value": "Verify Permissions on passwd File",
"remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
+ "value": "file_groupowner_backup_etc_passwd",
"remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "value": "Verify Group Who Owns Backup passwd File",
"remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
+ "value": "file_owner_backup_etc_passwd",
"remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "value": "Verify User Who Owns Backup passwd File",
"remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
+ "value": "file_permissions_backup_etc_passwd",
"remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "value": "Verify Permissions on Backup passwd File",
"remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
+ "value": "file_groupowner_etc_group",
"remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
+ "value": "Verify Group Who Owns group File",
"remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
+ "value": "file_owner_etc_group",
"remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
+ "value": "Verify User Who Owns group File",
"remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
+ "value": "file_permissions_etc_group",
"remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "value": "Verify Permissions on group File",
"remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
+ "value": "file_groupowner_backup_etc_group",
"remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
+ "value": "Verify Group Who Owns Backup group File",
"remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
+ "value": "file_owner_backup_etc_group",
"remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
+ "value": "Verify User Who Owns Backup group File",
"remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_overlayfs_disabled",
+ "value": "file_permissions_backup_etc_group",
"remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure overlayfs kernel module is not available",
+ "value": "Verify Permissions on Backup group File",
"remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_squashfs_disabled",
+ "value": "file_owner_etc_shadow",
"remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of squashfs",
+ "value": "Verify User Who Owns shadow File",
"remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_udf_disabled",
+ "value": "file_groupowner_etc_shadow",
"remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of udf",
+ "value": "Verify Group Who Owns shadow File",
"remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
+ "value": "file_permissions_etc_shadow",
"remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
+ "value": "Verify Permissions on shadow File",
"remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
+ "value": "file_groupowner_backup_etc_shadow",
"remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
+ "value": "Verify User Who Owns Backup shadow File",
"remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_home",
+ "value": "file_owner_backup_etc_shadow",
"remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /home Located On Separate Partition",
+ "value": "Verify Group Who Owns Backup shadow File",
"remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var",
+ "value": "file_permissions_backup_etc_shadow",
"remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var Located On Separate Partition",
+ "value": "Verify Permissions on Backup shadow File",
"remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_tmp",
+ "value": "file_groupowner_etc_gshadow",
"remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/tmp Located On Separate Partition",
+ "value": "Verify Group Who Owns gshadow File",
"remarks": "rule_set_278"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log",
+ "value": "file_owner_etc_gshadow",
"remarks": "rule_set_279"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log Located On Separate Partition",
+ "value": "Verify User Who Owns gshadow File",
"remarks": "rule_set_279"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log_audit",
+ "value": "file_permissions_etc_gshadow",
"remarks": "rule_set_280"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log/audit Located On Separate Partition",
+ "value": "Verify Permissions on gshadow File",
"remarks": "rule_set_280"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_state",
+ "value": "file_groupowner_backup_etc_gshadow",
"remarks": "rule_set_281"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux State is Enforcing",
+ "value": "Verify Group Who Owns Backup gshadow File",
"remarks": "rule_set_281"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
+ "value": "file_owner_backup_etc_gshadow",
"remarks": "rule_set_282"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
+ "value": "Verify User Who Owns Backup gshadow File",
"remarks": "rule_set_282"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
+ "value": "file_permissions_backup_etc_gshadow",
"remarks": "rule_set_283"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
+ "value": "Verify Permissions on Backup gshadow File",
"remarks": "rule_set_283"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
+ "value": "file_groupowner_etc_shells",
"remarks": "rule_set_284"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
+ "value": "Verify Group Who Owns /etc/shells File",
"remarks": "rule_set_284"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
+ "value": "file_owner_etc_shells",
"remarks": "rule_set_285"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
+ "value": "Verify Who Owns /etc/shells File",
"remarks": "rule_set_285"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_openldap-clients_removed",
+ "value": "file_permissions_etc_shells",
"remarks": "rule_set_286"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure LDAP client is not installed",
+ "value": "Verify Permissions on /etc/shells File",
"remarks": "rule_set_286"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
+ "value": "file_groupowner_etc_security_opasswd",
"remarks": "rule_set_287"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
"remarks": "rule_set_287"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_sctp_disabled",
+ "value": "file_owner_etc_security_opasswd",
"remarks": "rule_set_288"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SCTP Support",
+ "value": "Verify User Who Owns /etc/security/opasswd File",
"remarks": "rule_set_288"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny_root",
+ "value": "file_permissions_etc_security_opasswd",
"remarks": "rule_set_289"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the root Account for Failed Password Attempts",
+ "value": "Verify Permissions on /etc/security/opasswd File",
"remarks": "rule_set_289"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_minimum_age_login_defs",
+ "value": "file_groupowner_etc_security_opasswd_old",
"remarks": "rule_set_290"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Minimum Age",
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
"remarks": "rule_set_290"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_min_life_existing",
+ "value": "file_owner_etc_security_opasswd_old",
"remarks": "rule_set_291"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Minimum Age",
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
"remarks": "rule_set_291"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit_installed",
+ "value": "file_permissions_etc_security_opasswd_old",
"remarks": "rule_set_292"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit Subsystem is Installed",
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
"remarks": "rule_set_292"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit-libs_installed",
+ "value": "file_permissions_unauthorized_world_writable",
"remarks": "rule_set_293"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
+ "value": "Ensure No World-Writable Files Exist",
"remarks": "rule_set_293"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_argument",
+ "value": "dir_perms_world_writable_sticky_bits",
"remarks": "rule_set_294"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
"remarks": "rule_set_294"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_backlog_limit_argument",
+ "value": "no_files_or_dirs_unowned_by_user",
"remarks": "rule_set_295"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Extend Audit Backlog Limit for the Audit Daemon",
+ "value": "Ensure All Files And Directories Are Owned by a User",
"remarks": "rule_set_295"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_auditd_enabled",
+ "value": "no_files_or_dirs_ungroupowned",
"remarks": "rule_set_296"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable auditd Service",
+ "value": "Ensure All Files And Directories Are Owned by a Group",
"remarks": "rule_set_296"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file",
+ "value": "accounts_password_all_shadowed",
"remarks": "rule_set_297"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Max Log File Size",
+ "value": "Verify All Account Password Hashes are Shadowed",
"remarks": "rule_set_297"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file_action",
+ "value": "no_empty_passwords_etc_shadow",
"remarks": "rule_set_298"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
"remarks": "rule_set_298"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_error_action",
+ "value": "gid_passwd_group_same",
"remarks": "rule_set_299"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Error Action on Disk Error",
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
"remarks": "rule_set_299"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_full_action",
+ "value": "account_unique_id",
"remarks": "rule_set_300"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Full Action when Disk Space Is Full",
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
"remarks": "rule_set_300"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct",
+ "value": "group_unique_id",
"remarks": "rule_set_301"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd mail_acct Action on Low Disk Space",
+ "value": "Ensure All Groups on the System Have Unique Group ID",
"remarks": "rule_set_301"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_admin_space_left_action",
+ "value": "account_unique_name",
"remarks": "rule_set_302"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd admin_space_left Action on Low Disk Space",
+ "value": "Ensure All Accounts on the System Have Unique Names",
"remarks": "rule_set_302"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_space_left_action",
+ "value": "group_unique_name",
"remarks": "rule_set_303"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd space_left Action on Low Disk Space",
+ "value": "Ensure All Groups on the System Have Unique Group Names",
"remarks": "rule_set_303"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_sysadmin_actions",
+ "value": "accounts_user_interactive_home_directory_exists",
"remarks": "rule_set_304"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects System Administrator Actions",
+ "value": "All Interactive Users Home Directories Must Exist",
"remarks": "rule_set_304"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_suid_auid_privilege_function",
+ "value": "file_ownership_home_directories",
"remarks": "rule_set_305"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events When Executables Are Run As Another User",
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
"remarks": "rule_set_305"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_sudo_log_events",
+ "value": "file_permissions_home_directories",
"remarks": "rule_set_306"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to perform maintenance activities",
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
"remarks": "rule_set_306"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_adjtimex",
+ "value": "accounts_user_dot_group_ownership",
"remarks": "rule_set_307"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through adjtimex",
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
"remarks": "rule_set_307"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_settimeofday",
+ "value": "accounts_user_dot_user_ownership",
"remarks": "rule_set_308"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through settimeofday",
+ "value": "User Initialization Files Must Be Owned By the Primary User",
"remarks": "rule_set_308"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_clock_settime",
+ "value": "file_permission_user_init_files",
"remarks": "rule_set_309"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Time Through clock_settime",
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
"remarks": "rule_set_309"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_watch_localtime",
+ "value": "no_forward_files",
"remarks": "rule_set_310"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter the localtime File",
+ "value": "Verify No .forward Files Exist",
"remarks": "rule_set_310"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification",
+ "value": "no_netrc_files",
"remarks": "rule_set_311"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment",
+ "value": "Verify No netrc Files Exist",
"remarks": "rule_set_311"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts",
+ "value": "no_rhost_files",
"remarks": "rule_set_312"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts",
+ "value": "Verify No .rhost Files Exist",
"remarks": "rule_set_312"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_privileged_commands",
+ "value": "file_permission_user_bash_history",
"remarks": "rule_set_313"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on the Use of Privileged Commands",
+ "value": "Ensure User Bash History File Has Correct Permissions",
"remarks": "rule_set_313"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_creat",
+ "value": "kernel_module_overlayfs_disabled",
"remarks": "rule_set_314"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - creat",
+ "value": "Ensure overlayfs kernel module is not available",
"remarks": "rule_set_314"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_ftruncate",
+ "value": "kernel_module_squashfs_disabled",
"remarks": "rule_set_315"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - ftruncate",
+ "value": "Disable Mounting of squashfs",
"remarks": "rule_set_315"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_open",
+ "value": "kernel_module_udf_disabled",
"remarks": "rule_set_316"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - open",
+ "value": "Disable Mounting of udf",
"remarks": "rule_set_316"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_openat",
+ "value": "kernel_module_firewire-core_disabled",
"remarks": "rule_set_317"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - openat",
+ "value": "Disable IEEE 1394 (FireWire) Support",
"remarks": "rule_set_317"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_unsuccessful_file_modification_truncate",
+ "value": "kernel_module_usb-storage_disabled",
"remarks": "rule_set_318"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Unsuccessful Access Attempts to Files - truncate",
+ "value": "Disable Modprobe Loading of USB Storage Driver",
"remarks": "rule_set_318"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_group",
+ "value": "partition_for_home",
"remarks": "rule_set_319"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/group",
+ "value": "Ensure /home Located On Separate Partition",
"remarks": "rule_set_319"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_passwd",
+ "value": "partition_for_var",
"remarks": "rule_set_320"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/passwd",
+ "value": "Ensure /var Located On Separate Partition",
"remarks": "rule_set_320"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_gshadow",
+ "value": "partition_for_var_tmp",
"remarks": "rule_set_321"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/gshadow",
+ "value": "Ensure /var/tmp Located On Separate Partition",
"remarks": "rule_set_321"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_shadow",
+ "value": "partition_for_var_log",
"remarks": "rule_set_322"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/shadow",
+ "value": "Ensure /var/log Located On Separate Partition",
"remarks": "rule_set_322"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_usergroup_modification_opasswd",
+ "value": "partition_for_var_log_audit",
"remarks": "rule_set_323"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
+ "value": "Ensure /var/log/audit Located On Separate Partition",
"remarks": "rule_set_323"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_chmod",
+ "value": "disable_weak_deps",
"remarks": "rule_set_324"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
+ "value": "Disable Installation of Weak Dependencies in DNF",
"remarks": "rule_set_324"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_chown",
+ "value": "selinux_state",
"remarks": "rule_set_325"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - chown",
+ "value": "Ensure SELinux State is Enforcing",
"remarks": "rule_set_325"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchmod",
+ "value": "dconf_gnome_disable_automount",
"remarks": "rule_set_326"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
+ "value": "Disable GNOME3 Automounting",
"remarks": "rule_set_326"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchmodat",
+ "value": "dconf_gnome_disable_automount_open",
"remarks": "rule_set_327"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
+ "value": "Disable GNOME3 Automount Opening",
"remarks": "rule_set_327"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchmodat2",
+ "value": "xwayland_disabled",
"remarks": "rule_set_328"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
+ "value": "Disable XWayland",
"remarks": "rule_set_328"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchown",
+ "value": "service_autofs_disabled",
"remarks": "rule_set_329"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
+ "value": "Disable the Automounter",
"remarks": "rule_set_329"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fchownat",
+ "value": "service_avahi-daemon_disabled",
"remarks": "rule_set_330"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
+ "value": "Disable Avahi Server Software",
"remarks": "rule_set_330"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fremovexattr",
+ "value": "service_cockpit_disabled",
"remarks": "rule_set_331"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
+ "value": "Disable Cockpit Management Server",
"remarks": "rule_set_331"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_fsetxattr",
+ "value": "package_openldap-clients_removed",
"remarks": "rule_set_332"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
+ "value": "Ensure LDAP client is not installed",
"remarks": "rule_set_332"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_lchown",
+ "value": "service_bluetooth_disabled",
"remarks": "rule_set_333"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
+ "value": "Disable Bluetooth Service",
"remarks": "rule_set_333"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_lremovexattr",
+ "value": "kernel_module_sctp_disabled",
"remarks": "rule_set_334"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
+ "value": "Disable SCTP Support",
"remarks": "rule_set_334"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_lsetxattr",
+ "value": "sudo_remove_nopasswd",
"remarks": "rule_set_335"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD",
"remarks": "rule_set_335"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_removexattr",
+ "value": "accounts_passwords_pam_faillock_deny_root",
"remarks": "rule_set_336"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
+ "value": "Configure the root Account for Failed Password Attempts",
"remarks": "rule_set_336"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_dac_modification_setxattr",
+ "value": "accounts_minimum_age_login_defs",
"remarks": "rule_set_337"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
+ "value": "Set Password Minimum Age",
"remarks": "rule_set_337"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_media_export",
+ "value": "accounts_password_set_min_life_existing",
"remarks": "rule_set_338"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Exporting to Media (successful)",
+ "value": "Set Existing Passwords Minimum Age",
"remarks": "rule_set_338"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_session_events_utmp",
+ "value": "no_nologin_in_shells",
"remarks": "rule_set_339"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Process and Session Initiation Information utmp",
+ "value": "Ensure nologin Shell is Not Listed in /etc/shells",
"remarks": "rule_set_339"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_session_events_btmp",
+ "value": "package_audit_installed",
"remarks": "rule_set_340"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Process and Session Initiation Information btmp",
+ "value": "Ensure the audit Subsystem is Installed",
"remarks": "rule_set_340"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_session_events_wtmp",
+ "value": "package_audit-libs_installed",
"remarks": "rule_set_341"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
+ "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
"remarks": "rule_set_341"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_login_events_faillock",
+ "value": "grub2_audit_argument",
"remarks": "rule_set_342"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Logon and Logout Events - faillock",
+ "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
"remarks": "rule_set_342"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_login_events_lastlog",
+ "value": "grub2_audit_backlog_limit_argument",
"remarks": "rule_set_343"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Logon and Logout Events - lastlog",
+ "value": "Extend Audit Backlog Limit for the Audit Daemon",
"remarks": "rule_set_343"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_rename",
+ "value": "service_auditd_enabled",
"remarks": "rule_set_344"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - rename",
+ "value": "Enable auditd Service",
"remarks": "rule_set_344"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_renameat",
+ "value": "auditd_data_retention_max_log_file",
"remarks": "rule_set_345"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - renameat",
+ "value": "Configure auditd Max Log File Size",
"remarks": "rule_set_345"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_renameat2",
+ "value": "auditd_data_retention_max_log_file_action",
"remarks": "rule_set_346"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - renameat2",
+ "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
"remarks": "rule_set_346"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_unlink",
+ "value": "auditd_data_disk_error_action",
"remarks": "rule_set_347"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - unlink",
+ "value": "Configure auditd Disk Error Action on Disk Error",
"remarks": "rule_set_347"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_file_deletion_events_unlinkat",
+ "value": "auditd_data_disk_full_action",
"remarks": "rule_set_348"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
+ "value": "Configure auditd Disk Full Action when Disk Space Is Full",
"remarks": "rule_set_348"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_mac_modification_etc_selinux",
+ "value": "auditd_data_retention_admin_space_left_action",
"remarks": "rule_set_349"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
+ "value": "Configure auditd admin_space_left Action on Low Disk Space",
"remarks": "rule_set_349"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_mac_modification_usr_share",
+ "value": "auditd_data_retention_space_left_action",
"remarks": "rule_set_350"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
+ "value": "Configure auditd space_left Action on Low Disk Space",
"remarks": "rule_set_350"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_execution_chcon",
+ "value": "audit_rules_sysadmin_actions",
"remarks": "rule_set_351"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Any Attempts to Run chcon",
+ "value": "Ensure auditd Collects System Administrator Actions",
"remarks": "rule_set_351"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_execution_setfacl",
+ "value": "audit_rules_suid_auid_privilege_function",
"remarks": "rule_set_352"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Any Attempts to Run setfacl",
+ "value": "Record Events When Executables Are Run As Another User",
"remarks": "rule_set_352"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_execution_chacl",
+ "value": "audit_sudo_log_events",
"remarks": "rule_set_353"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Any Attempts to Run chacl",
+ "value": "Record Attempts to perform maintenance activities",
"remarks": "rule_set_353"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_privileged_commands_usermod",
+ "value": "audit_rules_time_adjtimex",
"remarks": "rule_set_354"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
+ "value": "Record attempts to alter time through adjtimex",
"remarks": "rule_set_354"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_privileged_commands_kmod",
+ "value": "audit_rules_time_settimeofday",
"remarks": "rule_set_355"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
+ "value": "Record attempts to alter time through settimeofday",
"remarks": "rule_set_355"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_finit",
+ "value": "audit_rules_time_clock_settime",
"remarks": "rule_set_356"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
+ "value": "Record Attempts to Alter Time Through clock_settime",
"remarks": "rule_set_356"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_init",
+ "value": "audit_rules_time_watch_localtime",
"remarks": "rule_set_357"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
+ "value": "Record Attempts to Alter the localtime File",
"remarks": "rule_set_357"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_delete",
+ "value": "audit_rules_networkconfig_modification_setdomainname",
"remarks": "rule_set_358"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
+ "value": "Record Events that Modify the System's Network Environment - setdomainname",
"remarks": "rule_set_358"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_create",
+ "value": "audit_rules_networkconfig_modification_sethostname",
"remarks": "rule_set_359"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
+ "value": "Record Events that Modify the System's Network Environment - sethostname",
"remarks": "rule_set_359"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_query",
+ "value": "audit_rules_networkconfig_modification_etc_issue",
"remarks": "rule_set_360"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue",
"remarks": "rule_set_360"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_immutable",
+ "value": "audit_rules_networkconfig_modification_etc_issue_net",
"remarks": "rule_set_361"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make the auditd Configuration Immutable",
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue.net",
"remarks": "rule_set_361"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "directory_permissions_var_log_audit",
+ "value": "audit_rules_networkconfig_modification_etc_hosts",
"remarks": "rule_set_362"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
+ "value": "Record Events that Modify the System's Network Environment - /etc/hosts",
"remarks": "rule_set_362"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_var_log_audit",
+ "value": "audit_rules_networkconfig_modification_hostname_file",
"remarks": "rule_set_363"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
+ "value": "Record Events that Modify the System's Network Environment - /etc/hostname",
"remarks": "rule_set_363"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_var_log_audit_stig",
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network",
"remarks": "rule_set_364"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Be Owned By Root",
+ "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network",
"remarks": "rule_set_364"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_group_ownership_var_log_audit",
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections",
"remarks": "rule_set_365"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "System Audit Logs Must Be Group Owned By Root",
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/",
"remarks": "rule_set_365"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_audit_configuration",
+ "value": "audit_rules_networkconfig_modification_networkmanager",
"remarks": "rule_set_366"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Audit Configuration Files Permissions are 640 or More Restrictive",
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/",
"remarks": "rule_set_366"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_audit_configuration",
+ "value": "audit_rules_privileged_commands",
"remarks": "rule_set_367"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Audit Configuration Files Must Be Owned By Root",
+ "value": "Ensure auditd Collects Information on the Use of Privileged Commands",
"remarks": "rule_set_367"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_audit_configuration",
+ "value": "audit_rules_unsuccessful_file_modification_creat",
"remarks": "rule_set_368"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Audit Configuration Files Must Be Owned By Group root",
+ "value": "Record Unsuccessful Access Attempts to Files - creat",
"remarks": "rule_set_368"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_audit_binaries",
+ "value": "audit_rules_unsuccessful_file_modification_ftruncate",
"remarks": "rule_set_369"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that audit tools Have Mode 0755 or less",
+ "value": "Record Unsuccessful Access Attempts to Files - ftruncate",
"remarks": "rule_set_369"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_audit_binaries",
+ "value": "audit_rules_unsuccessful_file_modification_open",
"remarks": "rule_set_370"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that audit tools are owned by root",
+ "value": "Record Unsuccessful Access Attempts to Files - open",
"remarks": "rule_set_370"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_audit_binaries",
+ "value": "audit_rules_unsuccessful_file_modification_openat",
"remarks": "rule_set_371"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that audit tools are owned by group root",
+ "value": "Record Unsuccessful Access Attempts to Files - openat",
"remarks": "rule_set_371"
- }
- ],
- "control-implementations": [
+ },
{
- "uuid": "22e740fc-541e-4ddf-b671-08414d3ffb59",
- "source": "trestle://profiles/fedora-cis_fedora-l2_workstation/profile.json",
- "description": "Control implementation for cis_workstation_l2",
- "props": [
- {
- "name": "Framework_Short_Name",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
- "value": "cis_workstation_l2"
- }
- ],
- "set-parameters": [
- {
- "param-id": "cis_banner_text",
- "values": [
- "cis"
- ]
- },
- {
- "param-id": "inactivity_timeout_value",
- "values": [
- "15_minutes"
- ]
- },
- {
- "param-id": "login_banner_text",
- "values": [
- "cis_banners"
- ]
- },
- {
- "param-id": "sshd_idle_timeout_value",
- "values": [
- "5_minutes"
- ]
- },
- {
- "param-id": "sshd_max_auth_tries_value",
- "values": [
- "4"
- ]
- },
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_log_martians_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_rp_filter_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_all_secure_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_rp_filter_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_conf_default_secure_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv4_tcp_syncookies_value",
- "values": [
- "enabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_all_forwarding_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "sysctl_net_ipv6_conf_default_accept_source_route_value",
- "values": [
- "disabled"
- ]
- },
- {
- "param-id": "var_account_disable_post_pw_expiration",
- "values": [
- "30"
- ]
- },
- {
- "param-id": "var_accounts_maximum_age_login_defs",
- "values": [
- "365"
- ]
- },
- {
- "param-id": "var_accounts_minimum_age_login_defs",
- "values": [
- "1"
- ]
- },
- {
- "param-id": "var_accounts_password_warn_age_login_defs",
- "values": [
- "7"
- ]
- },
- {
- "param-id": "var_accounts_passwords_pam_faillock_deny",
- "values": [
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_unsuccessful_file_modification_truncate",
+ "remarks": "rule_set_372"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Unsuccessful Access Attempts to Files - truncate",
+ "remarks": "rule_set_372"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_group",
+ "remarks": "rule_set_373"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/group",
+ "remarks": "rule_set_373"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_passwd",
+ "remarks": "rule_set_374"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/passwd",
+ "remarks": "rule_set_374"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_gshadow",
+ "remarks": "rule_set_375"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/gshadow",
+ "remarks": "rule_set_375"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_shadow",
+ "remarks": "rule_set_376"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/shadow",
+ "remarks": "rule_set_376"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_opasswd",
+ "remarks": "rule_set_377"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
+ "remarks": "rule_set_377"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/nsswitch.conf",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.conf",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.d/",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_chmod",
+ "remarks": "rule_set_381"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
+ "remarks": "rule_set_381"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_chown",
+ "remarks": "rule_set_382"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - chown",
+ "remarks": "rule_set_382"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchmod",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
+ "remarks": "rule_set_383"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchmodat",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
+ "remarks": "rule_set_384"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchmodat2",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
+ "remarks": "rule_set_385"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchown",
+ "remarks": "rule_set_386"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
+ "remarks": "rule_set_386"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fchownat",
+ "remarks": "rule_set_387"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
+ "remarks": "rule_set_387"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fremovexattr",
+ "remarks": "rule_set_388"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
+ "remarks": "rule_set_388"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_fsetxattr",
+ "remarks": "rule_set_389"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
+ "remarks": "rule_set_389"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_lchown",
+ "remarks": "rule_set_390"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
+ "remarks": "rule_set_390"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_lremovexattr",
+ "remarks": "rule_set_391"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
+ "remarks": "rule_set_391"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_lsetxattr",
+ "remarks": "rule_set_392"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
+ "remarks": "rule_set_392"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_removexattr",
+ "remarks": "rule_set_393"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
+ "remarks": "rule_set_393"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_dac_modification_setxattr",
+ "remarks": "rule_set_394"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
+ "remarks": "rule_set_394"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_media_export",
+ "remarks": "rule_set_395"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Exporting to Media (successful)",
+ "remarks": "rule_set_395"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_session_events_utmp",
+ "remarks": "rule_set_396"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Process and Session Initiation Information utmp",
+ "remarks": "rule_set_396"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_session_events_btmp",
+ "remarks": "rule_set_397"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Process and Session Initiation Information btmp",
+ "remarks": "rule_set_397"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_session_events_wtmp",
+ "remarks": "rule_set_398"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
+ "remarks": "rule_set_398"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_login_events_faillock",
+ "remarks": "rule_set_399"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Logon and Logout Events - faillock",
+ "remarks": "rule_set_399"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_login_events_lastlog",
+ "remarks": "rule_set_400"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Attempts to Alter Logon and Logout Events - lastlog",
+ "remarks": "rule_set_400"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_rename",
+ "remarks": "rule_set_401"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - rename",
+ "remarks": "rule_set_401"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_renameat",
+ "remarks": "rule_set_402"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - renameat",
+ "remarks": "rule_set_402"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_renameat2",
+ "remarks": "rule_set_403"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - renameat2",
+ "remarks": "rule_set_403"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_unlink",
+ "remarks": "rule_set_404"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - unlink",
+ "remarks": "rule_set_404"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_file_deletion_events_unlinkat",
+ "remarks": "rule_set_405"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
+ "remarks": "rule_set_405"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_mac_modification_etc_selinux",
+ "remarks": "rule_set_406"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
+ "remarks": "rule_set_406"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_mac_modification_usr_share",
+ "remarks": "rule_set_407"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
+ "remarks": "rule_set_407"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_execution_chcon",
+ "remarks": "rule_set_408"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Any Attempts to Run chcon",
+ "remarks": "rule_set_408"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_execution_setfacl",
+ "remarks": "rule_set_409"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Any Attempts to Run setfacl",
+ "remarks": "rule_set_409"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_execution_chacl",
+ "remarks": "rule_set_410"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Any Attempts to Run chacl",
+ "remarks": "rule_set_410"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_privileged_commands_usermod",
+ "remarks": "rule_set_411"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
+ "remarks": "rule_set_411"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_privileged_commands_kmod",
+ "remarks": "rule_set_412"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
+ "remarks": "rule_set_412"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_finit",
+ "remarks": "rule_set_413"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
+ "remarks": "rule_set_413"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_init",
+ "remarks": "rule_set_414"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
+ "remarks": "rule_set_414"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_delete",
+ "remarks": "rule_set_415"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
+ "remarks": "rule_set_415"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_create",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_query",
+ "remarks": "rule_set_417"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "remarks": "rule_set_417"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading",
+ "remarks": "rule_set_418"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure the Audit Configuration is Loaded Regardless of Errors",
+ "remarks": "rule_set_418"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_immutable",
+ "remarks": "rule_set_419"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make the auditd Configuration Immutable",
+ "remarks": "rule_set_419"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_var_log_audit",
+ "remarks": "rule_set_420"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
+ "remarks": "rule_set_420"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_var_log_audit",
+ "remarks": "rule_set_421"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
+ "remarks": "rule_set_421"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_var_log_audit_stig",
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Be Owned By Root",
+ "remarks": "rule_set_422"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_group_ownership_var_log_audit",
+ "remarks": "rule_set_423"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "System Audit Logs Must Be Group Owned By Root",
+ "remarks": "rule_set_423"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_audit_configuration",
+ "remarks": "rule_set_424"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Audit Configuration Files Permissions are 640 or More Restrictive",
+ "remarks": "rule_set_424"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_audit_configuration",
+ "remarks": "rule_set_425"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Audit Configuration Files Must Be Owned By Root",
+ "remarks": "rule_set_425"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupownership_audit_configuration",
+ "remarks": "rule_set_426"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Audit Configuration Files Must Be Owned By Group root",
+ "remarks": "rule_set_426"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_audit_binaries",
+ "remarks": "rule_set_427"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that audit tools Have Mode 0755 or less",
+ "remarks": "rule_set_427"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_ownership_audit_binaries",
+ "remarks": "rule_set_428"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that audit tools are owned by root",
+ "remarks": "rule_set_428"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupownership_audit_binaries",
+ "remarks": "rule_set_429"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Verify that audit tools are owned by group root",
+ "remarks": "rule_set_429"
+ }
+ ],
+ "control-implementations": [
+ {
+ "uuid": "f2cdf5d5-7bfe-464a-aa23-a8d2534dcd58",
+ "source": "trestle://profiles/fedora-cis_fedora-l2_workstation/profile.json",
+ "description": "Control implementation for cis_workstation_l2",
+ "props": [
+ {
+ "name": "Framework_Short_Name",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal",
+ "value": "cis_workstation_l2"
+ }
+ ],
+ "set-parameters": [
+ {
+ "param-id": "cis_banner_text",
+ "values": [
+ "cis"
+ ]
+ },
+ {
+ "param-id": "inactivity_timeout_value",
+ "values": [
+ "15_minutes"
+ ]
+ },
+ {
+ "param-id": "login_banner_text",
+ "values": [
+ "cis_banners"
+ ]
+ },
+ {
+ "param-id": "sshd_idle_timeout_value",
+ "values": [
+ "5_minutes"
+ ]
+ },
+ {
+ "param-id": "sshd_max_auth_tries_value",
+ "values": [
+ "4"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv4_tcp_syncookies_value",
+ "values": [
+ "enabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
+ {
+ "param-id": "var_account_disable_post_pw_expiration",
+ "values": [
+ "30"
+ ]
+ },
+ {
+ "param-id": "var_accounts_maximum_age_login_defs",
+ "values": [
+ "365"
+ ]
+ },
+ {
+ "param-id": "var_accounts_minimum_age_login_defs",
+ "values": [
+ "1"
+ ]
+ },
+ {
+ "param-id": "var_accounts_password_warn_age_login_defs",
+ "values": [
+ "7"
+ ]
+ },
+ {
+ "param-id": "var_accounts_passwords_pam_faillock_deny",
+ "values": [
"5"
]
},
@@ -5884,28 +6580,22 @@
"8192"
]
},
- {
- "param-id": "var_auditd_action_mail_acct",
- "values": [
- "root"
- ]
- },
{
"param-id": "var_auditd_admin_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_error_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_full_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -5923,7 +6613,7 @@
{
"param-id": "var_auditd_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -5941,7 +6631,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -5968,6 +6658,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -6041,9 +6737,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -6055,7 +6751,7 @@
],
"implemented-requirements": [
{
- "uuid": "e0b2452f-2ebd-48b8-b442-0d23c6011729",
+ "uuid": "03780eb8-5317-49c8-94d1-761182858466",
"control-id": "cis_fedora_1-1.1.6",
"description": "No notes for control-id 1.1.1.6.",
"props": [
@@ -6072,7 +6768,7 @@
]
},
{
- "uuid": "e103cfeb-463d-448c-94ad-c4ef8516783b",
+ "uuid": "b411697e-e9c4-4954-a19f-a89fd0adc1be",
"control-id": "cis_fedora_1-1.1.7",
"description": "No notes for control-id 1.1.1.7.",
"props": [
@@ -6089,7 +6785,7 @@
]
},
{
- "uuid": "9b907ef0-f598-485f-8dfb-6ea603773fc6",
+ "uuid": "301b0f77-ea1b-456a-b50f-5c6262ab610a",
"control-id": "cis_fedora_1-1.1.8",
"description": "No notes for control-id 1.1.1.8.",
"props": [
@@ -6106,7 +6802,7 @@
]
},
{
- "uuid": "d8c7f9a2-6f9b-49fe-b53a-dd90b46d2726",
+ "uuid": "6e9a36d7-9731-4871-b136-e7a4bec9689a",
"control-id": "cis_fedora_1-1.1.9",
"description": "No notes for control-id 1.1.1.9.",
"props": [
@@ -6123,7 +6819,7 @@
]
},
{
- "uuid": "224a1bbd-f27c-48a8-8bef-a651eb1e1df1",
+ "uuid": "1ab8010d-93eb-4b84-b66c-5d4ea54e79db",
"control-id": "cis_fedora_1-1.1.10",
"description": "No notes for control-id 1.1.1.10.",
"props": [
@@ -6140,7 +6836,7 @@
]
},
{
- "uuid": "42a53087-a01d-4984-a652-47b2df146732",
+ "uuid": "d3572d8f-f825-4b40-8fcf-1bf495040f05",
"control-id": "cis_fedora_1-1.2.3.1",
"description": "No notes for control-id 1.1.2.3.1.",
"props": [
@@ -6157,7 +6853,7 @@
]
},
{
- "uuid": "a477c6c7-22ec-4c1e-a08c-ef447d31d27f",
+ "uuid": "dd1598f4-cbd3-4b75-bdda-d23598dcf194",
"control-id": "cis_fedora_1-1.2.4.1",
"description": "No notes for control-id 1.1.2.4.1.",
"props": [
@@ -6174,7 +6870,7 @@
]
},
{
- "uuid": "8f74a1ce-345a-4ce2-9ef5-ff650d4bf469",
+ "uuid": "70239eff-b3c6-450d-9fdc-e65b25dad059",
"control-id": "cis_fedora_1-1.2.5.1",
"description": "No notes for control-id 1.1.2.5.1.",
"props": [
@@ -6191,7 +6887,7 @@
]
},
{
- "uuid": "594cc903-e9b1-4430-a9e8-e092c41792ce",
+ "uuid": "026a9085-bb18-4d1b-847d-52800173d6d3",
"control-id": "cis_fedora_1-1.2.6.1",
"description": "No notes for control-id 1.1.2.6.1.",
"props": [
@@ -6208,7 +6904,7 @@
]
},
{
- "uuid": "2ae6dc5b-ebe0-46f7-adfa-3b61175950a1",
+ "uuid": "254f4445-b868-4804-bfb0-e6c2fa4ccfc1",
"control-id": "cis_fedora_1-1.2.7.1",
"description": "No notes for control-id 1.1.2.7.1.",
"props": [
@@ -6225,7 +6921,7 @@
]
},
{
- "uuid": "01a7f724-b16b-4efc-bd2f-3c77de900b49",
+ "uuid": "53438e6f-5d54-4162-ac7b-38e12fff2839",
"control-id": "cis_fedora_1-2.1.3",
"description": "The description for control-id cis_fedora_1-2.1.3.",
"props": [
@@ -6238,20 +6934,24 @@
]
},
{
- "uuid": "1106b45e-58fd-401a-bc04-c264d7f478d8",
+ "uuid": "d0a7dbee-9df1-4128-875b-962f918dca2a",
"control-id": "cis_fedora_1-2.1.5",
- "description": "The description for control-id cis_fedora_1-2.1.5.",
+ "description": "No notes for control-id 1.2.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.2.1.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_weak_deps"
}
]
},
{
- "uuid": "f55f8005-d6b4-4125-8f8b-835720742758",
+ "uuid": "5ed45537-43ec-4577-8376-ff5afe9c0ca0",
"control-id": "cis_fedora_1-3.1.5",
"description": "No notes for control-id 1.3.1.5.",
"props": [
@@ -6268,7 +6968,7 @@
]
},
{
- "uuid": "4df6d0ab-d62d-4d14-8521-6d88bc5c6608",
+ "uuid": "367ef443-8ec9-45e9-9a60-58e6e2dd70cd",
"control-id": "cis_fedora_1-3.1.6",
"description": "The description for control-id cis_fedora_1-3.1.6.",
"props": [
@@ -6281,7 +6981,7 @@
]
},
{
- "uuid": "bb336462-3e29-44d3-9fcc-18cb21fa4a08",
+ "uuid": "dc21969a-2a48-45aa-ae99-c04ab13b3504",
"control-id": "cis_fedora_1-8.4",
"description": "No notes for control-id 1.8.4.",
"props": [
@@ -6303,20 +7003,24 @@
]
},
{
- "uuid": "a302d969-bd6f-4452-8132-37470352d96b",
+ "uuid": "87a60da4-b132-4ce7-baff-a343ec969525",
"control-id": "cis_fedora_1-8.7",
- "description": "The description for control-id cis_fedora_1-8.7.",
+ "description": "No notes for control-id 1.8.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.8.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "xwayland_disabled"
}
]
},
{
- "uuid": "60e38609-39cc-4086-94cd-819698ba737f",
+ "uuid": "df89b64d-3b81-4295-a872-a35e1343a839",
"control-id": "cis_fedora_2-1.1",
"description": "No notes for control-id 2.1.1.",
"props": [
@@ -6333,7 +7037,7 @@
]
},
{
- "uuid": "ed35c066-b477-442b-92a5-18e0ac324628",
+ "uuid": "1acf60da-1846-44e7-89d5-25c362f5dfed",
"control-id": "cis_fedora_2-1.2",
"description": "No notes for control-id 2.1.2.",
"props": [
@@ -6350,20 +7054,24 @@
]
},
{
- "uuid": "6ba7575c-aba8-4c6d-8a7b-7fff70829306",
+ "uuid": "7e7a4bd6-3682-477c-a0b1-4de8f89e396e",
"control-id": "cis_fedora_2-1.3",
- "description": "The description for control-id cis_fedora_2-1.3.",
+ "description": "No notes for control-id 2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_cockpit_disabled"
}
]
},
{
- "uuid": "195c640e-2a9a-451d-9ae3-5f3d53ef1389",
+ "uuid": "cfbce978-75a8-4738-947d-56456ef4f51d",
"control-id": "cis_fedora_2-2.2",
"description": "No notes for control-id 2.2.2.",
"props": [
@@ -6380,7 +7088,7 @@
]
},
{
- "uuid": "54b94980-2ece-4dc2-b570-bd5bf12c6b8a",
+ "uuid": "4d410ff9-fef7-4ac0-bf1b-d5b21420416c",
"control-id": "cis_fedora_3-1.3",
"description": "No notes for control-id 3.1.3.",
"props": [
@@ -6397,7 +7105,7 @@
]
},
{
- "uuid": "0bffd6c1-baff-46ff-b533-61fd4fc861f4",
+ "uuid": "d36a0fc8-fb76-4fa8-ad4b-47067d1615fa",
"control-id": "cis_fedora_3-2.6",
"description": "No notes for control-id 3.2.6.",
"props": [
@@ -6414,7 +7122,7 @@
]
},
{
- "uuid": "848c043d-ac3b-4a64-a33e-fcb74974ae67",
+ "uuid": "62966374-abd6-47de-b3ef-bdb4a30ec937",
"control-id": "cis_fedora_5-2.4",
"description": "No notes for control-id 5.2.4.",
"props": [
@@ -6426,12 +7134,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_nopasswd"
}
]
},
{
- "uuid": "e7b02513-c47f-4e4c-92e9-f8a252c5d9d8",
+ "uuid": "00299d19-f961-4146-9b21-a56daf4e8d1a",
"control-id": "cis_fedora_5-3.3.1.3",
"description": "No notes for control-id 5.3.3.1.3.",
"props": [
@@ -6448,7 +7156,7 @@
]
},
{
- "uuid": "9d5d18ad-aa5d-48b1-b195-cb0f1336a950",
+ "uuid": "52ca9a50-e74a-4d63-a3d7-a4f5ee45e6a9",
"control-id": "cis_fedora_5-4.1.2",
"description": "No notes for control-id 5.4.1.2.",
"props": [
@@ -6470,20 +7178,24 @@
]
},
{
- "uuid": "94a65a26-fdf4-4efa-9c62-f29249a7385a",
+ "uuid": "b9026fa0-88c3-43ff-94d8-671dbec9b6be",
"control-id": "cis_fedora_5-4.3.1",
- "description": "The description for control-id cis_fedora_5-4.3.1.",
+ "description": "No notes for control-id 5.4.3.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check and remove nologin from /etc/shells.\nThe no_tmux_in_shells rule can be used as referece."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_nologin_in_shells"
}
]
},
{
- "uuid": "85cbfbea-c765-46bd-8ffe-df0041240ac2",
+ "uuid": "631d7e25-c2b7-4e0f-b650-ab307a6f4022",
"control-id": "cis_fedora_6-3.1.1",
"description": "No notes for control-id 6.3.1.1.",
"props": [
@@ -6505,7 +7217,7 @@
]
},
{
- "uuid": "94d9c2f7-95ea-49d9-8159-6ab0fe7d6638",
+ "uuid": "0e8201de-d124-47ed-b2b0-aa5380fee7c8",
"control-id": "cis_fedora_6-3.1.2",
"description": "No notes for control-id 6.3.1.2.",
"props": [
@@ -6522,7 +7234,7 @@
]
},
{
- "uuid": "96d527b2-5d79-4954-9544-ef655d25c7fe",
+ "uuid": "864423a8-d018-4feb-b1a5-e3a145c19f7e",
"control-id": "cis_fedora_6-3.1.3",
"description": "No notes for control-id 6.3.1.3.",
"props": [
@@ -6539,7 +7251,7 @@
]
},
{
- "uuid": "fc5641ce-3fd7-4975-b347-377d2c202cfe",
+ "uuid": "be6facf5-38ef-4657-9a1c-02a25a5c0a75",
"control-id": "cis_fedora_6-3.1.4",
"description": "No notes for control-id 6.3.1.4.",
"props": [
@@ -6556,7 +7268,7 @@
]
},
{
- "uuid": "c679cd33-eb85-4eca-a5e5-d915879d2394",
+ "uuid": "4517edb7-906e-478d-9a3a-91c6720f660d",
"control-id": "cis_fedora_6-3.2.1",
"description": "No notes for control-id 6.3.2.1.",
"props": [
@@ -6573,7 +7285,7 @@
]
},
{
- "uuid": "84da5402-ca3d-4db5-a29f-fbca4ac78b4e",
+ "uuid": "73d658bc-e5c9-43ed-b75e-c6ccd9445e90",
"control-id": "cis_fedora_6-3.2.2",
"description": "No notes for control-id 6.3.2.2.",
"props": [
@@ -6590,7 +7302,7 @@
]
},
{
- "uuid": "7871341f-c6f2-4682-a611-864267ef71d7",
+ "uuid": "bcfc5f1f-35d3-4085-a1e1-8995b97cd4f4",
"control-id": "cis_fedora_6-3.2.3",
"description": "No notes for control-id 6.3.2.3.",
"props": [
@@ -6612,7 +7324,7 @@
]
},
{
- "uuid": "293d058e-f96c-4348-bf9b-64f82cf0a0d4",
+ "uuid": "19827446-9d0f-4f00-acb8-c464598ea9f4",
"control-id": "cis_fedora_6-3.2.4",
"description": "No notes for control-id 6.3.2.4.",
"props": [
@@ -6621,11 +7333,6 @@
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -6639,7 +7346,7 @@
]
},
{
- "uuid": "ecac7704-7e32-4906-ac4e-74fee8fe8f41",
+ "uuid": "231f3fc3-511b-4304-ad94-20e9ff7c7b43",
"control-id": "cis_fedora_6-3.3.1",
"description": "No notes for control-id 6.3.3.1.",
"props": [
@@ -6656,7 +7363,7 @@
]
},
{
- "uuid": "d75cf45e-8dc1-4107-a2a4-e1dc763c5b1a",
+ "uuid": "1e5de901-a918-4976-9bb2-60342a69cf79",
"control-id": "cis_fedora_6-3.3.2",
"description": "No notes for control-id 6.3.3.2.",
"props": [
@@ -6673,7 +7380,7 @@
]
},
{
- "uuid": "68ea665a-41c5-4c02-8540-3f6a53de7d54",
+ "uuid": "ebf76e73-4bfc-4c5c-a32c-305b8cbaa455",
"control-id": "cis_fedora_6-3.3.3",
"description": "No notes for control-id 6.3.3.3.",
"props": [
@@ -6690,7 +7397,7 @@
]
},
{
- "uuid": "a3bf54e4-729d-49fa-8e1c-d2761972603b",
+ "uuid": "0147094b-ab41-4dee-97c6-538a6cf6cf75",
"control-id": "cis_fedora_6-3.3.4",
"description": "No notes for control-id 6.3.3.4.",
"props": [
@@ -6722,81 +7429,112 @@
]
},
{
- "uuid": "3f47dcf2-66ff-46c7-a0ca-ff5593ca6bca",
+ "uuid": "3648a187-904b-4e48-8456-07876229137b",
"control-id": "cis_fedora_6-3.3.5",
- "description": "The description for control-id cis_fedora_6-3.3.5.",
+ "description": "No notes for control-id 6.3.3.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_setdomainname"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_sethostname"
}
]
},
{
- "uuid": "c719d791-d6ba-4423-a08d-88a6af12c581",
+ "uuid": "31135ed9-9f6d-4677-a67c-0b0e64e5cb1d",
"control-id": "cis_fedora_6-3.3.6",
- "description": "The description for control-id cis_fedora_6-3.3.6.",
+ "description": "No notes for control-id 6.3.3.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue_net"
}
]
},
{
- "uuid": "a31d9e94-8819-45cb-b056-1a44554ce75c",
+ "uuid": "1cb5599a-ce04-4010-b7b1-859577a867df",
"control-id": "cis_fedora_6-3.3.7",
- "description": "These rules are not covering \"/etc/hostname\" and \"/etc/NetworkManager/\".",
+ "description": "No notes for control-id 6.3.3.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification"
+ "value": "audit_rules_networkconfig_modification_etc_hosts"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts"
+ "value": "audit_rules_networkconfig_modification_hostname_file"
}
]
},
{
- "uuid": "36d9aea0-bb91-4437-883a-a077b418c8f3",
+ "uuid": "04c09470-8576-492d-80f6-28817498d3ca",
"control-id": "cis_fedora_6-3.3.8",
- "description": "The description for control-id cis_fedora_6-3.3.8.",
+ "description": "No notes for control-id 6.3.3.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections"
}
]
},
{
- "uuid": "ee9ed83e-569d-4a46-a9f3-3038f708f67a",
+ "uuid": "b0d9df09-29d3-412a-9797-db18b3e4fb2c",
"control-id": "cis_fedora_6-3.3.9",
- "description": "The description for control-id cis_fedora_6-3.3.9.",
+ "description": "No notes for control-id 6.3.3.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_networkmanager"
}
]
},
{
- "uuid": "4cb24d6f-6f55-489d-8fe7-e181f2372af3",
+ "uuid": "7fb27ffc-b09e-48ee-8e11-1ea7a58e14c5",
"control-id": "cis_fedora_6-3.3.10",
"description": "No notes for control-id 6.3.3.10.",
"props": [
@@ -6813,7 +7551,7 @@
]
},
{
- "uuid": "dd81a421-3d0a-4615-a11e-3756fdd454bd",
+ "uuid": "5431c77c-1917-45b6-a511-633cba68afe1",
"control-id": "cis_fedora_6-3.3.11",
"description": "No notes for control-id 6.3.3.11.",
"props": [
@@ -6850,7 +7588,7 @@
]
},
{
- "uuid": "54714b33-a378-4f9b-9e86-26683474e401",
+ "uuid": "7a6d63fb-e47c-45b8-9a04-d770a6568d6e",
"control-id": "cis_fedora_6-3.3.12",
"description": "No notes for control-id 6.3.3.12.",
"props": [
@@ -6867,7 +7605,7 @@
]
},
{
- "uuid": "8676bf46-c658-4a00-aba7-ff5dbefb715b",
+ "uuid": "9965ba5f-be6a-4240-a930-9c6fb9a65ebf",
"control-id": "cis_fedora_6-3.3.13",
"description": "No notes for control-id 6.3.3.13.",
"props": [
@@ -6884,7 +7622,7 @@
]
},
{
- "uuid": "83ddfcec-bdac-452a-befd-b83c94f3cf63",
+ "uuid": "2fd610de-10cc-4f8d-96ac-e64138827fb8",
"control-id": "cis_fedora_6-3.3.14",
"description": "No notes for control-id 6.3.3.14.",
"props": [
@@ -6906,7 +7644,7 @@
]
},
{
- "uuid": "f36d6ff9-668a-4823-842c-37074a8d73a7",
+ "uuid": "a681ab8f-8d74-41c1-9535-80475965fff7",
"control-id": "cis_fedora_6-3.3.15",
"description": "No notes for control-id 6.3.3.15.",
"props": [
@@ -6923,33 +7661,46 @@
]
},
{
- "uuid": "95d69962-213c-478a-9068-3a0123719bd6",
+ "uuid": "a0abacf1-d29c-41cf-83ba-1f2b3077244f",
"control-id": "cis_fedora_6-3.3.16",
- "description": "The description for control-id cis_fedora_6-3.3.16.",
+ "description": "No notes for control-id 6.3.3.16.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.16."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf"
}
]
},
{
- "uuid": "afa6e318-a384-4a44-b615-b7b73c372f8b",
+ "uuid": "79800ae3-7d5c-418c-a0e0-46c70cf8ddd5",
"control-id": "cis_fedora_6-3.3.17",
- "description": "The description for control-id cis_fedora_6-3.3.17.",
+ "description": "No notes for control-id 6.3.3.17.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.17."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd"
}
]
},
{
- "uuid": "9fd18735-5e5b-4ef5-896f-fa1e2a4e52ae",
+ "uuid": "6a826ba9-49b1-4817-9e3f-bf99b5025ba0",
"control-id": "cis_fedora_6-3.3.18",
"description": "No notes for control-id 6.3.3.18.",
"props": [
@@ -7031,7 +7782,7 @@
]
},
{
- "uuid": "91a12d5b-844f-4c21-a524-0ce9dc103da0",
+ "uuid": "360f71a2-dad3-4702-88cf-51501f3480a5",
"control-id": "cis_fedora_6-3.3.19",
"description": "No notes for control-id 6.3.3.19.",
"props": [
@@ -7048,7 +7799,7 @@
]
},
{
- "uuid": "4650299c-8690-4859-89f9-a30ab006fdab",
+ "uuid": "8a141459-5977-4bbf-98db-ebd3c92e19ba",
"control-id": "cis_fedora_6-3.3.20",
"description": "No notes for control-id 6.3.3.20.",
"props": [
@@ -7075,7 +7826,7 @@
]
},
{
- "uuid": "08f536b1-ff12-4328-947a-b340fb7a9211",
+ "uuid": "f5e1ce80-8951-4256-bfca-e0785ecddf5a",
"control-id": "cis_fedora_6-3.3.21",
"description": "No notes for control-id 6.3.3.21.",
"props": [
@@ -7097,7 +7848,7 @@
]
},
{
- "uuid": "9a1e0562-8a4c-434a-8050-f104da9af64d",
+ "uuid": "b9bea6ee-4c84-4350-b4e3-a27a5eea1abc",
"control-id": "cis_fedora_6-3.3.22",
"description": "No notes for control-id 6.3.3.22.",
"props": [
@@ -7134,7 +7885,7 @@
]
},
{
- "uuid": "609dc7bc-e809-47f0-b4c8-82eef627da40",
+ "uuid": "c420d15a-a70d-4fa8-9314-3aedcb0fd07d",
"control-id": "cis_fedora_6-3.3.23",
"description": "No notes for control-id 6.3.3.23.",
"props": [
@@ -7156,7 +7907,7 @@
]
},
{
- "uuid": "9fa4d532-693b-4c7d-898f-e24d29e7bf87",
+ "uuid": "ca4bec0b-8bd8-4c81-a382-08a7125ea7d8",
"control-id": "cis_fedora_6-3.3.24",
"description": "No notes for control-id 6.3.3.24.",
"props": [
@@ -7173,7 +7924,7 @@
]
},
{
- "uuid": "88eadd75-ece4-4532-b0e8-7626209eeeba",
+ "uuid": "519ae8a7-7a0a-4240-a769-1f7bedc6d1c1",
"control-id": "cis_fedora_6-3.3.25",
"description": "No notes for control-id 6.3.3.25.",
"props": [
@@ -7190,7 +7941,7 @@
]
},
{
- "uuid": "89784783-4454-4589-a025-de9792082201",
+ "uuid": "20dcb503-0ef7-4aa0-b05d-b3f12dc2d90d",
"control-id": "cis_fedora_6-3.3.26",
"description": "No notes for control-id 6.3.3.26.",
"props": [
@@ -7207,7 +7958,7 @@
]
},
{
- "uuid": "3c23f995-7ed8-4779-8588-b09098a1da50",
+ "uuid": "120a8106-7d06-4edf-9fca-a67ac4fae0f8",
"control-id": "cis_fedora_6-3.3.27",
"description": "No notes for control-id 6.3.3.27.",
"props": [
@@ -7224,7 +7975,7 @@
]
},
{
- "uuid": "2d807709-5671-4bc8-8169-553894292841",
+ "uuid": "a5be04ae-1c7d-4350-9d3b-f4deda519a21",
"control-id": "cis_fedora_6-3.3.28",
"description": "No notes for control-id 6.3.3.28.",
"props": [
@@ -7241,7 +7992,7 @@
]
},
{
- "uuid": "556f084f-741a-478a-b083-b7cafd086fd5",
+ "uuid": "0f86ae49-a3d4-4c2c-904b-649ac76910f6",
"control-id": "cis_fedora_6-3.3.29",
"description": "No notes for control-id 6.3.3.29.",
"props": [
@@ -7263,7 +8014,7 @@
]
},
{
- "uuid": "f8fbd186-1517-4811-86c0-f3cbc53e9967",
+ "uuid": "e85c46a5-71fd-432e-8de3-7784177c2777",
"control-id": "cis_fedora_6-3.3.30",
"description": "No notes for control-id 6.3.3.30.",
"props": [
@@ -7280,7 +8031,7 @@
]
},
{
- "uuid": "27cc1eb0-7ffe-4d87-a509-c1bbe3c12a96",
+ "uuid": "b4b0846b-1f90-48ba-8f74-6798e82ca218",
"control-id": "cis_fedora_6-3.3.31",
"description": "No notes for control-id 6.3.3.31.",
"props": [
@@ -7302,20 +8053,24 @@
]
},
{
- "uuid": "3cc36dc8-6bbc-465f-b516-b492de46cb36",
+ "uuid": "da043c4d-0b25-423d-9f7a-f53374fa0a28",
"control-id": "cis_fedora_6-3.3.32",
- "description": "The description for control-id cis_fedora_6-3.3.32.",
+ "description": "No notes for control-id 6.3.3.32.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.32."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading"
}
]
},
{
- "uuid": "3e74d4cc-83ef-425f-b038-0431cb78c8c0",
+ "uuid": "6bed998d-164a-4ebb-97ba-f50dbd8d0af6",
"control-id": "cis_fedora_6-3.3.33",
"description": "No notes for control-id 6.3.3.33.",
"props": [
@@ -7332,7 +8087,7 @@
]
},
{
- "uuid": "49e2e656-3dd8-4f23-bf20-1590c5303f4e",
+ "uuid": "8cef6fb7-eac0-4c1c-9008-aae95d583af2",
"control-id": "cis_fedora_6-3.3.34",
"description": "The description for control-id cis_fedora_6-3.3.34.",
"props": [
@@ -7345,7 +8100,7 @@
]
},
{
- "uuid": "6186c021-f708-4000-9878-2bf8992095b1",
+ "uuid": "47ce8cf4-a27c-4379-8341-2a9d42184c9b",
"control-id": "cis_fedora_6-3.4.1",
"description": "No notes for control-id 6.3.4.1.",
"props": [
@@ -7362,7 +8117,7 @@
]
},
{
- "uuid": "f60e8075-f33a-45ca-ad0c-6c4e539f65fb",
+ "uuid": "0f97c1aa-019c-4f6b-ab29-b6e612f53a56",
"control-id": "cis_fedora_6-3.4.2",
"description": "No notes for control-id 6.3.4.2.",
"props": [
@@ -7379,7 +8134,7 @@
]
},
{
- "uuid": "deab1020-16f8-47d5-88a4-331594e2fa16",
+ "uuid": "89ce46d9-405c-4346-b9e9-aa9cb4acf139",
"control-id": "cis_fedora_6-3.4.3",
"description": "No notes for control-id 6.3.4.3.",
"props": [
@@ -7396,7 +8151,7 @@
]
},
{
- "uuid": "61c12e48-3ae6-49c1-ad23-1cbd54d16ae0",
+ "uuid": "691a116c-94f1-4666-b427-b545fb9ba95b",
"control-id": "cis_fedora_6-3.4.4",
"description": "No notes for control-id 6.3.4.4.",
"props": [
@@ -7413,7 +8168,7 @@
]
},
{
- "uuid": "54026659-3e85-4ff5-b857-88771e7d4724",
+ "uuid": "f2a617ab-ed02-4ce7-9b38-b19d9d8ebe87",
"control-id": "cis_fedora_6-3.4.5",
"description": "No notes for control-id 6.3.4.5.",
"props": [
@@ -7430,7 +8185,7 @@
]
},
{
- "uuid": "59b82030-ffc8-477e-849c-89760ab05da8",
+ "uuid": "4a028cb3-d1a4-4093-a236-c9bb887ec367",
"control-id": "cis_fedora_6-3.4.6",
"description": "No notes for control-id 6.3.4.6.",
"props": [
@@ -7447,7 +8202,7 @@
]
},
{
- "uuid": "2af5af9c-46bc-41c2-b20d-25d90561ce42",
+ "uuid": "028dbf23-e39d-47f3-bf25-973c891291c7",
"control-id": "cis_fedora_6-3.4.7",
"description": "No notes for control-id 6.3.4.7.",
"props": [
@@ -7464,7 +8219,7 @@
]
},
{
- "uuid": "69f73570-86af-4778-a2dd-9e9a943a88b8",
+ "uuid": "ce4b4b09-84d0-4452-9c3d-13181e7b5466",
"control-id": "cis_fedora_6-3.4.8",
"description": "No notes for control-id 6.3.4.8.",
"props": [
@@ -7481,7 +8236,7 @@
]
},
{
- "uuid": "3dd61b27-0e47-4413-8ae3-46f372e996f5",
+ "uuid": "e5b82ce0-19b2-4d38-a8cf-591bc4514a5f",
"control-id": "cis_fedora_6-3.4.9",
"description": "No notes for control-id 6.3.4.9.",
"props": [
@@ -7498,7 +8253,7 @@
]
},
{
- "uuid": "32b34707-0450-4c04-b37b-ac336ef83ed6",
+ "uuid": "c880f990-d427-4de1-a0a9-1a5741458c4b",
"control-id": "cis_fedora_6-3.4.10",
"description": "No notes for control-id 6.3.4.10.",
"props": [
@@ -7515,7 +8270,7 @@
]
},
{
- "uuid": "5914b05b-0b25-4a46-9be8-1d05d379e525",
+ "uuid": "5edd5e10-b06d-449d-ae7b-93c7c20cae3f",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -7532,7 +8287,7 @@
]
},
{
- "uuid": "944de6e2-7ac3-45dc-98c9-f04800a60d67",
+ "uuid": "689ce4c9-4643-43f4-9dde-9cee2f6d490e",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -7549,7 +8304,7 @@
]
},
{
- "uuid": "ef6a088f-8a1c-4731-ba01-814dd6440b44",
+ "uuid": "a3fa7c8e-acc2-4163-82fd-00a3fbb6f9f0",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -7566,7 +8321,7 @@
]
},
{
- "uuid": "15246095-29dc-449b-aa38-0f6bfd52e895",
+ "uuid": "7e932ae8-eaa9-400e-b0a8-5dca445f45b7",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -7583,7 +8338,7 @@
]
},
{
- "uuid": "3397919f-0f0c-4524-88fa-6ae58e118ff4",
+ "uuid": "4807c75d-7f21-497e-8fc6-2adb577bcdfa",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -7600,7 +8355,7 @@
]
},
{
- "uuid": "c01a9ac4-d731-45dd-a830-a5af9754d263",
+ "uuid": "b9ea0cee-b0e9-47a0-a88a-837e3a5686c9",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -7617,7 +8372,7 @@
]
},
{
- "uuid": "d9d914ed-dc67-4077-b709-d51d8bcbc64c",
+ "uuid": "840dd1ae-7428-4eec-961f-54864dee563a",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -7630,7 +8385,7 @@
]
},
{
- "uuid": "b70e01e9-3b04-4881-ad6c-665ce1f68c29",
