Skip to content

Commit

Permalink
Recover default profiles in OL8 & 9
Browse files Browse the repository at this point in the history 
Signed-off-by: Edgar Aguilar <[email protected]>
  • Loading branch information
@Xeicker
Xeicker committed Nov 7, 2024
1 parent 98204a5 commit 57f2fdc
Show file tree
Hide file tree
Showing 2 changed files with 496 additions and 0 deletions.
373 changes: 373 additions & 0 deletions products/ol8/profiles/default.profile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,373 @@
documentation_complete: true

hidden: true

title: Default Profile for Oracle Linux 8

description: |-
This profile contains all the rules that once belonged to the
ol8 product via 'prodtype'. This profile won't
be rendered into an XCCDF Profile entity, nor it will select any
of these rules by default. The only purpose of this profile
is to keep a rule in the product's XCCDF Benchmark.

selections:
- audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write
- mount_option_var_tmp_bind
- sebool_selinuxuser_use_ssh_chroot
- aide_use_fips_hashes
- sebool_xserver_object_manager
- mount_option_home_grpquota
- auditd_data_retention_max_log_file_action_stig
- sebool_logadm_exec_content
- install_mcafee_antivirus
- auditd_audispd_encrypt_sent_records
- audit_rules_unsuccessful_file_modification_openat_rule_order
- sebool_xguest_use_bluetooth
- audit_rules_successful_file_modification_lsetxattr
- file_owner_backup_etc_shadow
- set_ip6tables_default_rule
- passwd_system-auth_substack
- xwindows_remove_packages
- sshd_set_max_sessions
- sudoers_no_root_target
- enable_ldap_client
- file_owner_backup_etc_gshadow
- audit_rules_etc_shadow_open
- file_owner_backup_etc_passwd
- sebool_selinuxuser_ping
- package_pigz_removed
- dconf_gnome_screensaver_lock_locked
- file_groupowner_efi_user_cfg
- file_groupownership_sshd_pub_key
- audit_rules_unsuccessful_file_modification_renameat
- package_abrt-plugin-rhtsupport_removed
- sebool_selinuxuser_share_music
- file_groupowner_var_log_syslog
- file_groupownership_audit_configuration
- auditd_audispd_configure_remote_server
- file_ownership_sshd_pub_key
- file_groupowner_etc_issue
- sebool_abrt_anon_write
- dconf_gnome_screensaver_idle_activation_locked
- audit_rules_successful_file_modification_unlinkat
- sebool_xserver_clients_write_xshm
- file_groupowner_cron_allow
- sebool_xdm_exec_bootloader
- sshd_disable_tcp_forwarding
- sebool_use_ecryptfs_home_dirs
- sebool_staff_exec_content
- dconf_gnome_disable_automount_open
- file_permissions_home_dirs
- audit_rules_privileged_commands_newgidmap
- sebool_ssh_chroot_rw_homedirs
- no_netrc_files
- package_libcap-ng-utils_installed
- sebool_abrt_handle_event
- sebool_mmap_low_allowed
- auditd_audispd_network_failure_action
- file_ownership_home_directories
- file_groupowner_etc_issue_net
- dconf_gnome_disable_user_admin
- package_xorg-x11-server-common_removed
- service_iptables_enabled
- file_permissions_backup_etc_group
- audit_rules_unsuccessful_file_modification_rename
- package_binutils_installed
- grub2_no_removeable_media
- audit_rules_successful_file_modification_open_o_trunc_write
- audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order
- service_sshd_disabled
- file_owner_efi_user_cfg
- file_permissions_audit_configuration
- audit_rules_successful_file_modification_openat_o_trunc_write
