From dd4d7eaee6cb152a0c4521c6e7c1ecbe9d92860b Mon Sep 17 00:00:00 2001 From: Edgar Aguilar <edgar.aguilar@oracle.com> Date: Mon, 27 Nov 2023 13:06:27 -0600 Subject: [PATCH] Update Oracle Linux anssi profiles Add ol8 & ol9 prodtype to applicable rules from anssi controls Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com> --- .../auditd_configure_rules/audit_sudo_log_events/rule.yml | 2 +- .../guide/system/bootloader-grub2/grub2_mds_argument/rule.yml | 2 +- .../system/permissions/files/sysctl_fs_protected_fifos/rule.yml | 2 +- .../permissions/files/sysctl_fs_protected_regular/rule.yml | 2 +- products/ol9/profiles/anssi_bp28_enhanced.profile | 1 - products/ol9/profiles/anssi_bp28_high.profile | 1 - products/ol9/profiles/anssi_bp28_intermediary.profile | 1 - 7 files changed, 4 insertions(+), 7 deletions(-) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml index 901d2c20313..6b60c19ebf5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Record Attempts to perform maintenance activities' diff --git a/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml index 1eb959acab4..ed2e2bc78d1 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel9 +prodtype: fedora,ol9,rhel9 title: 'Configure Microarchitectural Data Sampling mitigation' diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml index 3e8908c8a3f..56381bfd5e4 100644 --- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml +++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel9 +prodtype: fedora,ol9,rhel9 title: 'Enable Kernel Parameter to Enforce DAC on FIFOs' diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml index 39d81abf41d..a87e7f4891f 100644 --- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml +++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel9 +prodtype: fedora,ol9,rhel9 title: 'Enable Kernel Parameter to Enforce DAC on Regular files' diff --git a/products/ol9/profiles/anssi_bp28_enhanced.profile b/products/ol9/profiles/anssi_bp28_enhanced.profile index 41781787dcb..bbd2a3a22f3 100644 --- a/products/ol9/profiles/anssi_bp28_enhanced.profile +++ b/products/ol9/profiles/anssi_bp28_enhanced.profile @@ -13,4 +13,3 @@ description: |- selections: - anssi:all:enhanced - - '!mount_option_nodev_nonroot_local_partitions' diff --git a/products/ol9/profiles/anssi_bp28_high.profile b/products/ol9/profiles/anssi_bp28_high.profile index 22fedd5f305..1b1fb8e8373 100644 --- a/products/ol9/profiles/anssi_bp28_high.profile +++ b/products/ol9/profiles/anssi_bp28_high.profile @@ -13,4 +13,3 @@ description: |- selections: - anssi:all:high - - '!mount_option_nodev_nonroot_local_partitions' diff --git a/products/ol9/profiles/anssi_bp28_intermediary.profile b/products/ol9/profiles/anssi_bp28_intermediary.profile index 88746e7a2a8..0ceb23762a9 100644 --- a/products/ol9/profiles/anssi_bp28_intermediary.profile +++ b/products/ol9/profiles/anssi_bp28_intermediary.profile @@ -13,4 +13,3 @@ description: |- selections: - anssi:all:intermediary - - '!mount_option_nodev_nonroot_local_partitions'