+ "uuid": "7b0de787-9e20-49c8-82ef-c872ea33b64d",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -7647,7 +8402,7 @@
]
},
{
- "uuid": "e0c6918c-c3ef-4c9d-be4d-3d1229852062",
+ "uuid": "15d160b3-b0b1-4619-beb8-2a4c378f814d",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -7664,7 +8419,7 @@
]
},
{
- "uuid": "44fe992b-4519-44a0-b7e5-b58147a7f23f",
+ "uuid": "11581804-2187-4b41-a592-30efde2a3cee",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -7681,7 +8436,7 @@
]
},
{
- "uuid": "4691fcea-eb1a-4f90-9f43-958ce9ceea4a",
+ "uuid": "f7a7c8c5-ea76-4afa-94ea-5ad3179673ea",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -7698,7 +8453,7 @@
]
},
{
- "uuid": "593c53f6-c437-4c70-9ae7-64f77a6c708f",
+ "uuid": "3ced1c61-658f-4ea8-8bb2-adddf12d5516",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -7715,7 +8470,7 @@
]
},
{
- "uuid": "3e457257-e322-4e24-94cb-513f2635c3c2",
+ "uuid": "31a90743-fe71-433a-a914-041e2b661b03",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -7732,7 +8487,7 @@
]
},
{
- "uuid": "5ede5e5b-1552-475d-ae4a-7a6cc11c8856",
+ "uuid": "3db9ede3-12a0-43dc-b0d3-4b30df07437b",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -7749,7 +8504,7 @@
]
},
{
- "uuid": "91bc3bda-53fb-4d0f-ba73-0e1cdfb065be",
+ "uuid": "e0b101a9-e76e-4a49-a1e1-53661469f55a",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -7766,7 +8521,7 @@
]
},
{
- "uuid": "781294f5-cdd8-421a-acb9-dd0b8b886b6a",
+ "uuid": "01365f9b-03ad-4329-b212-e25bb5a495e2",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -7783,7 +8538,7 @@
]
},
{
- "uuid": "cf61ce8b-7323-43b5-95a9-d1d1074bf6ae",
+ "uuid": "a1787306-0eaa-4481-a14f-04bd197bc5a8",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -7800,7 +8555,7 @@
]
},
{
- "uuid": "bacbd685-0742-49fa-a750-3eb94153b23a",
+ "uuid": "acf098f2-3449-4be3-b3d1-17b425e6fc9b",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -7817,7 +8572,7 @@
]
},
{
- "uuid": "3bf6a9ea-8467-4660-827b-8403be55e790",
+ "uuid": "a646c2b4-70cd-496b-a00c-b07ffd31b5a7",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -7834,7 +8589,7 @@
]
},
{
- "uuid": "93a2616c-1a50-4cc0-be8e-2465040c0132",
+ "uuid": "c38c58f2-6ac4-4ed7-bc83-43cf68bef297",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -7851,7 +8606,7 @@
]
},
{
- "uuid": "5baadc85-6416-478f-beda-2fc7f2487ca9",
+ "uuid": "7babcbde-a140-4be4-8acc-ce03a03866b2",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -7868,7 +8623,7 @@
]
},
{
- "uuid": "29a125fd-2ae4-46b6-abd5-7d49cf9275bf",
+ "uuid": "8c46bf40-93dc-4872-bc0f-a8317d583310",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -7885,7 +8640,7 @@
]
},
{
- "uuid": "21cb2ccd-c8da-4e27-b4e0-83bc4db6e53d",
+ "uuid": "21c0d17b-3aac-40d4-9a22-4786eb9fb282",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -7902,7 +8657,7 @@
]
},
{
- "uuid": "5ff5c5f9-be9f-4b98-9781-e017252dfbe8",
+ "uuid": "adc4169f-c7f0-4bc4-8c09-07f62ff1009f",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -7919,7 +8674,7 @@
]
},
{
- "uuid": "a4b2fd5d-8b14-4630-90a3-8148c76e8b9d",
+ "uuid": "139f0033-aabc-4a47-89c9-fdfd51b153bd",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -7936,7 +8691,7 @@
]
},
{
- "uuid": "48a96214-0778-4dd7-aa17-7c994f6d76f9",
+ "uuid": "4f7401bb-48ed-4084-a18e-84aa5bccd7b1",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -7953,7 +8708,7 @@
]
},
{
- "uuid": "ec757e36-1d4b-4385-ba60-264de219cf18",
+ "uuid": "882cd754-a703-4535-8a13-693fcb1cee7e",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -7970,7 +8725,7 @@
]
},
{
- "uuid": "ce425f84-d58f-453e-96b8-6196fa9ab7e9",
+ "uuid": "2064ccef-016e-453d-b418-4021e7f9753b",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -7987,7 +8742,7 @@
]
},
{
- "uuid": "76e8e0f2-e64a-4bd7-83d5-727ad55797bd",
+ "uuid": "8bf7ed0c-0b60-4d01-bc0d-f7a487369a0d",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -8000,7 +8755,7 @@
]
},
{
- "uuid": "6c75aa38-f567-4517-880f-618e55a9461e",
+ "uuid": "ff25d41c-e91a-430e-8b4d-71ed970cc0ce",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -8017,7 +8772,7 @@
]
},
{
- "uuid": "7b2e2605-b374-4641-a668-fdcd3d14a616",
+ "uuid": "e1c2004e-4e2f-431b-87e7-8569d2369a12",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -8030,7 +8785,7 @@
]
},
{
- "uuid": "19d1c7e0-2d9c-4ade-b80a-957f136746f2",
+ "uuid": "f59434c1-ce47-4ca7-af08-103f2737f5c0",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -8043,7 +8798,7 @@
]
},
{
- "uuid": "78bcd307-ff48-421a-bb4a-0e4c5cb58911",
+ "uuid": "7a48ec92-bc3e-4524-8a64-c3fc4150c2da",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -8060,7 +8815,7 @@
]
},
{
- "uuid": "03934abc-97af-40cd-b9fd-2d54b0557f7f",
+ "uuid": "4ea2de32-6379-4b0a-9b5e-9da4973e6acd",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -8077,7 +8832,7 @@
]
},
{
- "uuid": "011e0cc1-f12c-409e-9c14-bd5a4aa8a82d",
+ "uuid": "e88bcac6-39de-4a89-9d19-ea992617ecbe",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -8094,7 +8849,7 @@
]
},
{
- "uuid": "9795cbfe-406d-4bb1-807f-80529e453060",
+ "uuid": "a1beda39-e9d6-4c19-891e-354e30fc86e3",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -8111,7 +8866,7 @@
]
},
{
- "uuid": "0699c16e-feb6-4fa3-9dab-c4931354ccea",
+ "uuid": "0d831f87-d40e-4268-8f8a-cb78dfb313bf",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -8128,7 +8883,7 @@
]
},
{
- "uuid": "51d768a5-4340-4336-be46-b212f5cc1306",
+ "uuid": "2716e128-f726-4b79-b222-4bffabe8107f",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -8145,180 +8900,204 @@
]
},
{
- "uuid": "19bf9cb1-a17e-40a6-ac02-503666ab78ab",
+ "uuid": "40f7abdb-0427-4731-bb8d-89988393e9b0",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
- "name": "implementation-status",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
+ "name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "3a5f8b3a-19ea-4ac5-9e20-7a072b6ddd42",
+ "uuid": "3253ff97-94dc-41f7-a120-adbbefcfd90d",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "614cf201-1a4d-473e-8a0e-75deb8dab759",
+ "uuid": "cad4ad02-c982-4911-b673-c2681399a790",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "e05d66b8-29bd-45c9-ad59-741508f71061",
+ "uuid": "8727caab-c70b-4f53-8dea-ab5502287bff",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "e12642ed-d43d-42ef-8e57-2e8798cda1c2",
+ "uuid": "7f04f80b-6bb6-455a-b565-833d875e539c",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "5eafe466-7568-4cc8-a8ad-3e49e283fb85",
+ "uuid": "eb2e6c91-c666-40c7-9771-8f3c5cce040d",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "d0a00c31-5838-4e7a-9c6d-8b8adc1ccd02",
+ "uuid": "f42d68a2-1dcf-42cb-8a15-3441ee405e16",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "42ff1f1d-7ed0-43b6-ae57-a2b702a0e132",
+ "uuid": "0be8e963-97d3-44df-a3e1-df34d9c3f439",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "05fb31ee-2879-46c9-ae00-c5664183074b",
+ "uuid": "33aaa8c9-7c08-4c7a-8023-e7c1eda76a87",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "34b4ad6c-dd6c-4f43-a5c5-31ba97e94727",
+ "uuid": "33893fb1-3689-4d99-a43a-e907283b57fb",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "3df2ed52-a081-402c-ac3a-b3ac95609186",
+ "uuid": "e4c669d8-f38f-4b03-8af7-27cf92d1f187",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "e2c8318f-6886-48e4-ae06-0de927ce65d6",
+ "uuid": "b707f3f1-cc38-49a6-b829-42d801cf0054",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -8330,50 +9109,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "5f9e7f70-0876-4ebe-a2d9-dfde5afe83fe",
+ "uuid": "4a1f0b78-5ebd-405b-af95-cb0ae3876444",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "f8eec258-af23-4dc7-b500-e8f2b3bde78d",
+ "uuid": "fdade6ea-9f43-4443-8b56-f5596133b4c9",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "840f0df9-701f-4656-88b4-f5623ed5c9c0",
+ "uuid": "83f5df62-4478-4c1e-b548-ed73b34411ac",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "77b9b028-7004-4cba-b14c-f7f2290966b4",
+ "uuid": "365156aa-0562-4e54-ba39-99f2ee0214e3",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -8390,7 +9182,7 @@
]
},
{
- "uuid": "029cb560-eb0c-4b41-b5bc-13671c6e856d",
+ "uuid": "07b5cedc-b87e-4a75-9c4f-7bd6ab92a223",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -8407,7 +9199,7 @@
]
},
{
- "uuid": "e1f4eb91-a880-44f3-a414-e5f45fdbbd09",
+ "uuid": "1fd38ff7-380d-4e5c-bb05-4d8463374c04",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -8424,7 +9216,7 @@
]
},
{
- "uuid": "59abb857-7ad1-47bd-b87b-c52f8b232baa",
+ "uuid": "27e1fc2a-eb22-45e3-ad71-78178d9ab4ac",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -8451,7 +9243,7 @@
]
},
{
- "uuid": "8ac54bc2-1d5e-4499-86f0-91e308c74ff0",
+ "uuid": "b6e80dbf-97ed-48ce-b637-6910debb8f9a",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -8478,7 +9270,7 @@
]
},
{
- "uuid": "2e353183-299e-43cb-8b24-3e27932c428f",
+ "uuid": "7410df78-ea19-4f88-bc0e-9c84962389c4",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -8505,14 +9297,14 @@
]
},
{
- "uuid": "8609b816-1527-419f-bdca-6dc0599c6122",
+ "uuid": "cd55d5ce-4245-47f9-b666-da9a384b0cd4",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8527,7 +9319,7 @@
]
},
{
- "uuid": "d1f1619d-f623-4b29-abfa-ce836126e7ee",
+ "uuid": "f91a1d21-0e45-4a40-811e-171bce896639",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -8544,14 +9336,14 @@
]
},
{
- "uuid": "c41967ce-1053-44ed-990e-60d76968b2cb",
+ "uuid": "e130ca0b-613f-4a2e-8941-c46bb1cf4c9c",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8562,18 +9354,28 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "c1c42f39-490f-4595-acf4-a25eb35cff2e",
+ "uuid": "1216ec21-4684-4c0a-b355-620a0cf76b53",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8583,7 +9385,7 @@
]
},
{
- "uuid": "417a1ee1-b2f2-4ba6-86d8-d206e9229b58",
+ "uuid": "f9a12a07-7c25-47f5-ba5b-3dea682e9405",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -8596,7 +9398,7 @@
]
},
{
- "uuid": "5363de79-788c-4de3-842f-1b5c2225ee81",
+ "uuid": "be900fc1-7888-4d10-8018-c762227d07d6",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -8613,7 +9415,7 @@
]
},
{
- "uuid": "80de57a3-55ef-4bcb-85a3-545e431a51ba",
+ "uuid": "a83ce2e4-a278-4eb4-bbe2-4af26bb5e34d",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -8630,7 +9432,7 @@
]
},
{
- "uuid": "3079a503-1e83-4fdd-b7bd-6bfb52325e27",
+ "uuid": "7580be96-a0f8-4f7e-93d5-500c143b9c3e",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -8647,7 +9449,7 @@
]
},
{
- "uuid": "871d8fc7-f5d2-46d9-86c9-5bf6becb0905",
+ "uuid": "fa316a54-0188-461e-9553-06730f37e079",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -8664,7 +9466,7 @@
]
},
{
- "uuid": "80f45d7f-8503-4177-a370-6ffb89c8d57e",
+ "uuid": "786ffc10-9f86-4c63-80b0-e2d766e27683",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -8686,7 +9488,7 @@
]
},
{
- "uuid": "4c992c94-b24a-4b60-8bdf-3e6b60194447",
+ "uuid": "97446108-8e9f-4d87-8370-554987ef1229",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -8703,7 +9505,7 @@
]
},
{
- "uuid": "967eb4a6-b7ba-44e3-ad94-8f23165b2a1a",
+ "uuid": "1f90e20b-1e6a-4005-9f61-6c6188b991a1",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -8715,7 +9517,7 @@
]
},
{
- "uuid": "e8a09ea1-5f2e-4707-b547-21bbb21bc683",
+ "uuid": "66de3679-0904-4ddd-ad93-e431194095a0",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -8732,7 +9534,7 @@
]
},
{
- "uuid": "9acf5db2-3d21-4e00-9c72-e21952c1e3d8",
+ "uuid": "87a9161c-9bc5-4d38-8a28-4002c792a689",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -8749,7 +9551,7 @@
]
},
{
- "uuid": "91c8444f-576f-48e8-9953-506572b59cdd",
+ "uuid": "2017b4e9-2dfd-42f1-a0fc-0664bc00c6ca",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -8766,7 +9568,7 @@
]
},
{
- "uuid": "c180a8bd-a89c-4198-8e0f-a9e020e1c1d1",
+ "uuid": "2538a551-f762-4569-bc92-3ddcf2324241",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -8783,7 +9585,7 @@
]
},
{
- "uuid": "7901373f-967b-4e84-b718-a7470c2bb767",
+ "uuid": "7618709e-f0f4-4234-9d57-15ff17a839a7",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -8800,7 +9602,7 @@
]
},
{
- "uuid": "bfa0d044-cfc7-4c99-ad4f-3b1cc20140dd",
+ "uuid": "470bf6e0-b7d8-401c-90fc-fe38419d8e92",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -8817,7 +9619,7 @@
]
},
{
- "uuid": "c471de73-7bb8-4f9e-b34b-55515722de2e",
+ "uuid": "27645153-7013-4ff7-9071-bf5f2b86b82d",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -8834,7 +9636,7 @@
]
},
{
- "uuid": "3bc86e5a-6c7a-4960-90f5-81e9895d985b",
+ "uuid": "057dd521-5114-4c9f-ad7f-7c98783f0b25",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -8856,7 +9658,7 @@
]
},
{
- "uuid": "48a88815-a423-4e5d-afb1-391bbce7b9f4",
+ "uuid": "f330d808-fbee-4140-8a6d-b68eb3f4b884",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -8869,14 +9671,14 @@
]
},
{
- "uuid": "d3aa9112-91cf-4a0d-86c1-ef5fe4463946",
+ "uuid": "007fa970-a2ea-413c-bcb1-1d04a22302cc",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -8891,7 +9693,7 @@
]
},
{
- "uuid": "bf72a45c-02b6-431f-a781-62f35801b696",
+ "uuid": "03c51cf5-6abe-4145-9e3c-35654ef997b8",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -8904,7 +9706,7 @@
]
},
{
- "uuid": "8ce65525-df11-4efa-80f7-dee766686dad",
+ "uuid": "05ddc2bd-1392-4899-be22-6e0a6a46b26b",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -8921,7 +9723,7 @@
]
},
{
- "uuid": "29f3e086-58ba-4aac-bb17-05b8678cc6bb",
+ "uuid": "fd1feeda-2b0f-40ce-acd2-b37195ea452a",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -8933,7 +9735,7 @@
]
},
{
- "uuid": "ea30572a-1721-42d1-b7b3-4bdc37787473",
+ "uuid": "6ae629af-d7db-4d43-8da7-2db2bf3c737b",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -8950,7 +9752,7 @@
]
},
{
- "uuid": "f67a882e-cae7-4469-8d04-496bc9594770",
+ "uuid": "6dbaae30-ae49-4bc1-8061-8854d79ef62e",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -8967,7 +9769,7 @@
]
},
{
- "uuid": "b4beab48-1bd9-4a8c-af89-492ae4510f67",
+ "uuid": "30d451d5-0541-4d01-92e5-ffc63e16a948",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -8979,7 +9781,7 @@
]
},
{
- "uuid": "2ded524c-5d29-4fea-b770-866b4df3703d",
+ "uuid": "dbbcc397-4037-4d9f-b4f7-69b00e5f1d25",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -8996,7 +9798,7 @@
]
},
{
- "uuid": "139ef20b-cdb2-49e6-83ed-afb928472333",
+ "uuid": "32e64e84-0aea-419f-acc2-e2df4f1ef952",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -9013,7 +9815,7 @@
]
},
{
- "uuid": "811e8d88-b941-40d5-8dc4-925469b30ede",
+ "uuid": "e0ec6fbd-739a-4740-b9ed-8ef92f1bf15c",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -9035,7 +9837,7 @@
]
},
{
- "uuid": "a608e466-5d8c-4572-b8f7-29fdf21127e9",
+ "uuid": "d110f23f-e72b-4007-a29a-d50ebad63840",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -9062,7 +9864,7 @@
]
},
{
- "uuid": "4fb7c222-11d5-4ea6-b61e-21d48c7dc627",
+ "uuid": "92a14a97-4902-478d-aec7-9b50e418690f",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -9089,7 +9891,7 @@
]
},
{
- "uuid": "c4c054ba-cdad-48ba-bfd7-7ac42c506794",
+ "uuid": "bd6a8665-354d-4582-9838-ae6e43f32c19",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -9116,7 +9918,7 @@
]
},
{
- "uuid": "05862642-082a-45bf-84aa-4201748a2ce7",
+ "uuid": "165050f6-50fb-4a03-878e-8007e2a339e0",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -9143,7 +9945,7 @@
]
},
{
- "uuid": "442648cb-ba03-46ea-a1a3-0610e71593d2",
+ "uuid": "51dea1c9-7592-42a8-9d9f-254eb9edd537",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -9170,20 +9972,34 @@
]
},
{
- "uuid": "c07afcd3-1a62-49f5-a17e-a8b40361e7eb",
+ "uuid": "f4ef3081-1633-42d2-ad47-3c370f82cc02",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "566c94a0-c357-4151-b6a0-b422c5f6d322",
+ "uuid": "79c1e593-535e-427c-909c-80cda827be7a",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -9210,7 +10026,7 @@
]
},
{
- "uuid": "912464b4-420b-4353-8fdc-b89922f0475b",
+ "uuid": "61bc33e8-5bbe-4d80-80ab-5e34a12873de",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -9247,20 +10063,25 @@
]
},
{
- "uuid": "e01b9dfa-de37-499e-bcef-643cbf8991f1",
+ "uuid": "fbb66743-8912-4f26-809b-a92396fc688f",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -9279,7 +10100,7 @@
]
},
{
- "uuid": "b6feb30c-4b7b-4e35-8020-d9a99e026dce",
+ "uuid": "dfb817de-8218-4e80-b941-0fa19f2f468f",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -9292,46 +10113,58 @@
]
},
{
- "uuid": "8993f6f6-3d1c-4b02-a7b7-99c0f85565ff",
+ "uuid": "66d247db-dbeb-4c34-b69a-b678b6b6c3b6",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "1bce0add-6507-4891-8053-498556654dbd",
+ "uuid": "8bed0522-ed51-4fb9-9374-2d9d6513717a",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "52715a17-2d34-40e9-b9d8-919fbd9e516c",
+ "uuid": "ad7ac142-9177-4416-b610-4135c54eb644",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "5747c3c7-164c-4b95-90d9-542904942624",
+ "uuid": "9df05efe-b943-4510-b347-bb7834cc15a4",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -9348,20 +10181,24 @@
]
},
{
- "uuid": "978ea66e-f3a7-414b-bed8-1866c52b7c23",
+ "uuid": "da944c9f-a120-4c54-93d4-b2ce41102e42",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "cb9ec698-1d65-42d1-9532-db5e1f42df52",
+ "uuid": "22efdea1-928e-4410-a70a-b6d0c1439108",
"control-id": "cis_fedora_3-3.1.1",
"description": "No notes for control-id 3.3.1.1.",
"props": [
@@ -9378,33 +10215,41 @@
]
},
{
- "uuid": "e97c8e78-e931-4f2d-bf54-70cfe1329884",
+ "uuid": "40744cec-998a-4f6d-a55c-38207f7d1fbd",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "2b2d5ad8-30e3-4d9f-9160-30c7f7a19094",
+ "uuid": "ff4cab5a-f44b-43a1-b655-452b19487332",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "3ca950fb-9974-4c3d-af0e-b06b197a8a31",
+ "uuid": "798d8ac9-16d2-41bb-9f2d-1cd82d08047c",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -9421,7 +10266,7 @@
]
},
{
- "uuid": "28cf0252-6fe0-4ba9-8c88-afa45ec3b4c6",
+ "uuid": "8c657bb2-1d21-42d5-ae4e-74fd65287c8d",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -9438,7 +10283,7 @@
]
},
{
- "uuid": "10835780-3a41-4327-b58b-a8163b355f8d",
+ "uuid": "31c54eb1-a283-47a3-8593-7552938b5723",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -9455,7 +10300,7 @@
]
},
{
- "uuid": "7f429afd-a999-43e8-bad9-cdeef5e70d91",
+ "uuid": "44af0205-307a-496d-92c7-c5ce0d953834",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -9472,7 +10317,7 @@
]
},
{
- "uuid": "3ef64015-9d63-496f-a53c-6c195575af17",
+ "uuid": "82faa7d8-b415-4794-89c8-ed531438e0bb",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -9489,7 +10334,7 @@
]
},
{
- "uuid": "e49e5320-29e2-4780-92d8-1da618f93ee0",
+ "uuid": "6e2b142b-6a12-4e93-ae36-a8b10c073c91",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -9506,7 +10351,7 @@
]
},
{
- "uuid": "90ee351f-de9c-46ef-9557-789c31321f4d",
+ "uuid": "ddfab634-1cee-47e0-93a1-e7147769978a",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -9519,16 +10364,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "20a2f326-310b-4274-b1df-aa93ad052f76",
+ "uuid": "2a2d02e2-bffd-4d4d-ad23-b25bde374bab",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -9545,7 +10385,7 @@
]
},
{
- "uuid": "f8db9994-dfff-4683-b074-d25edd749327",
+ "uuid": "53bf1169-8bd8-4dea-ab26-6d901a757ef5",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -9562,7 +10402,7 @@
]
},
{
- "uuid": "ab90c6a7-a48f-4f45-a34e-bdc779ed26a2",
+ "uuid": "86e9f357-2819-4e88-84c1-4b6ea69e6d36",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -9579,7 +10419,7 @@
]
},
{
- "uuid": "b1d22e90-8e49-471c-bc63-4ec9224bd938",
+ "uuid": "6f820749-48d7-4869-91cd-83d44f7d49f8",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -9596,7 +10436,7 @@
]
},
{
- "uuid": "47800a77-5ea6-4a21-b3e4-a332bcdfc2cb",
+ "uuid": "f4c1e748-923c-4ce3-a375-09b796ad91a0",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -9613,7 +10453,7 @@
]
},
{
- "uuid": "e4b92d30-99a2-44f8-8579-47862020d2a3",
+ "uuid": "e17fdd73-177f-4db6-a719-9fa188e13c84",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -9630,7 +10470,7 @@
]
},
{
- "uuid": "4ebbd270-9599-4621-84fc-0571246829c2",
+ "uuid": "6d2ec7fa-2ff2-463a-a5a9-2ee15da1be70",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -9647,7 +10487,7 @@
]
},
{
- "uuid": "b04b0099-320e-4601-942b-f386bf98ea54",
+ "uuid": "50cc532f-785f-4458-9199-1c8c72fdd30d",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -9664,7 +10504,7 @@
]
},
{
- "uuid": "b02f6f47-6731-4315-8fc2-d7e5fbe3dbe2",
+ "uuid": "5a45a18a-b644-4713-b50f-01c8f3c2793c",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -9681,20 +10521,24 @@
]
},
{
- "uuid": "dbf2f185-484a-4b48-a39e-4cac1be4591b",
+ "uuid": "b061de32-3c0f-415c-bd06-e1fb2a294d28",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "7d3a704a-111f-4635-9cfa-b92ae19aa5dd",
+ "uuid": "6c67673d-ca1a-431b-86d7-2fcefbad474b",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -9711,7 +10555,7 @@
]
},
{
- "uuid": "30b6c5d4-15c9-4986-affd-ebb207158e6e",
+ "uuid": "c42e724b-8996-421f-84cc-ea25b2b8a3e9",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -9728,7 +10572,7 @@
]
},
{
- "uuid": "2cb04909-6f2f-44c0-a969-bb510932970a",
+ "uuid": "a57ef402-44c2-46d7-bbd9-770328092ab1",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -9745,7 +10589,7 @@
]
},
{
- "uuid": "baa768cf-8d8a-47ca-80f5-09a1247382ea",
+ "uuid": "a1164a6c-4f96-4353-9914-e08ff1e2d629",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -9762,7 +10606,7 @@
]
},
{
- "uuid": "f2f86e1e-fb7f-43a3-ac2b-a75c4c23e132",
+ "uuid": "44dd9c59-6177-4ee3-ac28-4e2d39b306d9",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -9779,7 +10623,7 @@
]
},
{
- "uuid": "3e13485a-5edd-4a91-93d1-485c5952156f",
+ "uuid": "abe90fef-b862-4905-b8a5-6f2470df2649",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -9796,7 +10640,7 @@
]
},
{
- "uuid": "67c56d4d-ef24-4cf4-bb9c-bbc04fe4af3c",
+ "uuid": "d42cade1-881a-4d02-91b3-8f237912f3f5",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -9813,7 +10657,7 @@
]
},
{
- "uuid": "d25d987d-a1a7-46df-a4ad-a1eddf523ec2",
+ "uuid": "f7c6a898-0095-4ded-9869-e78a0160ec08",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -9840,7 +10684,7 @@
]
},
{
- "uuid": "fad212f5-1236-47df-9f1b-113b0db318aa",
+ "uuid": "bc241074-6a87-4918-8881-28b92fa09efe",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -9853,7 +10697,7 @@
]
},
{
- "uuid": "a96016e8-df63-4bc9-ab3f-0a8690198e27",
+ "uuid": "07c361a8-02cd-42da-8ea9-96a625cc7261",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -9875,7 +10719,7 @@
]
},
{
- "uuid": "ae6ac356-da20-4d51-b8b8-4060afc21e7f",
+ "uuid": "934a0698-dfdd-46c0-9173-35423d01cb49",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -9887,7 +10731,7 @@
]
},
{
- "uuid": "5d0eed12-7b4a-4981-910b-c200c5c0b335",
+ "uuid": "04a32f37-68ba-4d6b-8465-e2526b101100",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -9900,7 +10744,7 @@
]
},
{
- "uuid": "14c230c2-713e-46fc-b3d9-8946cc5be396",
+ "uuid": "fbe075d5-29a5-43aa-8c37-01fadc673ddc",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -9912,7 +10756,7 @@
]
},
{
- "uuid": "8be3bdf0-143f-48d2-8239-906b41ddbe8c",
+ "uuid": "ef361851-0bef-4c7a-862d-66b98485d2f8",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -9924,7 +10768,7 @@
]
},
{
- "uuid": "776f64ce-2206-4c69-9755-3d92062d59e5",
+ "uuid": "483c3a99-2d20-4ed1-afc2-b3610394764e",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -9947,11 +10791,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "71b504b2-e8e0-432a-b714-d26f5707d21b",
+ "uuid": "55f22a6c-e433-4bbb-89d4-df27d960f887",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -9978,7 +10852,7 @@
]
},
{
- "uuid": "86e349ec-a4f6-43ad-be80-b0341b1fc89f",
+ "uuid": "73d7b8fb-4dd2-45ba-9b2a-d469e4c624ec",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -10005,56 +10879,58 @@
]
},
{
- "uuid": "7477c62b-7317-41f4-952d-c4158ffd7477",
+ "uuid": "ac164793-ea53-4d30-b883-c92329884e70",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "95bbc8e1-15d1-43c6-a70c-4f93bd50122f",
+ "uuid": "6cb00b3c-04ff-4f20-9b74-1633ba98ac19",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "96a5c46e-408b-4a15-80f0-f6362f46cdf3",
+ "uuid": "ebaccf65-c1a7-4eee-b8dc-0ecab930dcd0",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "c8d72881-f378-4ed7-86cf-b6d2d1c62415",
+ "uuid": "e330bad3-dd32-4378-a9f1-87f5dfe999eb",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -10071,7 +10947,7 @@
]
},
{
- "uuid": "c9af3157-98c7-4b13-b6be-4ca9749ed883",
+ "uuid": "e0fde070-c1ee-4484-8285-14e6aa1a0f9e",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -10088,7 +10964,7 @@
]
},
{
- "uuid": "bdedc548-10a4-4ab9-91ca-cf8160ff6d50",
+ "uuid": "f738daf5-73cd-4970-8be2-a96ce192221f",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -10110,20 +10986,24 @@
]
},
{
- "uuid": "f4f82c4a-f8df-4b2b-a74a-924b5df81bbb",
+ "uuid": "d3662d74-9c9f-4cab-8c29-82cbbd1f16ec",
"control-id": "cis_fedora_5-1.10",
- "description": "The description for control-id cis_fedora_5-1.10.",
+ "description": "No notes for control-id 5.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary for \"disableforwarding\" option."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding"
}
]
},
{
- "uuid": "68d1a794-b5c0-4426-811d-d8ec113d72fd",
+ "uuid": "36c1f445-ccea-44e1-b20c-742487b0754a",
"control-id": "cis_fedora_5-1.11",
"description": "No notes for control-id 5.1.11.",
"props": [
@@ -10140,7 +11020,7 @@
]
},
{
- "uuid": "7b7b4c71-6c8a-4ffd-b0fc-3380deb6ee5c",
+ "uuid": "5d7da876-9504-4a73-aae2-5a43f8f2bca4",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -10157,7 +11037,7 @@
]
},
{
- "uuid": "246509f2-330c-42ce-b580-fe2795e49a34",
+ "uuid": "c98b7667-c7c8-4776-a0a7-7f0d6d400239",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -10174,7 +11054,7 @@
]
},
{
- "uuid": "10c71cfe-05a8-4d08-971b-f5da3e690859",
+ "uuid": "649e6ed4-4a08-4715-834c-70bf9436550d",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -10191,7 +11071,7 @@
]
},
{
- "uuid": "4925b47e-30e6-46b4-865c-f7eba1fbaa87",
+ "uuid": "5dcb13b6-fe56-4e04-a6d3-9f5d1f7db547",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -10208,7 +11088,7 @@
]
},
{
- "uuid": "35e763e6-0d5d-4a13-a654-8451baf4f3f5",
+ "uuid": "b1067c4d-7617-497a-b27e-fd9b4561dead",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -10225,7 +11105,7 @@
]
},
{
- "uuid": "39e5d917-7f3c-42fe-b7a2-e59394e647ee",
+ "uuid": "cfc56607-699f-41dc-87b9-872f118088ab",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -10242,7 +11122,7 @@
]
},
{
- "uuid": "dc74b8c1-54d2-4c09-bdeb-4c733c642208",
+ "uuid": "813db750-0ff8-4d0b-ac92-2cb4f5e48059",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -10259,7 +11139,7 @@
]
},
{
- "uuid": "63a40652-83e8-439e-9377-f44f93b7f502",
+ "uuid": "6bcb2265-a896-4a7e-a9af-045be0bb8cc1",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -10276,7 +11156,7 @@
]
},
{
- "uuid": "5c081985-c091-4ea5-b0b9-f6ae58f671a8",
+ "uuid": "d4a47838-6af5-4d05-9b17-3f80899e90de",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -10293,7 +11173,7 @@
]
},
{
- "uuid": "07953173-1c6a-4b9e-88e2-0fb42be031ae",
+ "uuid": "997da756-7a44-42ae-97b7-93058c0cff86",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -10310,7 +11190,7 @@
]
},
{
- "uuid": "f4c7b0ea-91af-402e-9d52-0346e9e52e79",
+ "uuid": "d03485be-a4ce-4bc3-a1f2-5363fa4da10b",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -10327,7 +11207,7 @@
]
},
{
- "uuid": "cb93c836-2cc4-4d0f-84d6-b6016352ed31",
+ "uuid": "78aff698-1ed4-4ebb-b4cf-dfb9df526ebd",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -10344,7 +11224,7 @@
]
},
{
- "uuid": "71731cf4-f4c8-4e55-b9d2-da52283d6f4e",
+ "uuid": "4db14191-8433-4b4e-b8a3-0e855d039461",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -10361,7 +11241,7 @@
]
},
{
- "uuid": "3d0ed627-4d99-4abb-af51-98fe99fd0c0d",
+ "uuid": "87896294-9546-4254-86d0-23f4fb0914ad",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -10378,7 +11258,7 @@
]
},
{
- "uuid": "0ee871f5-2306-4a25-8a7c-e6bc80c55b05",
+ "uuid": "dc62a149-1ae9-4436-9d91-f1892814a216",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -10390,12 +11270,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "978d5988-1b12-4f2f-8361-eca9e556b857",
+ "uuid": "96888362-3c3c-47a0-98aa-a4c7cf023589",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -10412,7 +11292,7 @@
]
},
{
- "uuid": "09f88cad-9dca-459d-9adb-8b2b56817cf6",
+ "uuid": "eeb63aeb-d7dc-4e92-af82-a9b0180689ff",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -10434,7 +11314,7 @@
]
},
{
- "uuid": "42c4105f-9336-4415-9504-4b86ee5d758d",
+ "uuid": "df21e207-befc-4d2b-a335-a61d4a3d8743",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -10447,7 +11327,7 @@
]
},
{
- "uuid": "5866ba68-8833-441c-b9c1-2c51400c2e4b",
+ "uuid": "f5dad50d-0c46-4c60-b710-cd256174f818",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -10460,7 +11340,7 @@
]
},
{
- "uuid": "a49eaa17-c1e2-4d4e-8c9d-6884a605c9d3",
+ "uuid": "88264d18-b9fe-4b88-972b-e4ff672ff49e",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -10478,7 +11358,7 @@
]
},
{
- "uuid": "337cb22f-cdfd-4fd8-b15f-25c87078ac46",
+ "uuid": "54b653f3-2f66-42d5-b249-5b405837b26c",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -10490,7 +11370,7 @@
]
},
{
- "uuid": "a2ed9350-755d-4cbf-adba-04e1bd0dc51a",
+ "uuid": "9f755190-a685-48a0-9d6f-c488dd16ae06",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -10512,7 +11392,7 @@
]
},
{
- "uuid": "9237d262-faa0-490a-afea-d3754987f032",
+ "uuid": "833bfafd-fbdd-44e7-b95a-acba32f6203d",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -10520,11 +11400,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "f56a29f1-d694-4968-af25-924af013af95",
+ "uuid": "b532e592-4dbd-4db9-84ab-d37122570913",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -10536,19 +11431,24 @@
]
},
{
- "uuid": "0c198b72-0410-4daf-bc0c-778310e2c1d6",
+ "uuid": "f2eb93a5-9ef3-485f-a889-af7f3b1d4c8f",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "bc61f023-3440-419a-a270-2e54b326ad4d",
+ "uuid": "af620572-becc-4bba-95f3-834805c02308",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -10565,7 +11465,7 @@
]
},
{
- "uuid": "0cf3ad6a-8b11-4a6b-9766-c29a61baabed",
+ "uuid": "c893e6bc-cb84-4570-b528-3aa66a08ea98",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -10582,7 +11482,7 @@
]
},
{
- "uuid": "3b9c6d65-083f-4c80-b5cd-17a45f75b5ec",
+ "uuid": "5e96c5e6-869e-4a4b-ad27-1e21ee0f25b5",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -10599,7 +11499,7 @@
]
},
{
- "uuid": "44f7f9f6-a30d-4501-9c05-0271d76a145f",
+ "uuid": "11d3c294-887c-46e2-96d1-5aa75498bd83",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -10616,7 +11516,7 @@
]
},
{
- "uuid": "569e1352-83c1-4241-bfbb-99f54161631b",
+ "uuid": "8a05d1d0-3761-4b54-bb2c-826f8dfc8910",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -10633,7 +11533,7 @@
]
},
{
- "uuid": "e166d0c6-b193-491c-b992-55c9a7d32653",
+ "uuid": "2d9fdacc-92b9-4c8b-9bdb-771d80bda44a",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -10650,20 +11550,24 @@
]
},
{
- "uuid": "8d3c7c0d-b132-432b-b52c-e02e36f4aadc",
+ "uuid": "a9242dba-29e7-4c8d-9662-937525624a5c",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "54ad604a-d114-46ff-bba9-6b06de28d14f",
+ "uuid": "2c273f7a-3d87-4f7b-8348-1462c7399deb",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -10680,7 +11584,7 @@
]
},
{
- "uuid": "c2d3167b-2062-4613-b36b-877c40d57d99",
+ "uuid": "d6bc8286-9e1a-4a0f-8e44-63fe45935755",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -10697,7 +11601,7 @@
]
},
{
- "uuid": "e4fd73f5-047d-4d0b-a046-c5469715ac12",
+ "uuid": "43bcc244-27ab-4279-937f-352936a3c362",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -10719,7 +11623,7 @@
]
},
{
- "uuid": "05e1a69c-b82b-42e1-b8ea-58d5d8ff153e",
+ "uuid": "e4e0cb47-761e-48d2-b141-9be7abc9ef11",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -10732,7 +11636,7 @@
]
},
{
- "uuid": "5c7977aa-7d8e-4d5e-a131-a1e0070b1e86",
+ "uuid": "4627fb97-7705-4ac0-86d8-95b2b270c424",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -10740,11 +11644,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "6f3eecdc-fa40-421b-9222-d6bf5ba3975f",
+ "uuid": "a9ffd978-a97b-45be-b4b0-601dc0c6fd8e",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -10761,20 +11670,24 @@
]
},
{
- "uuid": "ce1b54f2-c8af-4be1-b8cd-bd1e89bae6fc",
+ "uuid": "71a9e10e-81cd-4dca-a28f-5109fd349ceb",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "86572cfd-5a20-4b44-9fe6-4b560028275f",
+ "uuid": "30dff834-e9d4-4c91-8bab-8f87f736f1f1",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -10796,19 +11709,24 @@
]
},
{
- "uuid": "659c8fa4-751e-4537-bcf7-4ca82ba76a42",
+ "uuid": "dd0f19b8-4f22-44f9-a40e-4b8a9c0a07aa",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "9be873e4-aadf-4021-81a1-541e038506b8",
+ "uuid": "ddef2763-e578-461e-a003-b37c4a0f9d82",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -10830,7 +11748,7 @@
]
},
{
- "uuid": "9b9dab96-c54c-43d8-a811-28be6173b29e",
+ "uuid": "1bb57ebd-d24b-4d75-be0b-43ff6c384d73",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -10852,20 +11770,15 @@
]
},
{
- "uuid": "9861286b-3d77-428a-9647-7dc5b55c87fb",
+ "uuid": "4479f527-e920-4ee9-9752-465dbd8e3cda",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -10874,7 +11787,7 @@
]
},
{
- "uuid": "1ce39cdd-c848-4382-b421-73e784e49c65",
+ "uuid": "e41b878a-48fa-48d6-9c60-55ece96ab406",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -10896,7 +11809,7 @@
]
},
{
- "uuid": "0646fab8-6e27-4c5e-9e46-d371c2ffc457",
+ "uuid": "992c836b-5d2e-47fa-b15c-ac59f24bd883",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -10913,7 +11826,7 @@
]
},
{
- "uuid": "416baae8-8bb0-495d-9b05-20bb011fdc66",
+ "uuid": "a102fe3d-2823-456e-a1e5-115a21c3c267",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -10930,7 +11843,7 @@
]
},
{
- "uuid": "d99df606-65d9-4183-93e1-659d62515b4d",
+ "uuid": "b52ba315-e174-4297-99fc-2e2b03cd3366",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -10947,20 +11860,24 @@
]
},
{
- "uuid": "eb165fd3-c73f-428e-abc6-69e97b1029d0",
+ "uuid": "7690ebec-4d8f-4839-adaa-4498117c5ad4",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "05084f39-d030-4135-8d1f-73f3b0e3d580",
+ "uuid": "b76b33fe-5064-4af3-8bb1-455a76f318c1",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -10977,7 +11894,7 @@
]
},
{
- "uuid": "28519942-1a99-4961-a09b-1c685bc6fb43",
+ "uuid": "5174fcee-31af-4abe-8768-dcfdbc366fb4",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -10999,20 +11916,24 @@
]
},
{
- "uuid": "1ef88351-a11a-4a37-84c9-a355f1ab1228",
+ "uuid": "4a9d0b8a-7c8c-40fd-9693-a7a313082f38",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "218c8bc8-f486-4c23-924c-5bce9b4c8208",
+ "uuid": "1670fb98-0611-45a2-9faa-20fd0e246225",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -11034,20 +11955,24 @@
]
},
{
- "uuid": "19551c8f-d727-4f7e-baa3-1301901fdf0e",
+ "uuid": "703670a6-0de9-4ab0-90d1-a83f8a31890b",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "eb4844fc-df75-43f0-8afc-4f4125bd1023",
+ "uuid": "6368bdee-3e91-40a9-b1fe-af58b8d712e7",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -11064,7 +11989,7 @@
]
},
{
- "uuid": "520f60b6-5301-4281-aaea-b270ff934c0f",
+ "uuid": "0f405914-1f2a-4ebc-b5b8-75ddb6e3a371",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -11091,7 +12016,7 @@
]
},
{
- "uuid": "1c2eb03e-10f5-4181-b5dd-2945462b9bfc",
+ "uuid": "d6434f29-ab0d-48cf-aab2-9b8c7f92e0f4",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -11113,7 +12038,7 @@
]
},
{
- "uuid": "ea8cc8bd-26a8-40ee-9058-75356e85d675",
+ "uuid": "c6815932-c4d0-4f99-9c97-cc65d56b6412",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -11130,7 +12055,7 @@
]
},
{
- "uuid": "b50aaf6d-79ee-4ee8-bc0e-09ac7dca58a9",
+ "uuid": "c714469c-d048-4df6-bd59-eff26758ee1d",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -11147,7 +12072,7 @@
]
},
{
- "uuid": "87df5fa9-fe23-4083-84c8-aa532c916ff6",
+ "uuid": "55fa3fce-e32c-4900-9474-472fd056494e",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -11164,7 +12089,7 @@
]
},
{
- "uuid": "db2a4427-f6dd-4196-8ce8-ec537fb8949b",
+ "uuid": "ae885b3f-fc34-4590-8a8f-9ba860c06bfc",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -11177,7 +12102,7 @@
]
},
{
- "uuid": "54df298b-72bc-4b74-b9fd-86e670cda49e",
+ "uuid": "c687b222-6941-49e2-84e1-2b9f821d472b",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -11190,20 +12115,24 @@
]
},
{
- "uuid": "5b9ef890-518e-43bd-8720-214373ccee0d",
+ "uuid": "ecfee6a1-2c7c-4b44-816a-87de2a6a3ef0",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "e0a04f98-b6dc-45e0-a519-7a19f1ecfec0",
+ "uuid": "eebff1b2-0420-4a73-ad48-cf7e2399d029",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -11220,7 +12149,7 @@
]
},
{
- "uuid": "0a245c32-bfe4-4a5c-a314-7d6e62737a69",
+ "uuid": "48df15bd-f8b6-4328-bb60-18876157a939",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -11233,20 +12162,24 @@
]
},
{
- "uuid": "bdd5c71b-04e3-471e-9e83-dd1e22cbf1c3",
+ "uuid": "ab28e3d6-4fab-47fa-ba37-cae032e4006d",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "e25eb4d9-75e9-44d4-89ba-d4d97e49d16a",
+ "uuid": "477f133a-2472-48a3-9b70-afe12fe6fe8c",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -11263,20 +12196,24 @@
]
},
{
- "uuid": "b0bf7dcf-0f51-4e26-b1e9-720a1c553bfb",
+ "uuid": "b6ac11a9-535e-4c5e-bee7-bdcf4db9a04b",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "09d3d7c0-7370-4915-bd67-054b7ecd591e",
+ "uuid": "5003b6fd-9b3c-490a-9553-912a431e7058",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -11293,7 +12230,7 @@
]
},
{
- "uuid": "543f086a-ccd8-4d63-87a5-3878b6508eb3",
+ "uuid": "a3e3bc18-eeb9-49fe-ab0a-646dbf43e9d4",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -11310,7 +12247,7 @@
]
},
{
- "uuid": "e76ec6ab-de80-482a-afbc-155fd1d8ed5a",
+ "uuid": "52581f2e-c6dd-4abd-9f71-f8418ae619d6",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -11322,7 +12259,7 @@
]
},
{
- "uuid": "f34b1d2b-eff5-403d-9289-f62f055c6316",
+ "uuid": "d146fa47-a138-4578-91b1-14e026e49f46",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -11334,7 +12271,7 @@
]
},
{
- "uuid": "bafdc9c2-6ddc-49bf-816b-dff09dca441e",
+ "uuid": "77d648b0-64b2-4d2e-b1ed-a4c33c9844c7",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -11346,7 +12283,7 @@
]
},
{
- "uuid": "f628dddd-416f-49f6-8165-feb13311143d",
+ "uuid": "e9104439-fd3a-4162-a2be-d483a80cb612",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -11358,7 +12295,7 @@
]
},
{
- "uuid": "9f5a70bc-3be5-449c-9f44-4431f44646fe",
+ "uuid": "bb44da45-3040-4ece-a450-a7982bd3b70c",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -11371,7 +12308,7 @@
]
},
{
- "uuid": "b8bfbdc0-b591-4d29-bafe-4ad78fbb6f56",
+ "uuid": "83123334-6a71-440e-9223-051ff769eb29",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -11384,7 +12321,7 @@
]
},
{
- "uuid": "009e7717-5a53-4fa9-b3ac-e6baef75c84b",
+ "uuid": "6f2bfe2a-4f0b-4e7c-af0b-8bacb09ae16b",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -11396,7 +12333,7 @@
]
},
{
- "uuid": "ced1f833-962a-45a2-af8e-1f87f9607ca2",
+ "uuid": "c9c98850-a388-444d-a442-d0678aaa83bd",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -11409,7 +12346,7 @@
]
},
{
- "uuid": "2d8b382d-2efc-4661-bf95-d123eba26068",
+ "uuid": "54fba2ea-9696-4c0b-83dc-ad4db0575908",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -11436,7 +12373,7 @@
]
},
{
- "uuid": "dbd4a605-d7ab-4654-ba5a-05d3b9a7b574",
+ "uuid": "6df841d5-b356-410c-9222-d5c7d1b44e55",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -11463,7 +12400,7 @@
]
},
{
- "uuid": "9bbc4dfd-1fba-4ff9-a83d-d2936e699d9b",
+ "uuid": "ab408a6c-fb0b-41e3-9fe9-78dc2d82250e",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -11490,7 +12427,7 @@
]
},
{
- "uuid": "d3415bcd-b4f5-4f99-8e2b-13b2b7de92bf",
+ "uuid": "b01c31a3-d8a8-4b57-89b1-741e5898df74",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -11517,7 +12454,7 @@
]
},
{
- "uuid": "3f5b667b-96fd-4936-aad6-dca31866d7ef",
+ "uuid": "69de09bc-188d-468c-9aeb-d8cd48ba344e",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -11544,7 +12481,7 @@
]
},
{
- "uuid": "7065e756-a743-49e2-985a-caf05e4a9f92",
+ "uuid": "4d1589dd-1576-463d-8a77-ecdfc156e99c",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -11571,7 +12508,7 @@
]
},
{
- "uuid": "206d9a5e-8a42-4a37-b207-079c18f55e99",
+ "uuid": "b01eb5a6-17dc-454e-bb3e-169aacfb9ee2",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -11598,7 +12535,7 @@
]
},
{
- "uuid": "4a8d501d-14f4-43d3-85f3-64b17214d8c2",
+ "uuid": "03f4bd69-c1e7-4e48-9866-a685a0856539",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -11625,7 +12562,7 @@
]
},
{
- "uuid": "ad97179a-9ed5-4330-9b9a-14b60816b24c",
+ "uuid": "7f4282c0-d419-41af-82b0-1558429c5e94",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -11652,7 +12589,7 @@
]
},
{
- "uuid": "be645452-b9de-49ad-ae74-ee71e3452620",
+ "uuid": "8fdd4965-4d26-486a-96f9-d6402edd1f9a",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -11679,24 +12616,49 @@
]
},
{
- "uuid": "4e16a297-67ee-48fe-b5b6-5871504e8bfb",
+ "uuid": "c2a70fab-e50c-4b89-a98e-69661783a8aa",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "66246ed4-08b8-481f-879e-71a24534c471",
+ "uuid": "6599f656-e865-499c-ba0e-a8e694b6a790",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -11718,29 +12680,29 @@
]
},
{
- "uuid": "f31fc0a8-23ec-4766-b7b9-b702b8ac6be7",
+ "uuid": "c42e41f5-d8ba-418b-a7db-f404421d04dc",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "e542d727-d62d-44cf-aa99-36d5c3e2ccdc",
+ "uuid": "e75c20ca-7a5b-4568-b5c3-9e4c9326f5fc",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -11753,7 +12715,7 @@
]
},
{
- "uuid": "5930986d-9814-4e93-b06b-aab995a85584",
+ "uuid": "5e9656d4-1763-4115-96b3-d1b1456ce972",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -11770,7 +12732,7 @@
]
},
{
- "uuid": "9736cdd4-0d55-4b56-bbca-1d81b8cc8ed6",
+ "uuid": "3724d23c-a369-46f4-a7d7-215b41551e56",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -11787,7 +12749,7 @@
]
},
{
- "uuid": "e2889e02-df33-44c7-b8bf-142176788f61",
+ "uuid": "5136d502-0118-4d57-a637-82e7c60e9830",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -11804,7 +12766,7 @@
]
},
{
- "uuid": "ca098a9a-01ae-473b-8343-5dd662d48c5b",
+ "uuid": "7f33f4df-2e37-4c19-a231-f3aa93e66988",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -11821,7 +12783,7 @@
]
},
{
- "uuid": "4d1afda3-6c57-4ab9-9053-fd5b9b4340fa",
+ "uuid": "bff30ddd-9272-42cf-a426-1ddd85c6cb86",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -11838,7 +12800,7 @@
]
},
{
- "uuid": "3a7c312f-7336-427e-85de-9c5d9f050f04",
+ "uuid": "11709aa6-918f-4909-bf19-9bce5fcbd8a9",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -11855,7 +12817,7 @@
]
},
{
- "uuid": "50051f55-0e50-4680-80b3-0c49779fb700",
+ "uuid": "55aa74d6-264f-461e-85a3-fff4ade6dc5c",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -11872,7 +12834,7 @@
]
},
{
- "uuid": "b117ae53-74e2-46ca-8e9c-a48a0e8bc424",
+ "uuid": "5505f69e-735c-4eff-b3d8-d6cd1bbad157",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -11899,14 +12861,14 @@
]
},
{
- "uuid": "1b1e12b1-ddbe-4d0b-b9f2-35514376896b",
+ "uuid": "d4522cf9-e613-41ac-be54-3078560ba71a",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -11921,22 +12883,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
@@ -11953,10105 +12920,11497 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
- "remarks": "rule_set_000"
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_db_up_to_date",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "cis_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization according to the local policy.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_0",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "inactivity_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_1",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "login_banner_text",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_2",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_idle_timeout_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify duration of allowed idle time.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_3",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_max_auth_tries_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of authentication attempts per connection.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_4",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_5",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_6",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_7",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_8",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_9",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable ICMP Redirect Acceptance?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_10",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable IP source routing?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_11",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv4 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_12",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_log_martians_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_13",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enables source route verification",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_14",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_15",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_16",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to prevent unnecessary logging",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_17",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_tcp_syncookies_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enable to turn on TCP SYN Cookie Protection",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_18",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept all router advertisements?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_19",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_20",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_21",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_all_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_22",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Accept default router advertisements by default?",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_23",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle ICMP Redirect Acceptance By Default",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_24",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_25",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Toggle IPv6 default Forwarding",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_26",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_account_disable_post_pw_expiration",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_27",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_maximum_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum age of password in days",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_28",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_minimum_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum age of password in days",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_29",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 'default': 7}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The number of days' warning given before a password expires.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_30",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Number of failed login attempts before account lockout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_31",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_dir",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The directory where the user files with the failure records are kept",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_32",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'ol8': '/var/log/faillock', 'default': '/var/log/faillock', 'run': '/var/run/faillock'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_33",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_tmout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_34",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_accounts_user_umask",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Enter default user umask",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_35",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_audit_backlog_limit",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Value of the audit_backlog_limit argument in GRUB 2 configuration. The audit_backlog_limit parameter determines how auditd records can be held in the auditd backlog.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_36",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 8192, 8192: 8192}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_admin_space_left_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_37",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_disk_error_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_38",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_fedora': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_disk_full_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_39",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_fedora': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_max_log_file",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for max_log_file in /etc/audit/auditd.conf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_40",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_max_log_file_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_41",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_auditd_space_left_action",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for space_left_action in /etc/audit/auditd.conf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_42",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_43",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_multiple_time_servers",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_43",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The list of vendor-approved time servers",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_43",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_44",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_pam_wheel_group_for_su",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_44",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_44",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_45",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_hashing_algorithm",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_45",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_45",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_46",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_hashing_algorithm_pam",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_46",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_46",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_47",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_dictcheck",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_47",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Prevent the use of dictionary words for passwords.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_47",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 'default': 1}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_48",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_difok",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_48",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of characters not present in old password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_48",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_49",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_maxrepeat",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_49",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum Number of Consecutive Repeating Characters in a Password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_49",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_50",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_maxsequence",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_50",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Maximum Number of Consecutive Character Sequences in a Password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_50",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_minclass",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of categories of characters that must exist in a password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_51",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_minlen",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Minimum number of characters in password",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_52",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_remember",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Prevent password reuse using password history lookup",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_53",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_password_pam_remember_control_flag",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_54",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_55",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_postfix_inet_interfaces",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_55",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_55",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_56",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_screensaver_lock_delay",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_56",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_56",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_57",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_selinux_policy_name",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_57",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_57",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_58",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_selinux_state",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_58",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_58",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 'enforcing', 'disabled': 'disabled', 'enforcing': 'enforcing', 'permissive': 'permissive'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_59",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_max_sessions",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_59",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of open sessions permitted.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_59",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_60",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_keepalive",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_60",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Specify the maximum number of idle message counts before session is terminated.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_60",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_61",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_login_grace_time",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_61",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_61",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': 60, 60: 60}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_62",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sshd_set_maxstartups",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_62",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_62",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_63",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_sudo_timestamp_timeout",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_63",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Defines the number of minutes that can elapse before sudo will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always prompt for a password. The default timeout value is 5 minutes.",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_63",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '5', 'always_prompt': '0', '1_minute': '1', '2_minutes': '2', '3_minutes': '3', '5_minutes': '5', '15_minutes': '15'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Id_64",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "var_user_initialization_files_regex",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Description_64",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Parameter_Value_Alternatives_64",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
+ "remarks": "rule_set_000"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_cramfs_disabled",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of cramfs",
+ "remarks": "rule_set_001"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_freevxfs_disabled",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Disable Mounting of freevxfs",
+ "remarks": "rule_set_002"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_db_up_to_date",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfs_disabled",
+ "remarks": "rule_set_003"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Make sure that the dconf databases are up-to-date with regards to respective keyfiles",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfs",
+ "remarks": "rule_set_003"
},
{
- "name": "Parameter_Id_0",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "cis_banner_text",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Description_0",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization according to the local policy.",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Value_Alternatives_0",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'Authorized users only. All activity may be monitored and reported.', 'cis': 'Authorized users only. All activity may be monitored and reported.'}",
- "remarks": "rule_set_000"
+ "value": "kernel_module_hfsplus_disabled",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Id_1",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "inactivity_timeout_value",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of hfsplus",
+ "remarks": "rule_set_004"
},
{
- "name": "Parameter_Description_1",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) of inactive graphical sessions",
- "remarks": "rule_set_000"
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Value_Alternatives_1",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, 'default': 900}",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Id_2",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "login_banner_text",
- "remarks": "rule_set_000"
+ "value": "kernel_module_jffs2_disabled",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Description_2",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\\n' character and special characters like parentheses and quotation marks must be escaped with '\\\\'.",
- "remarks": "rule_set_000"
+ "value": "Disable Mounting of jffs2",
+ "remarks": "rule_set_005"
},
{
- "name": "Parameter_Value_Alternatives_2",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'cis_banners': '^(Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.|^(?!.*(\\\\\\\\|fedora|rhel|sle|ubuntu)).*)$', 'cis_default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$', 'dod_banners': \"^(You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.|I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.)$\", 'dod_default': '^You[\\\\s\\\\n]+are[\\\\s\\\\n]+accessing[\\\\s\\\\n]+a[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+\\\\(USG\\\\)[\\\\s\\\\n]+Information[\\\\s\\\\n]+System[\\\\s\\\\n]+\\\\(IS\\\\)[\\\\s\\\\n]+that[\\\\s\\\\n]+is[\\\\s\\\\n]+provided[\\\\s\\\\n]+for[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+use[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+By[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+\\\\(which[\\\\s\\\\n]+includes[\\\\s\\\\n]+any[\\\\s\\\\n]+device[\\\\s\\\\n]+attached[\\\\s\\\\n]+to[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\),[\\\\s\\\\n]+you[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+the[\\\\s\\\\n]+following[\\\\s\\\\n]+conditions\\\\:(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-The[\\\\s\\\\n]+USG[\\\\s\\\\n]+routinely[\\\\s\\\\n]+intercepts[\\\\s\\\\n]+and[\\\\s\\\\n]+monitors[\\\\s\\\\n]+communications[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+for[\\\\s\\\\n]+purposes[\\\\s\\\\n]+including,[\\\\s\\\\n]+but[\\\\s\\\\n]+not[\\\\s\\\\n]+limited[\\\\s\\\\n]+to,[\\\\s\\\\n]+penetration[\\\\s\\\\n]+testing,[\\\\s\\\\n]+COMSEC[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+network[\\\\s\\\\n]+operations[\\\\s\\\\n]+and[\\\\s\\\\n]+defense,[\\\\s\\\\n]+personnel[\\\\s\\\\n]+misconduct[\\\\s\\\\n]+\\\\(PM\\\\),[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+\\\\(LE\\\\),[\\\\s\\\\n]+and[\\\\s\\\\n]+counterintelligence[\\\\s\\\\n]+\\\\(CI\\\\)[\\\\s\\\\n]+investigations\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-At[\\\\s\\\\n]+any[\\\\s\\\\n]+time,[\\\\s\\\\n]+the[\\\\s\\\\n]+USG[\\\\s\\\\n]+may[\\\\s\\\\n]+inspect[\\\\s\\\\n]+and[\\\\s\\\\n]+seize[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+IS\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Communications[\\\\s\\\\n]+using,[\\\\s\\\\n]+or[\\\\s\\\\n]+data[\\\\s\\\\n]+stored[\\\\s\\\\n]+on,[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+are[\\\\s\\\\n]+not[\\\\s\\\\n]+private,[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+routine[\\\\s\\\\n]+monitoring,[\\\\s\\\\n]+interception,[\\\\s\\\\n]+and[\\\\s\\\\n]+search,[\\\\s\\\\n]+and[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+disclosed[\\\\s\\\\n]+or[\\\\s\\\\n]+used[\\\\s\\\\n]+for[\\\\s\\\\n]+any[\\\\s\\\\n]+USG\\\\-authorized[\\\\s\\\\n]+purpose\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-This[\\\\s\\\\n]+IS[\\\\s\\\\n]+includes[\\\\s\\\\n]+security[\\\\s\\\\n]+measures[\\\\s\\\\n]+\\\\(e\\\\.g\\\\.,[\\\\s\\\\n]+authentication[\\\\s\\\\n]+and[\\\\s\\\\n]+access[\\\\s\\\\n]+controls\\\\)[\\\\s\\\\n]+to[\\\\s\\\\n]+protect[\\\\s\\\\n]+USG[\\\\s\\\\n]+interests\\\\-\\\\-not[\\\\s\\\\n]+for[\\\\s\\\\n]+your[\\\\s\\\\n]+personal[\\\\s\\\\n]+benefit[\\\\s\\\\n]+or[\\\\s\\\\n]+privacy\\\\.(?:[\\\\n]+|(?:\\\\\\\\n)+)\\\\-Notwithstanding[\\\\s\\\\n]+the[\\\\s\\\\n]+above,[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+IS[\\\\s\\\\n]+does[\\\\s\\\\n]+not[\\\\s\\\\n]+constitute[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+PM,[\\\\s\\\\n]+LE[\\\\s\\\\n]+or[\\\\s\\\\n]+CI[\\\\s\\\\n]+investigative[\\\\s\\\\n]+searching[\\\\s\\\\n]+or[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+the[\\\\s\\\\n]+content[\\\\s\\\\n]+of[\\\\s\\\\n]+privileged[\\\\s\\\\n]+communications,[\\\\s\\\\n]+or[\\\\s\\\\n]+work[\\\\s\\\\n]+product,[\\\\s\\\\n]+related[\\\\s\\\\n]+to[\\\\s\\\\n]+personal[\\\\s\\\\n]+representation[\\\\s\\\\n]+or[\\\\s\\\\n]+services[\\\\s\\\\n]+by[\\\\s\\\\n]+attorneys,[\\\\s\\\\n]+psychotherapists,[\\\\s\\\\n]+or[\\\\s\\\\n]+clergy,[\\\\s\\\\n]+and[\\\\s\\\\n]+their[\\\\s\\\\n]+assistants\\\\.[\\\\s\\\\n]+Such[\\\\s\\\\n]+communications[\\\\s\\\\n]+and[\\\\s\\\\n]+work[\\\\s\\\\n]+product[\\\\s\\\\n]+are[\\\\s\\\\n]+private[\\\\s\\\\n]+and[\\\\s\\\\n]+confidential\\\\.[\\\\s\\\\n]+See[\\\\s\\\\n]+User[\\\\s\\\\n]+Agreement[\\\\s\\\\n]+for[\\\\s\\\\n]+details\\\\.$', 'dod_short': \"^I've[\\\\s\\\\n]+read[\\\\s\\\\n]+\\\\&[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+terms[\\\\s\\\\n]+in[\\\\s\\\\n]+IS[\\\\s\\\\n]+user[\\\\s\\\\n]+agreem't\\\\.$\", 'dss_odaa_default': '^Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.[\\\\s\\\\n]+This[\\\\s\\\\n]+is[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+and[\\\\s\\\\n]+related[\\\\s\\\\n]+equipment[\\\\s\\\\n]+are[\\\\s\\\\n]+intended[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+communication,[\\\\s\\\\n]+transmission,[\\\\s\\\\n]+processing,[\\\\s\\\\n]+and[\\\\s\\\\n]+storage[\\\\s\\\\n]+of[\\\\s\\\\n]+official[\\\\s\\\\n]+U\\\\.S\\\\.[\\\\s\\\\n]+Government[\\\\s\\\\n]+or[\\\\s\\\\n]+other[\\\\s\\\\n]+authorized[\\\\s\\\\n]+information[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times[\\\\s\\\\n]+to[\\\\s\\\\n]+ensure[\\\\s\\\\n]+proper[\\\\s\\\\n]+functioning[\\\\s\\\\n]+of[\\\\s\\\\n]+equipment[\\\\s\\\\n]+and[\\\\s\\\\n]+systems[\\\\s\\\\n]+including[\\\\s\\\\n]+security[\\\\s\\\\n]+devices[\\\\s\\\\n]+and[\\\\s\\\\n]+systems,[\\\\s\\\\n]+to[\\\\s\\\\n]+prevent[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+and[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+statutes[\\\\s\\\\n]+and[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations,[\\\\s\\\\n]+to[\\\\s\\\\n]+deter[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity,[\\\\s\\\\n]+and[\\\\s\\\\n]+for[\\\\s\\\\n]+other[\\\\s\\\\n]+similar[\\\\s\\\\n]+purposes\\\\.[\\\\s\\\\n]+Any[\\\\s\\\\n]+user[\\\\s\\\\n]+of[\\\\s\\\\n]+a[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+should[\\\\s\\\\n]+be[\\\\s\\\\n]+aware[\\\\s\\\\n]+that[\\\\s\\\\n]+any[\\\\s\\\\n]+information[\\\\s\\\\n]+placed[\\\\s\\\\n]+in[\\\\s\\\\n]+the[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+not[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+any[\\\\s\\\\n]+expectation[\\\\s\\\\n]+of[\\\\s\\\\n]+privacy\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+violation[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+statutes,[\\\\s\\\\n]+this[\\\\s\\\\n]+evidence[\\\\s\\\\n]+and[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+related[\\\\s\\\\n]+information,[\\\\s\\\\n]+including[\\\\s\\\\n]+identification[\\\\s\\\\n]+information[\\\\s\\\\n]+about[\\\\s\\\\n]+the[\\\\s\\\\n]+user,[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+provided[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.[\\\\s\\\\n]+If[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+reveals[\\\\s\\\\n]+violations[\\\\s\\\\n]+of[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use,[\\\\s\\\\n]+employees[\\\\s\\\\n]+who[\\\\s\\\\n]+violate[\\\\s\\\\n]+security[\\\\s\\\\n]+regulations[\\\\s\\\\n]+or[\\\\s\\\\n]+make[\\\\s\\\\n]+unauthorized[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+systems[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+appropriate[\\\\s\\\\n]+disciplinary[\\\\s\\\\n]+action\\\\.[\\\\s\\\\n]+Use[\\\\s\\\\n]+of[\\\\s\\\\n]+this[\\\\s\\\\n]+or[\\\\s\\\\n]+any[\\\\s\\\\n]+other[\\\\s\\\\n]+DoD[\\\\s\\\\n]+interest[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+constitutes[\\\\s\\\\n]+consent[\\\\s\\\\n]+to[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+at[\\\\s\\\\n]+all[\\\\s\\\\n]+times\\\\.$', 'usgcb_default': '^\\\\-\\\\-[\\\\s\\\\n]+WARNING[\\\\s\\\\n]+\\\\-\\\\-[\\\\s\\\\n]+This[\\\\s\\\\n]+system[\\\\s\\\\n]+is[\\\\s\\\\n]+for[\\\\s\\\\n]+the[\\\\s\\\\n]+use[\\\\s\\\\n]+of[\\\\s\\\\n]+authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+Individuals[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+computer[\\\\s\\\\n]+system[\\\\s\\\\n]+without[\\\\s\\\\n]+authority[\\\\s\\\\n]+or[\\\\s\\\\n]+in[\\\\s\\\\n]+excess[\\\\s\\\\n]+of[\\\\s\\\\n]+their[\\\\s\\\\n]+authority[\\\\s\\\\n]+are[\\\\s\\\\n]+subject[\\\\s\\\\n]+to[\\\\s\\\\n]+having[\\\\s\\\\n]+all[\\\\s\\\\n]+their[\\\\s\\\\n]+activities[\\\\s\\\\n]+on[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+recorded[\\\\s\\\\n]+by[\\\\s\\\\n]+system[\\\\s\\\\n]+personnel\\\\.[\\\\s\\\\n]+Anyone[\\\\s\\\\n]+using[\\\\s\\\\n]+this[\\\\s\\\\n]+system[\\\\s\\\\n]+expressly[\\\\s\\\\n]+consents[\\\\s\\\\n]+to[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+and[\\\\s\\\\n]+is[\\\\s\\\\n]+advised[\\\\s\\\\n]+that[\\\\s\\\\n]+if[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+reveals[\\\\s\\\\n]+possible[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+criminal[\\\\s\\\\n]+activity[\\\\s\\\\n]+system[\\\\s\\\\n]+personal[\\\\s\\\\n]+may[\\\\s\\\\n]+provide[\\\\s\\\\n]+the[\\\\s\\\\n]+evidence[\\\\s\\\\n]+of[\\\\s\\\\n]+such[\\\\s\\\\n]+monitoring[\\\\s\\\\n]+to[\\\\s\\\\n]+law[\\\\s\\\\n]+enforcement[\\\\s\\\\n]+officials\\\\.$', 'default': '^Authorized[\\\\s\\\\n]+users[\\\\s\\\\n]+only\\\\.[\\\\s\\\\n]+All[\\\\s\\\\n]+activity[\\\\s\\\\n]+may[\\\\s\\\\n]+be[\\\\s\\\\n]+monitored[\\\\s\\\\n]+and[\\\\s\\\\n]+reported\\\\.$'}",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Id_3",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_idle_timeout_value",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Description_3",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify duration of allowed idle time.",
