tom-krieger / cis_security_hardening

Define a complete security baseline and monitor the baseline's rules. The definition of the baseline should be done in Hiera. The purpose of the module is to give the ability to setup a complete security baseline which not necessarily have to stick to industry security guides like the CIS benchmarks.

Apache License 2.0

18 stars 11 forks source link

auditd - Record Information on Kernel Modules Loading and Unloading missing 32-bit #69

Closed warrenbel closed 3 months ago

warrenbel commented 12 months ago

I am failing this rule:

init_module,finit_module,delete_module,create_module,query_module

class { 'cis_security_hardening::rules::auditd_kernel_modules': enforce => true, }

-a always,exit -F arch=b64 -S init_module,finit_module,delete_module,create_module,query_module -F auid>=1000 -F auid!=4294967295 -k kernel_modules

it is failing because no for 32bit. I can use the auditd_init_module and auditd_delete_module, but it has no own classes for create, finit, and query.

tom-krieger commented 9 months ago

The CIS benchmark for RHEL 8 does not mention a 32 bit rule in version 2.0.0 and 3.0.0. Maybe your scanner is wrong?

tom-krieger commented 5 months ago

Any news on that or can we close this issue?

tom-krieger commented 3 months ago

As there is no new information I close this now