Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update RHEL 9 STIG to V2R2 #12551

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions components/openssh.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ rules:
- file_permissions_sshd_config
- file_permissions_sshd_private_key
- file_permissions_sshd_pub_key
- file_sshd_50_redhat_exists
- firewalld_sshd_disabled
- firewalld_sshd_port_enabled
- iptables_sshd_disabled
Expand Down
4 changes: 3 additions & 1 deletion controls/stig_rhel9.yml
Original file line number Diff line number Diff line change
Expand Up @@ -1847,7 +1847,8 @@ controls:
- medium
title: RHEL 9 SSH daemon must be configured to use system-wide crypto policies.
rules:
- configure_ssh_crypto_policy
- harden_sshd_ciphers_opensshserver_conf_crypto_policy
- file_sshd_50_redhat_exists
status: automated

- id: RHEL-09-255060
Expand Down Expand Up @@ -2596,6 +2597,7 @@ controls:
15 minutes of inactivity.
rules:
- accounts_tmout
- var_accounts_tmout=10_min
status: automated

- id: RHEL-09-412040
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
documentation_complete: true


title: 'Prevent Unrestricted Mail Relaying'

description: |-
Expand All @@ -13,6 +12,8 @@ rationale: |-
host as a mail relay for the purpose of sending spam or other unauthorized
activity.

platform: package[postfix]

severity: medium

identifiers:
Expand Down
28 changes: 28 additions & 0 deletions linux_os/guide/services/ssh/file_sshd_50_redhat_exists/rule.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
documentation_complete: true

title: 'The File /etc/ssh/sshd_config.d/50-redhat.conf Must Exist'

description: |-
The <tt>/etc/ssh/sshd_config.d/50-redhat.conf</tt> file must exist as it contains important
settings to secure SSH.


rationale: |-
The file must exist to configure SSH correctly.

severity: medium

warnings:
- general:
There is no remediation available for this rule since this file
needs to have the correct content for the given system.


template:
name: 'file_existence'
vars:
filepath: '/etc/ssh/sshd_config.d/50-redhat.conf'
exists: true
backends:
ansible: off
bash: off
Loading
Loading