Skip to content

Commit c84bbf3

Browse files
Mab879Mab879
authored
Merge pull request #14407 from jan-cerny/bsi_stability
Add BSI to stable profiles
2 parents 4191d7b + fbf1a1f commit c84bbf3

2 files changed

Lines changed: 412 additions & 0 deletions

File tree

tests/data/profile_stability/rhel10/bsi.profile

Lines changed: 216 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,216 @@
1+
account_unique_id
2+
account_unique_name
3+
aide_build_database
4+
aide_periodic_cron_checking
5+
aide_scan_notification
6+
audit_rules_continue_loading
7+
audit_rules_dac_modification_chmod
8+
audit_rules_dac_modification_chown
9+
audit_rules_dac_modification_fchmod
10+
audit_rules_dac_modification_fchmodat
11+
audit_rules_dac_modification_fchmodat2
12+
audit_rules_dac_modification_fchown
13+
audit_rules_dac_modification_fchownat
14+
audit_rules_dac_modification_fremovexattr
15+
audit_rules_dac_modification_fsetxattr
16+
audit_rules_dac_modification_lchown
17+
audit_rules_dac_modification_lremovexattr
18+
audit_rules_dac_modification_lsetxattr
19+
audit_rules_dac_modification_removexattr
20+
audit_rules_dac_modification_setxattr
21+
audit_rules_execution_chcon
22+
audit_rules_execution_setfacl
23+
audit_rules_login_events_faillock
24+
audit_rules_login_events_lastlog
25+
audit_rules_privileged_commands
26+
audit_rules_privileged_commands_usermod
27+
audit_rules_session_events
28+
audit_rules_suid_auid_privilege_function
29+
audit_rules_sysadmin_actions
30+
audit_rules_usergroup_modification_group
31+
audit_rules_usergroup_modification_gshadow
32+
audit_rules_usergroup_modification_opasswd
33+
audit_rules_usergroup_modification_passwd
34+
audit_rules_usergroup_modification_shadow
35+
audit_sudo_log_events
36+
bios_disable_usb_boot
37+
bios_enable_execution_restrictions
38+
configure_firewalld_ports
39+
directory_groupowner_sshd_config_d
40+
directory_owner_sshd_config_d
41+
directory_permissions_sshd_config_d
42+
encrypt_partitions
43+
fapolicy_default_deny
44+
file_group_ownership_var_log_audit
45+
file_groupowner_at_allow
46+
file_groupowner_backup_etc_group
47+
file_groupowner_backup_etc_gshadow
48+
file_groupowner_backup_etc_passwd
49+
file_groupowner_backup_etc_shadow
50+
file_groupowner_cron_allow
51+
file_groupowner_cron_d
52+
file_groupowner_cron_daily
53+
file_groupowner_cron_hourly
54+
file_groupowner_cron_monthly
55+
file_groupowner_cron_weekly
56+
file_groupowner_cron_yearly
57+
file_groupowner_crontab
58+
file_groupowner_efi_grub2_cfg
59+
file_groupowner_efi_user_cfg
60+
file_groupowner_etc_group
61+
file_groupowner_etc_gshadow
62+
file_groupowner_etc_issue
63+
file_groupowner_etc_issue_net
64+
file_groupowner_etc_motd
65+
file_groupowner_etc_passwd
66+
file_groupowner_etc_security_opasswd
67+
file_groupowner_etc_security_opasswd_old
68+
file_groupowner_etc_shadow
69+
file_groupowner_etc_shells
70+
file_groupowner_grub2_cfg
71+
file_groupowner_sshd_config
72+
file_groupowner_sshd_drop_in_config
73+
file_groupowner_user_cfg
74+
file_groupownership_audit_binaries
75+
file_groupownership_audit_configuration
76+
file_groupownership_home_directories
77+
file_groupownership_sshd_private_key
78+
file_groupownership_sshd_pub_key
79+
file_owner_at_allow
80+
file_owner_backup_etc_group
81+
file_owner_backup_etc_gshadow
82+
file_owner_backup_etc_passwd
83+
file_owner_backup_etc_shadow
84+
file_owner_cron_allow
85+
file_owner_cron_d
86+
file_owner_cron_daily
87+
file_owner_cron_hourly
88+
file_owner_cron_monthly
89+
file_owner_cron_weekly
90+
file_owner_cron_yearly
91+
file_owner_crontab
92+
file_owner_efi_grub2_cfg
93+
file_owner_efi_user_cfg
94+
file_owner_etc_group
95+
file_owner_etc_gshadow
96+
file_owner_etc_issue
97+
file_owner_etc_issue_net
98+
file_owner_etc_motd
99+
file_owner_etc_passwd
100+
file_owner_etc_security_opasswd
101+
file_owner_etc_security_opasswd_old