- "remarks": "rule_set_000"
+ "value": "partition_for_tmp",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Value_Alternatives_3",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_minutes': 600, '120_minutes': 7200, '14_minutes': 840, '15_minutes': 900, '30_minutes': 1800, '5_minutes': 300, '60_minutes': 3600, 'default': 300}",
- "remarks": "rule_set_000"
+ "value": "Ensure /tmp Located On Separate Partition",
+ "remarks": "rule_set_006"
},
{
- "name": "Parameter_Id_4",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_max_auth_tries_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Description_4",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of authentication attempts per connection.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Value_Alternatives_4",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 'default': 4}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nodev",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Id_5",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_kex",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /tmp",
+ "remarks": "rule_set_007"
},
{
- "name": "Parameter_Description_5",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms \tthat are used for methods in cryptography by which cryptographic keys are exchanged between two parties",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Value_Alternatives_5",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'pcidss': 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_rhel8': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel9': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_rhel10': '-diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', 'cis_sle12': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_sle15': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256', 'cis_ubuntu2204': 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'cis_ubuntu2404': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256', 'std_openeuler': 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256', 'cis_debian12': 'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256'}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Id_6",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_strong_macs",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_nosuid",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Description_6",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the FIPS approved MACs (Message Authentication Code) algorithms \tthat are used for data integrity protection by the SSH server.",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /tmp",
+ "remarks": "rule_set_008"
},
{
- "name": "Parameter_Value_Alternatives_6",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_rhel8': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel9': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_rhel10': '-hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1-96,umac-64@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,umac-64-etm@openssh.com', 'cis_sle12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', 'cis_sle15': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_tencentos4': 'hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com', 'cis_ubuntu2204': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'cis_ubuntu2404': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', 'stig_rhel9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'stig_ol9': 'hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512', 'cis_debian12': 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'}",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Id_7",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Description_7",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance",
- "remarks": "rule_set_000"
+ "value": "mount_option_tmp_noexec",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Value_Alternatives_7",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /tmp",
+ "remarks": "rule_set_009"
},
{
- "name": "Parameter_Id_8",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Description_8",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Value_Alternatives_8",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "partition_for_dev_shm",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Id_9",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians_value",
- "remarks": "rule_set_000"
+ "value": "Ensure /dev/shm is configured",
+ "remarks": "rule_set_010"
},
{
- "name": "Parameter_Description_9",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
- "remarks": "rule_set_000"
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_011"
},
{
- "name": "Parameter_Value_Alternatives_9",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_011"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "mount_option_dev_shm_nodev",
+ "remarks": "rule_set_011"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Add nodev Option to /dev/shm",
+ "remarks": "rule_set_011"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_012"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_012"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "mount_option_dev_shm_nosuid",
+ "remarks": "rule_set_012"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Add nosuid Option to /dev/shm",
+ "remarks": "rule_set_012"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_013"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_013"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "mount_option_dev_shm_noexec",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Id_10",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter_value",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /dev/shm",
+ "remarks": "rule_set_013"
},
{
- "name": "Parameter_Description_10",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived.",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Value_Alternatives_10",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'enabled': 1, 'loose': 2}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Id_11",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nodev",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Description_11",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packets on all interfaces.",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /home",
+ "remarks": "rule_set_014"
},
{
- "name": "Parameter_Value_Alternatives_11",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Id_12",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Description_12",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable ICMP Redirect Acceptance?",
- "remarks": "rule_set_000"
+ "value": "mount_option_home_nosuid",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Value_Alternatives_12",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /home",
+ "remarks": "rule_set_015"
},
{
- "name": "Parameter_Id_13",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Description_13",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IP source routing?",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Value_Alternatives_13",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nodev",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Id_14",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var",
+ "remarks": "rule_set_016"
},
{
- "name": "Parameter_Description_14",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable so you don't Log Spoofed Packets, Source Routed Packets, Redirect Packets",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Value_Alternatives_14",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Id_15",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_nosuid",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Description_15",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enables source route verification",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var",
+ "remarks": "rule_set_017"
},
{
- "name": "Parameter_Value_Alternatives_15",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Id_16",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Description_16",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure ICMP redirected packages by default.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nodev",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Value_Alternatives_16",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/tmp",
+ "remarks": "rule_set_018"
},
{
- "name": "Parameter_Id_17",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Description_17",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Value_Alternatives_17",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_nosuid",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Id_18",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/tmp",
+ "remarks": "rule_set_019"
},
{
- "name": "Parameter_Description_18",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to prevent unnecessary logging",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Value_Alternatives_18",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Id_19",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_tmp_noexec",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Description_19",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable to turn on TCP SYN Cookie Protection",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/tmp",
+ "remarks": "rule_set_020"
},
{
- "name": "Parameter_Value_Alternatives_19",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 1, 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Id_20",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Description_20",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept all router advertisements?",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nodev",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Value_Alternatives_20",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log",
+ "remarks": "rule_set_021"
},
{
- "name": "Parameter_Id_21",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Description_21",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Value_Alternatives_21",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_nosuid",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Id_22",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log",
+ "remarks": "rule_set_022"
},
{
- "name": "Parameter_Description_22",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Value_Alternatives_22",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Id_23",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_noexec",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Description_23",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle IPv6 Forwarding",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log",
+ "remarks": "rule_set_023"
},
{
- "name": "Parameter_Value_Alternatives_23",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Id_24",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra_value",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Description_24",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Accept default router advertisements by default?",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nodev",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Value_Alternatives_24",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add nodev Option to /var/log/audit",
+ "remarks": "rule_set_024"
},
{
- "name": "Parameter_Id_25",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects_value",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Description_25",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Toggle ICMP Redirect Acceptance By Default",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Value_Alternatives_25",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_nosuid",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Id_26",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route_value",
- "remarks": "rule_set_000"
+ "value": "Add nosuid Option to /var/log/audit",
+ "remarks": "rule_set_025"
},
{
- "name": "Parameter_Description_26",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Value_Alternatives_26",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0', 'disabled': '0', 'enabled': 1}",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Id_27",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_account_disable_post_pw_expiration",
- "remarks": "rule_set_000"
+ "value": "mount_option_var_log_audit_noexec",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Description_27",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days to wait after a password expires, until the account will be permanently disabled.",
- "remarks": "rule_set_000"
+ "value": "Add noexec Option to /var/log/audit",
+ "remarks": "rule_set_026"
},
{
- "name": "Parameter_Value_Alternatives_27",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 180: 180, 30: 30, 35: 35, 40: 40, 45: 45, 60: 60, 90: 90, 'default': 35}",
- "remarks": "rule_set_000"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Id_28",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_maximum_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Description_28",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum age of password in days",
- "remarks": "rule_set_000"
+ "value": "ensure_gpgcheck_globally_activated",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Value_Alternatives_28",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{365: 365, 120: 120, 180: 180, 90: 90, 60: 60, 45: 45, 'default': 60}",
- "remarks": "rule_set_000"
+ "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
+ "remarks": "rule_set_027"
},
{
- "name": "Parameter_Id_29",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_minimum_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Description_29",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum age of password in days",
- "remarks": "rule_set_000"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Value_Alternatives_29",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 'default': 7}",
- "remarks": "rule_set_000"
+ "value": "package_libselinux_installed",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Id_30",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_password_warn_age_login_defs",
- "remarks": "rule_set_000"
+ "value": "Install libselinux Package",
+ "remarks": "rule_set_028"
},
{
- "name": "Parameter_Description_30",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The number of days' warning given before a password expires.",
- "remarks": "rule_set_000"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Value_Alternatives_30",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 14: 14, 10: 10, 7: 7, 'default': 7}",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Id_31",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_000"
+ "value": "grub2_enable_selinux",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Description_31",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Number of failed login attempts before account lockout",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux Not Disabled in /etc/default/grub",
+ "remarks": "rule_set_029"
},
{
- "name": "Parameter_Value_Alternatives_31",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Id_32",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_dir",
- "remarks": "rule_set_000"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Description_32",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The directory where the user files with the failure records are kept",
- "remarks": "rule_set_000"
+ "value": "selinux_policytype",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Value_Alternatives_32",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'ol8': '/var/log/faillock', 'default': '/var/log/faillock', 'run': '/var/run/faillock'}",
- "remarks": "rule_set_000"
+ "value": "Configure SELinux Policy",
+ "remarks": "rule_set_030"
},
{
- "name": "Parameter_Id_33",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_000"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Description_33",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Value_Alternatives_33",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}",
- "remarks": "rule_set_000"
+ "value": "selinux_not_disabled",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Id_34",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_tmout",
- "remarks": "rule_set_000"
+ "value": "Ensure SELinux is Not Disabled",
+ "remarks": "rule_set_031"
},
{
- "name": "Parameter_Description_34",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does not arrive.",
- "remarks": "rule_set_000"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Value_Alternatives_34",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'30_min': 1800, '10_min': 600, '15_min': 900, '5_min': 300, 'default': 600}",
- "remarks": "rule_set_000"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Id_35",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_accounts_user_umask",
- "remarks": "rule_set_000"
+ "value": "package_mcstrans_removed",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Description_35",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enter default user umask",
- "remarks": "rule_set_000"
+ "value": "Uninstall mcstrans Package",
+ "remarks": "rule_set_032"
},
{
- "name": "Parameter_Value_Alternatives_35",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'007': '007', '022': '022', '027': '027', '077': '077', 'default': '027'}",
- "remarks": "rule_set_000"
+ "value": "grub2_password",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Id_36",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_audit_backlog_limit",
- "remarks": "rule_set_000"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Description_36",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Value of the audit_backlog_limit argument in GRUB 2 configuration. The audit_backlog_limit parameter determines how auditd records can be held in the auditd backlog.",
- "remarks": "rule_set_000"
+ "value": "grub2_password",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Value_Alternatives_36",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 8192, 8192: 8192}",
- "remarks": "rule_set_000"
+ "value": "Set Boot Loader Password in grub2",
+ "remarks": "rule_set_033"
},
{
- "name": "Parameter_Id_37",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_action_mail_acct",
- "remarks": "rule_set_000"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Description_37",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for action_mail_acct in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Value_Alternatives_37",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'admin': 'admin', 'default': 'root', 'root': 'root'}",
- "remarks": "rule_set_000"
+ "value": "file_permissions_boot_grub2",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Id_38",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_admin_space_left_action",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must have mode 0600 or more restrictive",
+ "remarks": "rule_set_034"
},
{
- "name": "Parameter_Description_38",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for admin_space_left_action in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Value_Alternatives_38",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Id_39",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_error_action",
- "remarks": "rule_set_000"
+ "value": "file_owner_boot_grub2",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Description_39",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be owned by root",
+ "remarks": "rule_set_035"
},
{
- "name": "Parameter_Value_Alternatives_39",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'syslog|single|halt', 'cis_rhel10': 'syslog|single|halt', 'cis_ubuntu2204': 'syslog|single|halt', 'cis_ubuntu2404': 'syslog|single|halt', 'cis_debian12': 'syslog|single|halt'}",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Id_40",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_disk_full_action",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Description_40",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in \"syslog|single|halt\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_boot_grub2",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Value_Alternatives_40",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore', 'rotate': 'rotate', 'ol8': 'syslog|single|halt', 'rhel8': 'syslog|single|halt', 'cis_rhel8': 'syslog|single|halt', 'cis_rhel9': 'halt|single', 'cis_rhel10': 'halt|single', 'cis_ubuntu2204': 'halt|single', 'cis_ubuntu2404': 'halt|single', 'cis_debian12': 'halt|single'}",
- "remarks": "rule_set_000"
+ "value": "All GRUB configuration files must be group-owned by root",
+ "remarks": "rule_set_036"
},
{
- "name": "Parameter_Id_41",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file",
- "remarks": "rule_set_000"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Description_41",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Value_Alternatives_41",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 10: 10, 20: 20, 5: 5, 6: 6, 8: 8, 'default': 6}",
- "remarks": "rule_set_000"
+ "value": "disable_users_coredumps",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Id_42",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_max_log_file_action",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for All Users",
+ "remarks": "rule_set_037"
},
{
- "name": "Parameter_Description_42",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Value_Alternatives_42",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'rotate', 'keep_logs': 'keep_logs', 'rotate': 'rotate', 'suspend': 'suspend', 'syslog': 'syslog', 'ignore': 'ignore'}",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Id_43",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_auditd_space_left_action",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_hardlinks",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Description_43",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for space_left_action in /etc/audit/auditd.conf",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Hardlinks",
+ "remarks": "rule_set_038"
},
{
- "name": "Parameter_Value_Alternatives_43",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Id_44",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_multiple_time_servers",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Description_44",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The list of vendor-approved time servers",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_protected_symlinks",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Value_Alternatives_44",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'generic': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'stig': '0.us.pool.ntp.mil', 'fedora': '0.fedora.pool.ntp.org,1.fedora.pool.ntp.org,2.fedora.pool.ntp.org,3.fedora.pool.ntp.org', 'rhel': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ol': '0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org', 'suse': '0.suse.pool.ntp.org,1.suse.pool.ntp.org,2.suse.pool.ntp.org,3.suse.pool.ntp.org', 'alinux': '0.ntp.cloud.aliyuncs.com,1.ntp.aliyun.com,2.ntp1.aliyun.com,3.ntp1.cloud.aliyuncs.com', 'amazon': '0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org', 'ubuntu': '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org', 'almalinux': '0.almalinux.pool.ntp.org,1.almalinux.pool.ntp.org,2.almalinux.pool.ntp.org,3.almalinux.pool.ntp.org', 'debian': '0.debian.pool.ntp.org,1.debian.pool.ntp.org,2.debian.pool.ntp.org,3.debian.pool.ntp.org', 'nist': 'time.nist.gov,time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov'}",
- "remarks": "rule_set_000"
+ "value": "Enable Kernel Parameter to Enforce DAC on Symlinks",
+ "remarks": "rule_set_039"
},
{
- "name": "Parameter_Id_45",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_pam_wheel_group_for_su",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Description_45",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Value_Alternatives_45",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sugroup', 'cis': 'sugroup'}",
- "remarks": "rule_set_000"
+ "value": "sysctl_fs_suid_dumpable",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Id_46",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm",
- "remarks": "rule_set_000"
+ "value": "Disable Core Dumps for SUID programs",
+ "remarks": "rule_set_040"
},
{
- "name": "Parameter_Description_46",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Value_Alternatives_46",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
- "remarks": "rule_set_000"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Id_47",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_hashing_algorithm_pam",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_dmesg_restrict",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Description_47",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.",
- "remarks": "rule_set_000"
+ "value": "Restrict Access to Kernel Message Buffer",
+ "remarks": "rule_set_041"
},
{
- "name": "Parameter_Value_Alternatives_47",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt', 'cis_rhel10': 'yescrypt|sha512'}",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Id_48",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_dictcheck",
- "remarks": "rule_set_000"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Description_48",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent the use of dictionary words for passwords.",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_kptr_restrict",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Value_Alternatives_48",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 'default': 1}",
- "remarks": "rule_set_000"
+ "value": "Restrict Exposed Kernel Pointer Addresses Access",
+ "remarks": "rule_set_042"
},
{
- "name": "Parameter_Id_49",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_difok",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Description_49",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters not present in old password",
- "remarks": "rule_set_000"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Value_Alternatives_49",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{15: 15, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 'default': 8}",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_yama_ptrace_scope",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Id_50",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_maxrepeat",
- "remarks": "rule_set_000"
+ "value": "Restrict usage of ptrace to descendant processes",
+ "remarks": "rule_set_043"
},
{
- "name": "Parameter_Description_50",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Maximum Number of Consecutive Repeating Characters in a Password",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Value_Alternatives_50",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Id_51",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minclass",
- "remarks": "rule_set_000"
+ "value": "sysctl_kernel_randomize_va_space",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Description_51",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of categories of characters that must exist in a password",
- "remarks": "rule_set_000"
+ "value": "Enable Randomized Layout of Virtual Address Space",
+ "remarks": "rule_set_044"
},
{
- "name": "Parameter_Value_Alternatives_51",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Id_52",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_minlen",
- "remarks": "rule_set_000"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Description_52",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Minimum number of characters in password",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_backtraces",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Value_Alternatives_52",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}",
- "remarks": "rule_set_000"
+ "value": "Disable core dump backtraces",
+ "remarks": "rule_set_045"
},
{
- "name": "Parameter_Id_53",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Description_53",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent password reuse using password history lookup",
- "remarks": "rule_set_000"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Value_Alternatives_53",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'0': '0', 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 24: 24, 'default': 5}",
- "remarks": "rule_set_000"
+ "value": "coredump_disable_storage",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Id_54",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_password_pam_remember_control_flag",
- "remarks": "rule_set_000"
+ "value": "Disable storing core dump",
+ "remarks": "rule_set_046"
},
{
- "name": "Parameter_Description_54",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in \"required,requisite\", for remediations the first value will be taken'",
- "remarks": "rule_set_000"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Value_Alternatives_54",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'required': 'required', 'optional': 'optional', 'requisite': 'requisite', 'sufficient': 'sufficient', 'binding': 'binding', 'ol8': 'required,requisite', 'requisite_or_required': 'requisite,required', 'default': 'requisite'}",
- "remarks": "rule_set_000"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Id_55",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_postfix_inet_interfaces",
- "remarks": "rule_set_000"
+ "value": "configure_custom_crypto_policy_cis",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Description_55",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "The setting for inet_interfaces in /etc/postfix/main.cf",
- "remarks": "rule_set_000"
+ "value": "Implement Custom Crypto Policy Modules for CIS Benchmark",
+ "remarks": "rule_set_047"
},
{
- "name": "Parameter_Value_Alternatives_55",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'loopback-only': 'loopback-only', 'default': 'loopback-only', 'localhost': 'localhost'}",
- "remarks": "rule_set_000"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Id_56",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_screensaver_lock_delay",
- "remarks": "rule_set_000"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Description_56",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt",
- "remarks": "rule_set_000"
+ "value": "banner_etc_motd_cis",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Value_Alternatives_56",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'10_seconds': 10, '5_seconds': 5, 'default': '0', 'immediate': '0'}",
- "remarks": "rule_set_000"
+ "value": "Ensure Message Of The Day Is Configured Properly",
+ "remarks": "rule_set_048"
},
{
- "name": "Parameter_Id_57",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_policy_name",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Description_57",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
mls - Multiple levels of security",
- "remarks": "rule_set_000"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Value_Alternatives_57",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'targeted', 'mls': 'mls', 'targeted': 'targeted'}",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_cis",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Id_58",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_selinux_state",
- "remarks": "rule_set_000"
+ "value": "Ensure Local Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_049"
},
{
- "name": "Parameter_Description_58",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Value_Alternatives_58",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'enforcing', 'disabled': 'disabled', 'enforcing': 'enforcing', 'permissive': 'permissive'}",
- "remarks": "rule_set_000"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Id_59",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_max_sessions",
- "remarks": "rule_set_000"
+ "value": "banner_etc_issue_net_cis",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Description_59",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of open sessions permitted.",
- "remarks": "rule_set_000"
+ "value": "Ensure Remote Login Warning Banner Is Configured Properly",
+ "remarks": "rule_set_050"
},
{
- "name": "Parameter_Value_Alternatives_59",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 4: 4, 3: 3, 2: 2, 1: 1, 0: 0, 'default': 10}",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Id_60",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_keepalive",
- "remarks": "rule_set_000"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Description_60",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the maximum number of idle message counts before session is terminated.",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_etc_motd",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Value_Alternatives_60",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{10: 10, 3: 3, 5: 5, 0: 0, 1: 1, 'default': 0}",
- "remarks": "rule_set_000"
+ "value": "Verify Group Ownership of Message of the Day Banner",
+ "remarks": "rule_set_051"
},
{
- "name": "Parameter_Id_61",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_login_grace_time",
- "remarks": "rule_set_000"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Description_61",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for how long the servers stays connected before the user has successfully logged in",
- "remarks": "rule_set_000"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Value_Alternatives_61",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 60, 60: 60}",
- "remarks": "rule_set_000"
+ "value": "file_owner_etc_motd",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Id_62",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_sshd_set_maxstartups",
- "remarks": "rule_set_000"
+ "value": "Verify ownership of Message of the Day Banner",
+ "remarks": "rule_set_052"
},
{
- "name": "Parameter_Description_62",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.",
- "remarks": "rule_set_000"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Value_Alternatives_62",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '10:30:100', '10:30:60': '10:30:60'}",
- "remarks": "rule_set_000"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Id_63",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_system_crypto_policy",
- "remarks": "rule_set_000"
+ "value": "file_permissions_etc_motd",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Description_63",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Specify the crypto policy for the system.",
- "remarks": "rule_set_000"
+ "value": "Verify permissions on Message of the Day Banner",
+ "remarks": "rule_set_053"
},
{
- "name": "Parameter_Value_Alternatives_63",
+ "name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'DEFAULT', 'default_policy': 'DEFAULT', 'default_nosha1': 'DEFAULT:NO-SHA1', 'fips': 'FIPS', 'fips_ospp': 'FIPS:OSPP', 'fips_stig': 'FIPS:STIG', 'legacy': 'LEGACY', 'future': 'FUTURE', 'next': 'NEXT'}",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_054"
},
{
- "name": "Parameter_Id_64",
+ "name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "var_user_initialization_files_regex",
- "remarks": "rule_set_000"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_054"
},
{
- "name": "Parameter_Description_64",
+ "name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "'A regular expression describing a list of file names for files that are sourced at login time for interactive users'",
- "remarks": "rule_set_000"
+ "value": "file_groupowner_etc_issue",
+ "remarks": "rule_set_054"
},
{
- "name": "Parameter_Value_Alternatives_64",
+ "name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': '^(\\\\.bashrc|\\\\.zshrc|\\\\.cshrc|\\\\.profile|\\\\.bash_login|\\\\.bash_profile)$', 'all_dotfiles': '^\\\\.[\\\\w\\\\- ]+$'}",
- "remarks": "rule_set_000"
+ "value": "Verify Group Ownership of System Login Banner",
+ "remarks": "rule_set_054"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_cramfs_disabled",
- "remarks": "rule_set_001"
+ "value": "file_owner_etc_issue",
+ "remarks": "rule_set_055"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of cramfs",
- "remarks": "rule_set_001"
+ "value": "Verify ownership of System Login Banner",
+ "remarks": "rule_set_055"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_freevxfs_disabled",
- "remarks": "rule_set_002"
+ "value": "file_permissions_etc_issue",
+ "remarks": "rule_set_056"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of freevxfs",
- "remarks": "rule_set_002"
+ "value": "Verify permissions on System Login Banner",
+ "remarks": "rule_set_056"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfs_disabled",
- "remarks": "rule_set_003"
+ "value": "file_groupowner_etc_issue_net",
+ "remarks": "rule_set_057"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfs",
- "remarks": "rule_set_003"
+ "value": "Verify Group Ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_057"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_hfsplus_disabled",
- "remarks": "rule_set_004"
+ "value": "file_owner_etc_issue_net",
+ "remarks": "rule_set_058"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of hfsplus",
- "remarks": "rule_set_004"
+ "value": "Verify ownership of System Login Banner for Remote Connections",
+ "remarks": "rule_set_058"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_jffs2_disabled",
- "remarks": "rule_set_005"
+ "value": "file_permissions_etc_issue_net",
+ "remarks": "rule_set_059"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of jffs2",
- "remarks": "rule_set_005"
+ "value": "Verify permissions on System Login Banner for Remote Connections",
+ "remarks": "rule_set_059"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_006"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_006"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_tmp",
- "remarks": "rule_set_006"
+ "value": "dconf_gnome_banner_enabled",
+ "remarks": "rule_set_060"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /tmp Located On Separate Partition",
- "remarks": "rule_set_006"
+ "value": "Enable GNOME3 Login Warning Banner",
+ "remarks": "rule_set_060"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_007"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_007"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nodev",
- "remarks": "rule_set_007"
+ "value": "dconf_gnome_login_banner_text",
+ "remarks": "rule_set_061"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /tmp",
- "remarks": "rule_set_007"
+ "value": "Set the GNOME3 Login Warning Banner Text",
+ "remarks": "rule_set_061"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_008"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_008"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_nosuid",
- "remarks": "rule_set_008"
+ "value": "dconf_gnome_disable_user_list",
+ "remarks": "rule_set_062"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /tmp",
- "remarks": "rule_set_008"
+ "value": "Disable the GNOME3 Login User List",
+ "remarks": "rule_set_062"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_009"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_tmp_noexec",
- "remarks": "rule_set_009"
+ "value": "dconf_gnome_screensaver_idle_delay",
+ "remarks": "rule_set_063"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /tmp",
- "remarks": "rule_set_009"
+ "value": "Set GNOME3 Screensaver Inactivity Timeout",
+ "remarks": "rule_set_063"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_010"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_010"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_dev_shm",
- "remarks": "rule_set_010"
+ "value": "dconf_gnome_screensaver_lock_delay",
+ "remarks": "rule_set_064"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /dev/shm is configured",
- "remarks": "rule_set_010"
+ "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
+ "remarks": "rule_set_064"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_011"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_011"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nodev",
- "remarks": "rule_set_011"
+ "value": "dconf_gnome_session_idle_user_locks",
+ "remarks": "rule_set_065"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /dev/shm",
- "remarks": "rule_set_011"
+ "value": "Ensure Users Cannot Change GNOME3 Session Idle Settings",
+ "remarks": "rule_set_065"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_012"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_012"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_nosuid",
- "remarks": "rule_set_012"
+ "value": "dconf_gnome_screensaver_user_locks",
+ "remarks": "rule_set_066"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /dev/shm",
- "remarks": "rule_set_012"
+ "value": "Ensure Users Cannot Change GNOME3 Screensaver Settings",
+ "remarks": "rule_set_066"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_013"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_dev_shm_noexec",
- "remarks": "rule_set_013"
+ "value": "dconf_gnome_disable_autorun",
+ "remarks": "rule_set_067"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /dev/shm",
- "remarks": "rule_set_013"
+ "value": "Disable GNOME3 Automount running",
+ "remarks": "rule_set_067"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_014"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_014"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nodev",
- "remarks": "rule_set_014"
+ "value": "package_kea_removed",
+ "remarks": "rule_set_068"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /home",
- "remarks": "rule_set_014"
+ "value": "Uninstall kea Package",
+ "remarks": "rule_set_068"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_015"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_015"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_home_nosuid",
- "remarks": "rule_set_015"
+ "value": "package_bind_removed",
+ "remarks": "rule_set_069"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /home",
- "remarks": "rule_set_015"
+ "value": "Uninstall bind Package",
+ "remarks": "rule_set_069"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_016"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_016"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nodev",
- "remarks": "rule_set_016"
+ "value": "package_dnsmasq_removed",
+ "remarks": "rule_set_070"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var",
- "remarks": "rule_set_016"
+ "value": "Uninstall dnsmasq Package",
+ "remarks": "rule_set_070"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_017"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_017"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_nosuid",
- "remarks": "rule_set_017"
+ "value": "package_vsftpd_removed",
+ "remarks": "rule_set_071"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var",
- "remarks": "rule_set_017"
+ "value": "Uninstall vsftpd Package",
+ "remarks": "rule_set_071"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_018"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_018"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nodev",
- "remarks": "rule_set_018"
+ "value": "package_dovecot_removed",
+ "remarks": "rule_set_072"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/tmp",
- "remarks": "rule_set_018"
+ "value": "Uninstall dovecot Package",
+ "remarks": "rule_set_072"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_019"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_019"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_nosuid",
- "remarks": "rule_set_019"
+ "value": "package_cyrus-imapd_removed",
+ "remarks": "rule_set_073"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/tmp",
- "remarks": "rule_set_019"
+ "value": "Uninstall cyrus-imapd Package",
+ "remarks": "rule_set_073"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_020"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_tmp_noexec",
- "remarks": "rule_set_020"
+ "value": "service_nfs_disabled",
+ "remarks": "rule_set_074"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/tmp",
- "remarks": "rule_set_020"
+ "value": "Disable Network File System (nfs)",
+ "remarks": "rule_set_074"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_021"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_021"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nodev",
- "remarks": "rule_set_021"
+ "value": "service_rpcbind_disabled",
+ "remarks": "rule_set_075"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log",
- "remarks": "rule_set_021"
+ "value": "Disable rpcbind Service",
+ "remarks": "rule_set_075"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_022"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_022"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_nosuid",
- "remarks": "rule_set_022"
+ "value": "package_rsync_removed",
+ "remarks": "rule_set_076"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log",
- "remarks": "rule_set_022"
+ "value": "Uninstall rsync Package",
+ "remarks": "rule_set_076"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_023"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_noexec",
- "remarks": "rule_set_023"
+ "value": "package_samba_removed",
+ "remarks": "rule_set_077"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log",
- "remarks": "rule_set_023"
+ "value": "Uninstall Samba Package",
+ "remarks": "rule_set_077"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_024"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_024"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nodev",
- "remarks": "rule_set_024"
+ "value": "package_net-snmp_removed",
+ "remarks": "rule_set_078"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nodev Option to /var/log/audit",
- "remarks": "rule_set_024"
+ "value": "Uninstall net-snmp Package",
+ "remarks": "rule_set_078"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_025"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_025"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_nosuid",
- "remarks": "rule_set_025"
+ "value": "package_telnet-server_removed",
+ "remarks": "rule_set_079"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add nosuid Option to /var/log/audit",
- "remarks": "rule_set_025"
+ "value": "Uninstall telnet-server Package",
+ "remarks": "rule_set_079"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_026"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "mount_option_var_log_audit_noexec",
- "remarks": "rule_set_026"
+ "value": "package_tftp-server_removed",
+ "remarks": "rule_set_080"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Add noexec Option to /var/log/audit",
- "remarks": "rule_set_026"
+ "value": "Uninstall tftp-server Package",
+ "remarks": "rule_set_080"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_027"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_027"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_gpgcheck_globally_activated",
- "remarks": "rule_set_027"
+ "value": "package_squid_removed",
+ "remarks": "rule_set_081"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure gpgcheck Enabled In Main dnf Configuration",
- "remarks": "rule_set_027"
+ "value": "Uninstall squid Package",
+ "remarks": "rule_set_081"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_028"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_028"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_libselinux_installed",
- "remarks": "rule_set_028"
+ "value": "package_httpd_removed",
+ "remarks": "rule_set_082"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install libselinux Package",
- "remarks": "rule_set_028"
+ "value": "Uninstall httpd Package",
+ "remarks": "rule_set_082"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_029"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_029"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_enable_selinux",
- "remarks": "rule_set_029"
+ "value": "package_nginx_removed",
+ "remarks": "rule_set_083"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux Not Disabled in /etc/default/grub",
- "remarks": "rule_set_029"
+ "value": "Uninstall nginx Package",
+ "remarks": "rule_set_083"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_030"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_030"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_policytype",
- "remarks": "rule_set_030"
+ "value": "postfix_network_listening_disabled",
+ "remarks": "rule_set_084"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure SELinux Policy",
- "remarks": "rule_set_030"
+ "value": "Disable Postfix Network Listening",
+ "remarks": "rule_set_084"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_031"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_031"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_not_disabled",
- "remarks": "rule_set_031"
+ "value": "has_nonlocal_mta",
+ "remarks": "rule_set_085"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux is Not Disabled",
- "remarks": "rule_set_031"
+ "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
+ "remarks": "rule_set_085"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_032"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_032"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_mcstrans_removed",
- "remarks": "rule_set_032"
+ "value": "package_ftp_removed",
+ "remarks": "rule_set_086"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall mcstrans Package",
- "remarks": "rule_set_032"
+ "value": "Remove ftp Package",
+ "remarks": "rule_set_086"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_033"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_033"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_password",
- "remarks": "rule_set_033"
+ "value": "package_telnet_removed",
+ "remarks": "rule_set_087"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Boot Loader Password in grub2",
- "remarks": "rule_set_033"
+ "value": "Remove telnet Clients",
+ "remarks": "rule_set_087"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_034"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_034"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg",
- "remarks": "rule_set_034"
+ "value": "package_tftp_removed",
+ "remarks": "rule_set_088"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Group Ownership",
- "remarks": "rule_set_034"
+ "value": "Remove tftp Daemon",
+ "remarks": "rule_set_088"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_035"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_035"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg",
- "remarks": "rule_set_035"
+ "value": "chronyd_specify_remote_server",
+ "remarks": "rule_set_089"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg User Ownership",
- "remarks": "rule_set_035"
+ "value": "A remote time server for Chrony is configured",
+ "remarks": "rule_set_089"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_036"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_036"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg",
- "remarks": "rule_set_036"
+ "value": "chronyd_run_as_chrony_user",
+ "remarks": "rule_set_090"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/grub.cfg Permissions",
- "remarks": "rule_set_036"
+ "value": "Ensure that chronyd is running under chrony user account",
+ "remarks": "rule_set_090"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_037"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Install the cron service",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg",
- "remarks": "rule_set_037"
+ "value": "package_cron_installed",
+ "remarks": "rule_set_091"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Group Ownership",
- "remarks": "rule_set_037"
+ "value": "Install the cron service",
+ "remarks": "rule_set_091"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_038"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg",
- "remarks": "rule_set_038"
+ "value": "service_crond_enabled",
+ "remarks": "rule_set_092"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg User Ownership",
- "remarks": "rule_set_038"
+ "value": "Enable cron Service",
+ "remarks": "rule_set_092"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_039"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg",
- "remarks": "rule_set_039"
+ "value": "file_groupowner_crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify /boot/grub2/user.cfg Permissions",
- "remarks": "rule_set_039"
+ "value": "Verify Group Who Owns Crontab",
+ "remarks": "rule_set_093"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_040"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_040"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy",
- "remarks": "rule_set_040"
+ "value": "file_owner_crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure System Cryptography Policy",
- "remarks": "rule_set_040"
+ "value": "Verify Owner on crontab",
+ "remarks": "rule_set_094"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_041"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_041"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_motd_cis",
- "remarks": "rule_set_041"
+ "value": "file_permissions_crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Message Of The Day Is Configured Properly",
- "remarks": "rule_set_041"
+ "value": "Verify Permissions on crontab",
+ "remarks": "rule_set_095"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_042"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_042"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_cis",
- "remarks": "rule_set_042"
+ "value": "file_groupowner_cron_hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Local Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_042"
+ "value": "Verify Group Who Owns cron.hourly",
+ "remarks": "rule_set_096"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_043"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_043"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "banner_etc_issue_net_cis",
- "remarks": "rule_set_043"
+ "value": "file_owner_cron_hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Remote Login Warning Banner Is Configured Properly",
- "remarks": "rule_set_043"
+ "value": "Verify Owner on cron.hourly",
+ "remarks": "rule_set_097"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_044"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_044"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_motd",
- "remarks": "rule_set_044"
+ "value": "file_permissions_cron_hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of Message of the Day Banner",
- "remarks": "rule_set_044"
+ "value": "Verify Permissions on cron.hourly",
+ "remarks": "rule_set_098"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_045"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_045"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_motd",
- "remarks": "rule_set_045"
+ "value": "file_groupowner_cron_daily",
+ "remarks": "rule_set_099"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of Message of the Day Banner",
- "remarks": "rule_set_045"
+ "value": "Verify Group Who Owns cron.daily",
+ "remarks": "rule_set_099"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_046"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_046"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_motd",
- "remarks": "rule_set_046"
+ "value": "file_owner_cron_daily",
+ "remarks": "rule_set_100"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on Message of the Day Banner",
- "remarks": "rule_set_046"
+ "value": "Verify Owner on cron.daily",
+ "remarks": "rule_set_100"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_047"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_047"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue",
- "remarks": "rule_set_047"
+ "value": "file_permissions_cron_daily",
+ "remarks": "rule_set_101"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner",
- "remarks": "rule_set_047"
+ "value": "Verify Permissions on cron.daily",
+ "remarks": "rule_set_101"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_048"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_048"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue",
- "remarks": "rule_set_048"
+ "value": "file_groupowner_cron_weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner",
- "remarks": "rule_set_048"
+ "value": "Verify Group Who Owns cron.weekly",
+ "remarks": "rule_set_102"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_049"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_049"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue",
- "remarks": "rule_set_049"
+ "value": "file_owner_cron_weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner",
- "remarks": "rule_set_049"
+ "value": "Verify Owner on cron.weekly",
+ "remarks": "rule_set_103"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_050"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_050"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_issue_net",
- "remarks": "rule_set_050"
+ "value": "file_permissions_cron_weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_050"
+ "value": "Verify Permissions on cron.weekly",
+ "remarks": "rule_set_104"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_051"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_051"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_issue_net",
- "remarks": "rule_set_051"
+ "value": "file_groupowner_cron_monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify ownership of System Login Banner for Remote Connections",
- "remarks": "rule_set_051"
+ "value": "Verify Group Who Owns cron.monthly",
+ "remarks": "rule_set_105"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_052"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_052"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_issue_net",
- "remarks": "rule_set_052"
+ "value": "file_owner_cron_monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify permissions on System Login Banner for Remote Connections",
- "remarks": "rule_set_052"
+ "value": "Verify Owner on cron.monthly",
+ "remarks": "rule_set_106"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_053"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_053"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_banner_enabled",
- "remarks": "rule_set_053"
+ "value": "file_permissions_cron_monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable GNOME3 Login Warning Banner",
- "remarks": "rule_set_053"
+ "value": "Verify Permissions on cron.monthly",
+ "remarks": "rule_set_107"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_054"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_054"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_login_banner_text",
- "remarks": "rule_set_054"
+ "value": "file_groupowner_cron_yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set the GNOME3 Login Warning Banner Text",
- "remarks": "rule_set_054"
+ "value": "Verify Group Who Owns cron.yearly",
+ "remarks": "rule_set_108"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_055"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_055"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_user_list",
- "remarks": "rule_set_055"
+ "value": "file_owner_cron_yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the GNOME3 Login User List",
- "remarks": "rule_set_055"
+ "value": "Verify Owner on cron.yearly",
+ "remarks": "rule_set_109"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_056"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_056"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_idle_delay",
- "remarks": "rule_set_056"
+ "value": "file_permissions_cron_yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Inactivity Timeout",
- "remarks": "rule_set_056"
+ "value": "Verify Permissions on cron.yearly",
+ "remarks": "rule_set_110"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_057"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_057"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_screensaver_lock_delay",
- "remarks": "rule_set_057"
+ "value": "file_groupowner_cron_d",
+ "remarks": "rule_set_111"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set GNOME3 Screensaver Lock Delay After Activation Period",
- "remarks": "rule_set_057"
+ "value": "Verify Group Who Owns cron.d",
+ "remarks": "rule_set_111"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_058"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_058"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_autorun",
- "remarks": "rule_set_058"
+ "value": "file_owner_cron_d",
+ "remarks": "rule_set_112"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount running",
- "remarks": "rule_set_058"
+ "value": "Verify Owner on cron.d",
+ "remarks": "rule_set_112"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_059"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_059"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_kea_removed",
- "remarks": "rule_set_059"
+ "value": "file_permissions_cron_d",
+ "remarks": "rule_set_113"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall kea Package",
- "remarks": "rule_set_059"
+ "value": "Verify Permissions on cron.d",
+ "remarks": "rule_set_113"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_060"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_060"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_bind_removed",
- "remarks": "rule_set_060"
+ "value": "file_cron_deny_not_exist",
+ "remarks": "rule_set_114"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall bind Package",
- "remarks": "rule_set_060"
+ "value": "Ensure that /etc/cron.deny does not exist",
+ "remarks": "rule_set_114"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_061"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_061"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dnsmasq_removed",
- "remarks": "rule_set_061"
+ "value": "file_cron_allow_exists",
+ "remarks": "rule_set_115"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dnsmasq Package",
- "remarks": "rule_set_061"
+ "value": "Ensure that /etc/cron.allow exists",
+ "remarks": "rule_set_115"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_062"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_062"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_vsftpd_removed",
- "remarks": "rule_set_062"
+ "value": "file_groupowner_cron_allow",
+ "remarks": "rule_set_116"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall vsftpd Package",
- "remarks": "rule_set_062"
+ "value": "Verify Group Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_116"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_063"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_063"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_dovecot_removed",
- "remarks": "rule_set_063"
+ "value": "file_owner_cron_allow",
+ "remarks": "rule_set_117"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall dovecot Package",
- "remarks": "rule_set_063"
+ "value": "Verify User Who Owns /etc/cron.allow file",
+ "remarks": "rule_set_117"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_064"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_064"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cyrus-imapd_removed",
- "remarks": "rule_set_064"
+ "value": "file_permissions_cron_allow",
+ "remarks": "rule_set_118"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall cyrus-imapd Package",
- "remarks": "rule_set_064"
+ "value": "Verify Permissions on /etc/cron.allow file",
+ "remarks": "rule_set_118"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_065"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_065"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nfs_disabled",
- "remarks": "rule_set_065"
+ "value": "file_at_deny_not_exist",
+ "remarks": "rule_set_119"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Network File System (nfs)",
- "remarks": "rule_set_065"
+ "value": "Ensure that /etc/at.deny does not exist",
+ "remarks": "rule_set_119"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_066"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_066"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_rpcbind_disabled",
- "remarks": "rule_set_066"
+ "value": "file_at_allow_exists",
+ "remarks": "rule_set_120"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable rpcbind Service",
- "remarks": "rule_set_066"
+ "value": "Ensure that /etc/at.allow exists",
+ "remarks": "rule_set_120"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_067"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_067"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_rsync_removed",
- "remarks": "rule_set_067"
+ "value": "file_groupowner_at_allow",
