RHEL8 auditd privileged commands auid!=unset

tom-krieger / cis_security_hardening

Define a complete security baseline and monitor the baseline's rules. The definition of the baseline should be done in Hiera. The purpose of the module is to give the ability to setup a complete security baseline which not necessarily have to stick to industry security guides like the CIS benchmarks.

Apache License 2.0

15 stars 10 forks source link

RHEL8 auditd privileged commands auid!=unset #68

Closed warrenbel closed 10 months ago

warrenbel commented 10 months ago

The following privileged commands need to have auid!=unset chacl setfacl chcon

as per CIS_Red_Hat_Enterprise_Linux_8_Benchmark_v2.0.0 -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd

similar to issues #66,67 usermod,kmod

warrenbel commented 10 months ago

i ran the benchmark again and this is passing. closing.