Add rules and checks for more audit_path V-219273 to V-219277 first /var/log checks V-219213 and V-219214

[aaronlippold]

I’d like to start setting up the CICD pipeline for this. Are we able to start on the ansible content as part of these pool requests?

I have a fairly decent kitchen ci set up we can borrow from in the other repos.

It’s also a great way to test the profile

Aaron

On Mon, Apr 5, 2021 at 9:54 PM Greg @.***> wrote:

---

You can view, comment on, or merge this pull request online at:

https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43 Commit Summary

• Add rules and checks for more audit_path V-219273 to V-219277
• Rules and checks for first of var/log checks V-219213 and V-219214

File Changes

• M controls/V-219213.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-72aabfbe2b3bad90c147e9b3d27f1073aa0b7ae926bdda0639f1631cb273ffb9 (18)
• M controls/V-219214.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-3e23d985eae60c4aa3ff322b95a3ae6569947ef1379a0d1b4a2a56800b4fdd19 (18)
• M controls/V-219273.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-6a769bf5e3e89631df9e19c1903f90d8972a1d1c3922924bef0c8af5dccfee73 (18)
• M controls/V-219274.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-cff6e31fd9a086742e2e01170aba241796a146995e12c2215320f36d943cf53f (18)
• M controls/V-219275.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-a22825ec4a9b47cb306967cc2ca2d3c6280fab062bae02fce9f7fd82527774c2 (18)
• M controls/V-219276.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-b59e095f9442408a6a70e630c9ed3df1b3817eadbdf2b549f1d7d76fa434e605 (18)
• M controls/V-219277.rb https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-874df68bd83cb70b56ebd9ea5fa262fbb818778f14702efb3eb1f8e0fc02ddf8 (18)
• M spec/ansible/roles/ansible-role-ubuntu-stig-hardening/tasks/auditd.yml https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-7e7227362dd3b470bc8b71ccb83e5619636b44b7e8005e590e3564cfe259136f (16)
• M spec/ansible/roles/ansible-role-ubuntu-stig-hardening/templates/audit.rules.j2 https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43/files#diff-545dc1fb9b7e79ffead59df2e9ed0ace64796ee8471d5b1f39f4ac8a39a9d05b (21)

Patch Links:

- https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43.patch

https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43.diff

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mitre/canonical-ubuntu-18.04-lts-stig-baseline/pull/43, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALK42F4K44HV44XKDZACMDTHJSXBANCNFSM42NZAP7Q .

--

Aaron Lippold

@.***

260-255-4779

twitter/aim/yahoo,etc. 'aaronlippold'

[ghexp]

I’d like to start setting up the CICD pipeline for this. Are we able to start on the ansible content as part of these pool requests? I have a fairly decent kitchen ci set up we can borrow from in the other repos. It’s also a great way to test the profile Aaron

The ansible content is included with these PRs by updating the jinja file that gets used. The one ansible rule uses the audit.rules.j2 file that has all the updates to /etc/audit/rules.d/stig.rules. So I've been bumping up the threshold. Are you talking about some other CI/CD that actually tests whether a command generates an audit record properly?