+ "remarks": "rule_set_121"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall rsync Package",
- "remarks": "rule_set_067"
+ "value": "Verify Group Who Owns /etc/at.allow file",
+ "remarks": "rule_set_121"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_068"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_068"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_samba_removed",
- "remarks": "rule_set_068"
+ "value": "file_owner_at_allow",
+ "remarks": "rule_set_122"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall Samba Package",
- "remarks": "rule_set_068"
+ "value": "Verify User Who Owns /etc/at.allow file",
+ "remarks": "rule_set_122"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_069"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_069"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_net-snmp_removed",
- "remarks": "rule_set_069"
+ "value": "file_permissions_at_allow",
+ "remarks": "rule_set_123"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall net-snmp Package",
- "remarks": "rule_set_069"
+ "value": "Verify Permissions on /etc/at.allow file",
+ "remarks": "rule_set_123"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_070"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_070"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet-server_removed",
- "remarks": "rule_set_070"
+ "value": "kernel_module_atm_disabled",
+ "remarks": "rule_set_124"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall telnet-server Package",
- "remarks": "rule_set_070"
+ "value": "Disable ATM Support",
+ "remarks": "rule_set_124"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_071"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_071"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp-server_removed",
- "remarks": "rule_set_071"
+ "value": "kernel_module_can_disabled",
+ "remarks": "rule_set_125"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall tftp-server Package",
- "remarks": "rule_set_071"
+ "value": "Disable CAN Support",
+ "remarks": "rule_set_125"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_072"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_072"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_squid_removed",
- "remarks": "rule_set_072"
+ "value": "kernel_module_dccp_disabled",
+ "remarks": "rule_set_126"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall squid Package",
- "remarks": "rule_set_072"
+ "value": "Disable DCCP Support",
+ "remarks": "rule_set_126"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_073"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_073"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_httpd_removed",
- "remarks": "rule_set_073"
+ "value": "kernel_module_tipc_disabled",
+ "remarks": "rule_set_127"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall httpd Package",
- "remarks": "rule_set_073"
+ "value": "Disable TIPC Support",
+ "remarks": "rule_set_127"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_074"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_074"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nginx_removed",
- "remarks": "rule_set_074"
+ "value": "kernel_module_rds_disabled",
+ "remarks": "rule_set_128"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Uninstall nginx Package",
- "remarks": "rule_set_074"
+ "value": "Disable RDS Support",
+ "remarks": "rule_set_128"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_075"
+ "value": "sysctl_net_ipv4_ip_forward",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_075"
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "postfix_network_listening_disabled",
- "remarks": "rule_set_075"
+ "value": "sysctl_net_ipv4_ip_forward",
+ "remarks": "rule_set_129"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Postfix Network Listening",
- "remarks": "rule_set_075"
+ "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
+ "remarks": "rule_set_129"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_076"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_076"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "has_nonlocal_mta",
- "remarks": "rule_set_076"
+ "value": "sysctl_net_ipv4_conf_all_forwarding",
+ "remarks": "rule_set_130"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Mail Transfer Agent is not Listening on any non-loopback Address",
- "remarks": "rule_set_076"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces",
+ "remarks": "rule_set_130"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_077"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_077"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_ftp_removed",
- "remarks": "rule_set_077"
+ "value": "sysctl_net_ipv4_conf_default_forwarding",
+ "remarks": "rule_set_131"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove ftp Package",
- "remarks": "rule_set_077"
+ "value": "Disable Kernel Parameter for IPv4 Forwarding By Default",
+ "remarks": "rule_set_131"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_078"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_078"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_telnet_removed",
- "remarks": "rule_set_078"
+ "value": "sysctl_net_ipv4_conf_all_send_redirects",
+ "remarks": "rule_set_132"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove telnet Clients",
- "remarks": "rule_set_078"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_132"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_079"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_079"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_tftp_removed",
- "remarks": "rule_set_079"
+ "value": "sysctl_net_ipv4_conf_default_send_redirects",
+ "remarks": "rule_set_133"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Remove tftp Daemon",
- "remarks": "rule_set_079"
+ "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_133"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_080"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_080"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_specify_remote_server",
- "remarks": "rule_set_080"
+ "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
+ "remarks": "rule_set_134"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "A remote time server for Chrony is configured",
- "remarks": "rule_set_080"
+ "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
+ "remarks": "rule_set_134"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_081"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_081"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "chronyd_run_as_chrony_user",
- "remarks": "rule_set_081"
+ "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
+ "remarks": "rule_set_135"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that chronyd is running under chrony user account",
- "remarks": "rule_set_081"
+ "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
+ "remarks": "rule_set_135"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_082"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_082"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_cron_installed",
- "remarks": "rule_set_082"
+ "value": "sysctl_net_ipv4_conf_all_accept_redirects",
+ "remarks": "rule_set_136"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install the cron service",
- "remarks": "rule_set_082"
+ "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
+ "remarks": "rule_set_136"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_083"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_083"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_crond_enabled",
- "remarks": "rule_set_083"
+ "value": "sysctl_net_ipv4_conf_default_accept_redirects",
+ "remarks": "rule_set_137"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable cron Service",
- "remarks": "rule_set_083"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
+ "remarks": "rule_set_137"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_084"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_084"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_crontab",
- "remarks": "rule_set_084"
+ "value": "sysctl_net_ipv4_conf_all_secure_redirects",
+ "remarks": "rule_set_138"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Crontab",
- "remarks": "rule_set_084"
+ "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
+ "remarks": "rule_set_138"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_085"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_085"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_crontab",
- "remarks": "rule_set_085"
+ "value": "sysctl_net_ipv4_conf_default_secure_redirects",
+ "remarks": "rule_set_139"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on crontab",
- "remarks": "rule_set_085"
+ "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
+ "remarks": "rule_set_139"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_086"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_086"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_crontab",
- "remarks": "rule_set_086"
+ "value": "sysctl_net_ipv4_conf_all_rp_filter",
+ "remarks": "rule_set_140"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on crontab",
- "remarks": "rule_set_086"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
+ "remarks": "rule_set_140"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_087"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_087"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_hourly",
- "remarks": "rule_set_087"
+ "value": "sysctl_net_ipv4_conf_default_rp_filter",
+ "remarks": "rule_set_141"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.hourly",
- "remarks": "rule_set_087"
+ "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_141"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_088"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_088"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_hourly",
- "remarks": "rule_set_088"
+ "value": "sysctl_net_ipv4_conf_all_accept_source_route",
+ "remarks": "rule_set_142"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.hourly",
- "remarks": "rule_set_088"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_142"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_089"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_089"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_hourly",
- "remarks": "rule_set_089"
+ "value": "sysctl_net_ipv4_conf_default_accept_source_route",
+ "remarks": "rule_set_143"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.hourly",
- "remarks": "rule_set_089"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
+ "remarks": "rule_set_143"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_090"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_090"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_daily",
- "remarks": "rule_set_090"
+ "value": "sysctl_net_ipv4_conf_all_log_martians",
+ "remarks": "rule_set_144"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.daily",
- "remarks": "rule_set_090"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
+ "remarks": "rule_set_144"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_091"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_091"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_daily",
- "remarks": "rule_set_091"
+ "value": "sysctl_net_ipv4_conf_default_log_martians",
+ "remarks": "rule_set_145"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.daily",
- "remarks": "rule_set_091"
+ "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
+ "remarks": "rule_set_145"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_092"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_092"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_daily",
- "remarks": "rule_set_092"
+ "value": "sysctl_net_ipv4_tcp_syncookies",
+ "remarks": "rule_set_146"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.daily",
- "remarks": "rule_set_092"
+ "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
+ "remarks": "rule_set_146"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_093"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_093"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_weekly",
- "remarks": "rule_set_093"
+ "value": "sysctl_net_ipv6_conf_all_forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.weekly",
- "remarks": "rule_set_093"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding",
+ "remarks": "rule_set_147"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_094"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_094"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_weekly",
- "remarks": "rule_set_094"
+ "value": "sysctl_net_ipv6_conf_default_forwarding",
+ "remarks": "rule_set_148"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.weekly",
- "remarks": "rule_set_094"
+ "value": "Disable Kernel Parameter for IPv6 Forwarding by default",
+ "remarks": "rule_set_148"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_095"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_095"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_weekly",
- "remarks": "rule_set_095"
+ "value": "sysctl_net_ipv6_conf_all_accept_redirects",
+ "remarks": "rule_set_149"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.weekly",
- "remarks": "rule_set_095"
+ "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
+ "remarks": "rule_set_149"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_096"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_096"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_monthly",
- "remarks": "rule_set_096"
+ "value": "sysctl_net_ipv6_conf_default_accept_redirects",
+ "remarks": "rule_set_150"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.monthly",
- "remarks": "rule_set_096"
+ "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
+ "remarks": "rule_set_150"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_097"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_097"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_monthly",
- "remarks": "rule_set_097"
+ "value": "sysctl_net_ipv6_conf_all_accept_source_route",
+ "remarks": "rule_set_151"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.monthly",
- "remarks": "rule_set_097"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
+ "remarks": "rule_set_151"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_098"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_098"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_monthly",
- "remarks": "rule_set_098"
+ "value": "sysctl_net_ipv6_conf_default_accept_source_route",
+ "remarks": "rule_set_152"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.monthly",
- "remarks": "rule_set_098"
+ "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
+ "remarks": "rule_set_152"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_099"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_099"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_d",
- "remarks": "rule_set_099"
+ "value": "sysctl_net_ipv6_conf_all_accept_ra",
+ "remarks": "rule_set_153"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns cron.d",
- "remarks": "rule_set_099"
+ "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
+ "remarks": "rule_set_153"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_100"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_100"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_d",
- "remarks": "rule_set_100"
+ "value": "sysctl_net_ipv6_conf_default_accept_ra",
+ "remarks": "rule_set_154"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on cron.d",
- "remarks": "rule_set_100"
+ "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
+ "remarks": "rule_set_154"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_101"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_101"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_d",
- "remarks": "rule_set_101"
+ "value": "package_nftables_installed",
+ "remarks": "rule_set_155"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on cron.d",
- "remarks": "rule_set_101"
+ "value": "Install nftables Package",
+ "remarks": "rule_set_155"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_102"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_102"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_deny_not_exist",
- "remarks": "rule_set_102"
+ "value": "service_firewalld_enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.deny does not exist",
- "remarks": "rule_set_102"
+ "value": "Verify firewalld Enabled",
+ "remarks": "rule_set_156"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_103"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_103"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_cron_allow_exists",
- "remarks": "rule_set_103"
+ "value": "package_firewalld_installed",
+ "remarks": "rule_set_157"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/cron.allow exists",
- "remarks": "rule_set_103"
+ "value": "Install firewalld Package",
+ "remarks": "rule_set_157"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_104"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_104"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_cron_allow",
- "remarks": "rule_set_104"
+ "value": "service_nftables_disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/cron.allow file",
- "remarks": "rule_set_104"
+ "value": "Verify nftables Service is Disabled",
+ "remarks": "rule_set_158"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_105"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_105"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_cron_allow",
- "remarks": "rule_set_105"
+ "value": "firewalld_loopback_traffic_trusted",
+ "remarks": "rule_set_159"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/cron.allow file",
- "remarks": "rule_set_105"
+ "value": "Configure Firewalld to Trust Loopback Traffic",
+ "remarks": "rule_set_159"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_106"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_106"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_cron_allow",
- "remarks": "rule_set_106"
+ "value": "firewalld_loopback_traffic_restricted",
+ "remarks": "rule_set_160"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/cron.allow file",
- "remarks": "rule_set_106"
+ "value": "Configure Firewalld to Restrict Loopback Traffic",
+ "remarks": "rule_set_160"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_107"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_107"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_at_deny_not_exist",
- "remarks": "rule_set_107"
+ "value": "file_groupowner_sshd_config",
+ "remarks": "rule_set_161"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that /etc/at.deny does not exist",
- "remarks": "rule_set_107"
+ "value": "Verify Group Who Owns SSH Server config file",
+ "remarks": "rule_set_161"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_108"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_108"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_at_allow",
- "remarks": "rule_set_108"
+ "value": "file_owner_sshd_config",
+ "remarks": "rule_set_162"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/at.allow file",
- "remarks": "rule_set_108"
+ "value": "Verify Owner on SSH Server config file",
+ "remarks": "rule_set_162"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_109"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_109"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_at_allow",
- "remarks": "rule_set_109"
+ "value": "file_permissions_sshd_config",
+ "remarks": "rule_set_163"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns /etc/at.allow file",
- "remarks": "rule_set_109"
+ "value": "Verify Permissions on SSH Server config file",
+ "remarks": "rule_set_163"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_110"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_110"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_at_allow",
- "remarks": "rule_set_110"
+ "value": "directory_permissions_sshd_config_d",
+ "remarks": "rule_set_164"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/at.allow file",
- "remarks": "rule_set_110"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_164"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_111"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_111"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_tipc_disabled",
- "remarks": "rule_set_111"
+ "value": "file_permissions_sshd_drop_in_config",
+ "remarks": "rule_set_165"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable TIPC Support",
- "remarks": "rule_set_111"
+ "value": "Verify Permissions on SSH Server Config File",
+ "remarks": "rule_set_165"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
- "remarks": "rule_set_112"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
- "remarks": "rule_set_112"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_ip_forward",
- "remarks": "rule_set_112"
+ "value": "directory_groupowner_sshd_config_d",
+ "remarks": "rule_set_166"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces",
- "remarks": "rule_set_112"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_166"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_113"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_113"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_send_redirects",
- "remarks": "rule_set_113"
+ "value": "directory_owner_sshd_config_d",
+ "remarks": "rule_set_167"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_113"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_167"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_114"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_114"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_send_redirects",
- "remarks": "rule_set_114"
+ "value": "file_groupowner_sshd_drop_in_config",
+ "remarks": "rule_set_168"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default",
- "remarks": "rule_set_114"
+ "value": "Verify Group Who Owns SSH Server Configuration Files",
+ "remarks": "rule_set_168"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_115"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_115"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_ignore_bogus_error_responses",
- "remarks": "rule_set_115"
+ "value": "file_owner_sshd_drop_in_config",
+ "remarks": "rule_set_169"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces",
- "remarks": "rule_set_115"
+ "value": "Verify Owner on SSH Server Configuration Files",
+ "remarks": "rule_set_169"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_116"
+ "value": "file_permissions_sshd_private_key",
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_116"
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_170"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_icmp_echo_ignore_broadcasts",
- "remarks": "rule_set_116"
+ "value": "file_permissions_sshd_private_key",
+ "remarks": "rule_set_170"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces",
- "remarks": "rule_set_116"
+ "value": "Verify Permissions on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_170"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_117"
+ "value": "file_ownership_sshd_private_key",
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_117"
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_171"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_redirects",
- "remarks": "rule_set_117"
+ "value": "file_ownership_sshd_private_key",
+ "remarks": "rule_set_171"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv4 Interfaces",
- "remarks": "rule_set_117"
+ "value": "Verify Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_171"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_118"
+ "value": "file_groupownership_sshd_private_key",
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_118"
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_172"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_redirects",
- "remarks": "rule_set_118"
+ "value": "file_groupownership_sshd_private_key",
+ "remarks": "rule_set_172"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces",
- "remarks": "rule_set_118"
+ "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
+ "remarks": "rule_set_172"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_119"
+ "value": "file_permissions_sshd_pub_key",
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_119"
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_173"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_secure_redirects",
- "remarks": "rule_set_119"
+ "value": "file_permissions_sshd_pub_key",
+ "remarks": "rule_set_173"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces",
- "remarks": "rule_set_119"
+ "value": "Verify Permissions on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_173"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_120"
+ "value": "file_ownership_sshd_pub_key",
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_120"
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_174"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects",
- "remarks": "rule_set_120"
+ "value": "file_ownership_sshd_pub_key",
+ "remarks": "rule_set_174"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Kernel Parameter for Accepting Secure Redirects By Default",
- "remarks": "rule_set_120"
+ "value": "Verify Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_174"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_121"
+ "value": "file_groupownership_sshd_pub_key",
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_121"
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_175"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_rp_filter",
- "remarks": "rule_set_121"
+ "value": "file_groupownership_sshd_pub_key",
+ "remarks": "rule_set_175"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces",
- "remarks": "rule_set_121"
+ "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
+ "remarks": "rule_set_175"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_122"
+ "value": "sshd_limit_user_access",
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_122"
+ "value": "Limit Users' SSH Access",
+ "remarks": "rule_set_176"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_rp_filter",
- "remarks": "rule_set_122"
+ "value": "sshd_limit_user_access",
+ "remarks": "rule_set_176"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default",
- "remarks": "rule_set_122"
+ "value": "Limit Users' SSH Access",
+ "remarks": "rule_set_176"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_123"
+ "value": "sshd_enable_warning_banner_net",
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_123"
+ "value": "Enable SSH Warning Banner",
+ "remarks": "rule_set_177"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_accept_source_route",
- "remarks": "rule_set_123"
+ "value": "sshd_enable_warning_banner_net",
+ "remarks": "rule_set_177"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces",
- "remarks": "rule_set_123"
+ "value": "Enable SSH Warning Banner",
+ "remarks": "rule_set_177"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_124"
+ "value": "sshd_set_idle_timeout",
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_124"
+ "value": "Set SSH Client Alive Interval",
+ "remarks": "rule_set_178"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_accept_source_route",
- "remarks": "rule_set_124"
+ "value": "sshd_set_idle_timeout",
+ "remarks": "rule_set_178"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default",
- "remarks": "rule_set_124"
+ "value": "Set SSH Client Alive Interval",
+ "remarks": "rule_set_178"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_125"
+ "value": "sshd_set_keepalive",
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Set SSH Client Alive Count Max",
+ "remarks": "rule_set_179"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_all_log_martians",
- "remarks": "rule_set_125"
+ "value": "sshd_set_keepalive",
+ "remarks": "rule_set_179"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces",
- "remarks": "rule_set_125"
+ "value": "Set SSH Client Alive Count Max",
+ "remarks": "rule_set_179"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_126"
+ "value": "sshd_disable_forwarding",
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_126"
+ "value": "Disable SSH Forwarding",
+ "remarks": "rule_set_180"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_log_martians",
- "remarks": "rule_set_126"
+ "value": "sshd_disable_forwarding",
+ "remarks": "rule_set_180"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces by Default",
- "remarks": "rule_set_126"
+ "value": "Disable SSH Forwarding",
+ "remarks": "rule_set_180"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_127"
+ "value": "sshd_disable_gssapi_auth",
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_127"
+ "value": "Disable GSSAPI Authentication",
+ "remarks": "rule_set_181"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_tcp_syncookies",
- "remarks": "rule_set_127"
+ "value": "sshd_disable_gssapi_auth",
+ "remarks": "rule_set_181"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces",
- "remarks": "rule_set_127"
+ "value": "Disable GSSAPI Authentication",
+ "remarks": "rule_set_181"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_128"
+ "value": "disable_host_auth",
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_128"
+ "value": "Disable Host-Based Authentication",
+ "remarks": "rule_set_182"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_forwarding",
- "remarks": "rule_set_128"
+ "value": "disable_host_auth",
+ "remarks": "rule_set_182"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for IPv6 Forwarding",
- "remarks": "rule_set_128"
+ "value": "Disable Host-Based Authentication",
+ "remarks": "rule_set_182"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_129"
+ "value": "sshd_disable_rhosts",
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_129"
+ "value": "Disable SSH Support for .rhosts Files",
+ "remarks": "rule_set_183"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_redirects",
- "remarks": "rule_set_129"
+ "value": "sshd_disable_rhosts",
+ "remarks": "rule_set_183"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting ICMP Redirects for All IPv6 Interfaces",
- "remarks": "rule_set_129"
+ "value": "Disable SSH Support for .rhosts Files",
+ "remarks": "rule_set_183"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_130"
+ "value": "sshd_set_login_grace_time",
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Ensure SSH LoginGraceTime is configured",
+ "remarks": "rule_set_184"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_redirects",
- "remarks": "rule_set_130"
+ "value": "sshd_set_login_grace_time",
+ "remarks": "rule_set_184"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces",
- "remarks": "rule_set_130"
+ "value": "Ensure SSH LoginGraceTime is configured",
+ "remarks": "rule_set_184"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_131"
+ "value": "sshd_set_loglevel_verbose",
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_131"
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "remarks": "rule_set_185"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_source_route",
- "remarks": "rule_set_131"
+ "value": "sshd_set_loglevel_verbose",
+ "remarks": "rule_set_185"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces",
- "remarks": "rule_set_131"
+ "value": "Set SSH Daemon LogLevel to VERBOSE",
+ "remarks": "rule_set_185"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "sshd_set_max_auth_tries",
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_132"
+ "value": "Set SSH authentication attempt limit",
+ "remarks": "rule_set_186"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_source_route",
- "remarks": "rule_set_132"
+ "value": "sshd_set_max_auth_tries",
+ "remarks": "rule_set_186"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default",
- "remarks": "rule_set_132"
+ "value": "Set SSH authentication attempt limit",
+ "remarks": "rule_set_186"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_133"
+ "value": "sshd_set_maxstartups",
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_133"
+ "value": "Ensure SSH MaxStartups is configured",
+ "remarks": "rule_set_187"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_all_accept_ra",
- "remarks": "rule_set_133"
+ "value": "sshd_set_maxstartups",
+ "remarks": "rule_set_187"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Accepting Router Advertisements on All IPv6 Interfaces",
- "remarks": "rule_set_133"
+ "value": "Ensure SSH MaxStartups is configured",
+ "remarks": "rule_set_187"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_134"
+ "value": "sshd_set_max_sessions",
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_134"
+ "value": "Set SSH MaxSessions limit",
+ "remarks": "rule_set_188"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv6_conf_default_accept_ra",
- "remarks": "rule_set_134"
+ "value": "sshd_set_max_sessions",
+ "remarks": "rule_set_188"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Accepting Router Advertisements on all IPv6 Interfaces by Default",
- "remarks": "rule_set_134"
+ "value": "Set SSH MaxSessions limit",
+ "remarks": "rule_set_188"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_135"
+ "value": "sshd_disable_empty_passwords",
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_135"
+ "value": "Disable SSH Access via Empty Passwords",
+ "remarks": "rule_set_189"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_nftables_installed",
- "remarks": "rule_set_135"
+ "value": "sshd_disable_empty_passwords",
+ "remarks": "rule_set_189"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install nftables Package",
- "remarks": "rule_set_135"
+ "value": "Disable SSH Access via Empty Passwords",
+ "remarks": "rule_set_189"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_136"
+ "value": "sshd_disable_root_login",
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_136"
+ "value": "Disable SSH Root Login",
+ "remarks": "rule_set_190"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_firewalld_enabled",
- "remarks": "rule_set_136"
+ "value": "sshd_disable_root_login",
+ "remarks": "rule_set_190"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify firewalld Enabled",
- "remarks": "rule_set_136"
+ "value": "Disable SSH Root Login",
+ "remarks": "rule_set_190"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_137"
+ "value": "sshd_do_not_permit_user_env",
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_137"
+ "value": "Do Not Allow SSH Environment Options",
+ "remarks": "rule_set_191"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_firewalld_installed",
- "remarks": "rule_set_137"
+ "value": "sshd_do_not_permit_user_env",
+ "remarks": "rule_set_191"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install firewalld Package",
- "remarks": "rule_set_137"
+ "value": "Do Not Allow SSH Environment Options",
+ "remarks": "rule_set_191"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_138"
+ "value": "sshd_enable_pam",
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_138"
+ "value": "Enable PAM",
+ "remarks": "rule_set_192"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_nftables_disabled",
- "remarks": "rule_set_138"
+ "value": "sshd_enable_pam",
+ "remarks": "rule_set_192"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify nftables Service is Disabled",
- "remarks": "rule_set_138"
+ "value": "Enable PAM",
+ "remarks": "rule_set_192"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_139"
+ "value": "package_sudo_installed",
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_139"
+ "value": "Install sudo Package",
+ "remarks": "rule_set_193"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_trusted",
- "remarks": "rule_set_139"
+ "value": "package_sudo_installed",
+ "remarks": "rule_set_193"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Trust Loopback Traffic",
- "remarks": "rule_set_139"
+ "value": "Install sudo Package",
+ "remarks": "rule_set_193"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_140"
+ "value": "sudo_add_use_pty",
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_140"
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "remarks": "rule_set_194"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "firewalld_loopback_traffic_restricted",
- "remarks": "rule_set_140"
+ "value": "sudo_add_use_pty",
+ "remarks": "rule_set_194"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Firewalld to Restrict Loopback Traffic",
- "remarks": "rule_set_140"
+ "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
+ "remarks": "rule_set_194"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_141"
+ "value": "sudo_custom_logfile",
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_141"
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "remarks": "rule_set_195"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_sshd_config",
- "remarks": "rule_set_141"
+ "value": "sudo_custom_logfile",
+ "remarks": "rule_set_195"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns SSH Server config file",
- "remarks": "rule_set_141"
+ "value": "Ensure Sudo Logfile Exists - sudo logfile",
+ "remarks": "rule_set_195"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_142"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_142"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_sshd_config",
- "remarks": "rule_set_142"
+ "value": "sudo_remove_no_authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Owner on SSH Server config file",
- "remarks": "rule_set_142"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate",
+ "remarks": "rule_set_196"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_143"
+ "value": "sudo_require_reauthentication",
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_143"
+ "value": "Require Re-Authentication When Using the sudo Command",
+ "remarks": "rule_set_197"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_config",
- "remarks": "rule_set_143"
+ "value": "sudo_require_reauthentication",
+ "remarks": "rule_set_197"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server config file",
- "remarks": "rule_set_143"
+ "value": "Require Re-Authentication When Using the sudo Command",
+ "remarks": "rule_set_197"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_144"
+ "value": "use_pam_wheel_group_for_su",
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_144"
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "remarks": "rule_set_198"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_private_key",
- "remarks": "rule_set_144"
+ "value": "use_pam_wheel_group_for_su",
+ "remarks": "rule_set_198"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Private *_key Key Files",
- "remarks": "rule_set_144"
+ "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
+ "remarks": "rule_set_198"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_145"
+ "value": "ensure_pam_wheel_group_empty",
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_145"
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "remarks": "rule_set_199"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_private_key",
- "remarks": "rule_set_145"
+ "value": "ensure_pam_wheel_group_empty",
+ "remarks": "rule_set_199"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_145"
+ "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
+ "remarks": "rule_set_199"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_146"
+ "value": "package_pam_pwquality_installed",
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_146"
+ "value": "Install pam_pwquality Package",
+ "remarks": "rule_set_200"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_private_key",
- "remarks": "rule_set_146"
+ "value": "package_pam_pwquality_installed",
+ "remarks": "rule_set_200"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Private *_key Key Files",
- "remarks": "rule_set_146"
+ "value": "Install pam_pwquality Package",
+ "remarks": "rule_set_200"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_147"
+ "value": "account_password_pam_faillock_password_auth",
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_147"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "remarks": "rule_set_201"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_sshd_pub_key",
- "remarks": "rule_set_147"
+ "value": "account_password_pam_faillock_password_auth",
+ "remarks": "rule_set_201"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_147"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
+ "remarks": "rule_set_201"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_148"
+ "value": "account_password_pam_faillock_system_auth",
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_148"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "remarks": "rule_set_202"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_sshd_pub_key",
- "remarks": "rule_set_148"
+ "value": "account_password_pam_faillock_system_auth",
+ "remarks": "rule_set_202"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_148"
+ "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
+ "remarks": "rule_set_202"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_149"
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_203"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_149"
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_203"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupownership_sshd_pub_key",
- "remarks": "rule_set_149"
+ "value": "accounts_password_pam_pwquality_password_auth",
+ "remarks": "rule_set_203"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Ownership on SSH Server Public *.pub Key Files",
- "remarks": "rule_set_149"
+ "value": "Ensure PAM password complexity module is enabled in password-auth",
+ "remarks": "rule_set_203"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_150"
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_204"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_150"
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_204"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex",
- "remarks": "rule_set_150"
+ "value": "accounts_password_pam_pwquality_system_auth",
+ "remarks": "rule_set_204"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong Key Exchange algorithms",
- "remarks": "rule_set_150"
+ "value": "Ensure PAM password complexity module is enabled in system-auth",
+ "remarks": "rule_set_204"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_151"
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_151"
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_205"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs",
- "remarks": "rule_set_151"
+ "value": "accounts_password_pam_unix_enabled",
+ "remarks": "rule_set_205"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Use Only Strong MACs",
- "remarks": "rule_set_151"
+ "value": "Verify pam_unix module is activated",
+ "remarks": "rule_set_205"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
- "remarks": "rule_set_152"
+ "value": "accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
- "remarks": "rule_set_152"
+ "value": "Lock Accounts After Failed Password Attempts",
+ "remarks": "rule_set_206"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_limit_user_access",
- "remarks": "rule_set_152"
+ "value": "accounts_passwords_pam_faillock_deny",
+ "remarks": "rule_set_206"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Users' SSH Access",
- "remarks": "rule_set_152"
+ "value": "Lock Accounts After Failed Password Attempts",
+ "remarks": "rule_set_206"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_153"
+ "value": "accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
- "remarks": "rule_set_153"
+ "value": "Set Lockout Time for Failed Password Attempts",
+ "remarks": "rule_set_207"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_warning_banner_net",
- "remarks": "rule_set_153"
+ "value": "accounts_passwords_pam_faillock_unlock_time",
+ "remarks": "rule_set_207"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable SSH Warning Banner",
- "remarks": "rule_set_153"
+ "value": "Set Lockout Time for Failed Password Attempts",
+ "remarks": "rule_set_207"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
- "remarks": "rule_set_154"
+ "value": "accounts_password_pam_difok",
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_154"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "remarks": "rule_set_208"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_idle_timeout",
- "remarks": "rule_set_154"
+ "value": "accounts_password_pam_difok",
+ "remarks": "rule_set_208"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Interval",
- "remarks": "rule_set_154"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
+ "remarks": "rule_set_208"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
- "remarks": "rule_set_155"
+ "value": "accounts_password_pam_minlen",
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_155"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "remarks": "rule_set_209"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_keepalive",
- "remarks": "rule_set_155"
+ "value": "accounts_password_pam_minlen",
+ "remarks": "rule_set_209"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Client Alive Count Max",
- "remarks": "rule_set_155"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
+ "remarks": "rule_set_209"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
- "remarks": "rule_set_156"
+ "value": "accounts_password_pam_minclass",
+ "remarks": "rule_set_210"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
- "remarks": "rule_set_156"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_210"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_gssapi_auth",
- "remarks": "rule_set_156"
+ "value": "accounts_password_pam_minclass",
+ "remarks": "rule_set_210"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GSSAPI Authentication",
- "remarks": "rule_set_156"
+ "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
+ "remarks": "rule_set_210"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
- "remarks": "rule_set_157"
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_211"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
- "remarks": "rule_set_157"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_211"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "disable_host_auth",
- "remarks": "rule_set_157"
+ "value": "accounts_password_pam_maxrepeat",
+ "remarks": "rule_set_211"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Host-Based Authentication",
- "remarks": "rule_set_157"
+ "value": "Set Password Maximum Consecutive Repeating Characters",
+ "remarks": "rule_set_211"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
- "remarks": "rule_set_158"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_212"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_158"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_212"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_rhosts",
- "remarks": "rule_set_158"
+ "value": "accounts_password_pam_maxsequence",
+ "remarks": "rule_set_212"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Support for .rhosts Files",
- "remarks": "rule_set_158"
+ "value": "Limit the maximum number of sequential characters in passwords",
+ "remarks": "rule_set_212"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
- "remarks": "rule_set_159"
+ "value": "accounts_password_pam_dictcheck",
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_159"
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "remarks": "rule_set_213"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_login_grace_time",
- "remarks": "rule_set_159"
+ "value": "accounts_password_pam_dictcheck",
+ "remarks": "rule_set_213"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH LoginGraceTime is configured",
- "remarks": "rule_set_159"
+ "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
+ "remarks": "rule_set_213"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_160"
+ "value": "accounts_password_pam_enforce_root",
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_160"
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "remarks": "rule_set_214"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_loglevel_verbose",
- "remarks": "rule_set_160"
+ "value": "accounts_password_pam_enforce_root",
+ "remarks": "rule_set_214"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH Daemon LogLevel to VERBOSE",
- "remarks": "rule_set_160"
+ "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
+ "remarks": "rule_set_214"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_161"
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_161"
+ "value": "Limit Password Reuse: password-auth",
+ "remarks": "rule_set_215"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_auth_tries",
- "remarks": "rule_set_161"
+ "value": "accounts_password_pam_pwhistory_remember_password_auth",
+ "remarks": "rule_set_215"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH authentication attempt limit",
- "remarks": "rule_set_161"
+ "value": "Limit Password Reuse: password-auth",
+ "remarks": "rule_set_215"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
- "remarks": "rule_set_162"
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_162"
+ "value": "Limit Password Reuse: system-auth",
+ "remarks": "rule_set_216"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_maxstartups",
- "remarks": "rule_set_162"
+ "value": "accounts_password_pam_pwhistory_remember_system_auth",
+ "remarks": "rule_set_216"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SSH MaxStartups is configured",
- "remarks": "rule_set_162"
+ "value": "Limit Password Reuse: system-auth",
+ "remarks": "rule_set_216"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
- "remarks": "rule_set_163"
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_163"
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_217"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_set_max_sessions",
- "remarks": "rule_set_163"
+ "value": "accounts_password_pam_pwhistory_use_authtok",
+ "remarks": "rule_set_217"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set SSH MaxSessions limit",
- "remarks": "rule_set_163"
+ "value": "Enforce Password History with use_authtok",
+ "remarks": "rule_set_217"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_164"
+ "value": "no_empty_passwords",
+ "remarks": "rule_set_218"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_164"
+ "value": "Prevent Login to Accounts With Empty Password",
+ "remarks": "rule_set_218"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_empty_passwords",
- "remarks": "rule_set_164"
+ "value": "no_empty_passwords",
+ "remarks": "rule_set_218"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Access via Empty Passwords",
- "remarks": "rule_set_164"
+ "value": "Prevent Login to Accounts With Empty Password",
+ "remarks": "rule_set_218"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
- "remarks": "rule_set_165"
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
- "remarks": "rule_set_165"
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_219"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_disable_root_login",
- "remarks": "rule_set_165"
+ "value": "accounts_password_pam_unix_no_remember",
+ "remarks": "rule_set_219"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SSH Root Login",
- "remarks": "rule_set_165"
+ "value": "Avoid using remember in pam_unix module",
+ "remarks": "rule_set_219"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_166"
+ "value": "set_password_hashing_algorithm_systemauth",
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_166"
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "remarks": "rule_set_220"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_do_not_permit_user_env",
- "remarks": "rule_set_166"
+ "value": "set_password_hashing_algorithm_systemauth",
+ "remarks": "rule_set_220"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Do Not Allow SSH Environment Options",
- "remarks": "rule_set_166"
+ "value": "Set PAM Password Hashing Algorithm - system-auth",
+ "remarks": "rule_set_220"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
- "remarks": "rule_set_167"
+ "value": "set_password_hashing_algorithm_passwordauth",
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
- "remarks": "rule_set_167"
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "remarks": "rule_set_221"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_enable_pam",
- "remarks": "rule_set_167"
+ "value": "set_password_hashing_algorithm_passwordauth",
+ "remarks": "rule_set_221"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable PAM",
- "remarks": "rule_set_167"
+ "value": "Set PAM Password Hashing Algorithm - password-auth",
+ "remarks": "rule_set_221"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
- "remarks": "rule_set_168"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
- "remarks": "rule_set_168"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_222"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_sudo_installed",
- "remarks": "rule_set_168"
+ "value": "accounts_password_pam_unix_authtok",
+ "remarks": "rule_set_222"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install sudo Package",
- "remarks": "rule_set_168"
+ "value": "Require use_authtok for pam_unix.so",
+ "remarks": "rule_set_222"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
- "remarks": "rule_set_169"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_169"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_223"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_add_use_pty",
- "remarks": "rule_set_169"
+ "value": "accounts_maximum_age_login_defs",
+ "remarks": "rule_set_223"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty",
- "remarks": "rule_set_169"
+ "value": "Set Password Maximum Age",
+ "remarks": "rule_set_223"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
- "remarks": "rule_set_170"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_170"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_224"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_custom_logfile",
- "remarks": "rule_set_170"
+ "value": "accounts_password_set_max_life_existing",
+ "remarks": "rule_set_224"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Sudo Logfile Exists - sudo logfile",
- "remarks": "rule_set_170"
+ "value": "Set Existing Passwords Maximum Age",
+ "remarks": "rule_set_224"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_171"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_171"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_225"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication",
- "remarks": "rule_set_171"
+ "value": "accounts_password_warn_age_login_defs",
+ "remarks": "rule_set_225"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo",
- "remarks": "rule_set_171"
+ "value": "Set Password Warning Age",
+ "remarks": "rule_set_225"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
- "remarks": "rule_set_172"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_172"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_226"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_reauthentication",
- "remarks": "rule_set_172"
+ "value": "accounts_password_set_warn_age_existing",
+ "remarks": "rule_set_226"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Require Re-Authentication When Using the sudo Command",
- "remarks": "rule_set_172"
+ "value": "Set Existing Passwords Warning Age",
+ "remarks": "rule_set_226"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_173"
+ "value": "set_password_hashing_algorithm_logindefs",
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_173"
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "remarks": "rule_set_227"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "use_pam_wheel_group_for_su",
- "remarks": "rule_set_173"
+ "value": "set_password_hashing_algorithm_logindefs",
+ "remarks": "rule_set_227"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enforce Usage of pam_wheel with Group Parameter for su Authentication",
- "remarks": "rule_set_173"
+ "value": "Set Password Hashing Algorithm in /etc/login.defs",
+ "remarks": "rule_set_227"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_174"
+ "value": "account_disable_post_pw_expiration",
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_174"
+ "value": "Set Account Expiration Following Inactivity",
+ "remarks": "rule_set_228"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_pam_wheel_group_empty",
- "remarks": "rule_set_174"
+ "value": "account_disable_post_pw_expiration",
+ "remarks": "rule_set_228"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty",
- "remarks": "rule_set_174"
+ "value": "Set Account Expiration Following Inactivity",
+ "remarks": "rule_set_228"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
- "remarks": "rule_set_175"
+ "value": "accounts_set_post_pw_existing",
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
- "remarks": "rule_set_175"
+ "value": "Set existing passwords a period of inactivity before they been locked",
+ "remarks": "rule_set_229"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_pam_pwquality_installed",
- "remarks": "rule_set_175"
+ "value": "accounts_set_post_pw_existing",
+ "remarks": "rule_set_229"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install pam_pwquality Package",
- "remarks": "rule_set_175"
+ "value": "Set existing passwords a period of inactivity before they been locked",
+ "remarks": "rule_set_229"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_176"
+ "value": "accounts_password_last_change_is_in_past",
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_176"
+ "value": "Ensure all users last password change date is in the past",
+ "remarks": "rule_set_230"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_password_auth",
- "remarks": "rule_set_176"
+ "value": "accounts_password_last_change_is_in_past",
+ "remarks": "rule_set_230"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.",
- "remarks": "rule_set_176"
+ "value": "Ensure all users last password change date is in the past",
+ "remarks": "rule_set_230"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_177"
+ "value": "accounts_no_uid_except_zero",
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_177"
+ "value": "Verify Only Root Has UID 0",
+ "remarks": "rule_set_231"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_password_pam_faillock_system_auth",
- "remarks": "rule_set_177"
+ "value": "accounts_no_uid_except_zero",
+ "remarks": "rule_set_231"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.",
- "remarks": "rule_set_177"
+ "value": "Verify Only Root Has UID 0",
+ "remarks": "rule_set_231"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_178"
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_178"
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_232"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny",
- "remarks": "rule_set_178"
+ "value": "accounts_root_gid_zero",
+ "remarks": "rule_set_232"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Lock Accounts After Failed Password Attempts",
- "remarks": "rule_set_178"
+ "value": "Verify Root Has A Primary GID 0",
+ "remarks": "rule_set_232"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_179"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_179"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_unlock_time",
- "remarks": "rule_set_179"
+ "value": "groups_no_zero_gid_except_root",
+ "remarks": "rule_set_233"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Lockout Time for Failed Password Attempts",
- "remarks": "rule_set_179"
+ "value": "Verify Only Group Root Has GID 0",
+ "remarks": "rule_set_233"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
- "remarks": "rule_set_180"
+ "value": "ensure_root_password_configured",
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_180"
+ "value": "Ensure Authentication Required for Single User Mode",
+ "remarks": "rule_set_234"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_difok",
- "remarks": "rule_set_180"
+ "value": "ensure_root_password_configured",
+ "remarks": "rule_set_234"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Characters",
- "remarks": "rule_set_180"
+ "value": "Ensure Authentication Required for Single User Mode",
+ "remarks": "rule_set_234"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
- "remarks": "rule_set_181"
+ "value": "accounts_root_path_dirs_no_write",
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_181"
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "remarks": "rule_set_235"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minlen",
- "remarks": "rule_set_181"
+ "value": "accounts_root_path_dirs_no_write",
+ "remarks": "rule_set_235"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Length",
- "remarks": "rule_set_181"
+ "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
+ "remarks": "rule_set_235"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
- "remarks": "rule_set_182"
+ "value": "root_path_no_dot",
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_182"
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "remarks": "rule_set_236"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_minclass",
- "remarks": "rule_set_182"
+ "value": "root_path_no_dot",
+ "remarks": "rule_set_236"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories",
- "remarks": "rule_set_182"
+ "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
+ "remarks": "rule_set_236"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_183"
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_183"
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_237"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_maxrepeat",
- "remarks": "rule_set_183"
+ "value": "accounts_umask_root",
+ "remarks": "rule_set_237"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Consecutive Repeating Characters",
- "remarks": "rule_set_183"
+ "value": "Ensure the Root Bash Umask is Set Correctly",
+ "remarks": "rule_set_237"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_184"
+ "value": "no_password_auth_for_systemaccounts",
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_184"
+ "value": "Ensure that System Accounts Are Locked",
+ "remarks": "rule_set_238"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_dictcheck",
- "remarks": "rule_set_184"
+ "value": "no_password_auth_for_systemaccounts",
+ "remarks": "rule_set_238"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words",
- "remarks": "rule_set_184"
+ "value": "Ensure that System Accounts Are Locked",
+ "remarks": "rule_set_238"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_185"
+ "value": "no_shelllogin_for_systemaccounts",
+ "remarks": "rule_set_239"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_185"
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "remarks": "rule_set_239"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_enforce_root",
- "remarks": "rule_set_185"
+ "value": "no_shelllogin_for_systemaccounts",
+ "remarks": "rule_set_239"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure PAM Enforces Password Requirements - Enforce for root User",
- "remarks": "rule_set_185"
+ "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
+ "remarks": "rule_set_239"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_186"
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_240"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_186"
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_240"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_password_auth",
- "remarks": "rule_set_186"
+ "value": "no_invalid_shell_accounts_unlocked",
+ "remarks": "rule_set_240"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: password-auth",
- "remarks": "rule_set_186"
+ "value": "Verify Non-Interactive Accounts Are Locked",
+ "remarks": "rule_set_240"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_187"
+ "value": "accounts_tmout",
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_187"
+ "value": "Set Interactive Session Timeout",
+ "remarks": "rule_set_241"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_pam_pwhistory_remember_system_auth",
- "remarks": "rule_set_187"
+ "value": "accounts_tmout",
+ "remarks": "rule_set_241"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Limit Password Reuse: system-auth",
- "remarks": "rule_set_187"
+ "value": "Set Interactive Session Timeout",
+ "remarks": "rule_set_241"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
- "remarks": "rule_set_188"
+ "value": "accounts_umask_etc_bashrc",
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_188"
+ "value": "Ensure the Default Bash Umask is Set Correctly",
+ "remarks": "rule_set_242"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords",
- "remarks": "rule_set_188"
+ "value": "accounts_umask_etc_bashrc",
+ "remarks": "rule_set_242"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Prevent Login to Accounts With Empty Password",
- "remarks": "rule_set_188"
+ "value": "Ensure the Default Bash Umask is Set Correctly",
+ "remarks": "rule_set_242"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_189"
+ "value": "accounts_umask_etc_login_defs",
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_189"
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "remarks": "rule_set_243"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_systemauth",
- "remarks": "rule_set_189"
+ "value": "accounts_umask_etc_login_defs",
+ "remarks": "rule_set_243"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - system-auth",
- "remarks": "rule_set_189"
+ "value": "Ensure the Default Umask is Set Correctly in login.defs",
+ "remarks": "rule_set_243"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_190"
+ "value": "accounts_umask_etc_profile",
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_190"
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "remarks": "rule_set_244"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_passwordauth",
- "remarks": "rule_set_190"
+ "value": "accounts_umask_etc_profile",
+ "remarks": "rule_set_244"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set PAM Password Hashing Algorithm - password-auth",
- "remarks": "rule_set_190"
+ "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
+ "remarks": "rule_set_244"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_191"
+ "value": "package_aide_installed",
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_191"
