Skip to content

Commit

Permalink
Deploying to main from @ ComplianceAsCode/content@ad4bda2 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
openscap-ci committed Aug 2, 2023
0 parents commit d5770eb
Show file tree
Hide file tree
Showing 4,814 changed files with 13,896,212 additions and 0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
Empty file added .nojekyll
Empty file.
194 changes: 194 additions & 0 deletions components/fedora/abrt.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"/>
<title>Rules Related To 'abrt'</title>

<style>
</style>
</head>
<body>



<h1>Rules Related To 'abrt'</h1>





<h2>Component overview</h2>

<h3>Relevant packages:</h3>

<ul>

<li>abrt</li>

<li>abrt-addon-ccpp</li>

<li>abrt-addon-kerneloops</li>

<li>abrt-addon-python</li>

<li>abrt-cli</li>

<li>abrt-libs</li>

<li>abrt-plugin-logger</li>

<li>abrt-plugin-rhtsupport</li>

<li>abrt-plugin-sosreport</li>

<li>abrt-server-info-page</li>

<li>python3-abrt-addon</li>

</ul>


<h3>Relevant groups:</h3>

<div>None</div>


<h3>Changelog:</h3>

<div>No changes recorded.</div>


<h3>Relevant rules:</h3>

<ul>

<li><a href="#package_abrt-addon-ccpp_removed">package_abrt-addon-ccpp_removed</a></li>

<li><a href="#package_abrt-addon-kerneloops_removed">package_abrt-addon-kerneloops_removed</a></li>

<li><a href="#package_abrt-cli_removed">package_abrt-cli_removed</a></li>

<li><a href="#package_abrt-plugin-logger_removed">package_abrt-plugin-logger_removed</a></li>

<li><a href="#package_abrt-plugin-rhtsupport_removed">package_abrt-plugin-rhtsupport_removed</a></li>

<li><a href="#package_abrt-plugin-sosreport_removed">package_abrt-plugin-sosreport_removed</a></li>

<li><a href="#package_abrt_removed">package_abrt_removed</a></li>

<li><a href="#package_python3-abrt-addon_removed">package_python3-abrt-addon_removed</a></li>

</ul>



<h2>Rule details</h2>


<div id="package_abrt-addon-ccpp_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall abrt-addon-ccpp Package</h3>
<div>package_abrt-addon-ccpp_removed</div>
<h4>Description</h4>
<p>The <code>abrt-addon-ccpp</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt-addon-ccpp</pre></p>
<h4>Rationale</h4>
<p><tt>abrt-addon-ccpp</tt> contains hooks for C/C++ crashed programs and <tt>abrt</tt>'s
C/C++ analyzer plugin.</p>
</div>

<div id="package_abrt-addon-kerneloops_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall abrt-addon-kerneloops Package</h3>
<div>package_abrt-addon-kerneloops_removed</div>
<h4>Description</h4>
<p>The <code>abrt-addon-kerneloops</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt-addon-kerneloops</pre></p>
<h4>Rationale</h4>
<p><tt>abrt-addon-kerneloops</tt> contains plugins for collecting kernel crash information and
reporter plugin which sends this information to a specified server, usually to kerneloops.org.</p>
</div>

<div id="package_abrt-cli_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall abrt-cli Package</h3>
<div>package_abrt-cli_removed</div>
<h4>Description</h4>
<p>The <code>abrt-cli</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt-cli</pre></p>
<h4>Rationale</h4>
<p><tt>abrt-cli</tt> contains a command line client for controlling abrt daemon
over sockets.</p>
</div>

<div id="package_abrt-plugin-logger_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall abrt-plugin-logger Package</h3>
<div>package_abrt-plugin-logger_removed</div>
<h4>Description</h4>
<p>The <code>abrt-plugin-logger</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt-plugin-logger</pre></p>
<h4>Rationale</h4>
<p><tt>abrt-plugin-logger</tt> is an ABRT plugin which writes a report
to a specified file.</p>
</div>

<div id="package_abrt-plugin-rhtsupport_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall abrt-plugin-rhtsupport Package</h3>
<div>package_abrt-plugin-rhtsupport_removed</div>
<h4>Description</h4>
<p>The <code>abrt-plugin-rhtsupport</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt-plugin-rhtsupport</pre></p>
<h4>Rationale</h4>
<p><tt>abrt-plugin-rhtsupport</tt> is a ABRT plugin to report bugs into the
Red Hat Support system.</p>
</div>

<div id="package_abrt-plugin-sosreport_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall abrt-plugin-sosreport Package</h3>
<div>package_abrt-plugin-sosreport_removed</div>
<h4>Description</h4>
<p>The <code>abrt-plugin-sosreport</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt-plugin-sosreport</pre></p>
<h4>Rationale</h4>
<p><tt>abrt-plugin-sosreport</tt> provides a plugin to include an sosreport in an ABRT report.</p>
</div>

<div id="package_abrt_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall Automatic Bug Reporting Tool (abrt)</h3>
<div>package_abrt_removed</div>
<h4>Description</h4>
<p>The Automatic Bug Reporting Tool (<tt>abrt</tt>) collects
and reports crash data when an application crash is detected. Using a variety
of plugins, abrt can email crash reports to system administrators, log crash
reports to files, or forward crash reports to a centralized issue tracking
system such as RHTSupport.
The <code>abrt</code> package can be removed with the following command:
<pre>
$ sudo dnf erase abrt</pre></p>
<h4>Rationale</h4>
<p>Mishandling crash data could expose sensitive information about
vulnerabilities in software executing on the system, as well as sensitive
information from within a process's address space or registers.</p>
</div>

