Add rules to RHEL 10 CIS 7.1.10

controls/cis_rhel10.yml

@@ -3166,7 +3166,12 @@ controls:
           - l1_workstation
       status: automated
       rules:
-          - file_etc_security_opasswd
+          - file_groupowner_etc_security_opasswd
+          - file_owner_etc_security_opasswd
+          - file_permissions_etc_security_opasswd
+          - file_groupowner_etc_security_opasswd_old
+          - file_owner_etc_security_opasswd_old
+          - file_permissions_etc_security_opasswd_old
 
     - id: 7.1.11
       title: Ensure world writable files and directories are secured (Automated)

linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd/rule.yml

@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel10: CCE-90453-2
     cce@sle15: CCE-92539-6
 
 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/security/opasswd", group="root") }}}'

linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd_old/rule.yml

@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel10: CCE-89419-6
     cce@sle15: CCE-92540-4
 
 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/security/opasswd.old", group="root") }}}'

linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd/rule.yml

@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel10: CCE-86791-1
     cce@sle15: CCE-92545-3
 
 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/security/opasswd", owner="root") }}}'

linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd_old/rule.yml

@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel10: CCE-88528-5
     cce@sle15: CCE-92546-1
 
 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/security/opasswd.old", owner="root") }}}'

linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd/rule.yml

@@ -12,6 +12,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel10: CCE-89580-5
     cce@sle15: CCE-92558-6
 
 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/security/opasswd", perms="0600") }}}'

linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd_old/rule.yml

@@ -12,6 +12,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel10: CCE-87434-7
     cce@sle15: CCE-92559-4
 
 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/security/opasswd.old", perms="0600") }}}'

products/rhel10/profiles/default.profile

@@ -41,3 +41,5 @@
     - package_systemd-journal-remote_installed
     - journald_storage
     - partition_for_dev_shm
+    - file_etc_security_opasswd
+

shared/references/cce-redhat-avail.txt

@@ -101,7 +101,6 @@ CCE-86785-3
 CCE-86788-7
 CCE-86789-5
 CCE-86790-3
-CCE-86791-1
 CCE-86793-7
 CCE-86795-2
 CCE-86796-0
@@ -442,7 +441,6 @@ CCE-87426-3
 CCE-87427-1
 CCE-87431-3
 CCE-87432-1
-CCE-87434-7
 CCE-87435-4
 CCE-87436-2
 CCE-87437-0
@@ -1108,7 +1106,6 @@ CCE-88522-8
 CCE-88525-1
 CCE-88526-9
 CCE-88527-7
-CCE-88528-5
 CCE-88530-1
 CCE-88531-9
 CCE-88532-7
@@ -1628,7 +1625,6 @@ CCE-89413-9
 CCE-89415-4
 CCE-89416-2
 CCE-89417-0
-CCE-89419-6
 CCE-89420-4
 CCE-89421-2
 CCE-89422-0
@@ -1722,7 +1718,6 @@ CCE-89576-3
 CCE-89577-1
 CCE-89578-9
 CCE-89579-7
-CCE-89580-5
 CCE-89582-1
 CCE-89583-9
 CCE-89584-7
@@ -2305,7 +2300,6 @@ CCE-90446-6
 CCE-90447-4
 CCE-90448-2
 CCE-90452-4
-CCE-90453-2
 CCE-90454-0
 CCE-90455-7
 CCE-90457-3

tests/data/profile_stability/rhel10/cis.profile

@@ -133,7 +133,6 @@ ensure_root_password_configured
 file_at_deny_not_exist
 file_cron_allow_exists
 file_cron_deny_not_exist
-file_etc_security_opasswd
 file_group_ownership_var_log_audit
 file_groupowner_at_allow
 file_groupowner_backup_etc_group
@@ -153,6 +152,8 @@ file_groupowner_etc_issue
 file_groupowner_etc_issue_net
 file_groupowner_etc_motd
 file_groupowner_etc_passwd
+file_groupowner_etc_security_opasswd
+file_groupowner_etc_security_opasswd_old
 file_groupowner_etc_shadow
 file_groupowner_etc_shells
 file_groupowner_grub2_cfg
@@ -180,6 +181,8 @@ file_owner_etc_issue
 file_owner_etc_issue_net
 file_owner_etc_motd
 file_owner_etc_passwd
+file_owner_etc_security_opasswd
+file_owner_etc_security_opasswd_old
 file_owner_etc_shadow
 file_owner_etc_shells
 file_owner_grub2_cfg
@@ -212,6 +215,8 @@ file_permissions_etc_issue
 file_permissions_etc_issue_net
 file_permissions_etc_motd
 file_permissions_etc_passwd
+file_permissions_etc_security_opasswd
+file_permissions_etc_security_opasswd_old
 file_permissions_etc_shadow
 file_permissions_etc_shells
 file_permissions_grub2_cfg

