Use correct directory permissions

In this commit we will change the permissions required by rules directory_permissions_etc_nftables and directory_permissions_etc_selinux to the actual values of respective directories.
ComplianceAsCode · Feb 20, 2024 · 87b0ba7 · 87b0ba7
1 parent 2fec890
commit 87b0ba7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/linux_os/guide/system/network/network-nftables/directory_permissions_etc_nftables/rule.yml b/linux_os/guide/system/network/network-nftables/directory_permissions_etc_nftables/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 title: Verify Permissions On /etc/nftables Directory
 
-description: '{{{ describe_file_permissions(file="/etc/nftables", perms="0600") }}}'
+description: '{{{ describe_file_permissions(file="/etc/nftables", perms="0700") }}}'
 
 rationale: |-
     Setting correct permissions on the /etc/nftables directory is important
@@ -17,19 +17,19 @@ identifiers:
     cce@rhel8: CCE-86318-3
     cce@rhel9: CCE-86320-9
 
-ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/nftables", perms="0600") }}}'
+ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/nftables", perms="0700") }}}'
 
 ocil: |-
-    {{{ ocil_file_permissions(file="/etc/nftables", perms="0600") }}}
+    {{{ ocil_file_permissions(file="/etc/nftables", perms="0700") }}}
 
 platform: package[nftables]
 
-fixtext: '{{{ fixtext_file_permissions(file="/etc/nftables", mode="0600") }}}'
+fixtext: '{{{ fixtext_file_permissions(file="/etc/nftables", mode="0700") }}}'
 
-srg_requirement: '{{{ srg_requirement_file_permission(file="/etc/nftables", mode="0600") }}}'
+srg_requirement: '{{{ srg_requirement_file_permission(file="/etc/nftables", mode="0700") }}}'
 
 template:
     name: file_permissions
     vars:
         filepath: /etc/nftables/
-        filemode: '0600'
+        filemode: '0700'
diff --git a/linux_os/guide/system/selinux/directory_permissions_etc_selinux/rule.yml b/linux_os/guide/system/selinux/directory_permissions_etc_selinux/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 title: Verify Permissions On /etc/selinux Directory
 
-description: '{{{ describe_file_permissions(file="/etc/selinux", perms="0644") }}}'
+description: '{{{ describe_file_permissions(file="/etc/selinux", perms="0755") }}}'
 
 rationale: |-
     Setting correct permissions on the /etc/selinux directory is important
@@ -17,17 +17,17 @@ identifiers:
     cce@rhel8: CCE-86278-9
     cce@rhel9: CCE-86279-7
 
-ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/selinux", perms="0644") }}}'
+ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/selinux", perms="0755") }}}'
 
 ocil: |-
-    {{{ ocil_file_permissions(file="/etc/selinux", perms="0644") }}}
+    {{{ ocil_file_permissions(file="/etc/selinux", perms="0755") }}}
 
-fixtext: '{{{ fixtext_file_permissions(file="/etc/selinux", mode="0644") }}}'
+fixtext: '{{{ fixtext_file_permissions(file="/etc/selinux", mode="0755") }}}'
 
-srg_requirement: '{{{ srg_requirement_file_permission(file="/etc/selinux", mode="0644") }}}'
+srg_requirement: '{{{ srg_requirement_file_permission(file="/etc/selinux", mode="0755") }}}'
 
 template:
     name: file_permissions
     vars:
         filepath: /etc/selinux/
-        filemode: '0644'
+        filemode: '0755'