<div id="package_python3-abrt-addon_removed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Uninstall python3-abrt-addon Package</h3>
<div>package_python3-abrt-addon_removed</div>
<h4>Description</h4>
<p>The <code>python3-abrt-addon</code> package can be removed with the following command:
<pre>
$ sudo dnf erase python3-abrt-addon</pre></p>
<h4>Rationale</h4>
<p><tt>python3-abrt-addon</tt> contains python hook and python analyzer
plugin for handling uncaught exceptions in python programs.</p>
</div>




</body>
</html>
162 changes: 162 additions & 0 deletions components/fedora/aide.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"/>
<title>Rules Related To 'aide'</title>

<style>
</style>
</head>
<body>



<h1>Rules Related To 'aide'</h1>





<h2>Component overview</h2>

<h3>Relevant packages:</h3>

<ul>

<li>aide</li>

</ul>


<h3>Relevant groups:</h3>

<ul>

<li>aide</li>

</ul>


<h3>Changelog:</h3>

<div>No changes recorded.</div>


<h3>Relevant rules:</h3>

<ul>

<li><a href="#aide_build_database">aide_build_database</a></li>

<li><a href="#aide_check_audit_tools">aide_check_audit_tools</a></li>

<li><a href="#aide_periodic_cron_checking">aide_periodic_cron_checking</a></li>

<li><a href="#package_aide_installed">package_aide_installed</a></li>

</ul>



<h2>Rule details</h2>


<div id="aide_build_database" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Build and Test AIDE Database</h3>
<div>aide_build_database</div>
<h4>Description</h4>
<p>Run the following command to generate a new database:

<pre>$ sudo /usr/sbin/aide --init</pre>

By default, the database will be written to the file

<tt>/var/lib/aide/aide.db.new.gz</tt>.

Storing the database, the configuration file <tt>/etc/aide.conf</tt>, and the binary
<tt>/usr/sbin/aide</tt>
(or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity.
The newly-generated database can be installed as follows:

<pre>$ sudo cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz</pre>

To initiate a manual check, run the following command:
<pre>$ sudo /usr/sbin/aide --check</pre>
If this check produces any unexpected output, investigate.</p>
<h4>Rationale</h4>
<p>For AIDE to be effective, an initial database of "known-good" information about files
must be captured and it should be able to be verified against the installed files.</p>
</div>

<div id="aide_check_audit_tools" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Configure AIDE to Verify the Audit Tools</h3>
<div>aide_check_audit_tools</div>
<h4>Description</h4>
<p>The operating system file integrity tool must be configured to protect the integrity of the audit tools.</p>
<h4>Rationale</h4>
<p>Protecting the integrity of the tools used for auditing purposes is a
critical step toward ensuring the integrity of audit information. Audit
information includes all information (e.g., audit records, audit settings,
and audit reports) needed to successfully audit information system
activity.

Audit tools include but are not limited to vendor-provided and open-source
audit tools needed to successfully view and manipulate audit information
system activity and records. Audit tools include custom queries and report
generators.

It is not uncommon for attackers to replace the audit tools or inject code
into the existing tools to provide the capability to hide or erase system
activity from the audit logs.

To address this risk, audit tools must be cryptographically signed to
provide the capability to identify when the audit tools have been modified,
manipulated, or replaced. An example is a checksum hash of the file or
files.</p>
</div>

<div id="aide_periodic_cron_checking" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Configure Periodic Execution of AIDE</h3>
<div>aide_periodic_cron_checking</div>
<h4>Description</h4>
<p>At a minimum, AIDE should be configured to run a weekly scan.
To implement a daily execution of AIDE at 4:05am using cron, add the following line to <tt>/etc/crontab</tt>:
<pre>05 4 * * * root /usr/sbin/aide --check</pre>
To implement a weekly execution of AIDE at 4:05am using cron, add the following line to <tt>/etc/crontab</tt>:
<pre>05 4 * * 0 root /usr/sbin/aide --check</pre>
AIDE can be executed periodically through other means; this is merely one example.
The usage of cron's special time codes, such as <tt>@daily</tt> and
<tt>@weekly</tt> is acceptable.</p>
<h4>Rationale</h4>
<p>By default, AIDE does not install itself for periodic execution. Periodically
running AIDE is necessary to reveal unexpected changes in installed files.
<br /><br />
Unauthorized changes to the baseline configuration could make the system vulnerable
to various attacks or allow unauthorized access to the operating system. Changes to
operating system configurations can have unintended side effects, some of which may
be relevant to security.
<br /><br />
Detecting such changes and providing an automated response can help avoid unintended,
negative consequences that could ultimately affect the security state of the operating
system. The operating system's Information Management Officer (IMO)/Information System
Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or
monitoring system trap when there is an unauthorized modification of a configuration item.</p>
</div>

<div id="package_aide_installed" class="rule" style="border-bottom: 2px solid; margin-bottom: 1cm; padding-bottom: 1cm;">
<h3>Install AIDE</h3>
<div>package_aide_installed</div>
<h4>Description</h4>
<p>The <code>aide</code> package can be installed with the following command:
<pre>
$ sudo dnf install aide</pre></p>
<h4>Rationale</h4>
<p>The AIDE package must be installed if it is to be available for integrity checking.</p>
</div>




</body>
</html>
Loading

0 comments on commit d5770eb

Please sign in to comment.