+ "value": "Install AIDE",
+ "remarks": "rule_set_245"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_maximum_age_login_defs",
- "remarks": "rule_set_191"
+ "value": "package_aide_installed",
+ "remarks": "rule_set_245"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Maximum Age",
- "remarks": "rule_set_191"
+ "value": "Install AIDE",
+ "remarks": "rule_set_245"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_192"
+ "value": "aide_build_database",
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_192"
+ "value": "Build and Test AIDE Database",
+ "remarks": "rule_set_246"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_max_life_existing",
- "remarks": "rule_set_192"
+ "value": "aide_build_database",
+ "remarks": "rule_set_246"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Maximum Age",
- "remarks": "rule_set_192"
+ "value": "Build and Test AIDE Database",
+ "remarks": "rule_set_246"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_193"
+ "value": "aide_periodic_cron_checking",
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_193"
+ "value": "Configure Periodic Execution of AIDE",
+ "remarks": "rule_set_247"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_warn_age_login_defs",
- "remarks": "rule_set_193"
+ "value": "aide_periodic_cron_checking",
+ "remarks": "rule_set_247"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Warning Age",
- "remarks": "rule_set_193"
+ "value": "Configure Periodic Execution of AIDE",
+ "remarks": "rule_set_247"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_194"
+ "value": "aide_check_audit_tools",
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_194"
+ "value": "Configure AIDE to Verify the Audit Tools",
+ "remarks": "rule_set_248"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_warn_age_existing",
- "remarks": "rule_set_194"
+ "value": "aide_check_audit_tools",
+ "remarks": "rule_set_248"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Warning Age",
- "remarks": "rule_set_194"
+ "value": "Configure AIDE to Verify the Audit Tools",
+ "remarks": "rule_set_248"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_195"
+ "value": "service_systemd-journald_enabled",
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_195"
+ "value": "Enable systemd-journald Service",
+ "remarks": "rule_set_249"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf",
- "remarks": "rule_set_195"
+ "value": "service_systemd-journald_enabled",
+ "remarks": "rule_set_249"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/libuser.conf",
- "remarks": "rule_set_195"
+ "value": "Enable systemd-journald Service",
+ "remarks": "rule_set_249"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_196"
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_196"
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_250"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_logindefs",
- "remarks": "rule_set_196"
+ "value": "ensure_journald_and_rsyslog_not_active_together",
+ "remarks": "rule_set_250"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Hashing Algorithm in /etc/login.defs",
- "remarks": "rule_set_196"
+ "value": "Ensure journald and rsyslog Are Not Active Together",
+ "remarks": "rule_set_250"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_197"
+ "value": "package_systemd-journal-remote_installed",
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_197"
+ "value": "Install systemd-journal-remote Package",
+ "remarks": "rule_set_251"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_disable_post_pw_expiration",
- "remarks": "rule_set_197"
+ "value": "package_systemd-journal-remote_installed",
+ "remarks": "rule_set_251"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Account Expiration Following Inactivity",
- "remarks": "rule_set_197"
+ "value": "Install systemd-journal-remote Package",
+ "remarks": "rule_set_251"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_198"
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_198"
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_252"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_set_post_pw_existing",
- "remarks": "rule_set_198"
+ "value": "service_systemd-journal-upload_enabled",
+ "remarks": "rule_set_252"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set existing passwords a period of inactivity before they been locked",
- "remarks": "rule_set_198"
+ "value": "Enable systemd-journal-upload Service",
+ "remarks": "rule_set_252"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_199"
+ "value": "socket_systemd-journal-remote_disabled",
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_199"
+ "value": "Disable systemd-journal-remote Socket",
+ "remarks": "rule_set_253"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_last_change_is_in_past",
- "remarks": "rule_set_199"
+ "value": "socket_systemd-journal-remote_disabled",
+ "remarks": "rule_set_253"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure all users last password change date is in the past",
- "remarks": "rule_set_199"
+ "value": "Disable systemd-journal-remote Socket",
+ "remarks": "rule_set_253"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_200"
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_200"
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_254"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_no_uid_except_zero",
- "remarks": "rule_set_200"
+ "value": "journald_disable_forward_to_syslog",
+ "remarks": "rule_set_254"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Only Root Has UID 0",
- "remarks": "rule_set_200"
+ "value": "Ensure journald ForwardToSyslog is disabled",
+ "remarks": "rule_set_254"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_201"
+ "value": "journald_compress",
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_201"
+ "value": "Ensure journald is configured to compress large log files",
+ "remarks": "rule_set_255"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_gid_zero",
- "remarks": "rule_set_201"
+ "value": "journald_compress",
+ "remarks": "rule_set_255"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Root Has A Primary GID 0",
- "remarks": "rule_set_201"
+ "value": "Ensure journald is configured to compress large log files",
+ "remarks": "rule_set_255"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
- "remarks": "rule_set_202"
+ "value": "journald_storage",
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_202"
+ "value": "Ensure journald is configured to write log files to persistent disk",
+ "remarks": "rule_set_256"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "ensure_root_password_configured",
- "remarks": "rule_set_202"
+ "value": "journald_storage",
+ "remarks": "rule_set_256"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Authentication Required for Single User Mode",
- "remarks": "rule_set_202"
+ "value": "Ensure journald is configured to write log files to persistent disk",
+ "remarks": "rule_set_256"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_203"
+ "value": "rsyslog_files_groupownership",
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_203"
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "remarks": "rule_set_257"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_root_path_dirs_no_write",
- "remarks": "rule_set_203"
+ "value": "rsyslog_files_groupownership",
+ "remarks": "rule_set_257"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include World or Group-Writable Directories",
- "remarks": "rule_set_203"
+ "value": "Ensure Log Files Are Owned By Appropriate Group",
+ "remarks": "rule_set_257"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
- "remarks": "rule_set_204"
+ "value": "rsyslog_files_ownership",
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_204"
+ "value": "Ensure Log Files Are Owned By Appropriate User",
+ "remarks": "rule_set_258"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "root_path_no_dot",
- "remarks": "rule_set_204"
+ "value": "rsyslog_files_ownership",
+ "remarks": "rule_set_258"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that Root's Path Does Not Include Relative Paths or Null Directories",
- "remarks": "rule_set_204"
+ "value": "Ensure Log Files Are Owned By Appropriate User",
+ "remarks": "rule_set_258"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_205"
+ "value": "rsyslog_files_permissions",
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_205"
+ "value": "Ensure System Log Files Have Correct Permissions",
+ "remarks": "rule_set_259"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_password_auth_for_systemaccounts",
- "remarks": "rule_set_205"
+ "value": "rsyslog_files_permissions",
+ "remarks": "rule_set_259"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Are Locked",
- "remarks": "rule_set_205"
+ "value": "Ensure System Log Files Have Correct Permissions",
+ "remarks": "rule_set_259"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_206"
+ "value": "file_groupowner_etc_passwd",
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_206"
+ "value": "Verify Group Who Owns passwd File",
+ "remarks": "rule_set_260"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_shelllogin_for_systemaccounts",
- "remarks": "rule_set_206"
+ "value": "file_groupowner_etc_passwd",
+ "remarks": "rule_set_260"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure that System Accounts Do Not Run a Shell Upon Login",
- "remarks": "rule_set_206"
+ "value": "Verify Group Who Owns passwd File",
+ "remarks": "rule_set_260"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
- "remarks": "rule_set_207"
+ "value": "file_owner_etc_passwd",
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
- "remarks": "rule_set_207"
+ "value": "Verify User Who Owns passwd File",
+ "remarks": "rule_set_261"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_tmout",
- "remarks": "rule_set_207"
+ "value": "file_owner_etc_passwd",
+ "remarks": "rule_set_261"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Interactive Session Timeout",
- "remarks": "rule_set_207"
+ "value": "Verify User Who Owns passwd File",
+ "remarks": "rule_set_261"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_208"
+ "value": "file_permissions_etc_passwd",
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_208"
+ "value": "Verify Permissions on passwd File",
+ "remarks": "rule_set_262"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_bashrc",
- "remarks": "rule_set_208"
+ "value": "file_permissions_etc_passwd",
+ "remarks": "rule_set_262"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Bash Umask is Set Correctly",
- "remarks": "rule_set_208"
+ "value": "Verify Permissions on passwd File",
+ "remarks": "rule_set_262"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_209"
+ "value": "file_groupowner_backup_etc_passwd",
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_209"
+ "value": "Verify Group Who Owns Backup passwd File",
+ "remarks": "rule_set_263"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_login_defs",
- "remarks": "rule_set_209"
+ "value": "file_groupowner_backup_etc_passwd",
+ "remarks": "rule_set_263"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in login.defs",
- "remarks": "rule_set_209"
+ "value": "Verify Group Who Owns Backup passwd File",
+ "remarks": "rule_set_263"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
- "remarks": "rule_set_210"
+ "value": "file_owner_backup_etc_passwd",
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_210"
+ "value": "Verify User Who Owns Backup passwd File",
+ "remarks": "rule_set_264"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_umask_etc_profile",
- "remarks": "rule_set_210"
+ "value": "file_owner_backup_etc_passwd",
+ "remarks": "rule_set_264"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the Default Umask is Set Correctly in /etc/profile",
- "remarks": "rule_set_210"
+ "value": "Verify User Who Owns Backup passwd File",
+ "remarks": "rule_set_264"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
- "remarks": "rule_set_211"
+ "value": "file_permissions_backup_etc_passwd",
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
- "remarks": "rule_set_211"
+ "value": "Verify Permissions on Backup passwd File",
+ "remarks": "rule_set_265"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_aide_installed",
- "remarks": "rule_set_211"
+ "value": "file_permissions_backup_etc_passwd",
+ "remarks": "rule_set_265"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install AIDE",
- "remarks": "rule_set_211"
+ "value": "Verify Permissions on Backup passwd File",
+ "remarks": "rule_set_265"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
- "remarks": "rule_set_212"
+ "value": "file_groupowner_etc_group",
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
- "remarks": "rule_set_212"
+ "value": "Verify Group Who Owns group File",
+ "remarks": "rule_set_266"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_build_database",
- "remarks": "rule_set_212"
+ "value": "file_groupowner_etc_group",
+ "remarks": "rule_set_266"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Build and Test AIDE Database",
- "remarks": "rule_set_212"
+ "value": "Verify Group Who Owns group File",
+ "remarks": "rule_set_266"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
- "remarks": "rule_set_213"
+ "value": "file_owner_etc_group",
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_213"
+ "value": "Verify User Who Owns group File",
+ "remarks": "rule_set_267"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_periodic_cron_checking",
- "remarks": "rule_set_213"
+ "value": "file_owner_etc_group",
+ "remarks": "rule_set_267"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure Periodic Execution of AIDE",
- "remarks": "rule_set_213"
+ "value": "Verify User Who Owns group File",
+ "remarks": "rule_set_267"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
- "remarks": "rule_set_214"
+ "value": "file_permissions_etc_group",
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_214"
+ "value": "Verify Permissions on group File",
+ "remarks": "rule_set_268"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "aide_check_audit_tools",
- "remarks": "rule_set_214"
+ "value": "file_permissions_etc_group",
+ "remarks": "rule_set_268"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure AIDE to Verify the Audit Tools",
- "remarks": "rule_set_214"
+ "value": "Verify Permissions on group File",
+ "remarks": "rule_set_268"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
- "remarks": "rule_set_215"
+ "value": "file_groupowner_backup_etc_group",
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
- "remarks": "rule_set_215"
+ "value": "Verify Group Who Owns Backup group File",
+ "remarks": "rule_set_269"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_systemd-journald_enabled",
- "remarks": "rule_set_215"
+ "value": "file_groupowner_backup_etc_group",
+ "remarks": "rule_set_269"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable systemd-journald Service",
- "remarks": "rule_set_215"
+ "value": "Verify Group Who Owns Backup group File",
+ "remarks": "rule_set_269"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_216"
+ "value": "file_owner_backup_etc_group",
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_216"
+ "value": "Verify User Who Owns Backup group File",
+ "remarks": "rule_set_270"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_systemd-journal-remote_installed",
- "remarks": "rule_set_216"
+ "value": "file_owner_backup_etc_group",
+ "remarks": "rule_set_270"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Install systemd-journal-remote Package",
- "remarks": "rule_set_216"
+ "value": "Verify User Who Owns Backup group File",
+ "remarks": "rule_set_270"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_217"
+ "value": "file_permissions_backup_etc_group",
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_217"
+ "value": "Verify Permissions on Backup group File",
+ "remarks": "rule_set_271"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "socket_systemd-journal-remote_disabled",
- "remarks": "rule_set_217"
+ "value": "file_permissions_backup_etc_group",
+ "remarks": "rule_set_271"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable systemd-journal-remote Socket",
- "remarks": "rule_set_217"
+ "value": "Verify Permissions on Backup group File",
+ "remarks": "rule_set_271"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
- "remarks": "rule_set_218"
+ "value": "file_owner_etc_shadow",
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_218"
+ "value": "Verify User Who Owns shadow File",
+ "remarks": "rule_set_272"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_compress",
- "remarks": "rule_set_218"
+ "value": "file_owner_etc_shadow",
+ "remarks": "rule_set_272"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to compress large log files",
- "remarks": "rule_set_218"
+ "value": "Verify User Who Owns shadow File",
+ "remarks": "rule_set_272"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
- "remarks": "rule_set_219"
+ "value": "file_groupowner_etc_shadow",
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_219"
+ "value": "Verify Group Who Owns shadow File",
+ "remarks": "rule_set_273"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "journald_storage",
- "remarks": "rule_set_219"
+ "value": "file_groupowner_etc_shadow",
+ "remarks": "rule_set_273"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure journald is configured to write log files to persistent disk",
- "remarks": "rule_set_219"
+ "value": "Verify Group Who Owns shadow File",
+ "remarks": "rule_set_273"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
- "remarks": "rule_set_220"
+ "value": "file_permissions_etc_shadow",
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_220"
+ "value": "Verify Permissions on shadow File",
+ "remarks": "rule_set_274"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_groupownership",
- "remarks": "rule_set_220"
+ "value": "file_permissions_etc_shadow",
+ "remarks": "rule_set_274"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate Group",
- "remarks": "rule_set_220"
+ "value": "Verify Permissions on shadow File",
+ "remarks": "rule_set_274"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
- "remarks": "rule_set_221"
+ "value": "file_groupowner_backup_etc_shadow",
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_221"
+ "value": "Verify User Who Owns Backup shadow File",
+ "remarks": "rule_set_275"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_ownership",
- "remarks": "rule_set_221"
+ "value": "file_groupowner_backup_etc_shadow",
+ "remarks": "rule_set_275"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure Log Files Are Owned By Appropriate User",
- "remarks": "rule_set_221"
+ "value": "Verify User Who Owns Backup shadow File",
+ "remarks": "rule_set_275"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
- "remarks": "rule_set_222"
+ "value": "file_owner_backup_etc_shadow",
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_222"
+ "value": "Verify Group Who Owns Backup shadow File",
+ "remarks": "rule_set_276"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "rsyslog_files_permissions",
- "remarks": "rule_set_222"
+ "value": "file_owner_backup_etc_shadow",
+ "remarks": "rule_set_276"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure System Log Files Have Correct Permissions",
- "remarks": "rule_set_222"
+ "value": "Verify Group Who Owns Backup shadow File",
+ "remarks": "rule_set_276"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_223"
+ "value": "file_permissions_backup_etc_shadow",
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_223"
+ "value": "Verify Permissions on Backup shadow File",
+ "remarks": "rule_set_277"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_passwd",
- "remarks": "rule_set_223"
+ "value": "file_permissions_backup_etc_shadow",
+ "remarks": "rule_set_277"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns passwd File",
- "remarks": "rule_set_223"
+ "value": "Verify Permissions on Backup shadow File",
+ "remarks": "rule_set_277"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
- "remarks": "rule_set_224"
+ "value": "file_groupowner_etc_gshadow",
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_224"
+ "value": "Verify Group Who Owns gshadow File",
+ "remarks": "rule_set_278"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_passwd",
- "remarks": "rule_set_224"
+ "value": "file_groupowner_etc_gshadow",
+ "remarks": "rule_set_278"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns passwd File",
- "remarks": "rule_set_224"
+ "value": "Verify Group Who Owns gshadow File",
+ "remarks": "rule_set_278"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
- "remarks": "rule_set_225"
+ "value": "file_owner_etc_gshadow",
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
- "remarks": "rule_set_225"
+ "value": "Verify User Who Owns gshadow File",
+ "remarks": "rule_set_279"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_passwd",
- "remarks": "rule_set_225"
+ "value": "file_owner_etc_gshadow",
+ "remarks": "rule_set_279"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on passwd File",
- "remarks": "rule_set_225"
+ "value": "Verify User Who Owns gshadow File",
+ "remarks": "rule_set_279"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_226"
+ "value": "file_permissions_etc_gshadow",
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_226"
+ "value": "Verify Permissions on gshadow File",
+ "remarks": "rule_set_280"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_passwd",
- "remarks": "rule_set_226"
+ "value": "file_permissions_etc_gshadow",
+ "remarks": "rule_set_280"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup passwd File",
- "remarks": "rule_set_226"
+ "value": "Verify Permissions on gshadow File",
+ "remarks": "rule_set_280"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_227"
+ "value": "file_groupowner_backup_etc_gshadow",
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_227"
+ "value": "Verify Group Who Owns Backup gshadow File",
+ "remarks": "rule_set_281"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_passwd",
- "remarks": "rule_set_227"
+ "value": "file_groupowner_backup_etc_gshadow",
+ "remarks": "rule_set_281"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup passwd File",
- "remarks": "rule_set_227"
+ "value": "Verify Group Who Owns Backup gshadow File",
+ "remarks": "rule_set_281"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_228"
+ "value": "file_owner_backup_etc_gshadow",
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_228"
+ "value": "Verify User Who Owns Backup gshadow File",
+ "remarks": "rule_set_282"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_passwd",
- "remarks": "rule_set_228"
+ "value": "file_owner_backup_etc_gshadow",
+ "remarks": "rule_set_282"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup passwd File",
- "remarks": "rule_set_228"
+ "value": "Verify User Who Owns Backup gshadow File",
+ "remarks": "rule_set_282"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
- "remarks": "rule_set_229"
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
- "remarks": "rule_set_229"
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_283"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_group",
- "remarks": "rule_set_229"
+ "value": "file_permissions_backup_etc_gshadow",
+ "remarks": "rule_set_283"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns group File",
- "remarks": "rule_set_229"
+ "value": "Verify Permissions on Backup gshadow File",
+ "remarks": "rule_set_283"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
- "remarks": "rule_set_230"
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_284"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
- "remarks": "rule_set_230"
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_284"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_group",
- "remarks": "rule_set_230"
+ "value": "file_groupowner_etc_shells",
+ "remarks": "rule_set_284"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns group File",
- "remarks": "rule_set_230"
+ "value": "Verify Group Who Owns /etc/shells File",
+ "remarks": "rule_set_284"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
- "remarks": "rule_set_231"
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_285"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
- "remarks": "rule_set_231"
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_285"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_group",
- "remarks": "rule_set_231"
+ "value": "file_owner_etc_shells",
+ "remarks": "rule_set_285"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on group File",
- "remarks": "rule_set_231"
+ "value": "Verify Who Owns /etc/shells File",
+ "remarks": "rule_set_285"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_232"
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_286"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_232"
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_286"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_group",
- "remarks": "rule_set_232"
+ "value": "file_permissions_etc_shells",
+ "remarks": "rule_set_286"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup group File",
- "remarks": "rule_set_232"
+ "value": "Verify Permissions on /etc/shells File",
+ "remarks": "rule_set_286"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
- "remarks": "rule_set_233"
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_287"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_233"
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_287"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_group",
- "remarks": "rule_set_233"
+ "value": "file_groupowner_etc_security_opasswd",
+ "remarks": "rule_set_287"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup group File",
- "remarks": "rule_set_233"
+ "value": "Verify Group Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_287"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_234"
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_234"
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_288"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_group",
- "remarks": "rule_set_234"
+ "value": "file_owner_etc_security_opasswd",
+ "remarks": "rule_set_288"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup group File",
- "remarks": "rule_set_234"
+ "value": "Verify User Who Owns /etc/security/opasswd File",
+ "remarks": "rule_set_288"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
- "remarks": "rule_set_235"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_235"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_289"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shadow",
- "remarks": "rule_set_235"
+ "value": "file_permissions_etc_security_opasswd",
+ "remarks": "rule_set_289"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns shadow File",
- "remarks": "rule_set_235"
+ "value": "Verify Permissions on /etc/security/opasswd File",
+ "remarks": "rule_set_289"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_236"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_236"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_290"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shadow",
- "remarks": "rule_set_236"
+ "value": "file_groupowner_etc_security_opasswd_old",
+ "remarks": "rule_set_290"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns shadow File",
- "remarks": "rule_set_236"
+ "value": "Verify Group Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_290"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
- "remarks": "rule_set_237"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
- "remarks": "rule_set_237"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_291"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shadow",
- "remarks": "rule_set_237"
+ "value": "file_owner_etc_security_opasswd_old",
+ "remarks": "rule_set_291"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on shadow File",
- "remarks": "rule_set_237"
+ "value": "Verify User Who Owns /etc/security/opasswd.old File",
+ "remarks": "rule_set_291"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_238"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_292"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_238"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_292"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_shadow",
- "remarks": "rule_set_238"
+ "value": "file_permissions_etc_security_opasswd_old",
+ "remarks": "rule_set_292"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup shadow File",
- "remarks": "rule_set_238"
+ "value": "Verify Permissions on /etc/security/opasswd.old File",
+ "remarks": "rule_set_292"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_239"
+ "value": "file_permissions_unauthorized_world_writable",
+ "remarks": "rule_set_293"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_239"
+ "value": "Ensure No World-Writable Files Exist",
+ "remarks": "rule_set_293"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_shadow",
- "remarks": "rule_set_239"
+ "value": "file_permissions_unauthorized_world_writable",
+ "remarks": "rule_set_293"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup shadow File",
- "remarks": "rule_set_239"
+ "value": "Ensure No World-Writable Files Exist",
+ "remarks": "rule_set_293"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_240"
+ "value": "dir_perms_world_writable_sticky_bits",
+ "remarks": "rule_set_294"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_240"
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "remarks": "rule_set_294"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_shadow",
- "remarks": "rule_set_240"
+ "value": "dir_perms_world_writable_sticky_bits",
+ "remarks": "rule_set_294"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup shadow File",
- "remarks": "rule_set_240"
+ "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
+ "remarks": "rule_set_294"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_241"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_295"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_241"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_295"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_gshadow",
- "remarks": "rule_set_241"
+ "value": "no_files_or_dirs_unowned_by_user",
+ "remarks": "rule_set_295"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns gshadow File",
- "remarks": "rule_set_241"
+ "value": "Ensure All Files And Directories Are Owned by a User",
+ "remarks": "rule_set_295"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
- "remarks": "rule_set_242"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_242"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_gshadow",
- "remarks": "rule_set_242"
+ "value": "no_files_or_dirs_ungroupowned",
+ "remarks": "rule_set_296"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns gshadow File",
- "remarks": "rule_set_242"
+ "value": "Ensure All Files And Directories Are Owned by a Group",
+ "remarks": "rule_set_296"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_243"
+ "value": "accounts_password_all_shadowed",
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_243"
+ "value": "Verify All Account Password Hashes are Shadowed",
+ "remarks": "rule_set_297"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_gshadow",
- "remarks": "rule_set_243"
+ "value": "accounts_password_all_shadowed",
+ "remarks": "rule_set_297"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on gshadow File",
- "remarks": "rule_set_243"
+ "value": "Verify All Account Password Hashes are Shadowed",
+ "remarks": "rule_set_297"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_244"
+ "value": "no_empty_passwords_etc_shadow",
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_244"
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "remarks": "rule_set_298"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_backup_etc_gshadow",
- "remarks": "rule_set_244"
+ "value": "no_empty_passwords_etc_shadow",
+ "remarks": "rule_set_298"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns Backup gshadow File",
- "remarks": "rule_set_244"
+ "value": "Ensure There Are No Accounts With Blank or Null Passwords",
+ "remarks": "rule_set_298"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_245"
+ "value": "gid_passwd_group_same",
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_245"
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "remarks": "rule_set_299"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_backup_etc_gshadow",
- "remarks": "rule_set_245"
+ "value": "gid_passwd_group_same",
+ "remarks": "rule_set_299"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify User Who Owns Backup gshadow File",
- "remarks": "rule_set_245"
+ "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
+ "remarks": "rule_set_299"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_246"
+ "value": "account_unique_id",
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_246"
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "remarks": "rule_set_300"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_backup_etc_gshadow",
- "remarks": "rule_set_246"
+ "value": "account_unique_id",
+ "remarks": "rule_set_300"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on Backup gshadow File",
- "remarks": "rule_set_246"
+ "value": "Ensure All Accounts on the System Have Unique User IDs",
+ "remarks": "rule_set_300"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_247"
+ "value": "group_unique_id",
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_247"
+ "value": "Ensure All Groups on the System Have Unique Group ID",
+ "remarks": "rule_set_301"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_etc_shells",
- "remarks": "rule_set_247"
+ "value": "group_unique_id",
+ "remarks": "rule_set_301"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Group Who Owns /etc/shells File",
- "remarks": "rule_set_247"
+ "value": "Ensure All Groups on the System Have Unique Group ID",
+ "remarks": "rule_set_301"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_248"
+ "value": "account_unique_name",
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_248"
+ "value": "Ensure All Accounts on the System Have Unique Names",
+ "remarks": "rule_set_302"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_etc_shells",
- "remarks": "rule_set_248"
+ "value": "account_unique_name",
+ "remarks": "rule_set_302"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Who Owns /etc/shells File",
- "remarks": "rule_set_248"
+ "value": "Ensure All Accounts on the System Have Unique Names",
+ "remarks": "rule_set_302"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_249"
+ "value": "group_unique_name",
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_249"
+ "value": "Ensure All Groups on the System Have Unique Group Names",
+ "remarks": "rule_set_303"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_etc_shells",
- "remarks": "rule_set_249"
+ "value": "group_unique_name",
+ "remarks": "rule_set_303"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions on /etc/shells File",
- "remarks": "rule_set_249"
+ "value": "Ensure All Groups on the System Have Unique Group Names",
+ "remarks": "rule_set_303"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_250"
+ "value": "accounts_user_interactive_home_directory_exists",
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_250"
+ "value": "All Interactive Users Home Directories Must Exist",
+ "remarks": "rule_set_304"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd",
- "remarks": "rule_set_250"
+ "value": "accounts_user_interactive_home_directory_exists",
+ "remarks": "rule_set_304"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify Permissions and Ownership of Old Passwords File",
- "remarks": "rule_set_250"
+ "value": "All Interactive Users Home Directories Must Exist",
+ "remarks": "rule_set_304"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_251"
+ "value": "file_ownership_home_directories",
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_251"
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "remarks": "rule_set_305"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_unauthorized_world_writable",
- "remarks": "rule_set_251"
+ "value": "file_ownership_home_directories",
+ "remarks": "rule_set_305"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure No World-Writable Files Exist",
- "remarks": "rule_set_251"
+ "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
+ "remarks": "rule_set_305"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_252"
+ "value": "file_permissions_home_directories",
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_252"
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "remarks": "rule_set_306"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dir_perms_world_writable_sticky_bits",
- "remarks": "rule_set_252"
+ "value": "file_permissions_home_directories",
+ "remarks": "rule_set_306"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify that All World-Writable Directories Have Sticky Bits Set",
- "remarks": "rule_set_252"
+ "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
+ "remarks": "rule_set_306"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_253"
+ "value": "accounts_user_dot_group_ownership",
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_253"
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "remarks": "rule_set_307"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user",
- "remarks": "rule_set_253"
+ "value": "accounts_user_dot_group_ownership",
+ "remarks": "rule_set_307"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a User",
- "remarks": "rule_set_253"
+ "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
+ "remarks": "rule_set_307"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_254"
+ "value": "accounts_user_dot_user_ownership",
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_254"
+ "value": "User Initialization Files Must Be Owned By the Primary User",
+ "remarks": "rule_set_308"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned",
- "remarks": "rule_set_254"
+ "value": "accounts_user_dot_user_ownership",
+ "remarks": "rule_set_308"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Files Are Owned by a Group",
- "remarks": "rule_set_254"
+ "value": "User Initialization Files Must Be Owned By the Primary User",
+ "remarks": "rule_set_308"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
- "remarks": "rule_set_255"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_255"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_309"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_all_shadowed",
- "remarks": "rule_set_255"
+ "value": "file_permission_user_init_files",
+ "remarks": "rule_set_309"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify All Account Password Hashes are Shadowed",
- "remarks": "rule_set_255"
+ "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
+ "remarks": "rule_set_309"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_256"
+ "value": "no_forward_files",
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_256"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_310"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_empty_passwords_etc_shadow",
- "remarks": "rule_set_256"
+ "value": "no_forward_files",
+ "remarks": "rule_set_310"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure There Are No Accounts With Blank or Null Passwords",
- "remarks": "rule_set_256"
+ "value": "Verify No .forward Files Exist",
+ "remarks": "rule_set_310"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
- "remarks": "rule_set_257"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_257"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_311"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "gid_passwd_group_same",
- "remarks": "rule_set_257"
+ "value": "no_netrc_files",
+ "remarks": "rule_set_311"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All GIDs referenced in /etc/passwd must be defined in /etc/group",
- "remarks": "rule_set_257"
+ "value": "Verify No netrc Files Exist",
+ "remarks": "rule_set_311"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
- "remarks": "rule_set_258"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_258"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_312"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_id",
- "remarks": "rule_set_258"
+ "value": "no_rhost_files",
+ "remarks": "rule_set_312"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique User IDs",
- "remarks": "rule_set_258"
+ "value": "Verify No .rhost Files Exist",
+ "remarks": "rule_set_312"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
- "remarks": "rule_set_259"
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_313"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_259"
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_313"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_id",
- "remarks": "rule_set_259"
+ "value": "file_permission_user_bash_history",
+ "remarks": "rule_set_313"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group ID",
- "remarks": "rule_set_259"
+ "value": "Ensure User Bash History File Has Correct Permissions",
+ "remarks": "rule_set_313"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
- "remarks": "rule_set_260"
+ "value": "kernel_module_overlayfs_disabled",
+ "remarks": "rule_set_314"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_260"
+ "value": "Ensure overlayfs kernel module is not available",
+ "remarks": "rule_set_314"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "account_unique_name",
- "remarks": "rule_set_260"
+ "value": "kernel_module_overlayfs_disabled",
+ "remarks": "rule_set_314"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Accounts on the System Have Unique Names",
- "remarks": "rule_set_260"
+ "value": "Ensure overlayfs kernel module is not available",
+ "remarks": "rule_set_314"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
- "remarks": "rule_set_261"
+ "value": "kernel_module_squashfs_disabled",
+ "remarks": "rule_set_315"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_261"
+ "value": "Disable Mounting of squashfs",
+ "remarks": "rule_set_315"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "group_unique_name",
- "remarks": "rule_set_261"
+ "value": "kernel_module_squashfs_disabled",
+ "remarks": "rule_set_315"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All Groups on the System Have Unique Group Names",
- "remarks": "rule_set_261"
+ "value": "Disable Mounting of squashfs",
+ "remarks": "rule_set_315"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_262"
+ "value": "kernel_module_udf_disabled",
+ "remarks": "rule_set_316"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_262"
+ "value": "Disable Mounting of udf",
+ "remarks": "rule_set_316"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_interactive_home_directory_exists",
- "remarks": "rule_set_262"
+ "value": "kernel_module_udf_disabled",
+ "remarks": "rule_set_316"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive Users Home Directories Must Exist",
- "remarks": "rule_set_262"
+ "value": "Disable Mounting of udf",
+ "remarks": "rule_set_316"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
- "remarks": "rule_set_263"
+ "value": "kernel_module_firewire-core_disabled",
+ "remarks": "rule_set_317"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_263"
+ "value": "Disable IEEE 1394 (FireWire) Support",
+ "remarks": "rule_set_317"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_ownership_home_directories",
- "remarks": "rule_set_263"
+ "value": "kernel_module_firewire-core_disabled",
+ "remarks": "rule_set_317"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Be Owned By The Primary User",
- "remarks": "rule_set_263"
+ "value": "Disable IEEE 1394 (FireWire) Support",
+ "remarks": "rule_set_317"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
- "remarks": "rule_set_264"
+ "value": "kernel_module_usb-storage_disabled",
+ "remarks": "rule_set_318"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_264"
+ "value": "Disable Modprobe Loading of USB Storage Driver",
+ "remarks": "rule_set_318"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_home_directories",
- "remarks": "rule_set_264"
+ "value": "kernel_module_usb-storage_disabled",
+ "remarks": "rule_set_318"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "All Interactive User Home Directories Must Have mode 0750 Or Less Permissive",
- "remarks": "rule_set_264"
+ "value": "Disable Modprobe Loading of USB Storage Driver",
+ "remarks": "rule_set_318"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_265"
+ "value": "partition_for_home",
+ "remarks": "rule_set_319"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_265"
+ "value": "Ensure /home Located On Separate Partition",
+ "remarks": "rule_set_319"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_group_ownership",
- "remarks": "rule_set_265"
+ "value": "partition_for_home",
+ "remarks": "rule_set_319"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Group-Owned By The Primary Group",
- "remarks": "rule_set_265"
+ "value": "Ensure /home Located On Separate Partition",
+ "remarks": "rule_set_319"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_266"
+ "value": "partition_for_var",
+ "remarks": "rule_set_320"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_266"
+ "value": "Ensure /var Located On Separate Partition",
+ "remarks": "rule_set_320"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_user_ownership",
- "remarks": "rule_set_266"
+ "value": "partition_for_var",
+ "remarks": "rule_set_320"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Be Owned By the Primary User",
- "remarks": "rule_set_266"
+ "value": "Ensure /var Located On Separate Partition",
+ "remarks": "rule_set_320"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_267"
+ "value": "partition_for_var_tmp",
+ "remarks": "rule_set_321"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_267"
+ "value": "Ensure /var/tmp Located On Separate Partition",
+ "remarks": "rule_set_321"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs",
- "remarks": "rule_set_267"
+ "value": "partition_for_var_tmp",
+ "remarks": "rule_set_321"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "User Initialization Files Must Not Run World-Writable Programs",
- "remarks": "rule_set_267"
+ "value": "Ensure /var/tmp Located On Separate Partition",
+ "remarks": "rule_set_321"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_268"
+ "value": "partition_for_var_log",
+ "remarks": "rule_set_322"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_268"
+ "value": "Ensure /var/log Located On Separate Partition",
+ "remarks": "rule_set_322"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files",
- "remarks": "rule_set_268"
+ "value": "partition_for_var_log",
+ "remarks": "rule_set_322"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure All User Initialization Files Have Mode 0740 Or Less Permissive",
- "remarks": "rule_set_268"
+ "value": "Ensure /var/log Located On Separate Partition",
+ "remarks": "rule_set_322"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_269"
+ "value": "partition_for_var_log_audit",
+ "remarks": "rule_set_323"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_269"
+ "value": "Ensure /var/log/audit Located On Separate Partition",
+ "remarks": "rule_set_323"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files",
- "remarks": "rule_set_269"
+ "value": "partition_for_var_log_audit",
+ "remarks": "rule_set_323"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No .forward Files Exist",
- "remarks": "rule_set_269"
+ "value": "Ensure /var/log/audit Located On Separate Partition",
+ "remarks": "rule_set_323"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_270"
+ "value": "disable_weak_deps",
+ "remarks": "rule_set_324"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_270"
+ "value": "Disable Installation of Weak Dependencies in DNF",
+ "remarks": "rule_set_324"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files",
- "remarks": "rule_set_270"
+ "value": "disable_weak_deps",
+ "remarks": "rule_set_324"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Verify No netrc Files Exist",
- "remarks": "rule_set_270"
+ "value": "Disable Installation of Weak Dependencies in DNF",
+ "remarks": "rule_set_324"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_overlayfs_disabled",
- "remarks": "rule_set_271"
+ "value": "selinux_state",
+ "remarks": "rule_set_325"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure overlayfs kernel module is not available",
- "remarks": "rule_set_271"
+ "value": "Ensure SELinux State is Enforcing",
+ "remarks": "rule_set_325"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_overlayfs_disabled",
- "remarks": "rule_set_271"
+ "value": "selinux_state",
+ "remarks": "rule_set_325"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure overlayfs kernel module is not available",
- "remarks": "rule_set_271"
+ "value": "Ensure SELinux State is Enforcing",
+ "remarks": "rule_set_325"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_squashfs_disabled",
- "remarks": "rule_set_272"
+ "value": "dconf_gnome_disable_automount",
+ "remarks": "rule_set_326"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of squashfs",
- "remarks": "rule_set_272"
+ "value": "Disable GNOME3 Automounting",
+ "remarks": "rule_set_326"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_squashfs_disabled",
- "remarks": "rule_set_272"
+ "value": "dconf_gnome_disable_automount",
+ "remarks": "rule_set_326"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of squashfs",
- "remarks": "rule_set_272"
+ "value": "Disable GNOME3 Automounting",
+ "remarks": "rule_set_326"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_udf_disabled",
- "remarks": "rule_set_273"
+ "value": "dconf_gnome_disable_automount_open",
+ "remarks": "rule_set_327"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of udf",
- "remarks": "rule_set_273"
+ "value": "Disable GNOME3 Automount Opening",
+ "remarks": "rule_set_327"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_udf_disabled",
- "remarks": "rule_set_273"
+ "value": "dconf_gnome_disable_automount_open",
+ "remarks": "rule_set_327"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Mounting of udf",
- "remarks": "rule_set_273"
+ "value": "Disable GNOME3 Automount Opening",
+ "remarks": "rule_set_327"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
- "remarks": "rule_set_274"
+ "value": "xwayland_disabled",
+ "remarks": "rule_set_328"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
- "remarks": "rule_set_274"
+ "value": "Disable XWayland",
+ "remarks": "rule_set_328"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_firewire-core_disabled",
- "remarks": "rule_set_274"
+ "value": "xwayland_disabled",
+ "remarks": "rule_set_328"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable IEEE 1394 (FireWire) Support",
- "remarks": "rule_set_274"
+ "value": "Disable XWayland",
+ "remarks": "rule_set_328"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
- "remarks": "rule_set_275"
+ "value": "service_autofs_disabled",
+ "remarks": "rule_set_329"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
- "remarks": "rule_set_275"
+ "value": "Disable the Automounter",
+ "remarks": "rule_set_329"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_usb-storage_disabled",
- "remarks": "rule_set_275"
+ "value": "service_autofs_disabled",
+ "remarks": "rule_set_329"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Modprobe Loading of USB Storage Driver",
- "remarks": "rule_set_275"
+ "value": "Disable the Automounter",
+ "remarks": "rule_set_329"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_home",
- "remarks": "rule_set_276"
+ "value": "service_avahi-daemon_disabled",
+ "remarks": "rule_set_330"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /home Located On Separate Partition",
- "remarks": "rule_set_276"
+ "value": "Disable Avahi Server Software",
+ "remarks": "rule_set_330"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_home",
- "remarks": "rule_set_276"
+ "value": "service_avahi-daemon_disabled",
+ "remarks": "rule_set_330"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /home Located On Separate Partition",
- "remarks": "rule_set_276"
+ "value": "Disable Avahi Server Software",
+ "remarks": "rule_set_330"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var",
- "remarks": "rule_set_277"
+ "value": "service_cockpit_disabled",
+ "remarks": "rule_set_331"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var Located On Separate Partition",
- "remarks": "rule_set_277"
+ "value": "Disable Cockpit Management Server",
+ "remarks": "rule_set_331"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var",
- "remarks": "rule_set_277"
+ "value": "service_cockpit_disabled",
+ "remarks": "rule_set_331"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var Located On Separate Partition",
- "remarks": "rule_set_277"
+ "value": "Disable Cockpit Management Server",
+ "remarks": "rule_set_331"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_tmp",
- "remarks": "rule_set_278"
+ "value": "package_openldap-clients_removed",
+ "remarks": "rule_set_332"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/tmp Located On Separate Partition",
- "remarks": "rule_set_278"
+ "value": "Ensure LDAP client is not installed",
+ "remarks": "rule_set_332"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_tmp",
- "remarks": "rule_set_278"
+ "value": "package_openldap-clients_removed",
+ "remarks": "rule_set_332"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/tmp Located On Separate Partition",
- "remarks": "rule_set_278"
+ "value": "Ensure LDAP client is not installed",
+ "remarks": "rule_set_332"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log",
- "remarks": "rule_set_279"
+ "value": "service_bluetooth_disabled",
+ "remarks": "rule_set_333"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log Located On Separate Partition",
- "remarks": "rule_set_279"
+ "value": "Disable Bluetooth Service",
+ "remarks": "rule_set_333"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log",
- "remarks": "rule_set_279"
+ "value": "service_bluetooth_disabled",
+ "remarks": "rule_set_333"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log Located On Separate Partition",
- "remarks": "rule_set_279"
+ "value": "Disable Bluetooth Service",
+ "remarks": "rule_set_333"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log_audit",
- "remarks": "rule_set_280"
+ "value": "kernel_module_sctp_disabled",
+ "remarks": "rule_set_334"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log/audit Located On Separate Partition",
- "remarks": "rule_set_280"
+ "value": "Disable SCTP Support",
+ "remarks": "rule_set_334"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partition_for_var_log_audit",
- "remarks": "rule_set_280"
+ "value": "kernel_module_sctp_disabled",
+ "remarks": "rule_set_334"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure /var/log/audit Located On Separate Partition",
- "remarks": "rule_set_280"
+ "value": "Disable SCTP Support",
+ "remarks": "rule_set_334"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_state",
- "remarks": "rule_set_281"
+ "value": "sudo_remove_nopasswd",
+ "remarks": "rule_set_335"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux State is Enforcing",
- "remarks": "rule_set_281"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD",
+ "remarks": "rule_set_335"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "selinux_state",
- "remarks": "rule_set_281"
+ "value": "sudo_remove_nopasswd",
+ "remarks": "rule_set_335"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure SELinux State is Enforcing",
- "remarks": "rule_set_281"
+ "value": "Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD",
+ "remarks": "rule_set_335"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
- "remarks": "rule_set_282"
+ "value": "accounts_passwords_pam_faillock_deny_root",
+ "remarks": "rule_set_336"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
- "remarks": "rule_set_282"
+ "value": "Configure the root Account for Failed Password Attempts",
+ "remarks": "rule_set_336"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount",
- "remarks": "rule_set_282"
+ "value": "accounts_passwords_pam_faillock_deny_root",
+ "remarks": "rule_set_336"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automounting",
- "remarks": "rule_set_282"
+ "value": "Configure the root Account for Failed Password Attempts",
+ "remarks": "rule_set_336"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
- "remarks": "rule_set_283"
+ "value": "accounts_minimum_age_login_defs",
+ "remarks": "rule_set_337"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
- "remarks": "rule_set_283"
+ "value": "Set Password Minimum Age",
+ "remarks": "rule_set_337"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "dconf_gnome_disable_automount_open",
- "remarks": "rule_set_283"
+ "value": "accounts_minimum_age_login_defs",
+ "remarks": "rule_set_337"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable GNOME3 Automount Opening",
- "remarks": "rule_set_283"
+ "value": "Set Password Minimum Age",
+ "remarks": "rule_set_337"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
- "remarks": "rule_set_284"
+ "value": "accounts_password_set_min_life_existing",
+ "remarks": "rule_set_338"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
- "remarks": "rule_set_284"
+ "value": "Set Existing Passwords Minimum Age",
+ "remarks": "rule_set_338"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_autofs_disabled",
- "remarks": "rule_set_284"
+ "value": "accounts_password_set_min_life_existing",
+ "remarks": "rule_set_338"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable the Automounter",
- "remarks": "rule_set_284"
+ "value": "Set Existing Passwords Minimum Age",
+ "remarks": "rule_set_338"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
- "remarks": "rule_set_285"
+ "value": "no_nologin_in_shells",
+ "remarks": "rule_set_339"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
- "remarks": "rule_set_285"
+ "value": "Ensure nologin Shell is Not Listed in /etc/shells",
+ "remarks": "rule_set_339"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_avahi-daemon_disabled",
- "remarks": "rule_set_285"
+ "value": "no_nologin_in_shells",
+ "remarks": "rule_set_339"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Avahi Server Software",
- "remarks": "rule_set_285"
+ "value": "Ensure nologin Shell is Not Listed in /etc/shells",
+ "remarks": "rule_set_339"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_openldap-clients_removed",
- "remarks": "rule_set_286"
+ "value": "package_audit_installed",
+ "remarks": "rule_set_340"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure LDAP client is not installed",
- "remarks": "rule_set_286"
+ "value": "Ensure the audit Subsystem is Installed",
+ "remarks": "rule_set_340"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_openldap-clients_removed",
- "remarks": "rule_set_286"
+ "value": "package_audit_installed",
+ "remarks": "rule_set_340"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure LDAP client is not installed",
- "remarks": "rule_set_286"
+ "value": "Ensure the audit Subsystem is Installed",
+ "remarks": "rule_set_340"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
- "remarks": "rule_set_287"
+ "value": "package_audit-libs_installed",
+ "remarks": "rule_set_341"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
- "remarks": "rule_set_287"
+ "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
+ "remarks": "rule_set_341"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_bluetooth_disabled",
- "remarks": "rule_set_287"
+ "value": "package_audit-libs_installed",
+ "remarks": "rule_set_341"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable Bluetooth Service",
- "remarks": "rule_set_287"
+ "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
+ "remarks": "rule_set_341"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_sctp_disabled",
- "remarks": "rule_set_288"
+ "value": "grub2_audit_argument",
+ "remarks": "rule_set_342"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SCTP Support",
- "remarks": "rule_set_288"
+ "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
+ "remarks": "rule_set_342"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "kernel_module_sctp_disabled",
- "remarks": "rule_set_288"
+ "value": "grub2_audit_argument",
+ "remarks": "rule_set_342"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Disable SCTP Support",
- "remarks": "rule_set_288"
+ "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
+ "remarks": "rule_set_342"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny_root",
- "remarks": "rule_set_289"
+ "value": "grub2_audit_backlog_limit_argument",
+ "remarks": "rule_set_343"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the root Account for Failed Password Attempts",
- "remarks": "rule_set_289"
+ "value": "Extend Audit Backlog Limit for the Audit Daemon",
+ "remarks": "rule_set_343"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_passwords_pam_faillock_deny_root",
- "remarks": "rule_set_289"
+ "value": "grub2_audit_backlog_limit_argument",
+ "remarks": "rule_set_343"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure the root Account for Failed Password Attempts",
- "remarks": "rule_set_289"
+ "value": "Extend Audit Backlog Limit for the Audit Daemon",
+ "remarks": "rule_set_343"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_minimum_age_login_defs",
- "remarks": "rule_set_290"
+ "value": "service_auditd_enabled",
+ "remarks": "rule_set_344"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Minimum Age",
- "remarks": "rule_set_290"
+ "value": "Enable auditd Service",
+ "remarks": "rule_set_344"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_minimum_age_login_defs",
- "remarks": "rule_set_290"
+ "value": "service_auditd_enabled",
+ "remarks": "rule_set_344"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Password Minimum Age",
- "remarks": "rule_set_290"
+ "value": "Enable auditd Service",
+ "remarks": "rule_set_344"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_min_life_existing",
- "remarks": "rule_set_291"
+ "value": "auditd_data_retention_max_log_file",
+ "remarks": "rule_set_345"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Minimum Age",
- "remarks": "rule_set_291"
+ "value": "Configure auditd Max Log File Size",
+ "remarks": "rule_set_345"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_password_set_min_life_existing",
- "remarks": "rule_set_291"
+ "value": "auditd_data_retention_max_log_file",
+ "remarks": "rule_set_345"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Set Existing Passwords Minimum Age",
- "remarks": "rule_set_291"
+ "value": "Configure auditd Max Log File Size",
+ "remarks": "rule_set_345"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit_installed",
- "remarks": "rule_set_292"
+ "value": "auditd_data_retention_max_log_file_action",
+ "remarks": "rule_set_346"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit Subsystem is Installed",
- "remarks": "rule_set_292"
+ "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
+ "remarks": "rule_set_346"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit_installed",
- "remarks": "rule_set_292"
+ "value": "auditd_data_retention_max_log_file_action",
+ "remarks": "rule_set_346"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit Subsystem is Installed",
- "remarks": "rule_set_292"
+ "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
+ "remarks": "rule_set_346"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit-libs_installed",
- "remarks": "rule_set_293"
+ "value": "auditd_data_disk_error_action",
+ "remarks": "rule_set_347"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
- "remarks": "rule_set_293"
+ "value": "Configure auditd Disk Error Action on Disk Error",
+ "remarks": "rule_set_347"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "package_audit-libs_installed",
- "remarks": "rule_set_293"
+ "value": "auditd_data_disk_error_action",
+ "remarks": "rule_set_347"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure the audit-libs package as a part of audit Subsystem is Installed",
- "remarks": "rule_set_293"
+ "value": "Configure auditd Disk Error Action on Disk Error",
+ "remarks": "rule_set_347"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_argument",
- "remarks": "rule_set_294"
+ "value": "auditd_data_disk_full_action",
+ "remarks": "rule_set_348"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
- "remarks": "rule_set_294"
+ "value": "Configure auditd Disk Full Action when Disk Space Is Full",
+ "remarks": "rule_set_348"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_argument",
- "remarks": "rule_set_294"
+ "value": "auditd_data_disk_full_action",
+ "remarks": "rule_set_348"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable Auditing for Processes Which Start Prior to the Audit Daemon",
- "remarks": "rule_set_294"
+ "value": "Configure auditd Disk Full Action when Disk Space Is Full",
+ "remarks": "rule_set_348"
},
{
"name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_backlog_limit_argument",
- "remarks": "rule_set_295"
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "auditd_data_retention_admin_space_left_action",
+ "remarks": "rule_set_349"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Extend Audit Backlog Limit for the Audit Daemon",
- "remarks": "rule_set_295"
+ "value": "Configure auditd admin_space_left Action on Low Disk Space",
+ "remarks": "rule_set_349"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "grub2_audit_backlog_limit_argument",
- "remarks": "rule_set_295"
+ "value": "auditd_data_retention_admin_space_left_action",
+ "remarks": "rule_set_349"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Extend Audit Backlog Limit for the Audit Daemon",
- "remarks": "rule_set_295"
+ "value": "Configure auditd admin_space_left Action on Low Disk Space",
+ "remarks": "rule_set_349"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_auditd_enabled",
- "remarks": "rule_set_296"
+ "value": "auditd_data_retention_space_left_action",
+ "remarks": "rule_set_350"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable auditd Service",
- "remarks": "rule_set_296"
