change control files to add the new rule

ComplianceAsCode · Jan 15, 2025 · bd64cc2 · bd64cc2
1 parent d31d0c8
commit bd64cc2
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 1 deletion.
diff --git a/controls/anssi.yml b/controls/anssi.yml
@@ -1517,7 +1517,11 @@ controls:
     - audit_rules_time_stime
     - audit_rules_time_watch_localtime
 
+    {{% if product == "rhel10" %}}
+    - audit_rules_mac_modification_etc_selinux
+    {{% else %}}
     - audit_rules_mac_modification
+    {{% endif %}}
 
     - audit_rules_networkconfig_modification
 

diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
@@ -2650,7 +2650,7 @@ controls:
       - l2_workstation
     status: automated
     rules:
-      - audit_rules_mac_modification
+      - audit_rules_mac_modification_etc_selinux
       - audit_rules_mac_modification_usr_share
 
   - id: 6.3.3.15

diff --git a/controls/hipaa.yml b/controls/hipaa.yml
@@ -117,7 +117,11 @@ controls:
             - audit_rules_privileged_commands_unix_chkpwd
             - audit_rules_privileged_commands_userhelper
             - audit_rules_immutable
+            {{% if product == "rhel10" %}}
+            - audit_rules_mac_modification_etc_selinux
+            {{% else %}}
             - audit_rules_mac_modification
+            {{% endif %}}
             - audit_rules_mac_modification_usr_share
             - audit_rules_media_export
             - audit_rules_networkconfig_modification

diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
@@ -2858,7 +2858,11 @@ controls:
         - base
       status: automated
       rules:
+        {{% if product == "rhel10" %}}
+        - audit_rules_mac_modification_etc_selinux
+        {{% else %}}
         - audit_rules_mac_modification
+        {{% endif %}}
         - audit_rules_dac_modification_chmod
         - audit_rules_dac_modification_chown
         - audit_rules_dac_modification_fchmod