102+
file_owner_etc_shadow
103+
file_owner_etc_shells
104+
file_owner_grub2_cfg
105+
file_owner_sshd_config
106+
file_owner_sshd_drop_in_config
107+
file_owner_user_cfg
108+
file_ownership_audit_binaries
109+
file_ownership_audit_configuration
110+
file_ownership_home_directories
111+
file_ownership_sshd_private_key
112+
file_ownership_sshd_pub_key
113+
file_ownership_var_log_audit
114+
file_permission_user_bash_history
115+
file_permissions_at_allow
116+
file_permissions_audit_binaries
117+
file_permissions_audit_configuration
118+
file_permissions_backup_etc_group
119+
file_permissions_backup_etc_gshadow
120+
file_permissions_backup_etc_passwd
121+
file_permissions_backup_etc_shadow
122+
file_permissions_cron_allow
123+
file_permissions_cron_d
124+
file_permissions_cron_daily
125+
file_permissions_cron_hourly
126+
file_permissions_cron_monthly
127+
file_permissions_cron_weekly
128+
file_permissions_cron_yearly
129+
file_permissions_crontab
130+
file_permissions_efi_grub2_cfg
131+
file_permissions_efi_user_cfg
132+
file_permissions_etc_group
133+
file_permissions_etc_gshadow
134+
file_permissions_etc_issue
135+
file_permissions_etc_issue_net
136+
file_permissions_etc_motd
137+
file_permissions_etc_passwd
138+
file_permissions_etc_security_opasswd
139+
file_permissions_etc_security_opasswd_old
140+
file_permissions_etc_shadow
141+
file_permissions_etc_shells
142+
file_permissions_grub2_cfg
143+
file_permissions_home_directories
144+
file_permissions_sshd_config
145+
file_permissions_sshd_drop_in_config
146+
file_permissions_sshd_private_key
147+
file_permissions_sshd_pub_key
148+
file_permissions_unauthorized_sgid
149+
file_permissions_unauthorized_suid
150+
file_permissions_unauthorized_world_writable
151+
file_permissions_ungroupowned
152+
file_permissions_user_cfg
153+
file_permissions_var_log_audit
154+
firewalld_sshd_port_enabled
155+
gid_passwd_group_same
156+
group_unique_id
157+
group_unique_name
158+
grub2_audit_argument
159+
grub2_audit_backlog_limit_argument
160+
grub2_enable_selinux
161+
grub2_nousb_argument
162+
grub2_rng_core_default_quality_argument
163+
install_antivirus
164+
install_endpoint_security_software
165+
install_hids
166+
kernel_module_bluetooth_disabled
167+
kernel_module_cfg80211_disabled
168+
kernel_module_firewire-core_disabled
169+
kernel_module_iwlmvm_disabled
170+
kernel_module_iwlwifi_disabled
171+
kernel_module_mac80211_disabled
172+
kernel_module_usb-storage_disabled
173+
mask_nonessential_services
174+
no_files_or_dirs_ungroupowned
175+
no_files_or_dirs_unowned_by_user
176+
only_allow_specific_certs
177+
package_aide_installed
178+
package_audit-libs_installed
179+
package_audit_installed
180+
package_cron_installed
181+
package_fapolicyd_installed
182+
package_firewalld_installed
183+
package_libselinux_installed
184+
package_telnet-server_removed
185+
package_telnet_removed
186+
partition_for_home
187+
partition_for_opt
188+
partition_for_tmp
189+
partition_for_usr
190+
partition_for_var
191+
partition_for_var_log
192+
partition_for_var_tmp
193+
rpm_verify_hashes
194+
rpm_verify_ownership
195+
selinux_confinement_of_daemons
196+
selinux_not_disabled
197+
selinux_policytype
198+
selinux_state
199+
service_auditd_enabled
200+
service_autofs_disabled
201+
service_bluetooth_disabled
202+
service_fapolicyd_enabled
203+
service_firewalld_enabled
204+
service_sshd_enabled
205+
set_firewalld_appropriate_zone
206+
sshd_allow_only_protocol2
207+
sshd_disable_empty_passwords
208+
sshd_disable_root_password_login
209+
sshd_enable_pubkey_auth
210+
unnecessary_firewalld_services_ports_disabled
211+
var_accounts_passwords_pam_faillock_dir=run
212+
var_audit_backlog_limit=8192
213+
var_selinux_policy_name=targeted
214+
var_selinux_state=enforcing
215+
wireless_disable_in_bios
216+
wireless_disable_interfaces

0 commit comments

Comments
 (0)