On 7/27/14, 11:26 PM, Shawn Wells wrote:
From: Leland Steinke<[email protected]>
- Update VRelease key
- Add OCIL for unlinkat, renameat
- Update grep regex from 'grep' to 'grep -w'
Signed-off-by: Leland Steinke<[email protected]>
---
RHEL/6/input/auxiliary/stig_overlay.xml | 2 +-
RHEL/6/input/system/auditing.xml | 2 ++
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml
b/RHEL/6/input/auxiliary/stig_overlay.xml
index 2e922d1..bc540d6 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -569,7 +569,7 @@
<title>The audit system must be configured to audit successful file
system mounts.</title>
</overlay>
<overlay owner="disastig" ruleid="audit_rules_file_deletion_events" ownerid="RHEL-06-000200"
disa="172" severity="low">
- <VMSinfo VKey="38575" SVKey="50376" VRelease="2" />
+ <VMSinfo VKey="38575" SVKey="50376" VRelease="3" />
<title>The audit system must be configured to audit user deletions of
files and programs.</title>
</overlay>
<overlay owner="disastig" ruleid="audit_sysadmin_actions" ownerid="RHEL-06-000201"
disa="172" severity="low">
diff --git a/RHEL/6/input/system/auditing.xml b/RHEL/6/input/system/auditing.xml
index e25f890..6c9f696 100644
--- a/RHEL/6/input/system/auditing.xml
+++ b/RHEL/6/input/system/auditing.xml
@@ -1210,7 +1210,9 @@ appropriate for your system:
</description>
<ocil>
<audit-syscall-check-macro syscall="unlink" />
+<audit-syscall-check-macro syscall="unlinkat" />
<audit-syscall-check-macro syscall="rename" />
+<audit-syscall-check-macro syscall="renameat" />
</ocil>
<rationale>Auditing file deletions will create an audit trail for files that
are removed
from the system. The audit trail could aid in system troubleshooting, as well
as, detecting
-- 1.7.1
ack
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