+ "value": "Configure auditd space_left Action on Low Disk Space",
+ "remarks": "rule_set_350"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "service_auditd_enabled",
- "remarks": "rule_set_296"
+ "value": "auditd_data_retention_space_left_action",
+ "remarks": "rule_set_350"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Enable auditd Service",
- "remarks": "rule_set_296"
+ "value": "Configure auditd space_left Action on Low Disk Space",
+ "remarks": "rule_set_350"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file",
- "remarks": "rule_set_297"
+ "value": "audit_rules_sysadmin_actions",
+ "remarks": "rule_set_351"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Max Log File Size",
- "remarks": "rule_set_297"
+ "value": "Ensure auditd Collects System Administrator Actions",
+ "remarks": "rule_set_351"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file",
- "remarks": "rule_set_297"
+ "value": "audit_rules_sysadmin_actions",
+ "remarks": "rule_set_351"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Max Log File Size",
- "remarks": "rule_set_297"
+ "value": "Ensure auditd Collects System Administrator Actions",
+ "remarks": "rule_set_351"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file_action",
- "remarks": "rule_set_298"
+ "value": "audit_rules_suid_auid_privilege_function",
+ "remarks": "rule_set_352"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
- "remarks": "rule_set_298"
+ "value": "Record Events When Executables Are Run As Another User",
+ "remarks": "rule_set_352"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_max_log_file_action",
- "remarks": "rule_set_298"
+ "value": "audit_rules_suid_auid_privilege_function",
+ "remarks": "rule_set_352"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd max_log_file_action Upon Reaching Maximum Log Size",
- "remarks": "rule_set_298"
+ "value": "Record Events When Executables Are Run As Another User",
+ "remarks": "rule_set_352"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_error_action",
- "remarks": "rule_set_299"
+ "value": "audit_sudo_log_events",
+ "remarks": "rule_set_353"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Error Action on Disk Error",
- "remarks": "rule_set_299"
+ "value": "Record Attempts to perform maintenance activities",
+ "remarks": "rule_set_353"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_error_action",
- "remarks": "rule_set_299"
+ "value": "audit_sudo_log_events",
+ "remarks": "rule_set_353"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Error Action on Disk Error",
- "remarks": "rule_set_299"
+ "value": "Record Attempts to perform maintenance activities",
+ "remarks": "rule_set_353"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_full_action",
- "remarks": "rule_set_300"
+ "value": "audit_rules_time_adjtimex",
+ "remarks": "rule_set_354"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Full Action when Disk Space Is Full",
- "remarks": "rule_set_300"
+ "value": "Record attempts to alter time through adjtimex",
+ "remarks": "rule_set_354"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_disk_full_action",
- "remarks": "rule_set_300"
+ "value": "audit_rules_time_adjtimex",
+ "remarks": "rule_set_354"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd Disk Full Action when Disk Space Is Full",
- "remarks": "rule_set_300"
+ "value": "Record attempts to alter time through adjtimex",
+ "remarks": "rule_set_354"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct",
- "remarks": "rule_set_301"
+ "value": "audit_rules_time_settimeofday",
+ "remarks": "rule_set_355"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd mail_acct Action on Low Disk Space",
- "remarks": "rule_set_301"
+ "value": "Record attempts to alter time through settimeofday",
+ "remarks": "rule_set_355"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct",
- "remarks": "rule_set_301"
+ "value": "audit_rules_time_settimeofday",
+ "remarks": "rule_set_355"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd mail_acct Action on Low Disk Space",
- "remarks": "rule_set_301"
+ "value": "Record attempts to alter time through settimeofday",
+ "remarks": "rule_set_355"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_admin_space_left_action",
- "remarks": "rule_set_302"
+ "value": "audit_rules_time_clock_settime",
+ "remarks": "rule_set_356"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd admin_space_left Action on Low Disk Space",
- "remarks": "rule_set_302"
+ "value": "Record Attempts to Alter Time Through clock_settime",
+ "remarks": "rule_set_356"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_admin_space_left_action",
- "remarks": "rule_set_302"
+ "value": "audit_rules_time_clock_settime",
+ "remarks": "rule_set_356"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd admin_space_left Action on Low Disk Space",
- "remarks": "rule_set_302"
+ "value": "Record Attempts to Alter Time Through clock_settime",
+ "remarks": "rule_set_356"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_space_left_action",
- "remarks": "rule_set_303"
+ "value": "audit_rules_time_watch_localtime",
+ "remarks": "rule_set_357"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd space_left Action on Low Disk Space",
- "remarks": "rule_set_303"
+ "value": "Record Attempts to Alter the localtime File",
+ "remarks": "rule_set_357"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_space_left_action",
- "remarks": "rule_set_303"
+ "value": "audit_rules_time_watch_localtime",
+ "remarks": "rule_set_357"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Configure auditd space_left Action on Low Disk Space",
- "remarks": "rule_set_303"
+ "value": "Record Attempts to Alter the localtime File",
+ "remarks": "rule_set_357"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_sysadmin_actions",
- "remarks": "rule_set_304"
+ "value": "audit_rules_networkconfig_modification_setdomainname",
+ "remarks": "rule_set_358"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects System Administrator Actions",
- "remarks": "rule_set_304"
+ "value": "Record Events that Modify the System's Network Environment - setdomainname",
+ "remarks": "rule_set_358"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_sysadmin_actions",
- "remarks": "rule_set_304"
+ "value": "audit_rules_networkconfig_modification_setdomainname",
+ "remarks": "rule_set_358"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects System Administrator Actions",
- "remarks": "rule_set_304"
+ "value": "Record Events that Modify the System's Network Environment - setdomainname",
+ "remarks": "rule_set_358"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_suid_auid_privilege_function",
- "remarks": "rule_set_305"
+ "value": "audit_rules_networkconfig_modification_sethostname",
+ "remarks": "rule_set_359"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events When Executables Are Run As Another User",
- "remarks": "rule_set_305"
+ "value": "Record Events that Modify the System's Network Environment - sethostname",
+ "remarks": "rule_set_359"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_suid_auid_privilege_function",
- "remarks": "rule_set_305"
+ "value": "audit_rules_networkconfig_modification_sethostname",
+ "remarks": "rule_set_359"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events When Executables Are Run As Another User",
- "remarks": "rule_set_305"
+ "value": "Record Events that Modify the System's Network Environment - sethostname",
+ "remarks": "rule_set_359"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_sudo_log_events",
- "remarks": "rule_set_306"
+ "value": "audit_rules_networkconfig_modification_etc_issue",
+ "remarks": "rule_set_360"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to perform maintenance activities",
- "remarks": "rule_set_306"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue",
+ "remarks": "rule_set_360"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_sudo_log_events",
- "remarks": "rule_set_306"
+ "value": "audit_rules_networkconfig_modification_etc_issue",
+ "remarks": "rule_set_360"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to perform maintenance activities",
- "remarks": "rule_set_306"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue",
+ "remarks": "rule_set_360"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_adjtimex",
- "remarks": "rule_set_307"
+ "value": "audit_rules_networkconfig_modification_etc_issue_net",
+ "remarks": "rule_set_361"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through adjtimex",
- "remarks": "rule_set_307"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue.net",
+ "remarks": "rule_set_361"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_adjtimex",
- "remarks": "rule_set_307"
+ "value": "audit_rules_networkconfig_modification_etc_issue_net",
+ "remarks": "rule_set_361"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through adjtimex",
- "remarks": "rule_set_307"
+ "value": "Record Events that Modify the System's Network Environment - /etc/issue.net",
+ "remarks": "rule_set_361"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_settimeofday",
- "remarks": "rule_set_308"
+ "value": "audit_rules_networkconfig_modification_etc_hosts",
+ "remarks": "rule_set_362"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through settimeofday",
- "remarks": "rule_set_308"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hosts",
+ "remarks": "rule_set_362"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_settimeofday",
- "remarks": "rule_set_308"
+ "value": "audit_rules_networkconfig_modification_etc_hosts",
+ "remarks": "rule_set_362"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record attempts to alter time through settimeofday",
- "remarks": "rule_set_308"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hosts",
+ "remarks": "rule_set_362"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_clock_settime",
- "remarks": "rule_set_309"
+ "value": "audit_rules_networkconfig_modification_hostname_file",
+ "remarks": "rule_set_363"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Time Through clock_settime",
- "remarks": "rule_set_309"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hostname",
+ "remarks": "rule_set_363"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_clock_settime",
- "remarks": "rule_set_309"
+ "value": "audit_rules_networkconfig_modification_hostname_file",
+ "remarks": "rule_set_363"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter Time Through clock_settime",
- "remarks": "rule_set_309"
+ "value": "Record Events that Modify the System's Network Environment - /etc/hostname",
+ "remarks": "rule_set_363"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_watch_localtime",
- "remarks": "rule_set_310"
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network",
+ "remarks": "rule_set_364"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter the localtime File",
- "remarks": "rule_set_310"
+ "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network",
+ "remarks": "rule_set_364"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_time_watch_localtime",
- "remarks": "rule_set_310"
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network",
+ "remarks": "rule_set_364"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Attempts to Alter the localtime File",
- "remarks": "rule_set_310"
+ "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network",
+ "remarks": "rule_set_364"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification",
- "remarks": "rule_set_311"
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections",
+ "remarks": "rule_set_365"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment",
- "remarks": "rule_set_311"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/",
+ "remarks": "rule_set_365"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification",
- "remarks": "rule_set_311"
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections",
+ "remarks": "rule_set_365"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment",
- "remarks": "rule_set_311"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/system-connections/",
+ "remarks": "rule_set_365"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts",
- "remarks": "rule_set_312"
+ "value": "audit_rules_networkconfig_modification_networkmanager",
+ "remarks": "rule_set_366"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts",
- "remarks": "rule_set_312"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/",
+ "remarks": "rule_set_366"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts",
- "remarks": "rule_set_312"
+ "value": "audit_rules_networkconfig_modification_networkmanager",
+ "remarks": "rule_set_366"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Record Events that Modify the System's Network Environment - /etc/sysconfig/network-scripts",
- "remarks": "rule_set_312"
+ "value": "Record Events that Modify the System's Network Environment - /etc/NetworkManager/",
+ "remarks": "rule_set_366"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands",
- "remarks": "rule_set_313"
+ "remarks": "rule_set_367"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands",
- "remarks": "rule_set_313"
+ "remarks": "rule_set_367"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands",
- "remarks": "rule_set_313"
+ "remarks": "rule_set_367"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands",
- "remarks": "rule_set_313"
+ "remarks": "rule_set_367"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_creat",
- "remarks": "rule_set_314"
+ "remarks": "rule_set_368"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - creat",
- "remarks": "rule_set_314"
+ "remarks": "rule_set_368"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_creat",
- "remarks": "rule_set_314"
+ "remarks": "rule_set_368"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - creat",
- "remarks": "rule_set_314"
+ "remarks": "rule_set_368"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_ftruncate",
- "remarks": "rule_set_315"
+ "remarks": "rule_set_369"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - ftruncate",
- "remarks": "rule_set_315"
+ "remarks": "rule_set_369"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_ftruncate",
- "remarks": "rule_set_315"
+ "remarks": "rule_set_369"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - ftruncate",
- "remarks": "rule_set_315"
+ "remarks": "rule_set_369"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_open",
- "remarks": "rule_set_316"
+ "remarks": "rule_set_370"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - open",
- "remarks": "rule_set_316"
+ "remarks": "rule_set_370"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_open",
- "remarks": "rule_set_316"
+ "remarks": "rule_set_370"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - open",
- "remarks": "rule_set_316"
+ "remarks": "rule_set_370"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_openat",
- "remarks": "rule_set_317"
+ "remarks": "rule_set_371"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - openat",
- "remarks": "rule_set_317"
+ "remarks": "rule_set_371"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_openat",
- "remarks": "rule_set_317"
+ "remarks": "rule_set_371"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - openat",
- "remarks": "rule_set_317"
+ "remarks": "rule_set_371"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_truncate",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - truncate",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_unsuccessful_file_modification_truncate",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Unsuccessful Access Attempts to Files - truncate",
- "remarks": "rule_set_318"
+ "remarks": "rule_set_372"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_group",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/group",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_group",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/group",
- "remarks": "rule_set_319"
+ "remarks": "rule_set_373"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_passwd",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/passwd",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_passwd",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/passwd",
- "remarks": "rule_set_320"
+ "remarks": "rule_set_374"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_gshadow",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/gshadow",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_gshadow",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/gshadow",
- "remarks": "rule_set_321"
+ "remarks": "rule_set_375"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_shadow",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/shadow",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_shadow",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/shadow",
- "remarks": "rule_set_322"
+ "remarks": "rule_set_376"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_opasswd",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_usergroup_modification_opasswd",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify User/Group Information - /etc/security/opasswd",
- "remarks": "rule_set_323"
+ "remarks": "rule_set_377"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/nsswitch.conf",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/nsswitch.conf",
+ "remarks": "rule_set_378"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.conf",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.conf",
+ "remarks": "rule_set_379"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.d/",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd",
+ "remarks": "rule_set_380"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Record Events that Modify User/Group Information - /etc/pam.d/",
+ "remarks": "rule_set_380"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chmod",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_381"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_381"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chmod",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_381"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chmod",
- "remarks": "rule_set_324"
+ "remarks": "rule_set_381"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chown",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_382"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chown",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_382"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_chown",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_382"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - chown",
- "remarks": "rule_set_325"
+ "remarks": "rule_set_382"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmod",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_383"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_383"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmod",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_383"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmod",
- "remarks": "rule_set_326"
+ "remarks": "rule_set_383"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_384"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_384"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_384"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat",
- "remarks": "rule_set_327"
+ "remarks": "rule_set_384"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat2",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_385"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_385"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchmodat2",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_385"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchmodat2",
- "remarks": "rule_set_328"
+ "remarks": "rule_set_385"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchown",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchown",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchown",
- "remarks": "rule_set_329"
+ "remarks": "rule_set_386"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchownat",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fchownat",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fchownat",
- "remarks": "rule_set_330"
+ "remarks": "rule_set_387"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fremovexattr",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fremovexattr",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fremovexattr",
- "remarks": "rule_set_331"
+ "remarks": "rule_set_388"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fsetxattr",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_fsetxattr",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - fsetxattr",
- "remarks": "rule_set_332"
+ "remarks": "rule_set_389"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lchown",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lchown",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lchown",
- "remarks": "rule_set_333"
+ "remarks": "rule_set_390"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lremovexattr",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lremovexattr",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lremovexattr",
- "remarks": "rule_set_334"
+ "remarks": "rule_set_391"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lsetxattr",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_lsetxattr",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - lsetxattr",
- "remarks": "rule_set_335"
+ "remarks": "rule_set_392"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_removexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_removexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - removexattr",
- "remarks": "rule_set_336"
+ "remarks": "rule_set_393"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_setxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_dac_modification_setxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Discretionary Access Controls - setxattr",
- "remarks": "rule_set_337"
+ "remarks": "rule_set_394"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_media_export",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Exporting to Media (successful)",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_media_export",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Exporting to Media (successful)",
- "remarks": "rule_set_338"
+ "remarks": "rule_set_395"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_utmp",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information utmp",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_utmp",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information utmp",
- "remarks": "rule_set_339"
+ "remarks": "rule_set_396"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_btmp",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information btmp",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_btmp",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information btmp",
- "remarks": "rule_set_340"
+ "remarks": "rule_set_397"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_wtmp",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_session_events_wtmp",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Process and Session Initiation Information wtmp",
- "remarks": "rule_set_341"
+ "remarks": "rule_set_398"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_faillock",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - faillock",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_faillock",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - faillock",
- "remarks": "rule_set_342"
+ "remarks": "rule_set_399"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_lastlog",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - lastlog",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_login_events_lastlog",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Attempts to Alter Logon and Logout Events - lastlog",
- "remarks": "rule_set_343"
+ "remarks": "rule_set_400"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_rename",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - rename",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_rename",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - rename",
- "remarks": "rule_set_344"
+ "remarks": "rule_set_401"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat",
- "remarks": "rule_set_345"
+ "remarks": "rule_set_402"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat2",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat2",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_renameat2",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - renameat2",
- "remarks": "rule_set_346"
+ "remarks": "rule_set_403"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlink",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlink",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlink",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlink",
- "remarks": "rule_set_347"
+ "remarks": "rule_set_404"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlinkat",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_file_deletion_events_unlinkat",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects File Deletion Events by User - unlinkat",
- "remarks": "rule_set_348"
+ "remarks": "rule_set_405"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_etc_selinux",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_etc_selinux",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)",
- "remarks": "rule_set_349"
+ "remarks": "rule_set_406"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_usr_share",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_mac_modification_usr_share",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Events that Modify the System's Mandatory Access Controls in usr/share",
- "remarks": "rule_set_350"
+ "remarks": "rule_set_407"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chcon",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chcon",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chcon",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chcon",
- "remarks": "rule_set_351"
+ "remarks": "rule_set_408"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_setfacl",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run setfacl",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_setfacl",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run setfacl",
- "remarks": "rule_set_352"
+ "remarks": "rule_set_409"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chacl",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chacl",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_execution_chacl",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Record Any Attempts to Run chacl",
- "remarks": "rule_set_353"
+ "remarks": "rule_set_410"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_usermod",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_usermod",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - usermod",
- "remarks": "rule_set_354"
+ "remarks": "rule_set_411"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_kmod",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_privileged_commands_kmod",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on the Use of Privileged Commands - kmod",
- "remarks": "rule_set_355"
+ "remarks": "rule_set_412"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_finit",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_finit",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module",
- "remarks": "rule_set_356"
+ "remarks": "rule_set_413"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_init",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_init",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Loading - init_module",
- "remarks": "rule_set_357"
+ "remarks": "rule_set_414"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_delete",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_delete",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Ensure auditd Collects Information on Kernel Module Unloading - delete_module",
- "remarks": "rule_set_358"
+ "remarks": "rule_set_415"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_kernel_module_loading_create",
- "remarks": "rule_set_359"
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Rule_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Check_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_create",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Check_Description",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
+ "remarks": "rule_set_416"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_kernel_module_loading_query",
+ "remarks": "rule_set_417"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
- "remarks": "rule_set_359"
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "remarks": "rule_set_417"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_create",
- "remarks": "rule_set_359"
+ "value": "audit_rules_kernel_module_loading_query",
+ "remarks": "rule_set_417"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Unloading - create_module",
- "remarks": "rule_set_359"
+ "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
+ "remarks": "rule_set_417"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_query",
- "remarks": "rule_set_360"
+ "value": "audit_rules_continue_loading",
+ "remarks": "rule_set_418"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
- "remarks": "rule_set_360"
+ "value": "Ensure the Audit Configuration is Loaded Regardless of Errors",
+ "remarks": "rule_set_418"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_kernel_module_loading_query",
- "remarks": "rule_set_360"
+ "value": "audit_rules_continue_loading",
+ "remarks": "rule_set_418"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module",
- "remarks": "rule_set_360"
+ "value": "Ensure the Audit Configuration is Loaded Regardless of Errors",
+ "remarks": "rule_set_418"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_immutable",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_419"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Make the auditd Configuration Immutable",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_419"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "audit_rules_immutable",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_419"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Make the auditd Configuration Immutable",
- "remarks": "rule_set_361"
+ "remarks": "rule_set_419"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "directory_permissions_var_log_audit",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_420"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_420"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "directory_permissions_var_log_audit",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_420"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0750 or Less Permissive",
- "remarks": "rule_set_362"
+ "remarks": "rule_set_420"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_var_log_audit",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_421"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_421"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_var_log_audit",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_421"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Have Mode 0640 or Less Permissive",
- "remarks": "rule_set_363"
+ "remarks": "rule_set_421"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_var_log_audit_stig",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_422"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Owned By Root",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_422"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_var_log_audit_stig",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_422"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Owned By Root",
- "remarks": "rule_set_364"
+ "remarks": "rule_set_422"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_group_ownership_var_log_audit",
- "remarks": "rule_set_365"
+ "remarks": "rule_set_423"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Group Owned By Root",
- "remarks": "rule_set_365"
+ "remarks": "rule_set_423"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_group_ownership_var_log_audit",
- "remarks": "rule_set_365"
+ "remarks": "rule_set_423"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "System Audit Logs Must Be Group Owned By Root",
- "remarks": "rule_set_365"
+ "remarks": "rule_set_423"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_configuration",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Permissions are 640 or More Restrictive",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_configuration",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Permissions are 640 or More Restrictive",
- "remarks": "rule_set_366"
+ "remarks": "rule_set_424"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_configuration",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Root",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_configuration",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Root",
- "remarks": "rule_set_367"
+ "remarks": "rule_set_425"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_configuration",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Group root",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_configuration",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Audit Configuration Files Must Be Owned By Group root",
- "remarks": "rule_set_368"
+ "remarks": "rule_set_426"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_binaries",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools Have Mode 0755 or less",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_audit_binaries",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools Have Mode 0755 or less",
- "remarks": "rule_set_369"
+ "remarks": "rule_set_427"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_binaries",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by root",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_ownership_audit_binaries",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by root",
- "remarks": "rule_set_370"
+ "remarks": "rule_set_428"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_binaries",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Rule_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by group root",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Check_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_groupownership_audit_binaries",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
},
{
"name": "Check_Description",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "Verify that audit tools are owned by group root",
- "remarks": "rule_set_371"
+ "remarks": "rule_set_429"
}
],
"control-implementations": [
{
- "uuid": "3e7f7a02-62a1-406b-a957-996b294b2c6a",
+ "uuid": "8d6ae7f7-9ca1-42e7-b29b-04b9b40fdb0e",
"source": "trestle://profiles/fedora-cis_fedora-l2_workstation/profile.json",
"description": "Control implementation for cis_workstation_l2",
"props": [
@@ -22092,18 +24451,6 @@
"4"
]
},
- {
- "param-id": "sshd_strong_kex",
- "values": [
- "cis_rhel8"
- ]
- },
- {
- "param-id": "sshd_strong_macs",
- "values": [
- "cis_rhel8"
- ]
- },
{
"param-id": "sysctl_net_ipv4_conf_all_accept_redirects_value",
"values": [
@@ -22146,6 +24493,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv4_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "sysctl_net_ipv4_conf_default_log_martians_value",
"values": [
@@ -22224,6 +24577,12 @@
"disabled"
]
},
+ {
+ "param-id": "sysctl_net_ipv6_conf_default_forwarding_value",
+ "values": [
+ "disabled"
+ ]
+ },
{
"param-id": "var_account_disable_post_pw_expiration",
"values": [
@@ -22284,28 +24643,22 @@
"8192"
]
},
- {
- "param-id": "var_auditd_action_mail_acct",
- "values": [
- "root"
- ]
- },
{
"param-id": "var_auditd_admin_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_error_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
"param-id": "var_auditd_disk_full_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -22323,7 +24676,7 @@
{
"param-id": "var_auditd_space_left_action",
"values": [
- "cis_rhel8"
+ "cis_fedora"
]
},
{
@@ -22341,7 +24694,7 @@
{
"param-id": "var_password_hashing_algorithm",
"values": [
- "yescrypt"
+ "cis_fedora"
]
},
{
@@ -22368,6 +24721,12 @@
"3"
]
},
+ {
+ "param-id": "var_password_pam_maxsequence",
+ "values": [
+ "3"
+ ]
+ },
{
"param-id": "var_password_pam_minclass",
"values": [
@@ -22441,9 +24800,9 @@
]
},
{
- "param-id": "var_system_crypto_policy",
+ "param-id": "var_sudo_timestamp_timeout",
"values": [
- "default_policy"
+ "15_minutes"
]
},
{
@@ -22455,7 +24814,7 @@
],
"implemented-requirements": [
{
- "uuid": "ca4e97a8-04f2-47d2-965e-b47c3bf32732",
+ "uuid": "8c2743ae-d948-4c3f-9e2c-3e7425f665c2",
"control-id": "cis_fedora_1-1.1.6",
"description": "No notes for control-id 1.1.1.6.",
"props": [
@@ -22472,7 +24831,7 @@
]
},
{
- "uuid": "f383a942-8101-4872-866c-c2f47fc7de7f",
+ "uuid": "baed32cd-7fc1-4d5f-ac48-34b4745108c4",
"control-id": "cis_fedora_1-1.1.7",
"description": "No notes for control-id 1.1.1.7.",
"props": [
@@ -22489,7 +24848,7 @@
]
},
{
- "uuid": "1d4e388c-7b1a-4e0a-bc4a-11ce1701ebf5",
+ "uuid": "59009a78-ad6e-4de8-95ff-86629eed752a",
"control-id": "cis_fedora_1-1.1.8",
"description": "No notes for control-id 1.1.1.8.",
"props": [
@@ -22506,7 +24865,7 @@
]
},
{
- "uuid": "b9a26e14-f085-4128-9d48-f332b1081de3",
+ "uuid": "d287f6a9-ce22-49fa-ab65-f752715cb06c",
"control-id": "cis_fedora_1-1.1.9",
"description": "No notes for control-id 1.1.1.9.",
"props": [
@@ -22523,7 +24882,7 @@
]
},
{
- "uuid": "439fd9b3-53cd-41e3-8789-37929a4801c8",
+ "uuid": "75a72cdb-9c4b-4dd4-be4c-b3e22ee5fbcd",
"control-id": "cis_fedora_1-1.1.10",
"description": "No notes for control-id 1.1.1.10.",
"props": [
@@ -22540,7 +24899,7 @@
]
},
{
- "uuid": "182dc745-2d7e-4bf6-ad32-38366e4e01c3",
+ "uuid": "00d1f81d-85a9-427b-a19d-2c5d58141094",
"control-id": "cis_fedora_1-1.2.3.1",
"description": "No notes for control-id 1.1.2.3.1.",
"props": [
@@ -22557,7 +24916,7 @@
]
},
{
- "uuid": "048a145f-9b1e-4fea-86c0-45c003cfdb4a",
+ "uuid": "e2423b07-9586-431f-8b3c-2a43c05e41f3",
"control-id": "cis_fedora_1-1.2.4.1",
"description": "No notes for control-id 1.1.2.4.1.",
"props": [
@@ -22574,7 +24933,7 @@
]
},
{
- "uuid": "0fc2b971-6426-46ce-aad2-eedcf3352cbc",
+ "uuid": "b98fbfa6-5c35-4aa3-a874-5a3d8f1d3a84",
"control-id": "cis_fedora_1-1.2.5.1",
"description": "No notes for control-id 1.1.2.5.1.",
"props": [
@@ -22591,7 +24950,7 @@
]
},
{
- "uuid": "a2067659-d993-4a45-969a-0ce25ff9384c",
+ "uuid": "e7d15530-6038-4689-abd2-fabf157b65ce",
"control-id": "cis_fedora_1-1.2.6.1",
"description": "No notes for control-id 1.1.2.6.1.",
"props": [
@@ -22608,7 +24967,7 @@
]
},
{
- "uuid": "985b70ba-29dc-431f-806c-036ac6a336d3",
+ "uuid": "eec3fb1c-07df-485a-bbc4-b7b2872b1139",
"control-id": "cis_fedora_1-1.2.7.1",
"description": "No notes for control-id 1.1.2.7.1.",
"props": [
@@ -22625,7 +24984,7 @@
]
},
{
- "uuid": "694239c5-af30-4f29-846f-30a2952368c8",
+ "uuid": "d7e7b026-b922-402d-a7d8-9d41b82a2f38",
"control-id": "cis_fedora_1-2.1.3",
"description": "The description for control-id cis_fedora_1-2.1.3.",
"props": [
@@ -22638,20 +24997,24 @@
]
},
{
- "uuid": "60a666bd-64f1-4f79-bd7f-c6bc0c527ea2",
+ "uuid": "72214d72-6977-4799-a30a-ca54de9312ad",
"control-id": "cis_fedora_1-2.1.5",
- "description": "The description for control-id cis_fedora_1-2.1.5.",
+ "description": "No notes for control-id 1.2.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.2.1.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_weak_deps"
}
]
},
{
- "uuid": "4fa48cfb-303b-4e3d-9770-afad77f658da",
+ "uuid": "1c8d6391-ad8f-44bb-b8df-6a0c9d69c60c",
"control-id": "cis_fedora_1-3.1.5",
"description": "No notes for control-id 1.3.1.5.",
"props": [
@@ -22668,7 +25031,7 @@
]
},
{
- "uuid": "37b56ce3-50d2-46d3-aed4-335de1d98d62",
+ "uuid": "3a8f9111-e1b3-4d3f-a619-51e84ef6e3a8",
"control-id": "cis_fedora_1-3.1.6",
"description": "The description for control-id cis_fedora_1-3.1.6.",
"props": [
@@ -22681,7 +25044,7 @@
]
},
{
- "uuid": "b425f320-1873-4817-92c3-3034d214369e",
+ "uuid": "0ea3215a-6772-43b3-a4bf-8cd350a15b6b",
"control-id": "cis_fedora_1-8.4",
"description": "No notes for control-id 1.8.4.",
"props": [
@@ -22703,20 +25066,24 @@
]
},
{
- "uuid": "45978139-0dca-433b-94c8-a46ad1be0fcb",
+ "uuid": "5ec1ca6b-0a00-436a-879d-b78b9f8614dd",
"control-id": "cis_fedora_1-8.7",
- "description": "The description for control-id cis_fedora_1-8.7.",
+ "description": "No notes for control-id 1.8.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.8.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "xwayland_disabled"
}
]
},
{
- "uuid": "ea7bd3ad-8374-4bbf-9476-4d2a7fd68bf5",
+ "uuid": "5bfdd608-b407-4a09-ab9e-b9497d9e05a5",
"control-id": "cis_fedora_2-1.1",
"description": "No notes for control-id 2.1.1.",
"props": [
@@ -22733,7 +25100,7 @@
]
},
{
- "uuid": "bd8280aa-5306-4d4d-9ec3-645afb1f672e",
+ "uuid": "aa919e82-b3c3-4d0e-bbe0-905e686db4b4",
"control-id": "cis_fedora_2-1.2",
"description": "No notes for control-id 2.1.2.",
"props": [
@@ -22750,20 +25117,24 @@
]
},
{
- "uuid": "ccdeaa3c-383a-4176-b1e8-0349e9ceb66a",
+ "uuid": "80d71405-4c20-49de-a047-955969dcd8b7",
"control-id": "cis_fedora_2-1.3",
- "description": "The description for control-id cis_fedora_2-1.3.",
+ "description": "No notes for control-id 2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_cockpit_disabled"
}
]
},
{
- "uuid": "22d09d00-2d13-495f-819c-bd09bdadfe03",
+ "uuid": "28e55410-dbee-4542-b50e-a2d67fa9606d",
"control-id": "cis_fedora_2-2.2",
"description": "No notes for control-id 2.2.2.",
"props": [
@@ -22780,7 +25151,7 @@
]
},
{
- "uuid": "04f01127-e454-4b81-a2c2-77e558ec5914",
+ "uuid": "49cf493c-661e-4f69-b7c9-610fbc0f63aa",
"control-id": "cis_fedora_3-1.3",
"description": "No notes for control-id 3.1.3.",
"props": [
@@ -22797,7 +25168,7 @@
]
},
{
- "uuid": "ea1e7d7b-3be3-4573-bfd1-e1f368e9d238",
+ "uuid": "ad526aff-7fb2-4f1b-b471-dde0b294262b",
"control-id": "cis_fedora_3-2.6",
"description": "No notes for control-id 3.2.6.",
"props": [
@@ -22814,7 +25185,7 @@
]
},
{
- "uuid": "a8b091e9-16e4-424e-a0ba-0f958e96ca21",
+ "uuid": "ca93d729-8f68-4485-9042-ae4cc6e1fe09",
"control-id": "cis_fedora_5-2.4",
"description": "No notes for control-id 5.2.4.",
"props": [
@@ -22826,12 +25197,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_nopasswd"
}
]
},
{
- "uuid": "807fda2d-cc7c-496e-b4e7-9c21438735dd",
+ "uuid": "63f91955-0fdc-46a1-ad2d-170cd82cb0c8",
"control-id": "cis_fedora_5-3.3.1.3",
"description": "No notes for control-id 5.3.3.1.3.",
"props": [
@@ -22848,7 +25219,7 @@
]
},
{
- "uuid": "7e014f30-4c08-4d20-bcea-b99923397dbd",
+ "uuid": "c834f66d-7c9c-4023-bcce-1b422edccde8",
"control-id": "cis_fedora_5-4.1.2",
"description": "No notes for control-id 5.4.1.2.",
"props": [
@@ -22870,20 +25241,24 @@
]
},
{
- "uuid": "10ec3854-3ed8-41ed-8774-fe1212ef9b7e",
+ "uuid": "51511535-6426-46fa-82c9-ae2e84377499",
"control-id": "cis_fedora_5-4.3.1",
- "description": "The description for control-id cis_fedora_5-4.3.1.",
+ "description": "No notes for control-id 5.4.3.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check and remove nologin from /etc/shells.\nThe no_tmux_in_shells rule can be used as referece."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_nologin_in_shells"
}
]
},
{
- "uuid": "d0caae84-8983-4d26-8a3e-1b2272014999",
+ "uuid": "9ebeebe4-3356-4a9c-ad68-8b3005f34181",
"control-id": "cis_fedora_6-3.1.1",
"description": "No notes for control-id 6.3.1.1.",
"props": [
@@ -22905,7 +25280,7 @@
]
},
{
- "uuid": "764535c2-7172-4cb5-a18a-2bd0289755cd",
+ "uuid": "8c1e945f-bb34-416f-a1f8-178095212188",
"control-id": "cis_fedora_6-3.1.2",
"description": "No notes for control-id 6.3.1.2.",
"props": [
@@ -22922,7 +25297,7 @@
]
},
{
- "uuid": "27ca5fc7-8844-41de-a684-5db0021b2d97",
+ "uuid": "faee9fb3-9f37-468f-9afe-aaffd2d118ad",
"control-id": "cis_fedora_6-3.1.3",
"description": "No notes for control-id 6.3.1.3.",
"props": [
@@ -22939,7 +25314,7 @@
]
},
{
- "uuid": "4f486bf0-6e67-47a5-ae24-7352d3e91e65",
+ "uuid": "30494244-3198-4501-80fc-3989098018ab",
"control-id": "cis_fedora_6-3.1.4",
"description": "No notes for control-id 6.3.1.4.",
"props": [
@@ -22956,7 +25331,7 @@
]
},
{
- "uuid": "fed075b3-ce3c-460a-b64c-5e1f70564208",
+ "uuid": "4016a70d-a5d5-4a32-b7c3-14099c0eaee3",
"control-id": "cis_fedora_6-3.2.1",
"description": "No notes for control-id 6.3.2.1.",
"props": [
@@ -22973,7 +25348,7 @@
]
},
{
- "uuid": "a5545b87-eff2-479f-b983-a556a61834b7",
+ "uuid": "f761a83c-13d3-4b74-b826-0d64c52e2219",
"control-id": "cis_fedora_6-3.2.2",
"description": "No notes for control-id 6.3.2.2.",
"props": [
@@ -22990,7 +25365,7 @@
]
},
{
- "uuid": "22e368fb-6b45-4729-9f1b-5cba62cb85e5",
+ "uuid": "4b8bc9d3-708c-4a61-bd12-f679b228c267",
"control-id": "cis_fedora_6-3.2.3",
"description": "No notes for control-id 6.3.2.3.",
"props": [
@@ -23012,7 +25387,7 @@
]
},
{
- "uuid": "5d04d2bf-3b59-47ca-8f5e-fcfba5bfaefb",
+ "uuid": "f400c4f3-e507-47b3-9abc-bbdcd54c6a35",
"control-id": "cis_fedora_6-3.2.4",
"description": "No notes for control-id 6.3.2.4.",
"props": [
@@ -23021,11 +25396,6 @@
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "auditd_data_retention_action_mail_acct"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -23039,7 +25409,7 @@
]
},
{
- "uuid": "4c92c1d8-c457-46bb-a343-7f59c5b97dd0",
+ "uuid": "2c7ad39f-5e48-4a3d-8144-2fad8716f732",
"control-id": "cis_fedora_6-3.3.1",
"description": "No notes for control-id 6.3.3.1.",
"props": [
@@ -23056,7 +25426,7 @@
]
},
{
- "uuid": "21883a06-f67e-45ac-936a-3a71673690b1",
+ "uuid": "43992c9e-aefa-4bad-bfc9-facc31e576ed",
"control-id": "cis_fedora_6-3.3.2",
"description": "No notes for control-id 6.3.3.2.",
"props": [
@@ -23073,7 +25443,7 @@
]
},
{
- "uuid": "e1fd09be-6716-48f8-a803-3621b051c982",
+ "uuid": "fe1a138c-da36-4a14-b281-d2991d74f592",
"control-id": "cis_fedora_6-3.3.3",
"description": "No notes for control-id 6.3.3.3.",
"props": [
@@ -23090,7 +25460,7 @@
]
},
{
- "uuid": "843e1aad-9974-4546-9835-14065c7ed04e",
+ "uuid": "6922abea-86b5-4dfd-89ff-edfaa416850c",
"control-id": "cis_fedora_6-3.3.4",
"description": "No notes for control-id 6.3.3.4.",
"props": [
@@ -23122,81 +25492,112 @@
]
},
{
- "uuid": "28238908-19a2-41db-bcc3-5c4fe9f74837",
+ "uuid": "bf2fad7d-efa3-4a46-ba96-ff0c6cdd0821",
"control-id": "cis_fedora_6-3.3.5",
- "description": "The description for control-id cis_fedora_6-3.3.5.",
+ "description": "No notes for control-id 6.3.3.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_setdomainname"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_sethostname"
}
]
},
{
- "uuid": "66627b4f-b41f-4ed5-8081-99dcb416cbc9",
+ "uuid": "2eb82ac9-84b7-4709-b046-9581222599f1",
"control-id": "cis_fedora_6-3.3.6",
- "description": "The description for control-id cis_fedora_6-3.3.6.",
+ "description": "No notes for control-id 6.3.3.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_issue_net"
}
]
},
{
- "uuid": "c1b69b95-b5d1-4a44-ae23-a36d8b36a57f",
+ "uuid": "a6ca8aa5-d66d-4b3a-a5d0-5e7c125f554e",
"control-id": "cis_fedora_6-3.3.7",
- "description": "These rules are not covering \"/etc/hostname\" and \"/etc/NetworkManager/\".",
+ "description": "No notes for control-id 6.3.3.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification"
+ "value": "audit_rules_networkconfig_modification_etc_hosts"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "audit_rules_networkconfig_modification_network_scripts"
+ "value": "audit_rules_networkconfig_modification_hostname_file"
}
]
},
{
- "uuid": "0a221c2b-6d63-4975-9af7-c5f4a050d22f",
+ "uuid": "ee0c653e-b3ab-4827-bf22-d442e7666626",
"control-id": "cis_fedora_6-3.3.8",
- "description": "The description for control-id cis_fedora_6-3.3.8.",
+ "description": "No notes for control-id 6.3.3.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_sysconfig_network"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_etc_networkmanager_system_connections"
}
]
},
{
- "uuid": "c78191b4-dbd0-4f11-9d4a-21735f94e0ce",
+ "uuid": "69a2f24e-cbe8-4346-ae62-2d7092ccfbe8",
"control-id": "cis_fedora_6-3.3.9",
- "description": "The description for control-id cis_fedora_6-3.3.9.",
+ "description": "No notes for control-id 6.3.3.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_networkconfig_modification_networkmanager"
}
]
},
{
- "uuid": "a0d1bed4-7b73-4a62-a17a-30b5e40c53b1",
+ "uuid": "ae928a2d-e8e3-41e3-b22e-51eb06c7d1c5",
"control-id": "cis_fedora_6-3.3.10",
"description": "No notes for control-id 6.3.3.10.",
"props": [
@@ -23213,7 +25614,7 @@
]
},
{
- "uuid": "3b111bcd-66cf-48ca-be42-3b89066b43dd",
+ "uuid": "9315e8a4-d338-4c96-bc68-a7c8424de120",
"control-id": "cis_fedora_6-3.3.11",
"description": "No notes for control-id 6.3.3.11.",
"props": [
@@ -23250,7 +25651,7 @@
]
},
{
- "uuid": "c1f06f1d-db95-42ad-90df-6f96a9719edf",
+ "uuid": "f7c22ae7-5fe7-4f5d-a9cb-c02115128346",
"control-id": "cis_fedora_6-3.3.12",
"description": "No notes for control-id 6.3.3.12.",
"props": [
@@ -23267,7 +25668,7 @@
]
},
{
- "uuid": "6303d04a-b7be-429b-b005-e23766b58e8b",
+ "uuid": "9148d5df-ea2c-45a2-b071-79e59e1054c0",
"control-id": "cis_fedora_6-3.3.13",
"description": "No notes for control-id 6.3.3.13.",
"props": [
@@ -23284,7 +25685,7 @@
]
},
{
- "uuid": "cf8a6dbb-c8a9-463a-ad45-1102399c6c51",
+ "uuid": "ad081d32-6979-4eb3-a010-d7798e2a28ae",
"control-id": "cis_fedora_6-3.3.14",
"description": "No notes for control-id 6.3.3.14.",
"props": [
@@ -23306,7 +25707,7 @@
]
},
{
- "uuid": "31945eec-c4a0-46c0-aae1-87e02893d93b",
+ "uuid": "8a5b8fc6-018a-4e03-9556-77d179c056e4",
"control-id": "cis_fedora_6-3.3.15",
"description": "No notes for control-id 6.3.3.15.",
"props": [
@@ -23323,33 +25724,46 @@
]
},
{
- "uuid": "3cb02e1c-6149-424f-a7c9-744135ad228b",
+ "uuid": "c98dbf21-c23d-4d66-aeac-83c797f97101",
"control-id": "cis_fedora_6-3.3.16",
- "description": "The description for control-id cis_fedora_6-3.3.16.",
+ "description": "No notes for control-id 6.3.3.16.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.16."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_nsswitch_conf"
}
]
},
{
- "uuid": "b0f1af9a-7188-4b83-8541-6e957a9b9a27",
+ "uuid": "33a1e360-6997-4417-bc83-3867d73009f8",
"control-id": "cis_fedora_6-3.3.17",
- "description": "The description for control-id cis_fedora_6-3.3.17.",
+ "description": "No notes for control-id 6.3.3.17.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.17."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pam_conf"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_usergroup_modification_pamd"
}
]
},
{
- "uuid": "c75ee52f-069d-4ecb-adbf-f8b638afa94a",
+ "uuid": "30fe87b3-633b-4c6a-a40c-541797d5528f",
"control-id": "cis_fedora_6-3.3.18",
"description": "No notes for control-id 6.3.3.18.",
"props": [
@@ -23431,7 +25845,7 @@
]
},
{
- "uuid": "42361808-620e-49bb-8802-4fb3bf2496cf",
+ "uuid": "2e3030ee-faf1-423d-9b33-92922dc0ca9b",
"control-id": "cis_fedora_6-3.3.19",
"description": "No notes for control-id 6.3.3.19.",
"props": [
@@ -23448,7 +25862,7 @@
]
},
{
- "uuid": "5923fbaa-5ee4-41f5-a64d-6a34fd8fb2a6",
+ "uuid": "8675955d-329e-4103-8651-88bbb98d1449",
"control-id": "cis_fedora_6-3.3.20",
"description": "No notes for control-id 6.3.3.20.",
"props": [
@@ -23475,7 +25889,7 @@
]
},
{
- "uuid": "7001b17c-08bb-4d79-8834-fc45dff251d1",
+ "uuid": "6f715461-7409-4dfa-82c9-05a4228d4bfa",
"control-id": "cis_fedora_6-3.3.21",
"description": "No notes for control-id 6.3.3.21.",
"props": [
@@ -23497,7 +25911,7 @@
]
},
{
- "uuid": "0edbaa86-f0fb-4bd0-b479-94904cb863e4",
+ "uuid": "78459235-a795-4094-b78c-c2489261cdb3",
"control-id": "cis_fedora_6-3.3.22",
"description": "No notes for control-id 6.3.3.22.",
"props": [
@@ -23534,7 +25948,7 @@
]
},
{
- "uuid": "2e7fb72c-0160-45c4-a43f-4f90772cb61f",
+ "uuid": "f6eedcd3-1060-44da-b54d-ffe29c538f10",
"control-id": "cis_fedora_6-3.3.23",
"description": "No notes for control-id 6.3.3.23.",
"props": [
@@ -23556,7 +25970,7 @@
]
},
{
- "uuid": "dda0a193-aa83-4c2d-b06d-63652967ee06",
+ "uuid": "50d6d3a5-bfa4-4cce-af59-f468ca91b5f2",
"control-id": "cis_fedora_6-3.3.24",
"description": "No notes for control-id 6.3.3.24.",
"props": [
@@ -23573,7 +25987,7 @@
]
},
{
- "uuid": "2eef0e03-a2fd-421a-a167-edf84da6e9cf",
+ "uuid": "fc752c36-b821-4c78-9f89-1601c76bdb4f",
"control-id": "cis_fedora_6-3.3.25",
"description": "No notes for control-id 6.3.3.25.",
"props": [
@@ -23590,7 +26004,7 @@
]
},
{
- "uuid": "ae2c3345-1e90-463e-a8fe-317af7cf6a74",
+ "uuid": "017d78d0-cbd6-475c-a768-1384acb9ae99",
"control-id": "cis_fedora_6-3.3.26",
"description": "No notes for control-id 6.3.3.26.",
"props": [
@@ -23607,7 +26021,7 @@
]
},
{
- "uuid": "6594448e-53dc-4784-87e1-c06161688e72",
+ "uuid": "478fb9e7-0cc0-47ee-a4d3-053edeb036a0",
"control-id": "cis_fedora_6-3.3.27",
"description": "No notes for control-id 6.3.3.27.",
"props": [
@@ -23624,7 +26038,7 @@
]
},
{
- "uuid": "472c0892-37f8-499d-a4e6-178d406ded15",
+ "uuid": "0cbedbf4-64ee-410a-bde0-0a321de31e79",
"control-id": "cis_fedora_6-3.3.28",
"description": "No notes for control-id 6.3.3.28.",
"props": [
@@ -23641,7 +26055,7 @@
]
},
{
- "uuid": "b0b2b27f-2115-4b68-8fb8-ec084037482c",
+ "uuid": "3d7c31bb-9135-4cef-addc-14cc998204b3",
"control-id": "cis_fedora_6-3.3.29",
"description": "No notes for control-id 6.3.3.29.",
"props": [
@@ -23663,7 +26077,7 @@
]
},
{
- "uuid": "b0edf030-3874-4c4c-8262-d49afdca2fa8",
+ "uuid": "b4f34113-6fd1-425c-a780-a2b542dee2b2",
"control-id": "cis_fedora_6-3.3.30",
"description": "No notes for control-id 6.3.3.30.",
"props": [
@@ -23680,7 +26094,7 @@
]
},
{
- "uuid": "019b8889-7119-4c94-a46d-d9b65aa87ec8",
+ "uuid": "b334a769-8b74-41f1-bb1e-3d34d0309e2f",
"control-id": "cis_fedora_6-3.3.31",
"description": "No notes for control-id 6.3.3.31.",
"props": [
@@ -23702,20 +26116,24 @@
]
},
{
- "uuid": "f5c1023d-7a07-4b38-8201-3f5d547a49b8",
+ "uuid": "05b05444-5a96-4a02-8a49-d6baeb39c6e2",
"control-id": "cis_fedora_6-3.3.32",
- "description": "The description for control-id cis_fedora_6-3.3.32.",
+ "description": "No notes for control-id 6.3.3.32.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 6.3.3.32."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "audit_rules_continue_loading"
}
]
},
{
- "uuid": "e42e10e9-1a5e-496a-9390-e906568318c3",
+ "uuid": "579f55d8-f25a-4641-8f1a-b3b7e357bb9a",
"control-id": "cis_fedora_6-3.3.33",
"description": "No notes for control-id 6.3.3.33.",
"props": [
@@ -23732,7 +26150,7 @@
]
},
{
- "uuid": "11fcba1b-e2f2-407e-9f78-e21b693b6821",
+ "uuid": "85f7ec5d-37b6-47e4-a303-416eea71e2ff",
"control-id": "cis_fedora_6-3.3.34",
"description": "The description for control-id cis_fedora_6-3.3.34.",
"props": [
@@ -23745,7 +26163,7 @@
]
},
{
- "uuid": "4812af93-464a-4b28-a37d-1261fcd9add9",
+ "uuid": "d0d8f890-23c1-4bfb-9204-eadc2dcd925a",
"control-id": "cis_fedora_6-3.4.1",
"description": "No notes for control-id 6.3.4.1.",
"props": [
@@ -23762,7 +26180,7 @@
]
},
{
- "uuid": "2a067469-f26e-4789-ad83-9757a644e67b",
+ "uuid": "c89e0821-00f0-4c77-baad-47d63c398e7e",
"control-id": "cis_fedora_6-3.4.2",
"description": "No notes for control-id 6.3.4.2.",
"props": [
@@ -23779,7 +26197,7 @@
]
},
{
- "uuid": "e47178c0-b9e4-4090-a4ed-7871bb595591",
+ "uuid": "8922442a-d27d-4842-bb78-5b1cedd7fd56",
"control-id": "cis_fedora_6-3.4.3",
"description": "No notes for control-id 6.3.4.3.",
"props": [
@@ -23796,7 +26214,7 @@
]
},
{
- "uuid": "7e46c49e-fd6d-439f-9c47-0a4dfa639679",
+ "uuid": "59e10d5d-6e2e-40e1-b5de-0d38da936f1a",
"control-id": "cis_fedora_6-3.4.4",
"description": "No notes for control-id 6.3.4.4.",
"props": [
@@ -23813,7 +26231,7 @@
]
},
{
- "uuid": "83b11789-0ffe-49b8-9094-05562ce021de",
+ "uuid": "c2d80707-d613-4325-95da-b3405ba9d48f",
"control-id": "cis_fedora_6-3.4.5",
"description": "No notes for control-id 6.3.4.5.",
"props": [
@@ -23830,7 +26248,7 @@
]
},
{
- "uuid": "227f11e7-6363-4050-8bee-b70d1e0b919d",
+ "uuid": "4b524ff6-fc91-47e1-9a0d-7725ecf56abc",
"control-id": "cis_fedora_6-3.4.6",
"description": "No notes for control-id 6.3.4.6.",
"props": [
@@ -23847,7 +26265,7 @@
]
},
{
- "uuid": "3c07f46d-105b-4e8e-bcee-f1de9686d179",
+ "uuid": "4a7fc9a1-bd3e-479d-8316-74f197dcd382",
"control-id": "cis_fedora_6-3.4.7",
"description": "No notes for control-id 6.3.4.7.",
"props": [
@@ -23864,7 +26282,7 @@
]
},
{
- "uuid": "df4d0201-0951-435f-a054-6a1eea9236f8",
+ "uuid": "7a9dc242-a5c2-4601-95de-7fb271919cec",
"control-id": "cis_fedora_6-3.4.8",
"description": "No notes for control-id 6.3.4.8.",
"props": [
@@ -23881,7 +26299,7 @@
]
},
{
- "uuid": "0e09f2d7-ee67-49d4-b6d6-82606bc56af5",
+ "uuid": "a3769d5d-d82b-421a-bd61-7f25ae1ad010",
"control-id": "cis_fedora_6-3.4.9",
"description": "No notes for control-id 6.3.4.9.",
"props": [
@@ -23898,7 +26316,7 @@
]
},
{
- "uuid": "205a9ded-9a53-4abb-a9fb-73b48fa22637",
+ "uuid": "65bcbea8-5b22-44f0-9b91-5d87c69b27a3",
"control-id": "cis_fedora_6-3.4.10",
"description": "No notes for control-id 6.3.4.10.",
"props": [
@@ -23915,7 +26333,7 @@
]
},
{
- "uuid": "e177656d-750f-47e6-aa15-bc9e9681f4b5",
+ "uuid": "a94e2ada-d932-4cc6-ab0f-53e76e6b683b",
"control-id": "reload_dconf_db",
"description": "This is a helper rule to reload Dconf database correctly.",
"props": [
@@ -23932,7 +26350,7 @@
]
},
{
- "uuid": "08b1f6b8-235e-489d-a38c-c4931ce8c089",
+ "uuid": "4ec99713-14e8-4b18-bc5f-c53af26937cb",
"control-id": "cis_fedora_1-1.1.1",
"description": "No notes for control-id 1.1.1.1.",
"props": [
@@ -23949,7 +26367,7 @@
]
},
{
- "uuid": "d205f3f3-aebf-408e-8981-27ff677d26b0",
+ "uuid": "3836b07c-958f-4e28-8a3c-8abf987be27f",
"control-id": "cis_fedora_1-1.1.2",
"description": "No notes for control-id 1.1.1.2.",
"props": [
@@ -23966,7 +26384,7 @@
]
},
{
- "uuid": "3b06b4c7-1d06-4bbd-9de8-ed74d72eb6b9",
+ "uuid": "2101adb9-e298-4af0-8369-fb546d31f4e4",
"control-id": "cis_fedora_1-1.1.3",
"description": "No notes for control-id 1.1.1.3.",
"props": [
@@ -23983,7 +26401,7 @@
]
},
{
- "uuid": "523a6f1a-a82e-495c-8ab1-390a480ae052",
+ "uuid": "150dba8a-a99c-4a4f-ae45-49b68e6cc91d",
"control-id": "cis_fedora_1-1.1.4",
"description": "No notes for control-id 1.1.1.4.",
"props": [
@@ -24000,7 +26418,7 @@
]
},
{
- "uuid": "3d5f2de0-ee44-4b2d-9dc4-795983d84b59",
+ "uuid": "7410ce98-126f-4ee1-b1f4-082a68af24a6",
"control-id": "cis_fedora_1-1.1.5",
"description": "No notes for control-id 1.1.1.5.",
"props": [
@@ -24017,7 +26435,7 @@
]
},
{
- "uuid": "8ff61784-c453-4ed5-81e2-5562a31de427",
+ "uuid": "83424226-5a7e-4e12-9286-3b6b92fb7a00",
"control-id": "cis_fedora_1-1.1.11",
"description": "The description for control-id cis_fedora_1-1.1.11.",
"props": [
@@ -24030,7 +26448,7 @@
]
},
{
- "uuid": "e25f74d3-ba3b-4794-8ed6-9e28723dbde0",
+ "uuid": "475a5077-d71b-406e-b35c-b620c664e4c6",
"control-id": "cis_fedora_1-1.2.1.1",
"description": "No notes for control-id 1.1.2.1.1.",
"props": [
@@ -24047,7 +26465,7 @@
]
},
{
- "uuid": "47cdb40f-b722-4c38-92b9-8a5fc798c9f8",
+ "uuid": "fbda6f1b-2f97-4c1f-a0c5-5c5fa5e8c72f",
"control-id": "cis_fedora_1-1.2.1.2",
"description": "No notes for control-id 1.1.2.1.2.",
"props": [
@@ -24064,7 +26482,7 @@
]
},
{
- "uuid": "c1921f63-48d7-4213-a2f8-25320ba81a51",
+ "uuid": "0cefc45e-0954-4053-a861-ab9c0b9151f6",
"control-id": "cis_fedora_1-1.2.1.3",
"description": "No notes for control-id 1.1.2.1.3.",
"props": [
@@ -24081,7 +26499,7 @@
]
},
{
- "uuid": "a9fad6ac-56a8-441a-9204-28792645cda5",
+ "uuid": "aa7c4982-97fb-4b60-8575-f369c4235226",
"control-id": "cis_fedora_1-1.2.1.4",
"description": "No notes for control-id 1.1.2.1.4.",
"props": [
@@ -24098,7 +26516,7 @@
]
},
{
- "uuid": "26b5f659-64ca-4cb3-9494-823f0445b00c",
+ "uuid": "6df859df-7bc6-4bdd-aabc-4ea256bee970",
"control-id": "cis_fedora_1-1.2.2.1",
"description": "No notes for control-id 1.1.2.2.1.",
"props": [
@@ -24115,7 +26533,7 @@
]
},
{
- "uuid": "fe7e3ee8-c7d6-4bd4-9e8d-f9e9c49617cf",
+ "uuid": "56174fbc-10c2-4993-8143-5f0ace1169b8",
"control-id": "cis_fedora_1-1.2.2.2",
"description": "No notes for control-id 1.1.2.2.2.",
"props": [
@@ -24132,7 +26550,7 @@
]
},
{
- "uuid": "c43cffa3-3cb8-4047-a9f4-e7438d3b167a",
+ "uuid": "8f79ade2-97d8-4353-9ed2-632789e7c510",
"control-id": "cis_fedora_1-1.2.2.3",
"description": "No notes for control-id 1.1.2.2.3.",
"props": [
@@ -24149,7 +26567,7 @@
]
},
{
- "uuid": "9f9f7785-6f0c-4cf0-ab20-ddfd07646329",
+ "uuid": "2598d870-9255-49d4-b85a-7ca07dc4e348",
"control-id": "cis_fedora_1-1.2.2.4",
"description": "No notes for control-id 1.1.2.2.4.",
"props": [
@@ -24166,7 +26584,7 @@
]
},
{
- "uuid": "061af5d9-6a5b-495d-8c2f-d65f1c581bb0",
+ "uuid": "c33bf089-b558-49dc-8926-1f80592cb5f0",
"control-id": "cis_fedora_1-1.2.3.2",
"description": "No notes for control-id 1.1.2.3.2.",
"props": [
@@ -24183,7 +26601,7 @@
]
},
{
- "uuid": "9bf77542-ef8e-4639-9c3d-29ebf554f459",
+ "uuid": "a641770b-e8d1-48c7-8cb5-0f61adc970fe",
"control-id": "cis_fedora_1-1.2.3.3",
"description": "No notes for control-id 1.1.2.3.3.",
"props": [
@@ -24200,7 +26618,7 @@
]
},
{
- "uuid": "c39b2f46-ba1d-4580-9f05-93b1f8c1be50",
+ "uuid": "a748e8f3-9377-488b-a0e4-eb9273028205",
"control-id": "cis_fedora_1-1.2.4.2",
"description": "No notes for control-id 1.1.2.4.2.",
"props": [
@@ -24217,7 +26635,7 @@
]
},
{
- "uuid": "fe8d8546-a82b-4bc5-ab37-f7c0d90aa81f",
+ "uuid": "675bbc95-60cb-4cd8-959f-6831cb60934d",
"control-id": "cis_fedora_1-1.2.4.3",
"description": "No notes for control-id 1.1.2.4.3.",
"props": [
@@ -24234,7 +26652,7 @@
]
},
{
- "uuid": "195004d2-6269-4a12-988c-cd607f20c7ac",
+ "uuid": "2e6c50ed-897c-44dd-88d7-de714ca24387",
"control-id": "cis_fedora_1-1.2.5.2",
"description": "No notes for control-id 1.1.2.5.2.",
"props": [
@@ -24251,7 +26669,7 @@
]
},
{
- "uuid": "9336c6be-cdf0-4eea-8a79-142d5d172b97",
+ "uuid": "3b1f369f-0ffd-4df4-bc79-00e52ea4a2aa",
"control-id": "cis_fedora_1-1.2.5.3",
"description": "No notes for control-id 1.1.2.5.3.",
"props": [
@@ -24268,7 +26686,7 @@
]
},
{
- "uuid": "851bf7be-52de-4eb2-9214-a96dd4b4cd30",
+ "uuid": "b414fc21-cd3e-44ae-adc3-dcc54ac1f35f",
"control-id": "cis_fedora_1-1.2.5.4",
"description": "No notes for control-id 1.1.2.5.4.",
"props": [
@@ -24285,7 +26703,7 @@
]
},
{
- "uuid": "14fbdca6-3cab-4ca6-9b04-c58688067bd4",
+ "uuid": "9d29b57e-966a-46e8-8079-c55875fa5ad6",
"control-id": "cis_fedora_1-1.2.6.2",
"description": "No notes for control-id 1.1.2.6.2.",
"props": [
@@ -24302,7 +26720,7 @@
]
},
{
- "uuid": "11f2b229-4d35-481a-b532-9168bad28906",
+ "uuid": "cfab2dc4-830c-47e8-aac1-714a8bca491f",
"control-id": "cis_fedora_1-1.2.6.3",
"description": "No notes for control-id 1.1.2.6.3.",
"props": [
@@ -24319,7 +26737,7 @@
]
},
{
- "uuid": "cdfc342a-c71d-49ef-b4dd-803c6cb4cda9",
+ "uuid": "f9c8ef3c-36fb-41f8-ae0a-543e11352e9c",
"control-id": "cis_fedora_1-1.2.6.4",
"description": "No notes for control-id 1.1.2.6.4.",
"props": [
@@ -24336,7 +26754,7 @@
]
},
{
- "uuid": "3c8ca819-898c-4c9d-bf15-1bd2390051ea",
+ "uuid": "256367f6-62c4-4606-b142-2b541aa8a37f",
"control-id": "cis_fedora_1-1.2.7.2",
"description": "No notes for control-id 1.1.2.7.2.",
"props": [
@@ -24353,7 +26771,7 @@
]
},
{
- "uuid": "1f421322-b561-4e6e-8beb-5dc8401800c3",
+ "uuid": "59391c78-9db9-44df-8a5e-4a13c5d3cfef",
"control-id": "cis_fedora_1-1.2.7.3",
"description": "No notes for control-id 1.1.2.7.3.",
"props": [
@@ -24370,7 +26788,7 @@
]
},
{
- "uuid": "aa0c5626-6294-436e-8aac-892bda25b72b",
+ "uuid": "8423e34e-ed4b-4948-b740-2508050a678c",
"control-id": "cis_fedora_1-1.2.7.4",
"description": "No notes for control-id 1.1.2.7.4.",
"props": [
@@ -24387,7 +26805,7 @@
]
},
{
- "uuid": "0f96ac0b-c76c-4cac-8bcb-e2fdffb72355",
+ "uuid": "5d002748-8a43-4f25-9caa-ec3e1531fdaa",
"control-id": "cis_fedora_1-2.1.1",
"description": "The description for control-id cis_fedora_1-2.1.1.",
"props": [
@@ -24400,7 +26818,7 @@
]
},
{
- "uuid": "89061ade-85df-4c1a-aab0-0a11b0a8bd19",
+ "uuid": "f58c0f31-03ff-4d88-9487-89c5c74081fb",
"control-id": "cis_fedora_1-2.1.2",
"description": "No notes for control-id 1.2.1.2.",
"props": [
@@ -24417,7 +26835,7 @@
]
},
{
- "uuid": "0528f3b4-4e1d-4ac0-a85e-479f8dd28374",
+ "uuid": "a495ad7a-fa1e-4795-a797-337bc0989a39",
"control-id": "cis_fedora_1-2.1.4",
"description": "The description for control-id cis_fedora_1-2.1.4.",
"props": [
@@ -24430,7 +26848,7 @@
]
},
{
- "uuid": "76011698-c804-41bc-97e3-6560eb79d226",
+ "uuid": "767da2ad-c9e7-4556-923a-5a5f05d17b02",
"control-id": "cis_fedora_1-2.2.1",
"description": "The description for control-id cis_fedora_1-2.2.1.",
"props": [
@@ -24443,7 +26861,7 @@
]
},
{
- "uuid": "cd899034-81c1-4850-a6a2-3ec88189e3d7",
+ "uuid": "1d3a8f3c-944e-4c83-b664-20c8efab33fc",
"control-id": "cis_fedora_1-3.1.1",
"description": "No notes for control-id 1.3.1.1.",
"props": [
@@ -24460,7 +26878,7 @@
]
},
{
- "uuid": "a9122998-1d5b-4668-a35a-2503f9cc35bd",
+ "uuid": "ee3d09f0-375e-4b54-b1de-dc49f3573b31",
"control-id": "cis_fedora_1-3.1.2",
"description": "No notes for control-id 1.3.1.2.",
"props": [
@@ -24477,7 +26895,7 @@
]
},
{
- "uuid": "4ca9026e-7c53-4d20-a6cc-a51766b2eeae",
+ "uuid": "6ae18fc8-71c2-4fd7-ba04-81fa877d0fff",
"control-id": "cis_fedora_1-3.1.3",
"description": "No notes for control-id 1.3.1.3.",
"props": [
@@ -24494,7 +26912,7 @@
]
},
{
- "uuid": "78d8a9f6-336c-499e-a137-7a030eee274a",
+ "uuid": "d09c20ff-6453-4fbb-b5e5-621c59378759",
"control-id": "cis_fedora_1-3.1.4",
"description": "No notes for control-id 1.3.1.4.",
"props": [
@@ -24511,7 +26929,7 @@
]
},
{
- "uuid": "4a209e32-a51e-48d6-bc63-b0cd325466e3",
+ "uuid": "78ae58c7-802a-4572-83b2-a4ce396b3c70",
"control-id": "cis_fedora_1-3.1.7",
"description": "No notes for control-id 1.3.1.7.",
"props": [
@@ -24528,7 +26946,7 @@
]
},
{
- "uuid": "e5f5b65a-7694-46ca-9806-2c20b60fa85e",
+ "uuid": "19357392-5a8f-4b2e-af34-0d86acfaff5c",
"control-id": "cis_fedora_1-4.1",
"description": "There is no automated remediation for this rule and this is intentional.\nMore details in the rule description.",
"props": [
@@ -24545,180 +26963,204 @@
]
},
{
- "uuid": "e898fe9e-ba47-4e14-8288-69dc45516ef4",
+ "uuid": "1c2ade6d-c0ac-489b-8b65-4e8eeac7a3a8",
"control-id": "cis_fedora_1-4.2",
- "description": "The description for control-id cis_fedora_1-4.2.",
+ "description": "This requirement demands a deeper review of the rules.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This requirement demands a deeper review of the rules."