- audit_rules_successful_file_modification_removexattr
- sebool_xdm_write_home
- audit_rules_successful_file_modification_fchownat
- audit_rules_successful_file_modification_open_o_creat
- file_permissions_backup_etc_shadow
- sshd_disable_pubkey_auth
- audit_privileged_commands_reboot
- sysctl_kernel_core_uses_pid
- install_mcafee_hbss_pa
- package_syslogng_installed
- sebool_selinuxuser_postgresql_connect_enabled
- sebool_sysadm_exec_content
- audit_rules_mac_modification_usr_share
- sshd_limit_user_access
- install_mcafee_hbss_accm
- file_permissions_backup_etc_passwd
- dconf_gnome_disable_autorun
- audit_rules_unsuccessful_file_modification_chown
- sebool_selinuxuser_udp_server
- service_bluetooth_disabled
- network_ipv6_disable_rpc
- audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write
- audit_rules_etc_shadow_open_by_handle_at
- audit_rules_privileged_commands_pt_chown
- directory_access_var_log_audit
- sshd_set_loglevel_verbose
- package_bind_removed
- sssd_memcache_timeout
- no_password_auth_for_systemaccounts
- audit_rules_successful_file_modification_open_by_handle_at_o_creat
- file_groupowner_etc_gshadow
- sebool_unconfined_login
- account_use_centralized_automated_auth
- sebool_xdm_bind_vnc_tcp_port
- sebool_deny_ptrace
- sysctl_net_ipv6_conf_all_disable_ipv6
- dconf_gnome_login_retries
- sudo_vdsm_nopasswd
- audit_rules_unsuccessful_file_modification_setxattr
- package_libselinux_installed
- sebool_selinuxuser_tcp_server
- package_inetutils-telnetd_removed
- audit_rules_successful_file_modification_openat
- audit_rules_unsuccessful_file_modification_fchmod
- avahi_disable_publishing
- audit_rules_successful_file_modification_fchmod
- sudo_custom_logfile
- account_passwords_pam_faillock_dir
- file_permissions_backup_etc_gshadow
- package_iptables_installed
- dconf_gnome_disable_geolocation
- accounts_users_home_files_ownership
- file_groupownership_sshd_private_key
- kernel_module_ipv6_option_disabled
- xwindows_runlevel_target
- sebool_xguest_exec_content
- sebool_daemons_dump_core
- audit_rules_successful_file_modification_renameat
- uefi_no_removeable_media
- enable_dconf_user_profile
- kernel_module_jffs2_disabled
- auditd_data_retention_admin_space_left_percentage
- file_groupowner_backup_etc_shadow
- package_sssd_installed
- audit_rules_successful_file_modification_open
- sebool_auditadm_exec_content
- no_shelllogin_for_systemaccounts
- sebool_selinuxuser_direct_dri_enabled
- service_systemd-journald_enabled
- audit_rules_etc_shadow_openat
- file_permissions_etc_issue
- dconf_gnome_disable_automount
- install_antivirus
- sebool_user_exec_content
- package_nss-tools_installed
- sebool_mount_anyfile
- sebool_daemons_use_tty
- kernel_module_squashfs_disabled
- postfix_client_configure_relayhost
- audit_privileged_commands_init
- etc_system_fips_exists
- iptables_sshd_disabled
- grub2_ipv6_disable_argument
- dconf_gnome_disable_thumbnailers
- package_net-snmp_removed
- ensure_gpgcheck_repo_metadata
- audit_rules_for_ospp
- network_ipv6_privacy_extensions
- dconf_gnome_enable_smartcard_auth
- service_postfix_enabled
- package_openssh-server_removed
- file_owner_user_cfg
- audit_rules_successful_file_modification_lchown
- sshd_set_maxstartups
- file_permissions_efi_user_cfg
- audit_rules_successful_file_modification_unlink
- file_permissions_user_cfg
- no_all_squash_exports
- audit_rules_etc_gshadow_openat
