From 252531522a3cafebc2bc8ad1e1191c55ec678a41 Mon Sep 17 00:00:00 2001 From: svet-se Date: Wed, 7 Aug 2024 16:30:41 +0300 Subject: [PATCH] add rule audit_rules_usergroup_modification_shadow to slmicro5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../audit_rules_usergroup_modification_shadow/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index bd6abb3db00d..7f64f20df0c5 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1609,8 +1609,9 @@ controls: title: SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. - rules: [] - status: pending + rules: + - audit_rules_usergroup_modification_shadow + status: automated - id: SLEM-05-654150 levels: diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index 8898621ec47b..7b9cdc9a33ec 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -33,6 +33,7 @@ identifiers: cce@rhel10: CCE-88637-4 cce@sle12: CCE-83122-2 cce@sle15: CCE-85579-1 + cce@slmicro5: CCE-93658-3 references: cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 139a13c79cd4..9ccbb750e85e 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -15,7 +15,6 @@ CCE-93638-5 CCE-93639-3 CCE-93640-1 CCE-93641-9 -CCE-93658-3 CCE-93659-1 CCE-93660-9 CCE-93661-7