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_grub2_cfg"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_grub2_cfg"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_groupowner_user_cfg"
+ "value": "file_permissions_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_owner_user_cfg"
+ "value": "file_owner_boot_grub2"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_user_cfg"
+ "value": "file_groupowner_boot_grub2"
}
]
},
{
- "uuid": "fa9de062-4ad9-410e-9e34-e443ce243f58",
+ "uuid": "5cd06a66-4d01-425f-addd-26a33548062e",
"control-id": "cis_fedora_1-5.1",
- "description": "The description for control-id cis_fedora_1-5.1.",
+ "description": "No notes for control-id 1.5.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "disable_users_coredumps"
}
]
},
{
- "uuid": "525a3f35-c0fd-4a54-8a66-98d76fa61f2f",
+ "uuid": "ceb557ca-8819-4782-96c0-13883bfb765f",
"control-id": "cis_fedora_1-5.2",
- "description": "The description for control-id cis_fedora_1-5.2.",
+ "description": "No notes for control-id 1.5.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_hardlinks"
}
]
},
{
- "uuid": "453470bc-bf4e-4044-b615-54a3c389850c",
+ "uuid": "5e723f02-3f31-40fa-be37-4c62e34fbbde",
"control-id": "cis_fedora_1-5.3",
- "description": "The description for control-id cis_fedora_1-5.3.",
+ "description": "No notes for control-id 1.5.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_protected_symlinks"
}
]
},
{
- "uuid": "0bd95c57-aa4a-4776-b0aa-8aadccc3e757",
+ "uuid": "b6396dab-ef13-4ffc-aa0a-c13330b3a964",
"control-id": "cis_fedora_1-5.4",
- "description": "The description for control-id cis_fedora_1-5.4.",
+ "description": "No notes for control-id 1.5.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_fs_suid_dumpable"
}
]
},
{
- "uuid": "14892111-679d-470f-aed8-d40c033d7b48",
+ "uuid": "c35522dd-f837-4701-9021-4002c8b94baa",
"control-id": "cis_fedora_1-5.5",
- "description": "The description for control-id cis_fedora_1-5.5.",
+ "description": "No notes for control-id 1.5.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_dmesg_restrict"
}
]
},
{
- "uuid": "0727c160-dab6-49b9-b745-2af6b817aa9c",
+ "uuid": "24e670bf-7bfe-46e4-986c-57e4c5fcae00",
"control-id": "cis_fedora_1-5.6",
- "description": "The description for control-id cis_fedora_1-5.6.",
+ "description": "No notes for control-id 1.5.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.6."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_kptr_restrict"
}
]
},
{
- "uuid": "25a4b379-b35c-4f32-b243-74a9f47b4594",
+ "uuid": "63c8d0c2-3dd4-4c55-b268-19beb5bacfcc",
"control-id": "cis_fedora_1-5.7",
- "description": "The description for control-id cis_fedora_1-5.7.",
+ "description": "No notes for control-id 1.5.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_yama_ptrace_scope"
}
]
},
{
- "uuid": "a99a5346-241c-4d26-a8ff-f895cbf358f0",
+ "uuid": "f93bd5cb-fb7e-43a1-9001-bdbd8836c7ba",
"control-id": "cis_fedora_1-5.8",
- "description": "The description for control-id cis_fedora_1-5.8.",
+ "description": "Address Space Layout Randomization (ASLR)",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.8."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_kernel_randomize_va_space"
}
]
},
{
- "uuid": "0dd834b3-4f91-4a5a-8bfd-12eee39546af",
+ "uuid": "9709f026-5490-46e6-b498-490a6ecd4bb2",
"control-id": "cis_fedora_1-5.9",
- "description": "The description for control-id cis_fedora_1-5.9.",
+ "description": "No notes for control-id 1.5.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.9."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_backtraces"
}
]
},
{
- "uuid": "79322bbe-052e-4303-838f-faa2a9f65f1d",
+ "uuid": "65c5286d-0f0d-4f44-856f-75df2cc5b5aa",
"control-id": "cis_fedora_1-5.10",
- "description": "The description for control-id cis_fedora_1-5.10.",
+ "description": "No notes for control-id 1.5.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.5.10."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "coredump_disable_storage"
}
]
},
{
- "uuid": "89f79331-06e4-43dc-a96e-f1633bf13bb5",
+ "uuid": "c647c8bc-b2bf-473d-9d06-51b2bfcae980",
"control-id": "cis_fedora_1-6.1",
"description": "No notes for control-id 1.6.1.",
"props": [
@@ -24730,50 +27172,63 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "configure_crypto_policy"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "8acb9fb1-02da-46d2-aa01-b31755685165",
+ "uuid": "ec483044-1d4c-4c33-93be-2034a29ce5a4",
"control-id": "cis_fedora_1-6.2",
- "description": "This requirement is already satisfied by 1.6.1.",
+ "description": "No notes for control-id 1.6.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "e1ae1616-b8aa-46a6-970d-ed324b27ffee",
+ "uuid": "93fff4c6-bd59-4f47-90bf-36f1d0ce62fa",
"control-id": "cis_fedora_1-6.3",
- "description": "The description for control-id cis_fedora_1-6.3.",
+ "description": "No notes for control-id 1.6.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "fdd4e13e-4f5f-46e4-82b3-beb5f6c38c6e",
+ "uuid": "dc929fd3-aebd-49ce-b5a8-a06386fc7cbc",
"control-id": "cis_fedora_1-6.4",
- "description": "The description for control-id cis_fedora_1-6.4.",
+ "description": "No notes for control-id 1.6.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 1.6.4."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "0acb5b56-fc04-4696-b638-0ae468637138",
+ "uuid": "b6d3f44c-8d35-425d-994f-c27860df9d81",
"control-id": "cis_fedora_1-7.1",
"description": "No notes for control-id 1.7.1.",
"props": [
@@ -24790,7 +27245,7 @@
]
},
{
- "uuid": "a1c88da1-c984-414b-ba43-c9e5e48f0ff4",
+ "uuid": "da1f7b7f-f0eb-4a4c-b8e7-b59f07eed113",
"control-id": "cis_fedora_1-7.2",
"description": "No notes for control-id 1.7.2.",
"props": [
@@ -24807,7 +27262,7 @@
]
},
{
- "uuid": "08fd4ea0-8bd3-4f57-974f-0913e7925f09",
+ "uuid": "92cfb7d5-cc3b-4f4d-ad36-44b06308ccbf",
"control-id": "cis_fedora_1-7.3",
"description": "No notes for control-id 1.7.3.",
"props": [
@@ -24824,7 +27279,7 @@
]
},
{
- "uuid": "409d8211-b59f-4553-941b-9abf739841d4",
+ "uuid": "c1d42962-2faa-444b-b056-facc777d13d7",
"control-id": "cis_fedora_1-7.4",
"description": "No notes for control-id 1.7.4.",
"props": [
@@ -24851,7 +27306,7 @@
]
},
{
- "uuid": "26177052-8be0-4ef6-8b8b-47afb0035e8d",
+ "uuid": "a323a693-69dd-4c97-bcb3-2ade6c95f071",
"control-id": "cis_fedora_1-7.5",
"description": "No notes for control-id 1.7.5.",
"props": [
@@ -24878,7 +27333,7 @@
]
},
{
- "uuid": "bb175a30-0908-432a-b75c-ebc94446fb60",
+ "uuid": "0b63d3e0-507d-4559-a366-3d4dae907154",
"control-id": "cis_fedora_1-7.6",
"description": "No notes for control-id 1.7.6.",
"props": [
@@ -24905,14 +27360,14 @@
]
},
{
- "uuid": "8a4759b2-621a-4f6e-908b-b515995ae696",
+ "uuid": "51edddba-8965-41d4-b926-31c90400b81d",
"control-id": "cis_fedora_1-8.1",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -24927,7 +27382,7 @@
]
},
{
- "uuid": "1e3f1222-a143-4129-b001-6165642eb30f",
+ "uuid": "42750a19-6eae-4923-8768-1127dc12e461",
"control-id": "cis_fedora_1-8.2",
"description": "Review rules to confirm settings are not writeable by users",
"props": [
@@ -24944,14 +27399,14 @@
]
},
{
- "uuid": "76b43bc3-c052-43f7-8872-10eb4e7fb67b",
+ "uuid": "980eedb4-3146-48f5-8ab3-2675d17d797d",
"control-id": "cis_fedora_1-8.3",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -24962,18 +27417,28 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "dconf_gnome_screensaver_lock_delay"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_session_idle_user_locks"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "dconf_gnome_screensaver_user_locks"
}
]
},
{
- "uuid": "834f523d-c467-42b5-a737-a23528d79718",
+ "uuid": "ecf5e82f-77c0-4abc-be98-410921bef67e",
"control-id": "cis_fedora_1-8.5",
- "description": "Review rules to confirm settings are not writeable by users",
+ "description": "No notes for control-id 1.8.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -24983,7 +27448,7 @@
]
},
{
- "uuid": "5db2e285-7ca7-496c-a724-53ade19aab87",
+ "uuid": "639279ee-a515-43d2-bb6b-d0a1b816a71d",
"control-id": "cis_fedora_1-8.6",
"description": "The description for control-id cis_fedora_1-8.6.",
"props": [
@@ -24996,7 +27461,7 @@
]
},
{
- "uuid": "2d4ab790-2424-4ec0-bd3c-9c46c82cc085",
+ "uuid": "c8467761-d89e-4bd2-bb9e-7b5abe40f1e6",
"control-id": "cis_fedora_2-1.4",
"description": "No notes for control-id 2.1.4.",
"props": [
@@ -25013,7 +27478,7 @@
]
},
{
- "uuid": "0fa2eb8f-0fa6-4397-b69f-799903964d42",
+ "uuid": "1174d558-961f-49a9-aa85-1ec2bcf85b42",
"control-id": "cis_fedora_2-1.5",
"description": "No notes for control-id 2.1.5.",
"props": [
@@ -25030,7 +27495,7 @@
]
},
{
- "uuid": "7b1a0609-03b7-445c-a8b9-d9ea15e62bc9",
+ "uuid": "9588e41b-1a23-4ad0-bd9c-7e926fbb3b72",
"control-id": "cis_fedora_2-1.6",
"description": "No notes for control-id 2.1.6.",
"props": [
@@ -25047,7 +27512,7 @@
]
},
{
- "uuid": "d070a44a-2926-4c98-87af-ad5dd36b15f0",
+ "uuid": "d4a3082c-57b4-4223-8916-13725197d485",
"control-id": "cis_fedora_2-1.7",
"description": "No notes for control-id 2.1.7.",
"props": [
@@ -25064,7 +27529,7 @@
]
},
{
- "uuid": "1fcc2771-db87-4a72-8c29-8c384d9d6869",
+ "uuid": "c2c7267f-7096-430f-80ed-be8ca4827aee",
"control-id": "cis_fedora_2-1.8",
"description": "No notes for control-id 2.1.8.",
"props": [
@@ -25086,7 +27551,7 @@
]
},
{
- "uuid": "d0a5870f-7628-4d5a-ab9e-f3141a580456",
+ "uuid": "fe7604ec-fbed-498c-8fd0-49b4f50ee803",
"control-id": "cis_fedora_2-1.9",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization are dependent on the\nnfs-utils package.",
"props": [
@@ -25103,7 +27568,7 @@
]
},
{
- "uuid": "f47a5fdc-ffea-4fa7-8e1a-6fd7c97a7f7c",
+ "uuid": "027c4cde-080a-4f97-aa1a-b3546fdb9f71",
"control-id": "cis_fedora_2-1.10",
"description": "No notes for control-id 2.1.10.",
"props": [
@@ -25115,7 +27580,7 @@
]
},
{
- "uuid": "09403e3c-0b2b-4936-9c50-7d18f1f52b29",
+ "uuid": "073aa3d7-734d-4311-a7be-6aa831d31cde",
"control-id": "cis_fedora_2-1.12",
"description": "Many of the libvirt packages used by Enterprise Linux virtualization, and the nfs-utils\npackage used for The Network File System (NFS), are dependent on the rpcbind package.",
"props": [
@@ -25132,7 +27597,7 @@
]
},
{
- "uuid": "1c831c0d-1372-49df-89b5-098cf89720bd",
+ "uuid": "580d6cfd-7552-4ede-87e4-b525db7d7b7a",
"control-id": "cis_fedora_2-1.13",
"description": "No notes for control-id 2.1.13.",
"props": [
@@ -25149,7 +27614,7 @@
]
},
{
- "uuid": "de2fba61-1c7f-4954-9a9a-c31067ddbcbd",
+ "uuid": "00252809-7d07-44cc-a4f3-4cb3bb320509",
"control-id": "cis_fedora_2-1.14",
"description": "No notes for control-id 2.1.14.",
"props": [
@@ -25166,7 +27631,7 @@
]
},
{
- "uuid": "d42ae25b-c568-4cdc-838c-e636f35e5fe5",
+ "uuid": "72258c03-1ece-47db-b801-0f5698168f5f",
"control-id": "cis_fedora_2-1.15",
"description": "No notes for control-id 2.1.15.",
"props": [
@@ -25183,7 +27648,7 @@
]
},
{
- "uuid": "4a7a31e1-4435-4b20-b8ed-91ceb5b6cf38",
+ "uuid": "eb6f4700-3c5d-4028-8d3b-fc804e53158b",
"control-id": "cis_fedora_2-1.16",
"description": "No notes for control-id 2.1.16.",
"props": [
@@ -25200,7 +27665,7 @@
]
},
{
- "uuid": "13d246b8-930c-428d-be5a-5ff0e46942ef",
+ "uuid": "8838e5b4-629a-490d-9053-36caf0a146d1",
"control-id": "cis_fedora_2-1.17",
"description": "No notes for control-id 2.1.17.",
"props": [
@@ -25217,7 +27682,7 @@
]
},
{
- "uuid": "c8b7c289-57ca-4976-87da-c4d0719ebd21",
+ "uuid": "2f7bc081-737c-4e7a-8608-e804dfefaabb",
"control-id": "cis_fedora_2-1.18",
"description": "No notes for control-id 2.1.18.",
"props": [
@@ -25234,7 +27699,7 @@
]
},
{
- "uuid": "c4b58e26-e9a8-44d2-9bf0-902320c2cab8",
+ "uuid": "ba95e3fe-058d-45c4-87c6-98dd82bb825a",
"control-id": "cis_fedora_2-1.19",
"description": "No notes for control-id 2.1.19.",
"props": [
@@ -25256,7 +27721,7 @@
]
},
{
- "uuid": "6a9f3beb-0773-476a-915d-a8008d98e0a1",
+ "uuid": "dd1a69ef-c60d-4c87-9105-25563db23615",
"control-id": "cis_fedora_2-1.20",
"description": "The description for control-id cis_fedora_2-1.20.",
"props": [
@@ -25269,14 +27734,14 @@
]
},
{
- "uuid": "00a3cc17-06c3-443d-a974-c7d34e917643",
+ "uuid": "90c3f2fb-8b24-418e-9260-558a609087ce",
"control-id": "cis_fedora_2-1.23",
- "description": "The rule has_nonlocal_mta currently checks for services listening only on port 25,\nbut the policy checks also for ports 465 and 587",
+ "description": "No notes for control-id 2.1.23.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -25291,7 +27756,7 @@
]
},
{
- "uuid": "088d28c6-9ed6-4b27-9ff8-69e74e77c68f",
+ "uuid": "b8362fba-7971-4bea-a391-d2a829d5260c",
"control-id": "cis_fedora_2-1.24",
"description": "The description for control-id cis_fedora_2-1.24.",
"props": [
@@ -25304,7 +27769,7 @@
]
},
{
- "uuid": "ad97a37d-e6fc-4df7-a517-5b47c4f14435",
+ "uuid": "3bd92faf-7999-4d5c-9f9b-7756a11deced",
"control-id": "cis_fedora_2-2.1",
"description": "No notes for control-id 2.2.1.",
"props": [
@@ -25321,7 +27786,7 @@
]
},
{
- "uuid": "5a8c7373-ded3-4169-8602-4ee28b314b5b",
+ "uuid": "7300c551-85fc-42c7-9a7c-7bff84d1113e",
"control-id": "cis_fedora_2-2.3",
"description": "No notes for control-id 2.2.3.",
"props": [
@@ -25333,7 +27798,7 @@
]
},
{
- "uuid": "0d18c56b-e970-43e8-929b-4b4c5ad0eeb4",
+ "uuid": "79a465ed-528e-4a8a-859e-37f86da374c6",
"control-id": "cis_fedora_2-2.4",
"description": "No notes for control-id 2.2.4.",
"props": [
@@ -25350,7 +27815,7 @@
]
},
{
- "uuid": "151bd19b-6c66-41f3-aae5-44fa32eb31a6",
+ "uuid": "d7dfd0d4-ea3e-4449-80b4-66e79aba599a",
"control-id": "cis_fedora_2-2.5",
"description": "No notes for control-id 2.2.5.",
"props": [
@@ -25367,7 +27832,7 @@
]
},
{
- "uuid": "aa5c43a5-3f9a-47c8-a69d-12658a52ea3e",
+ "uuid": "7efaf783-f0fc-4180-bbb0-b9e84cd6d636",
"control-id": "cis_fedora_2-3.1",
"description": "No notes for control-id 2.3.1.",
"props": [
@@ -25379,7 +27844,7 @@
]
},
{
- "uuid": "9d9e947a-ea65-4bee-836a-8a3ee1204c76",
+ "uuid": "aae8a604-25e4-41df-b084-9d7a95997fd6",
"control-id": "cis_fedora_2-3.2",
"description": "No notes for control-id 2.3.2.",
"props": [
@@ -25396,7 +27861,7 @@
]
},
{
- "uuid": "cd6b5c3c-7a48-43f8-9029-a70beca5c573",
+ "uuid": "27e7a7df-442b-4790-8c07-de5bbbc35670",
"control-id": "cis_fedora_2-3.3",
"description": "No notes for control-id 2.3.3.",
"props": [
@@ -25413,7 +27878,7 @@
]
},
{
- "uuid": "48410f4b-5bcf-4673-bd65-4cbd1252bdbb",
+ "uuid": "a9793a53-81d5-47ce-b18e-0d06a4803c61",
"control-id": "cis_fedora_2-4.1.1",
"description": "No notes for control-id 2.4.1.1.",
"props": [
@@ -25435,7 +27900,7 @@
]
},
{
- "uuid": "b69469ab-74f7-4805-97a0-9d589b396e1f",
+ "uuid": "da8720aa-118d-4975-88e1-dab4f1c67851",
"control-id": "cis_fedora_2-4.1.2",
"description": "No notes for control-id 2.4.1.2.",
"props": [
@@ -25462,7 +27927,7 @@
]
},
{
- "uuid": "d5e8f5df-8f81-4734-9d93-94c8c40f89b3",
+ "uuid": "d47f5340-34f3-48ba-ad3a-e8266e364475",
"control-id": "cis_fedora_2-4.1.3",
"description": "No notes for control-id 2.4.1.3.",
"props": [
@@ -25489,7 +27954,7 @@
]
},
{
- "uuid": "6c723115-98da-4e38-a965-2c9de98be178",
+ "uuid": "1a5f23bf-f0ba-4175-98ca-960fa4f9e29e",
"control-id": "cis_fedora_2-4.1.4",
"description": "No notes for control-id 2.4.1.4.",
"props": [
@@ -25516,7 +27981,7 @@
]
},
{
- "uuid": "f114c0ee-7c36-4db8-adf6-d1903877a1c2",
+ "uuid": "44186b2d-65cd-4da0-90c1-9b8c0a64ddf2",
"control-id": "cis_fedora_2-4.1.5",
"description": "No notes for control-id 2.4.1.5.",
"props": [
@@ -25543,7 +28008,7 @@
]
},
{
- "uuid": "9648bff1-8617-426e-9dbe-30aa2035c2f0",
+ "uuid": "a22a9be3-608a-4783-a62b-915fdd1ed200",
"control-id": "cis_fedora_2-4.1.6",
"description": "No notes for control-id 2.4.1.6.",
"props": [
@@ -25570,20 +28035,34 @@
]
},
{
- "uuid": "4fdd14dd-a6e3-4ada-b065-fd4103e421f8",
+ "uuid": "72db77c1-af49-4769-a303-3aa623eefafb",
"control-id": "cis_fedora_2-4.1.7",
- "description": "The description for control-id cis_fedora_2-4.1.7.",
+ "description": "No notes for control-id 2.4.1.7.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 2.4.1.7."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_cron_yearly"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_cron_yearly"
}
]
},
{
- "uuid": "43bdba6a-f478-488c-9f6c-30ef35dc98cd",
+ "uuid": "eac5c0ce-c8f9-475e-a8cf-77bc94cf0f95",
"control-id": "cis_fedora_2-4.1.8",
"description": "No notes for control-id 2.4.1.8.",
"props": [
@@ -25610,7 +28089,7 @@
]
},
{
- "uuid": "47ec0934-cc21-4bfe-8f94-d6b356cc3f5c",
+ "uuid": "700ac7e8-ef6e-4399-b84b-602f0433b7b5",
"control-id": "cis_fedora_2-4.1.9",
"description": "No notes for control-id 2.4.1.9.",
"props": [
@@ -25647,20 +28126,25 @@
]
},
{
- "uuid": "87a45dd4-bb9d-4adf-84c5-43d26d27677a",
+ "uuid": "4041928d-ebea-4827-b305-53e648fed7c6",
"control-id": "cis_fedora_2-4.2.1",
- "description": "It is necessary to create a rule to ensure the existence of at.allow.\nfile_cron_allow_exists can be used as reference for a new templated rule.",
+ "description": "No notes for control-id 2.4.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_at_deny_not_exist"
},
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_at_allow_exists"
+ },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -25679,7 +28163,7 @@
]
},
{
- "uuid": "f1084157-c1ba-48d1-93e9-7dd79b9d2f66",
+ "uuid": "de79f84e-beff-4b0c-b6ff-78e147a6b890",
"control-id": "cis_fedora_3-1.1",
"description": "The description for control-id cis_fedora_3-1.1.",
"props": [
@@ -25692,46 +28176,58 @@
]
},
{
- "uuid": "52689ff2-483e-402f-a986-218121ff2230",
+ "uuid": "f2f71e50-db10-4aff-aeb6-630c94f65e1e",
"control-id": "cis_fedora_3-2.1",
- "description": "The description for control-id cis_fedora_3-2.1.",
+ "description": "No notes for control-id 3.2.1.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.1."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_atm_disabled"
}
]
},
{
- "uuid": "9b9ea37e-7efd-4b27-93af-694ac4ef4afe",
+ "uuid": "15064120-53ab-4eeb-b9e6-7a7417af8ab3",
"control-id": "cis_fedora_3-2.2",
- "description": "The description for control-id cis_fedora_3-2.2.",
+ "description": "No notes for control-id 3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_can_disabled"
}
]
},
{
- "uuid": "cd7424be-bc04-4531-9e7a-b291e6c78d7f",
+ "uuid": "9c6bd0b2-2df6-48a4-bf69-c82bfbd21e34",
"control-id": "cis_fedora_3-2.3",
- "description": "The description for control-id cis_fedora_3-2.3.",
+ "description": "No notes for control-id 3.2.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_dccp_disabled"
}
]
},
{
- "uuid": "c9719166-41e6-42ae-b32d-5df118f4cd01",
+ "uuid": "4e035c31-3962-462e-baa3-94f0af849e92",
"control-id": "cis_fedora_3-2.4",
"description": "No notes for control-id 3.2.4.",
"props": [
@@ -25748,20 +28244,24 @@
]
},
{
- "uuid": "ffab7284-0723-4361-820a-0ae01dbe725a",
+ "uuid": "2a950d00-3479-4a60-bad9-03cd6dc9a3b3",
"control-id": "cis_fedora_3-2.5",
- "description": "The description for control-id cis_fedora_3-2.5.",
+ "description": "No notes for control-id 3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "kernel_module_rds_disabled"
}
]
},
{
- "uuid": "bc49e034-0c53-4cfa-b05c-02018e748f65",
+ "uuid": "571bb9c9-3932-4b61-9d38-32591ad02601",
"control-id": "cis_fedora_3-3.1.1",
"description": "No notes for control-id 3.3.1.1.",
"props": [
@@ -25778,33 +28278,41 @@
]
},
{
- "uuid": "df3c107f-f3aa-40b6-a7df-202f73f15f36",
+ "uuid": "778b2fa1-e6f9-43b7-866d-dba594b56829",
"control-id": "cis_fedora_3-3.1.2",
- "description": "The description for control-id cis_fedora_3-3.1.2.",
+ "description": "No notes for control-id 3.3.1.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_all_forwarding"
}
]
},
{
- "uuid": "eba11346-3c2e-4dd2-8663-977ffaab6dbd",
+ "uuid": "811775b0-18e8-44c7-b7cc-9d7585bd3266",
"control-id": "cis_fedora_3-3.1.3",
- "description": "The description for control-id cis_fedora_3-3.1.3.",
+ "description": "No notes for control-id 3.3.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.1.3."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv4_conf_default_forwarding"
}
]
},
{
- "uuid": "d088a9ca-d162-4803-b24d-8c7ab5ce3f3e",
+ "uuid": "8dadf4bd-0074-4252-83e9-bad58dc3ff05",
"control-id": "cis_fedora_3-3.1.4",
"description": "No notes for control-id 3.3.1.4.",
"props": [
@@ -25821,7 +28329,7 @@
]
},
{
- "uuid": "31a95339-e3f0-4954-b96f-e6cb6a2c996f",
+ "uuid": "462f6a69-fb89-45cb-9c46-6c41fe911904",
"control-id": "cis_fedora_3-3.1.5",
"description": "No notes for control-id 3.3.1.5.",
"props": [
@@ -25838,7 +28346,7 @@
]
},
{
- "uuid": "f05f9e1b-97b4-4aa1-93a7-069236fe29bd",
+ "uuid": "2002fbae-9f8b-4728-93c1-2869c5c647d5",
"control-id": "cis_fedora_3-3.1.6",
"description": "No notes for control-id 3.3.1.6.",
"props": [
@@ -25855,7 +28363,7 @@
]
},
{
- "uuid": "b7003e3a-ee54-443d-90c1-958b97f1394a",
+ "uuid": "cf5c83eb-10c4-4071-8675-6405e049b20d",
"control-id": "cis_fedora_3-3.1.7",
"description": "No notes for control-id 3.3.1.7.",
"props": [
@@ -25872,7 +28380,7 @@
]
},
{
- "uuid": "e6b0717b-6b8b-4303-897d-ee43100ffc4e",
+ "uuid": "7d43ed09-7f12-48ee-ac1a-040b2169804c",
"control-id": "cis_fedora_3-3.1.8",
"description": "No notes for control-id 3.3.1.8.",
"props": [
@@ -25889,7 +28397,7 @@
]
},
{
- "uuid": "28af3b62-e39b-4a08-b562-0438e9e1486d",
+ "uuid": "1bebe81f-180d-4daa-94de-24842f6bb2cf",
"control-id": "cis_fedora_3-3.1.9",
"description": "No notes for control-id 3.3.1.9.",
"props": [
@@ -25906,7 +28414,7 @@
]
},
{
- "uuid": "fc13567f-03b0-4c0e-82eb-184b68d73f13",
+ "uuid": "f2dce061-0f27-49a6-921b-58fb6a0b1965",
"control-id": "cis_fedora_3-3.1.10",
"description": "No notes for control-id 3.3.1.10.",
"props": [
@@ -25919,16 +28427,11 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "sysctl_net_ipv4_conf_all_secure_redirects"
- },
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sysctl_net_ipv4_conf_default_secure_redirects"
}
]
},
{
- "uuid": "a7873cc9-7533-43e6-afb4-0c81475bc079",
+ "uuid": "555a09eb-852b-42db-8ca4-e4d76721ff23",
"control-id": "cis_fedora_3-3.1.11",
"description": "No notes for control-id 3.3.1.11.",
"props": [
@@ -25945,7 +28448,7 @@
]
},
{
- "uuid": "96ad1e34-92e5-4e95-878f-d88c4bae0d4f",
+ "uuid": "665965ab-d21d-4ab4-863b-0c666b070c77",
"control-id": "cis_fedora_3-3.1.12",
"description": "No notes for control-id 3.3.1.12.",
"props": [
@@ -25962,7 +28465,7 @@
]
},
{
- "uuid": "b57d4ef7-9568-4fea-9912-55b36c4aa217",
+ "uuid": "719dc32c-e110-4e02-b36d-ec4bacddcd5a",
"control-id": "cis_fedora_3-3.1.13",
"description": "No notes for control-id 3.3.1.13.",
"props": [
@@ -25979,7 +28482,7 @@
]
},
{
- "uuid": "db74b964-ac70-44d5-95ef-1f4c211890ee",
+ "uuid": "2fb27aeb-72a2-4376-a4b7-94cb9336338d",
"control-id": "cis_fedora_3-3.1.14",
"description": "No notes for control-id 3.3.1.14.",
"props": [
@@ -25996,7 +28499,7 @@
]
},
{
- "uuid": "276adb4d-eefd-4012-b846-9cc84d8dfb36",
+ "uuid": "99cec3bc-7ff0-4ee2-b1a1-4ded76304b1e",
"control-id": "cis_fedora_3-3.1.15",
"description": "No notes for control-id 3.3.1.15.",
"props": [
@@ -26013,7 +28516,7 @@
]
},
{
- "uuid": "af020b0e-871a-4276-afe4-a36975e4c1f1",
+ "uuid": "361b9c05-979b-4c29-a0ca-cd498bf86c15",
"control-id": "cis_fedora_3-3.1.16",
"description": "No notes for control-id 3.3.1.16.",
"props": [
@@ -26030,7 +28533,7 @@
]
},
{
- "uuid": "78fc39c4-788e-4f41-bfdb-b3e644de5cb5",
+ "uuid": "68f2ace2-b9f0-4e06-89b1-704276d0b068",
"control-id": "cis_fedora_3-3.1.17",
"description": "No notes for control-id 3.3.1.17.",
"props": [
@@ -26047,7 +28550,7 @@
]
},
{
- "uuid": "0e383710-f3c8-45c1-8119-afc4475128d8",
+ "uuid": "541bdc97-9570-4c17-8fe4-ac9b71feb8ea",
"control-id": "cis_fedora_3-3.1.18",
"description": "No notes for control-id 3.3.1.18.",
"props": [
@@ -26064,7 +28567,7 @@
]
},
{
- "uuid": "4c74f94d-015a-48a9-aae8-6576ef301000",
+ "uuid": "9e61deb5-d205-4aec-890f-1e1b10f36d15",
"control-id": "cis_fedora_3-3.2.1",
"description": "No notes for control-id 3.3.2.1.",
"props": [
@@ -26081,20 +28584,24 @@
]
},
{
- "uuid": "6e291aa3-f828-4ea5-afad-f864712b6257",
+ "uuid": "37f58d69-1258-47ad-aff3-98d1731c4b4d",
"control-id": "cis_fedora_3-3.2.2",
- "description": "The description for control-id cis_fedora_3-3.2.2.",
+ "description": "No notes for control-id 3.3.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 3.3.2.2."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sysctl_net_ipv6_conf_default_forwarding"
}
]
},
{
- "uuid": "a84e048e-7d65-4ae9-93b0-581e9044fc59",
+ "uuid": "450aa799-892e-4be2-8af9-6701e34af76a",
"control-id": "cis_fedora_3-3.2.3",
"description": "No notes for control-id 3.3.2.3.",
"props": [
@@ -26111,7 +28618,7 @@
]
},
{
- "uuid": "9f1d931d-c159-4baa-ac16-eed7e1596206",
+ "uuid": "784f63bb-6e33-4713-8615-c98ee7bf576d",
"control-id": "cis_fedora_3-3.2.4",
"description": "No notes for control-id 3.3.2.4.",
"props": [
@@ -26128,7 +28635,7 @@
]
},
{
- "uuid": "08e3e3ac-d8e8-43aa-8e80-9e6ea57ae1ce",
+ "uuid": "ee5badea-e2ad-41cf-b51d-ed5dc94ed042",
"control-id": "cis_fedora_3-3.2.5",
"description": "No notes for control-id 3.3.2.5.",
"props": [
@@ -26145,7 +28652,7 @@
]
},
{
- "uuid": "45985001-504e-4c2e-867f-1287600e12b1",
+ "uuid": "47536305-cf82-4f27-bfe8-4b299c6fc0f0",
"control-id": "cis_fedora_3-3.2.6",
"description": "No notes for control-id 3.3.2.6.",
"props": [
@@ -26162,7 +28669,7 @@
]
},
{
- "uuid": "41754cbc-80a4-4bf7-8be3-9c0a0b17e304",
+ "uuid": "16e2019c-e2fd-44fd-84e8-40aaee8e213c",
"control-id": "cis_fedora_3-3.2.7",
"description": "No notes for control-id 3.3.2.7.",
"props": [
@@ -26179,7 +28686,7 @@
]
},
{
- "uuid": "38d09f87-e4c2-4bd0-b142-b8102d52cb3a",
+ "uuid": "57e59f66-a404-475e-9e82-9a094e06031d",
"control-id": "cis_fedora_3-3.2.8",
"description": "No notes for control-id 3.3.2.8.",
"props": [
@@ -26196,7 +28703,7 @@
]
},
{
- "uuid": "85299440-8aaf-4dcc-b760-a46f2c50baca",
+ "uuid": "a6c961a6-8971-4719-b73f-83ac81746c1e",
"control-id": "cis_fedora_4-1.1",
"description": "No notes for control-id 4.1.1.",
"props": [
@@ -26213,7 +28720,7 @@
]
},
{
- "uuid": "59f9b208-a24d-4269-9b88-2a290e6e9739",
+ "uuid": "23a8abc5-1ca8-414c-823d-6da81a75c5ae",
"control-id": "cis_fedora_4-1.2",
"description": "No notes for control-id 4.1.2.",
"props": [
@@ -26240,7 +28747,7 @@
]
},
{
- "uuid": "1262be2d-468d-4a25-89c9-9f69b015dab2",
+ "uuid": "9986d5da-c3ff-4141-a6f1-1939646149c7",
"control-id": "cis_fedora_4-2.1",
"description": "The description for control-id cis_fedora_4-2.1.",
"props": [
@@ -26253,7 +28760,7 @@
]
},
{
- "uuid": "be307642-44d7-4489-b9eb-f80638cf7705",
+ "uuid": "9ac6a243-9b7d-42ee-b736-bc540a0f6e89",
"control-id": "cis_fedora_4-2.2",
"description": "No notes for control-id 4.2.2.",
"props": [
@@ -26275,7 +28782,7 @@
]
},
{
- "uuid": "7b6f8d93-3075-4355-9490-3aa48e4eae31",
+ "uuid": "8462341c-4f7c-43ad-aa41-9fa132193cf6",
"control-id": "cis_fedora_4-3.1",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use. When using firewalld the base chains are installed by default.",
"props": [
@@ -26287,7 +28794,7 @@
]
},
{
- "uuid": "c456367f-0b9f-48da-af9c-96fdbc565eec",
+ "uuid": "fc127da6-1a7b-466e-8006-6c22e03219a7",
"control-id": "cis_fedora_4-3.2",
"description": "The description for control-id cis_fedora_4-3.2.",
"props": [
@@ -26300,7 +28807,7 @@
]
},
{
- "uuid": "a3bb3588-9071-4da6-a3d3-e88f59e14c40",
+ "uuid": "fc7823c2-f0d8-4c46-aa9c-d04afcf726b3",
"control-id": "cis_fedora_4-3.3",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -26312,7 +28819,7 @@
]
},
{
- "uuid": "b29a524e-b754-4201-8bcc-26be88db3de2",
+ "uuid": "5dd830cb-a9dd-401b-b72c-f6cf9e26fabe",
"control-id": "cis_fedora_4-3.4",
"description": "RHEL systems use firewalld for firewall management. Although nftables is the default\nback-end for firewalld, it is not recommended to use nftables directly when firewalld\nis in use.",
"props": [
@@ -26324,7 +28831,7 @@
]
},
{
- "uuid": "ba201860-a54b-4c05-90f0-24a116c8af88",
+ "uuid": "be0a2442-0ff9-49fa-9028-542d1d53930a",
"control-id": "cis_fedora_5-1.1",
"description": "No notes for control-id 5.1.1.",
"props": [
@@ -26347,11 +28854,41 @@
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "file_permissions_sshd_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_permissions_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_groupowner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "directory_owner_sshd_config_d"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_sshd_drop_in_config"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_sshd_drop_in_config"
}
]
},
{
- "uuid": "cd0c7498-f98d-4015-b4ea-a1078632968e",
+ "uuid": "9addfc9e-ac86-4d73-a2fa-507e38f13b13",
"control-id": "cis_fedora_5-1.2",
"description": "No notes for control-id 5.1.2.",
"props": [
@@ -26378,7 +28915,7 @@
]
},
{
- "uuid": "d8561fa3-85a3-44ef-8d3a-976a07766a82",
+ "uuid": "5123d95b-5626-4a15-9ac4-9174c3bf5f13",
"control-id": "cis_fedora_5-1.3",
"description": "No notes for control-id 5.1.3.",
"props": [
@@ -26405,56 +28942,58 @@
]
},
{
- "uuid": "7bcee892-e5b1-4d2f-b478-d5031bf9c8f3",
+ "uuid": "56aa1528-3b2d-44bd-b628-36c23045d0e5",
"control-id": "cis_fedora_5-1.4",
- "description": "The description for control-id cis_fedora_5-1.4.",
+ "description": "No notes for control-id 5.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "ed3b0156-6d54-43bc-9dae-61acb33062f1",
+ "uuid": "520de92f-3db9-4ce9-b319-221d87c5befa",
"control-id": "cis_fedora_5-1.5",
- "description": "The description for control-id cis_fedora_5-1.5.",
+ "description": "No notes for control-id 5.1.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_kex"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "0bd2c996-1114-4172-bd17-66d3c9ca0fb8",
+ "uuid": "f4483bb8-01d3-457e-9477-db88ea1a82df",
"control-id": "cis_fedora_5-1.6",
- "description": "The description for control-id cis_fedora_5-1.6.",
+ "description": "No notes for control-id 5.1.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "The status was automated but we need to double check the approach used in this rule.\nTherefore I moved it to pending until deeper investigation."
