Move /etc/chrony.keys to root:chrony

ComplianceAsCode · Sep 25, 2024 · 320c87a · 320c87a
1 parent bda0138
commit 320c87a
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/linux_os/guide/services/ntp/file_groupowner_etc_chrony_keys/rule.yml b/linux_os/guide/services/ntp/file_groupowner_etc_chrony_keys/rule.yml
@@ -2,13 +2,13 @@ documentation_complete: true
 
 title: Verify Group Who Owns /etc/chrony.keys File
 
-description: '{{{ describe_file_group_owner(file="/etc/chrony.keys", group="root") }}}'
+description: '{{{ describe_file_group_owner(file="/etc/chrony.keys", group="chrony") }}}'
 
 rationale: |-
-    The ownership of the /etc/chrony.keys file by the root group is important
+    The ownership of the /etc/chrony.keys file by the chrony group is important
     because this file hosts chrony cryptographic keys. Protection
     of this file is critical for system security. Assigning the ownership to
-    root ensures exclusive control of the chrony cryptography keys.
+    chrony ensures exclusive control of the chrony cryptography keys.
 
 severity: medium
 
@@ -17,17 +17,17 @@ identifiers:
     cce@rhel9: CCE-86374-6
     cce@rhel10: CCE-87112-9
 
-ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/chrony.keys", group="root") }}}'
+ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/chrony.keys", group="chrony") }}}'
 
 ocil: |-
-    {{{ ocil_file_group_owner(file="/etc/chrony.keys", group="root") }}}
+    {{{ ocil_file_group_owner(file="/etc/chrony.keys", group="chrony") }}}
 
-fixtext: '{{{ fixtext_file_group_owner(file="/etc/chrony.keys", group="root") }}}'
+fixtext: '{{{ fixtext_file_group_owner(file="/etc/chrony.keys", group="chrony") }}}'
 
-srg_requirement: '{{{ srg_requirement_file_group_owner(file="/etc/chrony.keys", group="root") }}}'
+srg_requirement: '{{{ srg_requirement_file_group_owner(file="/etc/chrony.keys", group="chrony") }}}'
 
 template:
     name: file_groupowner
     vars:
         filepath: /etc/chrony.keys
-        gid_or_name: root
+        gid_or_name: chrony
diff --git a/linux_os/guide/services/ntp/file_owner_etc_chrony_keys/rule.yml b/linux_os/guide/services/ntp/file_owner_etc_chrony_keys/rule.yml
@@ -5,10 +5,10 @@ title: Verify User Who Owns /etc/chrony.keys File
 description: '{{{ describe_file_owner(file="/etc/chrony.keys", owner="root") }}}'
 
 rationale: |-
-    The ownership of the /etc/chrony.keys file by the root user is important
+    The ownership of the /etc/chrony.keys file by the chrony user is important
     because this file hosts chrony cryptographic keys. Protection
     of this file is critical for system security. Assigning the ownership to
-    root ensures exclusive control of the chrony cryptographic keys.
+    chrony ensures exclusive control of the chrony cryptographic keys.
 
 severity: medium