CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12469 from Security-Onion-Solutions/reyesj2-patch-4

Browse Source 
FIX: EA installers not downloadable from SOC & fix logging
This commit is contained in:
Jorge Reyes
2024-02-29 16:21:44 -05:00
committed by GitHub
parent 1fe8f3d9e4 53761d4dba
commit d911b7bfc4
2 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
salt/stig/enabled.sls
View File

@@ -48,15 +48,17 @@ update_stig_profile:
{% if not salt['file.file_exists'](OSCAP_OUTPUT_DIR ~ '/pre-oscap-report.html') %} {% if not salt['file.file_exists'](OSCAP_OUTPUT_DIR ~ '/pre-oscap-report.html') %}
run_initial_scan: run_initial_scan:
module.run: cmd.run:
- name: openscap.xccdf - name: 'oscap xccdf eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}'
- params: 'eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}' - success_retcodes:
- 2
{% endif %} {% endif %}
run_remediate: run_remediate:
module.run: cmd.run:
- name: openscap.xccdf - name: 'oscap xccdf eval --remediate --profile {{ OSCAP_PROFILE_NAME }} {{ OSCAP_PROFILE_LOCATION }}'
- params: 'eval --remediate --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/post-oscap-results.xml --report {{ OSCAP_PROFILE_LOCATION }}' - success_retcodes:
- 2
{# OSCAP rule id: xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction #} {# OSCAP rule id: xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction #}
disable_ctrl_alt_del_action: disable_ctrl_alt_del_action:
@@ -82,9 +84,10 @@ remove_nullok_from_system_auth_auth:
- backup: '.bak' - backup: '.bak'
run_post_scan: run_post_scan:
module.run: cmd.run:
- name: openscap.xccdf - name: 'oscap xccdf eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/post-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/post-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}'
- params: 'eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/post-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/post-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}' - success_retcodes:
- 2
{% else %} {% else %}
{{sls}}_no_license_detected: {{sls}}_no_license_detected:

6
salt/stig/files/sos-oscap.xml
View File

@@ -611,7 +611,7 @@ the release. Additionally, the original security profile has been modified by Se
<ns5:select idref="xccdf_org.ssgproject.content_rule_account_emergency_expire_date" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_account_emergency_expire_date" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_account_password_pam_faillock_system_auth" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_account_password_pam_faillock_system_auth" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_account_password_selinux_faillock_dir" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_account_password_selinux_faillock_dir" selected="false" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_account_temp_expire_date" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_account_temp_expire_date" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_account_unique_id" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_account_unique_id" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_accounts_authorized_local_users" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_accounts_authorized_local_users" selected="true" />
@@ -1007,8 +1007,8 @@ the release. Additionally, the original security profile has been modified by Se
<ns5:select idref="xccdf_org.ssgproject.content_rule_rsyslog_remote_access_monitoring" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_rsyslog_remote_access_monitoring" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_security_patches_up_to_date" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_security_patches_up_to_date" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_selinux_policytype" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_selinux_policytype" selected="false" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_selinux_state" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_selinux_state" selected="false" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_service_auditd_enabled" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_service_auditd_enabled" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_service_autofs_disabled" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_service_autofs_disabled" selected="true" />
<ns5:select idref="xccdf_org.ssgproject.content_rule_service_chronyd_enabled" selected="true" /> <ns5:select idref="xccdf_org.ssgproject.content_rule_service_chronyd_enabled" selected="true" />