- service_ufw_enabled
- dir_permissions_binary_dirs
- file_groupowner_backup_etc_passwd
- sshd_use_approved_ciphers
- package_nis_removed
- dconf_gnome_disable_wifi_notification
- audit_rules_etc_passwd_open
- dhcp_client_restrict_options
- banner_etc_issue_net
- kernel_module_freevxfs_disabled
- accounts_password_last_change_is_in_past
- audit_rules_unsuccessful_file_modification_lremovexattr
- file_permissions_var_log_syslog
- audit_rules_etc_passwd_open_by_handle_at
- file_owner_var_log_syslog
- auditd_data_retention_space_left
- audit_rules_unsuccessful_file_modification_open_o_trunc_write
- package_tar_installed
- file_owner_cron_allow
- configure_user_data_backups
- dir_ownership_binary_dirs
- accounts_password_warn_age_login_defs
- sysctl_net_ipv4_tcp_invalid_ratelimit
- sebool_xserver_execmem
- snmpd_not_default_password
- sysctl_net_ipv6_conf_default_disable_ipv6
- sebool_cron_userdomain_transition
- file_owner_backup_etc_group
- file_groupowner_user_cfg
- service_ypbind_disabled
- selinux_all_devicefiles_labeled
- audit_rules_privileged_commands_newuidmap
- service_rpcbind_disabled
- audit_rules_unsuccessful_file_modification_chmod
- sebool_gpg_web_anon_write
- fapolicyd_prevent_home_folder_access
- no_legacy_plus_entries_etc_passwd
- ldap_client_start_tls
- audit_rules_successful_file_modification_fsetxattr
- sssd_enable_pam_services
- service_sssd_enabled
- audit_rules_successful_file_modification_fremovexattr
- audit_rules_successful_file_modification_rename
- sebool_guest_exec_content
- rsyslog_nolisten
- kernel_module_rds_disabled
- sebool_selinuxuser_mysql_connect_enabled
- file_ownership_sshd_private_key
- audit_rules_successful_file_modification_setxattr
- sssd_ldap_configure_tls_ca
- grub2_systemd_debug-shell_argument_absent
- sebool_secure_mode_policyload
- auditd_data_disk_full_action_stig
- audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat
- audit_rules_unsuccessful_file_modification_fsetxattr
- smartcard_configure_cert_checking
- sshd_enable_gssapi_auth
- partition_for_dev_shm
- audit_rules_etc_group_openat
- audit_rules_unsuccessful_file_modification_fchownat
- file_permissions_systemmap
- audit_rules_unsuccessful_file_modification_open_o_creat
- kernel_config_ipv6
- audit_rules_successful_file_modification_chown
- audit_rules_successful_file_modification_fchmodat
- grub2_disable_recovery
- audit_rules_unsuccessful_file_modification_removexattr
- audit_rules_unsuccessful_file_modification_openat_o_trunc_write
- package_telnetd_removed
- service_cockpit_disabled
- no_legacy_plus_entries_etc_group
- mount_option_boot_noauto
- sshd_set_login_grace_time
- accounts_user_dot_group_ownership
- sshd_enable_pubkey_auth
- audit_rules_unsuccessful_file_modification_lchown
- dconf_gnome_disable_wifi_create
- file_owner_etc_issue
- audit_rules_successful_file_modification_fchown
- sssd_ldap_configure_tls_ca_dir
- sshd_enable_pam
- service_syslogng_enabled
- file_permissions_etc_motd
- account_passwords_pam_faillock_audit
- sebool_ssh_keysign
- accounts_root_gid_zero
- sebool_kerberos_enabled
- package_sssd-ipa_installed
- package_openldap-clients_removed
- audit_rules_etc_gshadow_open_by_handle_at
- banner_etc_motd
- audit_rules_successful_file_modification_truncate
- dhcp_server_minimize_served_info
- audit_rules_successful_file_modification_open_by_handle_at
- sebool_xdm_sysadm_login
