Remove rules no longer in the RHEL 9 STIG

ComplianceAsCode · Oct 31, 2024 · 50cca4f · 50cca4f
1 parent 6d614e5
commit 50cca4f
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 124 deletions.
diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
@@ -662,16 +662,6 @@ controls:
             - mount_option_home_noexec
         status: automated
 
-    -   id: RHEL-09-231060
-        levels:
-            - medium
-        title:
-            RHEL 9 must be configured so that the Network File System (NFS) is configured
-            to use RPCSEC_GSS.
-        rules:
-            - mount_option_krb_sec_remote_filesystems
-        status: automated
-
     -   id: RHEL-09-231065
         levels:
             - medium
@@ -1402,14 +1392,6 @@ controls:
             - configured_firewalld_default_deny
         status: automated
 
-    -   id: RHEL-09-251025
-        levels:
-            - medium
-        title: RHEL 9 must control remote access methods.
-        rules:
-            - configure_firewalld_ports
-        status: automated
-
     -   id: RHEL-09-251030
         levels:
             - medium
@@ -1531,16 +1513,6 @@ controls:
             - postfix_prevent_unrestricted_relay
         status: automated
 
-    -   id: RHEL-09-252055
-        levels:
-            - medium
-        title:
-            If the Trivial File Transfer Protocol (TFTP) server is required, RHEL 9 TFTP
-            daemon must be configured to operate in secure mode.
-        rules:
-            - tftpd_uses_secure_mode
-        status: automated
-
     -   id: RHEL-09-252060
         levels:
             - medium
@@ -2041,14 +2013,6 @@ controls:
             - sshd_print_last_log
         status: automated
 
-    -   id: RHEL-09-255170
-        levels:
-            - medium
-        title: RHEL 9 SSH daemon must be configured to use privilege separation.
-        rules:
-            - sshd_use_priv_separation
-        status: automated
-
     -   id: RHEL-09-255175
         levels:
             - medium
@@ -2543,52 +2507,6 @@ controls:
             - accounts_user_dot_no_world_writable_programs
         status: automated
 
-    -   id: RHEL-09-412010
-        levels:
-            - medium
-        title: RHEL 9 must have the tmux package installed.
-        rules:
-            - package_tmux_installed
-        status: automated
-
-    -   id: RHEL-09-412015
-        levels:
-            - medium
-        title: RHEL 9 must ensure session control is automatically started at shell initialization.
-        rules:
-            - configure_bashrc_tmux
-        status: automated
-
-    -   id: RHEL-09-412020
-        levels:
-            - medium
-        title:
-            RHEL 9 must enable a user session lock until that user re-establishes access
-            using established identification and authentication procedures for command line
-            sessions.
-        rules:
-            - configure_tmux_lock_command
-            - configure_tmux_lock_keybinding
-        status: automated
-
-    -   id: RHEL-09-412025
-        levels:
-            - medium
-        title:
-            RHEL 9 must automatically lock command line user sessions after 15 minutes
-            of inactivity.
-        rules:
-            - configure_tmux_lock_after_time
-        status: automated
-
-    -   id: RHEL-09-412030
-        levels:
-            - low
-        title: RHEL 9 must prevent users from disabling session control mechanisms.
-        rules:
-            - no_tmux_in_shells
-        status: automated
-
     -   id: RHEL-09-412035
         levels:
             - medium
@@ -2943,14 +2861,6 @@ controls:
             - var_password_pam_minlen=15
         status: automated
 
-    -   id: RHEL-09-611095
-        levels:
-            - medium
-        title: RHEL 9 passwords for new users must have a minimum of 15 characters.
-        rules:
-            - accounts_password_minlen_login_defs
-        status: automated
-
     -   id: RHEL-09-611100
         levels:
             - medium
@@ -3058,16 +2968,6 @@ controls:
             - disallow_bypass_password_sudo
         status: automated
 
-    -   id: RHEL-09-611150
-        levels:
-            - medium
-        title:
-            RHEL 9 shadow password suite must be configured to use a sufficient number
-            of hashing rounds.
-        rules:
-            - set_password_hashing_min_rounds_logindefs
-        status: automated
-
     -   id: RHEL-09-611155
         levels:
             - medium