tests/data/profile_stability/rhel10/cis_server_l1.profile

@@ -64,7 +64,6 @@ ensure_root_password_configured
 file_at_deny_not_exist
 file_cron_allow_exists
 file_cron_deny_not_exist
-file_etc_security_opasswd
 file_groupowner_at_allow
 file_groupowner_backup_etc_group
 file_groupowner_backup_etc_gshadow
@@ -83,6 +82,8 @@ file_groupowner_etc_issue
 file_groupowner_etc_issue_net
 file_groupowner_etc_motd
 file_groupowner_etc_passwd
+file_groupowner_etc_security_opasswd
+file_groupowner_etc_security_opasswd_old
 file_groupowner_etc_shadow
 file_groupowner_etc_shells
 file_groupowner_grub2_cfg
@@ -108,6 +109,8 @@ file_owner_etc_issue
 file_owner_etc_issue_net
 file_owner_etc_motd
 file_owner_etc_passwd
+file_owner_etc_security_opasswd
+file_owner_etc_security_opasswd_old
 file_owner_etc_shadow
 file_owner_etc_shells
 file_owner_grub2_cfg
@@ -135,6 +138,8 @@ file_permissions_etc_issue
 file_permissions_etc_issue_net
 file_permissions_etc_motd
 file_permissions_etc_passwd
+file_permissions_etc_security_opasswd
+file_permissions_etc_security_opasswd_old
 file_permissions_etc_shadow
 file_permissions_etc_shells
 file_permissions_grub2_cfg

tests/data/profile_stability/rhel10/cis_workstation_l1.profile

@@ -62,7 +62,6 @@ ensure_root_password_configured
 file_at_deny_not_exist
 file_cron_allow_exists
 file_cron_deny_not_exist
-file_etc_security_opasswd
 file_groupowner_at_allow
 file_groupowner_backup_etc_group
 file_groupowner_backup_etc_gshadow
@@ -81,6 +80,8 @@ file_groupowner_etc_issue
 file_groupowner_etc_issue_net
 file_groupowner_etc_motd
 file_groupowner_etc_passwd
+file_groupowner_etc_security_opasswd
+file_groupowner_etc_security_opasswd_old
 file_groupowner_etc_shadow
 file_groupowner_etc_shells
 file_groupowner_grub2_cfg
@@ -106,6 +107,8 @@ file_owner_etc_issue
 file_owner_etc_issue_net
 file_owner_etc_motd
 file_owner_etc_passwd
+file_owner_etc_security_opasswd
+file_owner_etc_security_opasswd_old
 file_owner_etc_shadow
 file_owner_etc_shells
 file_owner_grub2_cfg
@@ -133,6 +136,8 @@ file_permissions_etc_issue
 file_permissions_etc_issue_net
 file_permissions_etc_motd
 file_permissions_etc_passwd
+file_permissions_etc_security_opasswd
+file_permissions_etc_security_opasswd_old
 file_permissions_etc_shadow
 file_permissions_etc_shells
 file_permissions_grub2_cfg

tests/data/profile_stability/rhel10/cis_workstation_l2.profile

@@ -133,7 +133,6 @@ ensure_root_password_configured
 file_at_deny_not_exist
 file_cron_allow_exists
 file_cron_deny_not_exist
-file_etc_security_opasswd
 file_group_ownership_var_log_audit
 file_groupowner_at_allow
 file_groupowner_backup_etc_group
@@ -153,6 +152,8 @@ file_groupowner_etc_issue
 file_groupowner_etc_issue_net
 file_groupowner_etc_motd
 file_groupowner_etc_passwd
+file_groupowner_etc_security_opasswd
+file_groupowner_etc_security_opasswd_old
 file_groupowner_etc_shadow
 file_groupowner_etc_shells
 file_groupowner_grub2_cfg
@@ -180,6 +181,8 @@ file_owner_etc_issue
 file_owner_etc_issue_net
 file_owner_etc_motd
 file_owner_etc_passwd
+file_owner_etc_security_opasswd
+file_owner_etc_security_opasswd_old
 file_owner_etc_shadow
 file_owner_etc_shells
 file_owner_grub2_cfg
@@ -212,6 +215,8 @@ file_permissions_etc_issue
 file_permissions_etc_issue_net
 file_permissions_etc_motd
 file_permissions_etc_passwd
+file_permissions_etc_security_opasswd
+file_permissions_etc_security_opasswd_old
 file_permissions_etc_shadow
 file_permissions_etc_shells
 file_permissions_grub2_cfg