RHEL8 - auditd_usermod_use

tom-krieger / cis_security_hardening

Define a complete security baseline and monitor the baseline's rules. The definition of the baseline should be done in Hiera. The purpose of the module is to give the ability to setup a complete security baseline which not necessarily have to stick to industry security guides like the CIS benchmarks.

Apache License 2.0

19 stars 13 forks source link

RHEL8 - auditd_usermod_use #67

Closed warrenbel closed 1 year ago

warrenbel commented 1 year ago

I am getting a failed on this rule: -a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod

CIS_Red_Hat_Enterprise_Linux_8_Benchmark_v2.0.0 p.432 -a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k usermod

warrenbel commented 1 year ago

i ran the benchmark again and this is passing. closing.