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sshd_use_strong_macs"
+ "value": "configure_custom_crypto_policy_cis"
}
]
},
{
- "uuid": "326db56b-7915-449f-942c-cd81cd30b478",
+ "uuid": "590dfdf7-3578-4a1d-af6e-bc1cac4a0d08",
"control-id": "cis_fedora_5-1.7",
"description": "No notes for control-id 5.1.7.",
"props": [
@@ -26471,7 +29010,7 @@
]
},
{
- "uuid": "93017e66-200b-497f-8ee3-e4790d42514e",
+ "uuid": "89214c80-076c-4c82-9795-f8c5627bbdf7",
"control-id": "cis_fedora_5-1.8",
"description": "No notes for control-id 5.1.8.",
"props": [
@@ -26488,7 +29027,7 @@
]
},
{
- "uuid": "e98930f1-34c4-45b1-8366-771ae824b7cf",
+ "uuid": "71e8aafb-368e-4297-98c8-280a73946e0a",
"control-id": "cis_fedora_5-1.9",
"description": "The requirement gives an example of 45 seconds, but is flexible about the values. It is only\nnecessary to ensure there is a timeout configured in alignment to the site policy.",
"props": [
@@ -26510,20 +29049,24 @@
]
},
{
- "uuid": "ad7436d2-b576-438f-9c2e-e4e56265e11d",
+ "uuid": "9cdaff60-bd54-4f46-96f0-c937710cd194",
"control-id": "cis_fedora_5-1.10",
- "description": "The description for control-id cis_fedora_5-1.10.",
+ "description": "No notes for control-id 5.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary for \"disableforwarding\" option."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "sshd_disable_forwarding"
}
]
},
{
- "uuid": "8452be47-1ba2-4262-b7dd-2eaa86e098f0",
+ "uuid": "f78d6c5d-a5e3-4d28-9cd2-64c9f716b862",
"control-id": "cis_fedora_5-1.11",
"description": "No notes for control-id 5.1.11.",
"props": [
@@ -26540,7 +29083,7 @@
]
},
{
- "uuid": "6ec94c7d-d6b8-470d-b7b7-5a6ac223c3a6",
+ "uuid": "51014ac4-94a3-451d-b295-7d8f046e9a24",
"control-id": "cis_fedora_5-1.12",
"description": "No notes for control-id 5.1.12.",
"props": [
@@ -26557,7 +29100,7 @@
]
},
{
- "uuid": "521ccc60-374a-453c-baa7-ed6408cfd86e",
+ "uuid": "4b2a0e1a-babb-440b-affe-eb86ace32bee",
"control-id": "cis_fedora_5-1.13",
"description": "No notes for control-id 5.1.13.",
"props": [
@@ -26574,7 +29117,7 @@
]
},
{
- "uuid": "f986847a-9182-4fbd-80c4-1e7879160a3c",
+ "uuid": "0036f7b6-709e-4626-acab-5738338b00fc",
"control-id": "cis_fedora_5-1.14",
"description": "No notes for control-id 5.1.14.",
"props": [
@@ -26591,7 +29134,7 @@
]
},
{
- "uuid": "b931fb14-74e8-4fbb-9a91-f0a61f0e3d8e",
+ "uuid": "38e75b2f-2500-49b6-a5bc-78c1597d77cb",
"control-id": "cis_fedora_5-1.15",
"description": "The CIS benchmark is not opinionated about which loglevel is selected here. Here, this\nprofile uses VERBOSE by default, as it allows for the capture of login and logout activity\nas well as key fingerprints.",
"props": [
@@ -26608,7 +29151,7 @@
]
},
{
- "uuid": "153675ab-db3a-411a-9062-5e9d02246f90",
+ "uuid": "7c3e2aab-7dfe-4d75-95f7-e37494c248d4",
"control-id": "cis_fedora_5-1.16",
"description": "No notes for control-id 5.1.16.",
"props": [
@@ -26625,7 +29168,7 @@
]
},
{
- "uuid": "463e7435-eec6-40bc-a652-59c1bece9c38",
+ "uuid": "0c94237a-1591-4e37-ac3d-f8efcad37770",
"control-id": "cis_fedora_5-1.17",
"description": "No notes for control-id 5.1.17.",
"props": [
@@ -26642,7 +29185,7 @@
]
},
{
- "uuid": "b1cbebfc-4824-45df-9b5c-e03dd63acbfe",
+ "uuid": "da89c086-683c-4c63-bcb2-c720489a4d11",
"control-id": "cis_fedora_5-1.18",
"description": "No notes for control-id 5.1.18.",
"props": [
@@ -26659,7 +29202,7 @@
]
},
{
- "uuid": "e56c264f-61ae-401b-b89c-592326a90382",
+ "uuid": "06275e6e-2e1c-433b-a7cb-9408da2c5f5e",
"control-id": "cis_fedora_5-1.19",
"description": "No notes for control-id 5.1.19.",
"props": [
@@ -26676,7 +29219,7 @@
]
},
{
- "uuid": "e0979057-ce93-4892-ac46-eed35b86cf16",
+ "uuid": "a76d8382-d913-4314-ac76-e8468709a815",
"control-id": "cis_fedora_5-1.20",
"description": "No notes for control-id 5.1.20.",
"props": [
@@ -26693,7 +29236,7 @@
]
},
{
- "uuid": "e6b24c13-49b5-445f-bf5c-ac9a9d3593da",
+ "uuid": "9fdb69f7-f97c-4582-b26c-8689d90ae412",
"control-id": "cis_fedora_5-1.21",
"description": "No notes for control-id 5.1.21.",
"props": [
@@ -26710,7 +29253,7 @@
]
},
{
- "uuid": "1cb4c65a-5aee-40ff-9910-8d09752c4072",
+ "uuid": "7440fb72-0529-4dca-9b97-dcca8a708d21",
"control-id": "cis_fedora_5-1.22",
"description": "No notes for control-id 5.1.22.",
"props": [
@@ -26727,7 +29270,7 @@
]
},
{
- "uuid": "18b56ffb-764b-43e9-bc1e-94d2049cb459",
+ "uuid": "b90f488f-303e-4451-8d63-5247cd796a6a",
"control-id": "cis_fedora_5-2.1",
"description": "No notes for control-id 5.2.1.",
"props": [
@@ -26744,7 +29287,7 @@
]
},
{
- "uuid": "09f76379-da89-411f-9992-0d2eb376e1f1",
+ "uuid": "56e30acd-2a06-4ec3-ab98-76cea8abdac0",
"control-id": "cis_fedora_5-2.2",
"description": "No notes for control-id 5.2.2.",
"props": [
@@ -26761,7 +29304,7 @@
]
},
{
- "uuid": "64dc7cd2-021c-4937-a739-115d1a4232cd",
+ "uuid": "be938e5e-fe62-4e84-afec-55c0b69c8057",
"control-id": "cis_fedora_5-2.3",
"description": "No notes for control-id 5.2.3.",
"props": [
@@ -26778,7 +29321,7 @@
]
},
{
- "uuid": "48023764-90dc-4267-a4ff-826b2c3d8bc2",
+ "uuid": "35b86a86-67c7-46d8-bd56-64e4bc738ca3",
"control-id": "cis_fedora_5-2.5",
"description": "No notes for control-id 5.2.5.",
"props": [
@@ -26790,12 +29333,12 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "sudo_require_authentication"
+ "value": "sudo_remove_no_authenticate"
}
]
},
{
- "uuid": "9c9fbe77-f92f-4ce7-9823-acbf51ebdf93",
+ "uuid": "7ba93ebb-c54c-4e07-a0ac-855e82ab8455",
"control-id": "cis_fedora_5-2.6",
"description": "No notes for control-id 5.2.6.",
"props": [
@@ -26812,7 +29355,7 @@
]
},
{
- "uuid": "85689492-9a76-4de0-9b85-f8097dd9fb7d",
+ "uuid": "2639577f-3d52-4b32-a887-da2a3813906e",
"control-id": "cis_fedora_5-2.7",
"description": "Members of \"wheel\" or GID 0 groups are checked by default if the group option is not set for\npam_wheel.so module. The recommendation states the group should be empty to reinforce the\nuse of \"sudo\" for privileged access. Therefore, members of these groups should be manually\nchecked or a different group should be informed.",
"props": [
@@ -26834,7 +29377,7 @@
]
},
{
- "uuid": "391fd28a-8b0b-47b7-b8af-40c818b34f24",
+ "uuid": "f0866b53-bc7b-48ab-a415-7e4bc8616a9e",
"control-id": "cis_fedora_5-3.1.1",
"description": "The description for control-id cis_fedora_5-3.1.1.",
"props": [
@@ -26847,7 +29390,7 @@
]
},
{
- "uuid": "39d4445f-7566-4411-9697-d0387e1ace71",
+ "uuid": "6563bece-3440-4c84-8494-b04c0e8ffa55",
"control-id": "cis_fedora_5-3.1.2",
"description": "The description for control-id cis_fedora_5-3.1.2.",
"props": [
@@ -26860,7 +29403,7 @@
]
},
{
- "uuid": "4a7509fc-47ee-4de6-bd27-5aee32ca3b7d",
+ "uuid": "153d2d9c-e22f-45d4-85fb-0fd187c82e65",
"control-id": "cis_fedora_5-3.1.3",
"description": "The description for control-id cis_fedora_5-3.1.3.",
"props": [
@@ -26878,7 +29421,7 @@
]
},
{
- "uuid": "6477e4ed-9ad3-42f6-94df-118cbfe8a6ff",
+ "uuid": "45134510-2dbc-4dde-ae9b-f8ef10d86da3",
"control-id": "cis_fedora_5-3.2.1",
"description": "This requirement is hard to be automated without any specific requirement. The policy even\nstates that provided commands are examples, other custom settings might be in place and the\nsettings might be different depending on site policies. The other rules will already make\nsure there is a correct autheselect profile regardless of the existing settings. It is\nnecessary to better discuss with CIS Community.",
"props": [
@@ -26890,7 +29433,7 @@
]
},
{
- "uuid": "55423dc1-b25a-482f-a6d6-108a4b3a7664",
+ "uuid": "8f462b5d-73c0-4124-ae76-ab147abd0e3d",
"control-id": "cis_fedora_5-3.2.2",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.1.",
"props": [
@@ -26912,7 +29455,7 @@
]
},
{
- "uuid": "a0ff66ea-3591-4368-841c-c2d57422dca6",
+ "uuid": "1b205c93-5c8f-4bf9-b632-9c924284a384",
"control-id": "cis_fedora_5-3.2.3",
"description": "This requirement is also indirectly satisfied by the requirement 5.3.3.2.",
"props": [
@@ -26920,11 +29463,26 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "package_pam_pwquality_installed"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_password_auth"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwquality_system_auth"
}
]
},
{
- "uuid": "7b3c6144-e032-4683-ad88-284539a60e67",
+ "uuid": "6f4a7395-cab9-4204-8076-fa70e26d5148",
"control-id": "cis_fedora_5-3.2.4",
"description": "The module is properly enabled by the rules mentioned in related_rules.\nRequirements in 5.3.3.3 use these rules.",
"props": [
@@ -26936,19 +29494,24 @@
]
},
{
- "uuid": "520d4be0-46ca-46e6-99af-11371727c433",
+ "uuid": "9712cc92-f003-4f41-ba84-1a23305e6779",
"control-id": "cis_fedora_5-3.2.5",
- "description": "This module is always present by default. It is necessary to investigate if a new rule to\ncheck its existence needs to be created. But so far the rule no_empty_passwords, used in\n5.3.3.4.1 can ensure this requirement is attended.",
+ "description": "No notes for control-id 5.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_enabled"
}
]
},
{
- "uuid": "d03f21b9-a5f6-4bf9-aebf-dbaf847724f6",
+ "uuid": "5afcbf4b-f7ff-4c68-a0a8-275e21da870a",
"control-id": "cis_fedora_5-3.3.1.1",
"description": "No notes for control-id 5.3.3.1.1.",
"props": [
@@ -26965,7 +29528,7 @@
]
},
{
- "uuid": "d2b384e7-99b0-473a-90b0-17af15728751",
+ "uuid": "ceeb5d91-7d9f-4133-b64c-221e8915aa31",
"control-id": "cis_fedora_5-3.3.1.2",
"description": "The policy also accepts value 0, which means the locked accounts should be manually unlocked\nby an administrator. However, it also mentions that using value 0 can facilitate a DoS\nattack to legitimate users.",
"props": [
@@ -26982,7 +29545,7 @@
]
},
{
- "uuid": "ee4ab97c-4e35-445b-b4d7-ab5aa2798a0d",
+ "uuid": "db6561bc-851f-4b4b-95cb-de163caf7c28",
"control-id": "cis_fedora_5-3.3.2.1",
"description": "No notes for control-id 5.3.3.2.1.",
"props": [
@@ -26999,7 +29562,7 @@
]
},
{
- "uuid": "8cea425c-e84e-476a-b39d-27418c392fb0",
+ "uuid": "d5631f58-a1af-4c01-9572-164291a2a76a",
"control-id": "cis_fedora_5-3.3.2.2",
"description": "No notes for control-id 5.3.3.2.2.",
"props": [
@@ -27016,7 +29579,7 @@
]
},
{
- "uuid": "37e0c636-9c14-457c-830d-46874447ac68",
+ "uuid": "4e73d4da-aee0-4c91-8dcd-4e73047daa8b",
"control-id": "cis_fedora_5-3.3.2.3",
"description": "This requirement is expected to be manual. However, in previous versions of the policy\nit was already automated the configuration of \"minclass\" option. Rules related to other\noptions are informed in related_rules. In short, minclass=4 alone can achieve the same\nresult achieved by the combination of the other 4 options mentioned in the policy.",
"props": [
@@ -27033,7 +29596,7 @@
]
},
{
- "uuid": "cc6c1ef5-1eb7-4399-a635-408984bc2cbb",
+ "uuid": "7c0e6b2d-1bdb-4fd2-aa11-80c04382acb9",
"control-id": "cis_fedora_5-3.3.2.4",
"description": "No notes for control-id 5.3.3.2.4.",
"props": [
@@ -27050,20 +29613,24 @@
]
},
{
- "uuid": "fe726a05-f617-4a25-b625-e40e949f59be",
+ "uuid": "a71ccce1-356d-4320-8587-258387aa7a39",
"control-id": "cis_fedora_5-3.3.2.5",
- "description": "The description for control-id cis_fedora_5-3.3.2.5.",
+ "description": "No notes for control-id 5.3.3.2.5.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "No notes for control-id 5.3.3.2.5."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_maxsequence"
}
]
},
{
- "uuid": "d153119f-46d3-4a8d-91f9-b7cbf379a874",
+ "uuid": "dbb29a38-ca9a-41f0-8280-0c7a49d770e1",
"control-id": "cis_fedora_5-3.3.2.6",
"description": "No notes for control-id 5.3.3.2.6.",
"props": [
@@ -27080,7 +29647,7 @@
]
},
{
- "uuid": "8958a276-9e29-47a6-b910-6b69be0535ba",
+ "uuid": "697b590e-f6af-4862-a558-7ca7bafc6097",
"control-id": "cis_fedora_5-3.3.2.7",
"description": "No notes for control-id 5.3.3.2.7.",
"props": [
@@ -27097,7 +29664,7 @@
]
},
{
- "uuid": "72f1bec2-4231-4e03-abf8-cfb23d6f1d65",
+ "uuid": "2d6c9d08-3488-48b3-b1af-455f4ac4c81c",
"control-id": "cis_fedora_5-3.3.3.1",
"description": "Although mentioned in the section 5.3.3.3, there is no explicit requirement to configure\nretry option of pam_pwhistory. If come in the future, the rule accounts_password_pam_retry\ncan be used.",
"props": [
@@ -27119,7 +29686,7 @@
]
},
{
- "uuid": "f5649f65-e6ae-425c-8566-81a93db8e933",
+ "uuid": "23294e11-ca65-4f63-b434-783e18425ac6",
"control-id": "cis_fedora_5-3.3.3.2",
"description": "The description for control-id cis_fedora_5-3.3.3.2.",
"props": [
@@ -27132,7 +29699,7 @@
]
},
{
- "uuid": "f31624c7-2e69-4778-901c-74acd2574d1a",
+ "uuid": "56c4ca47-39e6-4633-af9c-5be35f20e98a",
"control-id": "cis_fedora_5-3.3.3.3",
"description": "pam_pwhistory is enabled via authselect feature, as required in 5.3.2.4. The\nfeature automatically set \"use_authok\" option. In any case, we don't have a rule to check\nthis option specifically.",
"props": [
@@ -27140,11 +29707,16 @@
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "partial"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_pwhistory_use_authtok"
}
]
},
{
- "uuid": "a220bc8a-7279-4b97-b01a-d45bf00f0db2",
+ "uuid": "8b018cea-02f7-4288-947a-7e146b44f800",
"control-id": "cis_fedora_5-3.3.4.1",
"description": "The rule more specifically used in this requirement also satify the requirement 5.3.2.5.",
"props": [
@@ -27161,20 +29733,24 @@
]
},
{
- "uuid": "8801dc4c-43ac-428b-a6fc-d69622c7c770",
+ "uuid": "d99bf8db-603f-44a8-9c71-e02775b43595",
"control-id": "cis_fedora_5-3.3.4.2",
- "description": "The description for control-id cis_fedora_5-3.3.4.2.",
+ "description": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "Usage of pam_unix.so module together with \"remember\" option is deprecated and is not\nrecommened by this policy. Instead, it should be used remember option of pam_pwhistory\nmodule, as required in 5.3.3.3.1. See here for more details about pam_unix.so:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1778929\nA new rule needs to be created to remove the remember option from pam_unix module."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_no_remember"
}
]
},
{
- "uuid": "05fc0a77-8713-41aa-be41-4f8e9a4aa314",
+ "uuid": "86beb1a4-1793-4aa2-bb75-cdd68cb52c23",
"control-id": "cis_fedora_5-3.3.4.3",
"description": "Changes in logindefs mentioned in this requirement are more specifically covered by 5.4.1.4",
"props": [
@@ -27196,19 +29772,24 @@
]
},
{
- "uuid": "d7bc6f31-32d9-4fca-8e84-2c4a7d6fd41f",
+ "uuid": "c24108e0-73eb-4a7f-ac54-cef5f836c96b",
"control-id": "cis_fedora_5-3.3.4.4",
"description": "In RHEL 9 pam_unix is enabled by default in all authselect profiles already with the\nuse_authtok option set. In any case, we don't have a rule to check this option specifically,\nlike in 5.3.3.3.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_password_pam_unix_authtok"
}
]
},
{
- "uuid": "f757b02f-d22f-426a-80f8-121d118604ab",
+ "uuid": "1f608707-32c6-433f-9b91-e7a5ddff7188",
"control-id": "cis_fedora_5-4.1.1",
"description": "No notes for control-id 5.4.1.1.",
"props": [
@@ -27230,7 +29811,7 @@
]
},
{
- "uuid": "ce71190c-a97a-45ba-995a-88ab7cb23b16",
+ "uuid": "e50e6872-61d6-45a3-b2d9-5432e0962913",
"control-id": "cis_fedora_5-4.1.3",
"description": "No notes for control-id 5.4.1.3.",
"props": [
@@ -27252,20 +29833,15 @@
]
},
{
- "uuid": "c3685c57-5067-4c7e-9bb8-5c0b3e41c2ac",
+ "uuid": "34dd536d-cf8a-4504-9956-3d6e6703e22e",
"control-id": "cis_fedora_5-4.1.4",
- "description": "There's a \"new\" set of options in /etc/login.defs file to define the number of iterations\nperformed during the hashing process.",
+ "description": "No notes for control-id 5.4.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
"value": "implemented"
},
- {
- "name": "Rule_Id",
- "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "set_password_hashing_algorithm_libuserconf"
- },
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
@@ -27274,7 +29850,7 @@
]
},
{
- "uuid": "e38d5af1-affb-4cec-ad3f-3c3833747aec",
+ "uuid": "8b6f7b11-fe17-4a2f-a414-8d43059a3bfe",
"control-id": "cis_fedora_5-4.1.5",
"description": "No notes for control-id 5.4.1.5.",
"props": [
@@ -27296,7 +29872,7 @@
]
},
{
- "uuid": "b29c2e7c-0bcf-45d5-8565-6a9a58e93c75",
+ "uuid": "1e936ba3-66e2-4cb0-bf79-f90c2b271b66",
"control-id": "cis_fedora_5-4.1.6",
"description": "No notes for control-id 5.4.1.6.",
"props": [
@@ -27313,7 +29889,7 @@
]
},
{
- "uuid": "ecd481f1-e014-462e-851f-3a0343007916",
+ "uuid": "1cb135bf-fd48-487c-9cef-0ac27851063f",
"control-id": "cis_fedora_5-4.2.1",
"description": "No notes for control-id 5.4.2.1.",
"props": [
@@ -27330,7 +29906,7 @@
]
},
{
- "uuid": "b669a1db-b729-4dea-b1c8-8b311a264587",
+ "uuid": "b56b7cbf-8dc8-4183-bc0a-6c2ae4d74da7",
"control-id": "cis_fedora_5-4.2.2",
"description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
@@ -27347,20 +29923,24 @@
]
},
{
- "uuid": "d1674b52-6ad1-4814-98e9-ba8a7d248f2e",
+ "uuid": "94953663-6627-4780-a1d0-104cef933fd0",
"control-id": "cis_fedora_5-4.2.3",
- "description": "The description for control-id cis_fedora_5-4.2.3.",
+ "description": "There is assessment but no automated remediation for this rule and this sounds reasonable.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "groups_no_zero_gid_except_root"
}
]
},
{
- "uuid": "0b0f1863-a112-4a4c-9eb5-af384c8f0a2a",
+ "uuid": "899f88c2-e697-4af8-b97f-8ab76e471cb8",
"control-id": "cis_fedora_5-4.2.4",
"description": "No notes for control-id 5.4.2.4.",
"props": [
@@ -27377,7 +29957,7 @@
]
},
{
- "uuid": "632b603c-dc3d-4bc2-9559-2ecde5aee55d",
+ "uuid": "9bfacb99-b2d2-471e-abfa-34b277376923",
"control-id": "cis_fedora_5-4.2.5",
"description": "No notes for control-id 5.4.2.5.",
"props": [
@@ -27399,20 +29979,24 @@
]
},
{
- "uuid": "491f7546-6933-4694-a11a-306d6247c976",
+ "uuid": "a445ad97-ef3e-496c-a798-77a7628bb099",
"control-id": "cis_fedora_5-4.2.6",
- "description": "The description for control-id cis_fedora_5-4.2.6.",
+ "description": "No notes for control-id 5.4.2.6.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "There is no rule to ensure umask in /root/.bash_profile and /root/.bashrc. A new rule have\nto be created. It can be based on accounts_umask_interactive_users."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "accounts_umask_root"
}
]
},
{
- "uuid": "001d36e0-dd54-482b-ad40-5fa83cf6e024",
+ "uuid": "f44e5737-59e5-4e09-b81f-4f2b72f94666",
"control-id": "cis_fedora_5-4.2.7",
"description": "No notes for control-id 5.4.2.7.",
"props": [
@@ -27434,20 +30018,24 @@
]
},
{
- "uuid": "44c09f5e-5498-4e5c-912c-cd9d9cd17ef8",
+ "uuid": "73acccf9-a8f9-4660-a1a0-0eaad06bd1ca",
"control-id": "cis_fedora_5-4.2.8",
- "description": "The description for control-id cis_fedora_5-4.2.8.",
+ "description": "No notes for control-id 5.4.2.8.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "no_invalid_shell_accounts_unlocked"
}
]
},
{
- "uuid": "072d3fce-a811-4976-83f9-b959e8bc77a7",
+ "uuid": "ed627cf0-b0b1-4431-96d9-fb06556714f0",
"control-id": "cis_fedora_5-4.3.2",
"description": "No notes for control-id 5.4.3.2.",
"props": [
@@ -27464,7 +30052,7 @@
]
},
{
- "uuid": "74bce888-b158-4f63-9c2d-bddeeba3cacc",
+ "uuid": "c05852a4-9c79-4aab-a82d-ff036ea2a41c",
"control-id": "cis_fedora_5-4.3.3",
"description": "No notes for control-id 5.4.3.3.",
"props": [
@@ -27491,7 +30079,7 @@
]
},
{
- "uuid": "6d6146e6-7f34-4637-b14a-84d6216da4c4",
+ "uuid": "54652961-5ce7-4b58-8d57-727e38081339",
"control-id": "cis_fedora_6-1.1",
"description": "No notes for control-id 6.1.1.",
"props": [
@@ -27513,7 +30101,7 @@
]
},
{
- "uuid": "31cec428-dc32-4a5d-99c9-f90563ad6414",
+ "uuid": "be4efe44-86ba-40eb-ba84-9d2c153b93cd",
"control-id": "cis_fedora_6-1.2",
"description": "No notes for control-id 6.1.2.",
"props": [
@@ -27530,7 +30118,7 @@
]
},
{
- "uuid": "4d2a9fff-3908-4f84-aaaf-985ad62b7c9b",
+ "uuid": "518ac77f-c78a-4a69-80fc-5bfe86a567a7",
"control-id": "cis_fedora_6-1.3",
"description": "No notes for control-id 6.1.3.",
"props": [
@@ -27547,7 +30135,7 @@
]
},
{
- "uuid": "eb68566f-d87a-4b04-86c5-9db3095d0fb6",
+ "uuid": "f6a14114-d398-4bb4-a129-8ff664633f2e",
"control-id": "cis_fedora_6-2.1.1",
"description": "No notes for control-id 6.2.1.1.",
"props": [
@@ -27564,7 +30152,7 @@
]
},
{
- "uuid": "479eaedd-c903-4a18-9f1a-fcd26102da68",
+ "uuid": "a6e76305-9e50-4f3f-8dee-84cdbc9545c2",
"control-id": "cis_fedora_6-2.1.2",
"description": "The description for control-id cis_fedora_6-2.1.2.",
"props": [
@@ -27577,7 +30165,7 @@
]
},
{
- "uuid": "4f64a334-d11b-4d4e-93f4-d3646a5a1e87",
+ "uuid": "e020f12b-e6a1-4028-9c11-3ee8c588a953",
"control-id": "cis_fedora_6-2.1.3",
"description": "The description for control-id cis_fedora_6-2.1.3.",
"props": [
@@ -27590,20 +30178,24 @@
]
},
{
- "uuid": "d398b766-3b0e-4879-b73c-fe6fa0e25ed7",
+ "uuid": "8cbf69ab-46a2-479e-a356-9fd387483f58",
"control-id": "cis_fedora_6-2.1.4",
- "description": "The description for control-id cis_fedora_6-2.1.4.",
+ "description": "No notes for control-id 6.2.1.4.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "It is necessary to create a new rule to check the status of journald and rsyslog.\nIt would also be necessary a new rule to disable or remove rsyslog."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "ensure_journald_and_rsyslog_not_active_together"
}
]
},
{
- "uuid": "be0bfa34-32b5-46d9-bf91-078372db3c02",
+ "uuid": "6cc4a3e4-575e-4a6d-b14e-e2869188ee29",
"control-id": "cis_fedora_6-2.2.1.1",
"description": "No notes for control-id 6.2.2.1.1.",
"props": [
@@ -27620,7 +30212,7 @@
]
},
{
- "uuid": "e33a4cae-6982-4e58-9ea3-630e66dc005c",
+ "uuid": "7c7d6eff-a54c-4654-b3d7-e4fa15927a43",
"control-id": "cis_fedora_6-2.2.1.2",
"description": "The description for control-id cis_fedora_6-2.2.1.2.",
"props": [
@@ -27633,20 +30225,24 @@
]
},
{
- "uuid": "9a7468d3-b8a8-4968-8da2-400e2cae1784",
+ "uuid": "fe895dcc-9b7f-4434-b413-c124aab35ad1",
"control-id": "cis_fedora_6-2.2.1.3",
- "description": "The description for control-id cis_fedora_6-2.2.1.3.",
+ "description": "No notes for control-id 6.2.2.1.3.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "New templated rule is necessary."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "service_systemd-journal-upload_enabled"
}
]
},
{
- "uuid": "a16c56e3-0501-46fa-81f8-39d0f1e2b863",
+ "uuid": "cdccc998-7cf9-4b87-bcb6-2dd8f40a9aab",
"control-id": "cis_fedora_6-2.2.1.4",
"description": "No notes for control-id 6.2.2.1.4.",
"props": [
@@ -27663,20 +30259,24 @@
]
},
{
- "uuid": "e488a6e5-f178-4f85-96f3-29c1efe04074",
+ "uuid": "5f4080f8-5bc2-4608-816c-963ec40c6df6",
"control-id": "cis_fedora_6-2.2.2",
- "description": "The description for control-id cis_fedora_6-2.2.2.",
+ "description": "No notes for control-id 6.2.2.2.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "alternative",
- "remarks": "This rule conflicts with 6.2.3.3. More investigation is needed to properly solve this."
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "journald_disable_forward_to_syslog"
}
]
},
{
- "uuid": "5afa6622-a06e-4980-bd6d-fac8d0d75a5f",
+ "uuid": "a1296f05-b5bd-4c3a-917c-831feb0eecec",
"control-id": "cis_fedora_6-2.2.3",
"description": "No notes for control-id 6.2.2.3.",
"props": [
@@ -27693,7 +30293,7 @@
]
},
{
- "uuid": "4787c37e-9e0f-4b55-bfb5-94e6b8f32684",
+ "uuid": "26b4d689-3eea-40e1-b7b5-882f8dd6be0c",
"control-id": "cis_fedora_6-2.2.4",
"description": "No notes for control-id 6.2.2.4.",
"props": [
@@ -27710,7 +30310,7 @@
]
},
{
- "uuid": "daab957a-a2e5-40d2-8764-c5b4b3745efa",
+ "uuid": "afd587f7-fb09-45fa-9a27-ae79e0b6dfcc",
"control-id": "cis_fedora_6-2.5.1",
"description": "No notes for control-id 6.2.5.1.",
"props": [
@@ -27722,7 +30322,7 @@
]
},
{
- "uuid": "84ead609-014d-4571-a601-4ed98281da94",
+ "uuid": "e8eeb0e7-cbe2-4487-b739-6e5042292f9a",
"control-id": "cis_fedora_6-2.5.2",
"description": "No notes for control-id 6.2.5.2.",
"props": [
@@ -27734,7 +30334,7 @@
]
},
{
- "uuid": "9a1b3303-d639-467a-85be-b8095ed3cd47",
+ "uuid": "e27b9268-377a-4ee3-b1fd-7ba18d10ed07",
"control-id": "cis_fedora_6-2.5.3",
"description": "No notes for control-id 6.2.5.3.",
"props": [
@@ -27746,7 +30346,7 @@
]
},
{
- "uuid": "cd3cf6a4-c7de-4d1c-90f8-cf7270bb5359",
+ "uuid": "60116097-8e62-4ec3-b261-40004f932d00",
"control-id": "cis_fedora_6-2.5.4",
"description": "No notes for control-id 6.2.5.4.",
"props": [
@@ -27758,7 +30358,7 @@
]
},
{
- "uuid": "d2bf3e1d-4a17-41f2-b121-97854b213045",
+ "uuid": "065fa103-3989-4d18-afcb-0c6066510f83",
"control-id": "cis_fedora_6-2.5.5",
"description": "The description for control-id cis_fedora_6-2.5.5.",
"props": [
@@ -27771,7 +30371,7 @@
]
},
{
- "uuid": "93f4505d-e8b8-4e04-b5ef-ec1d85c00bf7",
+ "uuid": "812a3fe9-d1e3-4f64-99d2-26d942802b60",
"control-id": "cis_fedora_6-2.5.6",
"description": "The description for control-id cis_fedora_6-2.5.6.",
"props": [
@@ -27784,7 +30384,7 @@
]
},
{
- "uuid": "603ea786-5602-4b4b-aa53-8e1103a955ae",
+ "uuid": "cf4d933c-ac5e-40b3-ac79-3faecbddf513",
"control-id": "cis_fedora_6-2.5.7",
"description": "No notes for control-id 6.2.5.7.",
"props": [
@@ -27796,7 +30396,7 @@
]
},
{
- "uuid": "55dc364f-cd08-47e0-a51f-6568b7e6d4b5",
+ "uuid": "fb667b23-eedb-4f83-89f7-19880628eb77",
"control-id": "cis_fedora_6-2.3.8",
"description": "The description for control-id cis_fedora_6-2.3.8.",
"props": [
@@ -27809,7 +30409,7 @@
]
},
{
- "uuid": "2f84923e-aae0-4a4f-8cf1-fd22d451e489",
+ "uuid": "7568c8f7-5dff-4d15-a01b-52105b24e75d",
"control-id": "cis_fedora_6-2.6.1",
"description": "It is not harmful to run these rules even if rsyslog is not installed or active.",
"props": [
@@ -27836,7 +30436,7 @@
]
},
{
- "uuid": "296d1c5a-01c1-4d4b-8755-3164c5761250",
+ "uuid": "370c53b8-b1f3-42da-a7e8-f507d4160687",
"control-id": "cis_fedora_7-1.1",
"description": "No notes for control-id 7.1.1.",
"props": [
@@ -27863,7 +30463,7 @@
]
},
{
- "uuid": "03c9badb-9618-4c7d-835b-9cff6f13a7eb",
+ "uuid": "93fd48eb-9039-41a0-9b0f-5e7772ee5f3f",
"control-id": "cis_fedora_7-1.2",
"description": "No notes for control-id 7.1.2.",
"props": [
@@ -27890,7 +30490,7 @@
]
},
{
- "uuid": "b613f3ec-6b50-4254-81f6-3f4a53d03858",
+ "uuid": "854ec612-1c24-4d0b-9aee-535f5e8822b7",
"control-id": "cis_fedora_7-1.3",
"description": "No notes for control-id 7.1.3.",
"props": [
@@ -27917,7 +30517,7 @@
]
},
{
- "uuid": "50d57fde-ce65-42d5-adeb-ff6f5be74efc",
+ "uuid": "6bcf3904-8677-4e78-a3be-6e9bc7371314",
"control-id": "cis_fedora_7-1.4",
"description": "No notes for control-id 7.1.4.",
"props": [
@@ -27944,7 +30544,7 @@
]
},
{
- "uuid": "3b9e77f5-235e-41ab-af1a-68430ca9608f",
+ "uuid": "ce268e39-add6-40b4-a4e6-220914e0ec15",
"control-id": "cis_fedora_7-1.5",
"description": "No notes for control-id 7.1.5.",
"props": [
@@ -27971,7 +30571,7 @@
]
},
{
- "uuid": "bf1f1376-597a-472e-9ba9-54d548549c17",
+ "uuid": "f250922b-ef86-41e0-8ee1-ea7feeb38332",
"control-id": "cis_fedora_7-1.6",
"description": "No notes for control-id 7.1.6.",
"props": [
@@ -27998,7 +30598,7 @@
]
},
{
- "uuid": "b6070e37-56eb-4b26-8454-ec05ee224bb0",
+ "uuid": "69dff847-0dcc-4add-80e5-b053031ed030",
"control-id": "cis_fedora_7-1.7",
"description": "No notes for control-id 7.1.7.",
"props": [
@@ -28025,7 +30625,7 @@
]
},
{
- "uuid": "84407f27-1c23-4f55-83ae-23339c6e2064",
+ "uuid": "38d71bba-3e30-4cc6-95e3-4c1a10e8f9b1",
"control-id": "cis_fedora_7-1.8",
"description": "No notes for control-id 7.1.8.",
"props": [
@@ -28052,7 +30652,7 @@
]
},
{
- "uuid": "6f742fec-7e31-4215-9385-72d28cc7270c",
+ "uuid": "33c857cf-5e53-45b1-bf37-cc7c9608a39e",
"control-id": "cis_fedora_7-1.9",
"description": "No notes for control-id 7.1.9.",
"props": [
@@ -28079,24 +30679,49 @@
]
},
{
- "uuid": "72cebb60-5bef-4860-bf5a-c6170f0b00e8",
+ "uuid": "beca222e-3103-4fcf-8d29-25eae0f00c27",
"control-id": "cis_fedora_7-1.10",
"description": "No notes for control-id 7.1.10.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permissions_etc_security_opasswd"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_groupowner_etc_security_opasswd_old"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_owner_etc_security_opasswd_old"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_etc_security_opasswd"
+ "value": "file_permissions_etc_security_opasswd_old"
}
]
},
{
- "uuid": "8e4a15c2-1621-43d3-938e-6bdb0bb28569",
+ "uuid": "b977deb3-4301-4392-bc1d-c204c26b9ebe",
"control-id": "cis_fedora_7-1.11",
"description": "No notes for control-id 7.1.11.",
"props": [
@@ -28118,29 +30743,29 @@
]
},
{
- "uuid": "8b583f26-58cb-41af-bd97-0fa483cb8ab8",
+ "uuid": "634b5468-f597-4da7-b795-a5f230a49b16",
"control-id": "cis_fedora_7-1.12",
"description": "No notes for control-id 7.1.12.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_files_unowned_by_user"
+ "value": "no_files_or_dirs_unowned_by_user"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permissions_ungroupowned"
+ "value": "no_files_or_dirs_ungroupowned"
}
]
},
{
- "uuid": "9188c4ff-894c-4cd2-9945-8e0c4758dd45",
+ "uuid": "6f8a10bf-5b4f-4120-a564-30f43ef0d6f8",
"control-id": "cis_fedora_7-1.13",
"description": "The description for control-id cis_fedora_7-1.13.",
"props": [
@@ -28153,7 +30778,7 @@
]
},
{
- "uuid": "fb062f24-583f-4bfc-bfbd-0f3fa2bd7273",
+ "uuid": "44b396aa-9387-4ace-b488-775f0d1019b9",
"control-id": "cis_fedora_7-2.1",
"description": "No notes for control-id 7.2.1.",
"props": [
@@ -28170,7 +30795,7 @@
]
},
{
- "uuid": "ce79d71e-6bec-49f5-997d-b54598714d3a",
+ "uuid": "4a227477-a99d-4bc7-a67b-99b7fafbed2c",
"control-id": "cis_fedora_7-2.2",
"description": "No notes for control-id 7.2.2.",
"props": [
@@ -28187,7 +30812,7 @@
]
},
{
- "uuid": "573acc21-0c19-43d7-a17f-2ef708e90778",
+ "uuid": "c727497c-0313-4487-9e85-981a47e333ef",
"control-id": "cis_fedora_7-2.3",
"description": "No notes for control-id 7.2.3.",
"props": [
@@ -28204,7 +30829,7 @@
]
},
{
- "uuid": "523d9f29-dda3-478a-b380-71cc03465c42",
+ "uuid": "29c46adf-bd9d-4870-a852-e71bf3acc72e",
"control-id": "cis_fedora_7-2.4",
"description": "No notes for control-id 7.2.4.",
"props": [
@@ -28221,7 +30846,7 @@
]
},
{
- "uuid": "d25d8cde-6c7a-4384-8421-1267350a46e5",
+ "uuid": "20d14a7f-7a1d-402f-ba34-a255cbf03eda",
"control-id": "cis_fedora_7-2.5",
"description": "No notes for control-id 7.2.5.",
"props": [
@@ -28238,7 +30863,7 @@
]
},
{
- "uuid": "69f8cb2a-c8bf-4a93-8451-8188b13abd63",
+ "uuid": "f3a22005-e766-4598-a3a1-d7ea9cd8c71b",
"control-id": "cis_fedora_7-2.6",
"description": "No notes for control-id 7.2.6.",
"props": [
@@ -28255,7 +30880,7 @@
]
},
{
- "uuid": "4f575a3b-d557-4f02-9c99-c85d0dd273fa",
+ "uuid": "fdfe0a57-59e1-4e46-a2a5-2b8d3fb8e0e7",
"control-id": "cis_fedora_7-2.7",
"description": "No notes for control-id 7.2.7.",
"props": [
@@ -28272,7 +30897,7 @@
]
},
{
- "uuid": "31f855aa-b93c-4c7e-aac5-8768229c3e7d",
+ "uuid": "5982e283-493b-4afd-9985-e496b02049b4",
"control-id": "cis_fedora_7-2.8",
"description": "No notes for control-id 7.2.8.",
"props": [
@@ -28299,14 +30924,14 @@
]
},
{
- "uuid": "259b654c-92fc-4179-b579-8fa68d0c65bd",
+ "uuid": "c1ee9a19-e226-4c5d-99a2-f16477d09cee",
"control-id": "cis_fedora_7-2.9",
- "description": "Missing a rule to check that .bash_history is mode 0600 or more restrictive.",
+ "description": "No notes for control-id 7.2.9.",
"props": [
{
"name": "implementation-status",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "partial"
+ "value": "implemented"
},
{
"name": "Rule_Id",
@@ -28321,22 +30946,27 @@
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "accounts_user_dot_no_world_writable_programs"
+ "value": "file_permission_user_init_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "file_permission_user_init_files"
+ "value": "no_forward_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_forward_files"
+ "value": "no_netrc_files"
},
{
"name": "Rule_Id",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "no_netrc_files"
+ "value": "no_rhost_files"
+ },
+ {
+ "name": "Rule_Id",
+ "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
+ "value": "file_permission_user_bash_history"
}
]
}
diff --git a/component-definitions/fedora/fedora-cusp_fedora-default/component-definition.json b/component-definitions/fedora/fedora-cusp_fedora-default/component-definition.json
index 834e2c9c..35e52c69 100644
--- a/component-definitions/fedora/fedora-cusp_fedora-default/component-definition.json
+++ b/component-definitions/fedora/fedora-cusp_fedora-default/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "2d7b24b2-1bb9-4f44-b6d1-9c6b27c84fe0",
"metadata": {
"title": "Component definition for fedora",
- "last-modified": "2025-12-17T11:22:40.240960+00:00",
- "version": "1.5",
+ "last-modified": "2026-01-05T17:39:33.208342+00:00",
+ "version": "1.6",
"oscal-version": "1.1.3"
},
"components": [
@@ -473,7 +473,7 @@
{
"name": "Parameter_Value_Alternatives_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -6387,7 +6387,7 @@
{
"name": "Parameter_Value_Alternatives_24",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel10/rhel10-anssi-enhanced/component-definition.json b/component-definitions/rhel10/rhel10-anssi-enhanced/component-definition.json
index 75685c44..9e06817b 100644
--- a/component-definitions/rhel10/rhel10-anssi-enhanced/component-definition.json
+++ b/component-definitions/rhel10/rhel10-anssi-enhanced/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "e2f03e22-a04d-43b6-b9bd-963705759d02",
"metadata": {
"title": "Component definition for rhel10",
- "last-modified": "2025-12-17T11:09:07.029335+00:00",
- "version": "1.4",
+ "last-modified": "2026-01-05T17:30:19.476378+00:00",
+ "version": "1.5",
"oscal-version": "1.1.3"
},
"components": [
@@ -365,7 +365,7 @@
{
"name": "Parameter_Value_Alternatives_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -7380,7 +7380,7 @@
{
"name": "Parameter_Value_Alternatives_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel10/rhel10-anssi-high/component-definition.json b/component-definitions/rhel10/rhel10-anssi-high/component-definition.json
index a9f5c00a..5153c086 100644
--- a/component-definitions/rhel10/rhel10-anssi-high/component-definition.json
+++ b/component-definitions/rhel10/rhel10-anssi-high/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "4a0dc350-a979-44df-a37c-3c868514176f",
"metadata": {
"title": "Component definition for rhel10",
- "last-modified": "2025-12-17T11:10:03.358458+00:00",
- "version": "1.4",
+ "last-modified": "2026-01-05T17:31:11.615612+00:00",
+ "version": "1.5",
"oscal-version": "1.1.3"
},
"components": [
@@ -383,7 +383,7 @@
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -8980,7 +8980,7 @@
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel10/rhel10-anssi-intermediary/component-definition.json b/component-definitions/rhel10/rhel10-anssi-intermediary/component-definition.json
index 72054f75..708c582b 100644
--- a/component-definitions/rhel10/rhel10-anssi-intermediary/component-definition.json
+++ b/component-definitions/rhel10/rhel10-anssi-intermediary/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "1f77331e-b554-42c3-a018-031a615e42c7",
"metadata": {
"title": "Component definition for rhel10",
- "last-modified": "2025-12-17T11:10:50.929981+00:00",
- "version": "1.4",
+ "last-modified": "2026-01-05T17:31:55.581077+00:00",
+ "version": "1.5",
"oscal-version": "1.1.3"
},
"components": [
@@ -347,7 +347,7 @@
{
"name": "Parameter_Value_Alternatives_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -5558,7 +5558,7 @@
{
"name": "Parameter_Value_Alternatives_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel10/rhel10-anssi-minimal/component-definition.json b/component-definitions/rhel10/rhel10-anssi-minimal/component-definition.json
index fc6c9fe9..9d343a07 100644
--- a/component-definitions/rhel10/rhel10-anssi-minimal/component-definition.json
+++ b/component-definitions/rhel10/rhel10-anssi-minimal/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "186b75e3-6306-4419-b0a0-4f92c86067ab",
"metadata": {
"title": "Component definition for rhel10",
- "last-modified": "2025-12-17T11:11:28.722800+00:00",
- "version": "1.4",
+ "last-modified": "2026-01-05T17:32:30.212383+00:00",
+ "version": "1.5",
"oscal-version": "1.1.3"
},
"components": [
@@ -167,7 +167,7 @@
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_00"
},
{
@@ -1407,7 +1407,7 @@
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_00"
},
{
diff --git a/component-definitions/rhel10/rhel10-pcidss_4-base/component-definition.json b/component-definitions/rhel10/rhel10-pcidss_4-base/component-definition.json
index 364a46f6..2fd15d56 100644
--- a/component-definitions/rhel10/rhel10-pcidss_4-base/component-definition.json
+++ b/component-definitions/rhel10/rhel10-pcidss_4-base/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "e263ec70-49b2-459f-bfae-283464b2cdcb",
"metadata": {
"title": "Component definition for rhel10",
- "last-modified": "2025-12-17T11:18:09.672940+00:00",
- "version": "1.6",
+ "last-modified": "2026-01-05T17:35:18.000156+00:00",
+ "version": "1.7",
"oscal-version": "1.1.3"
},
"components": [
@@ -203,7 +203,7 @@
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -257,7 +257,7 @@
{
"name": "Parameter_Value_Alternatives_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -311,7 +311,7 @@
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -8468,7 +8468,7 @@
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -8522,7 +8522,7 @@
{
"name": "Parameter_Value_Alternatives_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -8576,7 +8576,7 @@
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel8/rhel8-anssi-enhanced/component-definition.json b/component-definitions/rhel8/rhel8-anssi-enhanced/component-definition.json
index 1c43e3d8..1eac2506 100644
--- a/component-definitions/rhel8/rhel8-anssi-enhanced/component-definition.json
+++ b/component-definitions/rhel8/rhel8-anssi-enhanced/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "b295d181-e9e6-410c-96a5-120787697faf",
"metadata": {
"title": "Component definition for rhel8",
- "last-modified": "2025-12-17T10:49:45.328702+00:00",
- "version": "2.0",
+ "last-modified": "2026-01-05T17:18:41.416182+00:00",
+ "version": "2.1",
"oscal-version": "1.1.3"
},
"components": [
@@ -347,7 +347,7 @@
{
"name": "Parameter_Value_Alternatives_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -7525,7 +7525,7 @@
{
"name": "Parameter_Value_Alternatives_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel8/rhel8-anssi-high/component-definition.json b/component-definitions/rhel8/rhel8-anssi-high/component-definition.json
index e77d7207..72a945a5 100644
--- a/component-definitions/rhel8/rhel8-anssi-high/component-definition.json
+++ b/component-definitions/rhel8/rhel8-anssi-high/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "ee3f4035-1eac-4bf9-afc2-08795f43524d",
"metadata": {
"title": "Component definition for rhel8",
- "last-modified": "2025-12-17T10:50:40.115409+00:00",
- "version": "1.8",
+ "last-modified": "2026-01-05T17:19:35.201797+00:00",
+ "version": "1.9",
"oscal-version": "1.1.3"
},
"components": [
@@ -365,7 +365,7 @@
{
"name": "Parameter_Value_Alternatives_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -9193,7 +9193,7 @@
{
"name": "Parameter_Value_Alternatives_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel8/rhel8-anssi-intermediary/component-definition.json b/component-definitions/rhel8/rhel8-anssi-intermediary/component-definition.json
index f6e8cfb5..1570fa45 100644
--- a/component-definitions/rhel8/rhel8-anssi-intermediary/component-definition.json
+++ b/component-definitions/rhel8/rhel8-anssi-intermediary/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "64e51a15-1ac4-48f3-84c6-aa4b5ad14f72",
"metadata": {
"title": "Component definition for rhel8",
- "last-modified": "2025-12-17T10:51:27.198836+00:00",
- "version": "1.8",
+ "last-modified": "2026-01-05T17:20:20.178244+00:00",
+ "version": "1.9",
"oscal-version": "1.1.3"
},
"components": [
@@ -329,7 +329,7 @@
{
"name": "Parameter_Value_Alternatives_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -5686,7 +5686,7 @@
{
"name": "Parameter_Value_Alternatives_16",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel8/rhel8-anssi-minimal/component-definition.json b/component-definitions/rhel8/rhel8-anssi-minimal/component-definition.json
index 14d752b5..554f9417 100644
--- a/component-definitions/rhel8/rhel8-anssi-minimal/component-definition.json
+++ b/component-definitions/rhel8/rhel8-anssi-minimal/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "dca4a913-7a66-4798-b587-254db2359b9b",
"metadata": {
"title": "Component definition for rhel8",
- "last-modified": "2025-12-17T10:52:04.794802+00:00",
- "version": "1.6",
+ "last-modified": "2026-01-05T17:20:55.670557+00:00",
+ "version": "1.7",
"oscal-version": "1.1.3"
},
"components": [
@@ -149,7 +149,7 @@
{
"name": "Parameter_Value_Alternatives_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_00"
},
{
@@ -1467,7 +1467,7 @@
{
"name": "Parameter_Value_Alternatives_6",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_00"
},
{
diff --git a/component-definitions/rhel8/rhel8-pcidss_4-base/component-definition.json b/component-definitions/rhel8/rhel8-pcidss_4-base/component-definition.json
index cd2fa2c2..419eea3f 100644
--- a/component-definitions/rhel8/rhel8-pcidss_4-base/component-definition.json
+++ b/component-definitions/rhel8/rhel8-pcidss_4-base/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "086b160b-e979-4e7f-ab46-a2f7c88b7bdd",
"metadata": {
"title": "Component definition for rhel8",
- "last-modified": "2025-12-17T10:58:55.538765+00:00",
- "version": "2.4",
+ "last-modified": "2026-01-05T17:23:42.738780+00:00",
+ "version": "2.5",
"oscal-version": "1.1.3"
},
"components": [
@@ -203,7 +203,7 @@
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -257,7 +257,7 @@
{
"name": "Parameter_Value_Alternatives_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -311,7 +311,7 @@
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -8587,7 +8587,7 @@
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -8641,7 +8641,7 @@
{
"name": "Parameter_Value_Alternatives_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -8695,7 +8695,7 @@
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel9/rhel9-anssi-enhanced/component-definition.json b/component-definitions/rhel9/rhel9-anssi-enhanced/component-definition.json
index 1e65f696..1e93a034 100644
--- a/component-definitions/rhel9/rhel9-anssi-enhanced/component-definition.json
+++ b/component-definitions/rhel9/rhel9-anssi-enhanced/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "fb4d7f88-deb5-45ad-a88a-f90300331665",
"metadata": {
"title": "Component definition for rhel9",
- "last-modified": "2025-12-17T11:02:45.835322+00:00",
- "version": "1.5",
+ "last-modified": "2026-01-05T17:24:31.904856+00:00",
+ "version": "1.6",
"oscal-version": "1.1.3"
},
"components": [
@@ -365,7 +365,7 @@
{
"name": "Parameter_Value_Alternatives_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -7278,7 +7278,7 @@
{
"name": "Parameter_Value_Alternatives_18",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel9/rhel9-anssi-high/component-definition.json b/component-definitions/rhel9/rhel9-anssi-high/component-definition.json
index 17ece30f..4b4e33cb 100644
--- a/component-definitions/rhel9/rhel9-anssi-high/component-definition.json
+++ b/component-definitions/rhel9/rhel9-anssi-high/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "ba234c1c-cc49-4b41-a997-69fd477a45fd",
"metadata": {
"title": "Component definition for rhel9",
- "last-modified": "2025-12-17T11:03:42.161031+00:00",
- "version": "1.5",
+ "last-modified": "2026-01-05T17:25:24.163650+00:00",
+ "version": "1.6",
"oscal-version": "1.1.3"
},
"components": [
@@ -383,7 +383,7 @@
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -9014,7 +9014,7 @@
{
"name": "Parameter_Value_Alternatives_19",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel9/rhel9-anssi-intermediary/component-definition.json b/component-definitions/rhel9/rhel9-anssi-intermediary/component-definition.json
index b53695d2..05c4bf2b 100644
--- a/component-definitions/rhel9/rhel9-anssi-intermediary/component-definition.json
+++ b/component-definitions/rhel9/rhel9-anssi-intermediary/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "08306d16-4996-4b5d-bbf3-1800c9877ae1",
"metadata": {
"title": "Component definition for rhel9",
- "last-modified": "2025-12-17T11:04:29.770656+00:00",
- "version": "1.5",
+ "last-modified": "2026-01-05T17:26:08.398380+00:00",
+ "version": "1.6",
"oscal-version": "1.1.3"
},
"components": [
@@ -347,7 +347,7 @@
{
"name": "Parameter_Value_Alternatives_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -5558,7 +5558,7 @@
{
"name": "Parameter_Value_Alternatives_17",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
diff --git a/component-definitions/rhel9/rhel9-anssi-minimal/component-definition.json b/component-definitions/rhel9/rhel9-anssi-minimal/component-definition.json
index 31332407..56c6d1c8 100644
--- a/component-definitions/rhel9/rhel9-anssi-minimal/component-definition.json
+++ b/component-definitions/rhel9/rhel9-anssi-minimal/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "5e2a14d9-cdc9-4476-b4c5-04ab3a945548",
"metadata": {
"title": "Component definition for rhel9",
- "last-modified": "2025-12-17T11:05:08.424160+00:00",
- "version": "1.5",
+ "last-modified": "2026-01-05T17:26:43.166393+00:00",
+ "version": "1.6",
"oscal-version": "1.1.3"
},
"components": [
@@ -167,7 +167,7 @@
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_00"
},
{
@@ -1458,7 +1458,7 @@
{
"name": "Parameter_Value_Alternatives_7",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_00"
},
{
diff --git a/component-definitions/rhel9/rhel9-pcidss_4-base/component-definition.json b/component-definitions/rhel9/rhel9-pcidss_4-base/component-definition.json
index 51ca2c12..3f60319a 100644
--- a/component-definitions/rhel9/rhel9-pcidss_4-base/component-definition.json
+++ b/component-definitions/rhel9/rhel9-pcidss_4-base/component-definition.json
@@ -3,8 +3,8 @@
"uuid": "82eef6a2-1ce5-4817-af27-287cf97df8aa",
"metadata": {
"title": "Component definition for rhel9",
- "last-modified": "2025-12-17T11:08:12.684423+00:00",
- "version": "1.7",
+ "last-modified": "2026-01-05T17:29:29.198952+00:00",
+ "version": "1.8",
"oscal-version": "1.1.3"
},
"components": [
@@ -203,7 +203,7 @@
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -257,7 +257,7 @@
{
"name": "Parameter_Value_Alternatives_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -311,7 +311,7 @@
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{
@@ -8468,7 +8468,7 @@
{
"name": "Parameter_Value_Alternatives_9",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt'}",
+ "value": "{'default': 'single', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'single|halt', 'cis_rhel9': 'single|halt', 'cis_rhel10': 'single|halt', 'cis_fedora': 'single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -8522,7 +8522,7 @@
{
"name": "Parameter_Value_Alternatives_12",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt'}",
+ "value": "{'default': 'email', 'email': 'email', 'exec': 'exec', 'halt': 'halt', 'single': 'single', 'suspend': 'suspend', 'syslog': 'syslog', 'rotate': 'rotate', 'ignore': 'ignore', 'cis_rhel8': 'email|exec|single|halt', 'cis_rhel9': 'email|exec|single|halt', 'cis_rhel10': 'email|exec|single|halt', 'cis_fedora': 'email|exec|single|halt'}",
"remarks": "rule_set_000"
},
{
@@ -8576,7 +8576,7 @@
{
"name": "Parameter_Value_Alternatives_15",
"ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd",
- "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512'}",
+ "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2204': 'SHA512|YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT', 'cis_rhel10': 'YESCRYPT|SHA512', 'cis_fedora': 'YESCRYPT|SHA512'}",
"remarks": "rule_set_000"
},
{