diff --git a/tests/data/profile_stability/rhel9/stig.profile b/tests/data/profile_stability/rhel9/stig.profile
@@ -43,7 +43,6 @@ selections:
 - accounts_minimum_age_login_defs
 - accounts_no_uid_except_zero
 - accounts_password_all_shadowed_sha512
-- accounts_password_minlen_login_defs
 - accounts_password_pam_dcredit
 - accounts_password_pam_dictcheck
 - accounts_password_pam_difok
@@ -181,18 +180,13 @@ selections:
 - chronyd_server_directive
 - chronyd_specify_remote_server
 - clean_components_post_updating
-- configure_bashrc_tmux
 - configure_bind_crypto_policy
 - configure_crypto_policy
-- configure_firewalld_ports
 - configure_kerberos_crypto_policy
 - configure_libreswan_crypto_policy
 - configure_opensc_card_drivers
 - configure_openssl_crypto_policy
 - configure_openssl_tls_crypto_policy
-- configure_tmux_lock_after_time
-- configure_tmux_lock_command
-- configure_tmux_lock_keybinding
 - configure_usbguard_auditbackend
 - configured_firewalld_default_deny
 - coredump_disable_backtraces
@@ -343,7 +337,6 @@ selections:
 - mount_option_home_nodev
 - mount_option_home_noexec
 - mount_option_home_nosuid
-- mount_option_krb_sec_remote_filesystems
 - mount_option_nodev_nonroot_local_partitions
 - mount_option_nodev_remote_filesystems
 - mount_option_nodev_removable_partitions
@@ -372,7 +365,6 @@ selections:
 - no_files_unowned_by_user
 - no_host_based_files
 - no_shelllogin_for_systemaccounts
-- no_tmux_in_shells
 - no_user_host_based_files
 - package_aide_installed
 - package_audispd-plugins_installed
@@ -404,7 +396,6 @@ selections:
 - package_sudo_installed
 - package_telnet-server_removed
 - package_tftp-server_removed
-- package_tmux_installed
 - package_tuned_removed
 - package_usbguard_installed
 - package_vsftpd_removed
@@ -448,7 +439,6 @@ selections:
 - set_password_hashing_algorithm_libuserconf
 - set_password_hashing_algorithm_logindefs
 - set_password_hashing_algorithm_passwordauth
-- set_password_hashing_min_rounds_logindefs
 - ssh_keys_passphrase_protected
 - sshd_disable_compression
 - sshd_disable_empty_passwords
@@ -469,7 +459,6 @@ selections:
 - sshd_set_idle_timeout
 - sshd_set_keepalive
 - sshd_set_loglevel_verbose
-- sshd_use_priv_separation
 - sshd_x11_use_localhost
 - sssd_certificate_verification
 - sssd_enable_certmap
@@ -516,7 +505,6 @@ selections:
 - sysctl_net_ipv6_conf_default_accept_redirects
 - sysctl_net_ipv6_conf_default_accept_source_route
 - sysctl_user_max_user_namespaces
-- tftpd_uses_secure_mode
 - usbguard_generate_policy
 - use_pam_wheel_for_su
 - wireless_disable_interfaces

diff --git a/tests/data/profile_stability/rhel9/stig_gui.profile b/tests/data/profile_stability/rhel9/stig_gui.profile
@@ -55,7 +55,6 @@ selections:
 - accounts_minimum_age_login_defs
 - accounts_no_uid_except_zero
 - accounts_password_all_shadowed_sha512
-- accounts_password_minlen_login_defs
 - accounts_password_pam_dcredit
 - accounts_password_pam_dictcheck
 - accounts_password_pam_difok
@@ -193,18 +192,13 @@ selections:
 - chronyd_server_directive
 - chronyd_specify_remote_server
 - clean_components_post_updating
-- configure_bashrc_tmux
 - configure_bind_crypto_policy
 - configure_crypto_policy
-- configure_firewalld_ports
 - configure_kerberos_crypto_policy
 - configure_libreswan_crypto_policy
 - configure_opensc_card_drivers
 - configure_openssl_crypto_policy
 - configure_openssl_tls_crypto_policy
-- configure_tmux_lock_after_time
-- configure_tmux_lock_command
-- configure_tmux_lock_keybinding
 - configure_usbguard_auditbackend
 - configured_firewalld_default_deny
 - coredump_disable_backtraces
@@ -354,7 +348,6 @@ selections:
 - mount_option_home_nodev
 - mount_option_home_noexec
 - mount_option_home_nosuid
-- mount_option_krb_sec_remote_filesystems
 - mount_option_nodev_nonroot_local_partitions
 - mount_option_nodev_remote_filesystems
 - mount_option_nodev_removable_partitions
@@ -383,7 +376,6 @@ selections:
 - no_files_unowned_by_user
 - no_host_based_files
 - no_shelllogin_for_systemaccounts
-- no_tmux_in_shells
 - no_user_host_based_files
 - package_aide_installed
 - package_audispd-plugins_installed
@@ -414,7 +406,6 @@ selections:
 - package_sudo_installed
 - package_telnet-server_removed
 - package_tftp-server_removed
-- package_tmux_installed
 - package_tuned_removed
 - package_usbguard_installed
 - package_vsftpd_removed
@@ -458,7 +449,6 @@ selections:
 - set_password_hashing_algorithm_libuserconf
 - set_password_hashing_algorithm_logindefs
 - set_password_hashing_algorithm_passwordauth
-- set_password_hashing_min_rounds_logindefs
 - ssh_keys_passphrase_protected
 - sshd_disable_compression
 - sshd_disable_empty_passwords
@@ -479,7 +469,6 @@ selections:
 - sshd_set_idle_timeout
 - sshd_set_keepalive
 - sshd_set_loglevel_verbose
-- sshd_use_priv_separation
 - sshd_x11_use_localhost
 - sssd_certificate_verification
 - sssd_enable_certmap
@@ -525,7 +514,6 @@ selections:
 - sysctl_net_ipv6_conf_default_accept_ra
 - sysctl_net_ipv6_conf_default_accept_redirects
 - sysctl_net_ipv6_conf_default_accept_source_route
-- tftpd_uses_secure_mode
 - usbguard_generate_policy
 - use_pam_wheel_for_su
 - wireless_disable_interfaces