- sebool_login_console_enabled
- sebool_secadm_exec_content
- file_permissions_etc_issue_net
- sssd_ldap_configure_tls_reqcert
- audit_rules_successful_file_modification_chmod
- file_groupowner_backup_etc_group
- audit_rules_unsuccessful_file_modification_lsetxattr
- auditd_data_disk_error_action_stig
- installed_OS_is_FIPS_certified
- network_ipv6_default_gateway
- sshd_disable_root_password_login
- harden_sshd_crypto_policy
- file_ownership_audit_configuration
- package_telnetd-ssl_removed
- service_chronyd_enabled
- audit_rules_successful_file_modification_ftruncate
- accounts_user_dot_user_ownership
- package_abrt-plugin-logger_removed
- gnome_gdm_disable_xdmcp
- package_MFEhiplsm_installed
- audit_rules_etc_passwd_openat
- mount_option_home_usrquota
- sebool_logging_syslogd_can_sendmail
- audit_rules_dac_modification_umount
- file_groupowner_backup_etc_gshadow
- sebool_domain_kernel_load_modules
- mount_option_krb_sec_remote_filesystems
- sshd_use_approved_macs
- sebool_logging_syslogd_use_tty
- audit_rules_etc_group_open
- sebool_secure_mode
- set_iptables_default_rule_forward
- service_rsyncd_disabled
- service_rsh_disabled
- audit_rules_unsuccessful_file_modification_openat_o_creat
- package_postfix_installed
- audit_privileged_commands_poweroff
- sebool_domain_fd_use
- audit_rules_successful_file_modification_creat
- root_path_default
- coreos_enable_selinux_kernel_argument
- kernel_disable_entropy_contribution_for_solid_state_drives
- sebool_abrt_upload_watch_anon_write
- dconf_gnome_disable_restart_shutdown
- audit_rules_successful_file_modification_lremovexattr
- sudo_add_passwd_timeout
- package_freeradius_removed
- audit_privileged_commands_shutdown
- audit_rules_unsuccessful_file_modification_unlink
- sshd_enable_warning_banner_net
- auditd_audispd_disk_full_action
- network_implement_access_control
- sssd_ssh_known_hosts_timeout
- ftp_limit_users
- rsyslog_accept_remote_messages_tcp
- usbguard_allow_hub
- sssd_run_as_sssd_user
- ftp_configure_firewall
- sssd_ldap_start_tls
- sebool_cron_can_relabel
- network_ipv6_static_address
- audit_rules_unsuccessful_file_modification_fremovexattr
- sebool_xguest_connect_network
- package_geolite2-country_removed
- audit_rules_etc_group_open_by_handle_at
- sebool_daemons_use_tcp_wrapper
- selinux_not_disabled
- audit_rules_unsuccessful_file_modification_fchown
- package_vim_installed
- sebool_xguest_mount_media
- sebool_selinuxuser_rw_noexattrfile
- file_owner_etc_issue_net
- sebool_cron_system_cronjob_use_shares
- gnome_gdm_disable_guest_login
- install_mcafee_cma_rt
- file_groupowner_etc_motd
- no_root_webbrowsing
- audit_rules_etc_gshadow_open
- sebool_mock_enable_homedirs
- audit_rules_successful_file_modification_openat_o_creat
- sshd_enable_x11_forwarding
- dconf_gnome_screensaver_user_info
- sshd_disable_rhosts_rsa
- harden_ssh_client_crypto_policy
- sshd_set_max_auth_tries
- package_geolite2-city_removed
- set_iptables_default_rule
- package_abrt-addon-python_removed
- usbguard_allow_hid
- no_legacy_plus_entries_etc_shadow
- file_owner_etc_motd
- rsyslog_accept_remote_messages_udp
- audit_rules_unsuccessful_file_modification_unlinkat
- sebool_fips_mode
- audit_rules_unsuccessful_file_modification_open_rule_order
- audit_rules_unsuccessful_file_modification_fchmodat
Loading

0 comments on commit 57f2fdc

Please sign in to comment.