Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update RHEL 9 STIG to V2R2 #12551

Merged
merged 11 commits into from
Nov 4, 2024
Merged

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Oct 29, 2024

Description:

  • Update RHEL 9 STIG to V2R2

Rationale:

@Mab879 Mab879 added New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related. Update Profile Issues or pull requests related to Profiles updates. STIG STIG Benchmark related. labels Oct 29, 2024
@Mab879 Mab879 added this to the 0.1.75 milestone Oct 29, 2024
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel9 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

Copy link

github-actions bot commented Oct 29, 2024

This datastream diff is auto generated by the check Compare DS/Generate Diff.
Due to the excessive size of the diff, it has been trimmed to fit the 65535-character limit.

Click here to see the trimmed diff
New content has different text for rule 'xccdf_org.ssgproject.content_rule_configure_crypto_policy'.
--- xccdf_org.ssgproject.content_rule_configure_crypto_policy
+++ xccdf_org.ssgproject.content_rule_configure_crypto_policy
@@ -158,7 +158,7 @@
 SV-258238r991554_rule
 
 [reference]:
-SV-258241r987791_rule
+SV-258241r1017572_rule
 
 [rationale]:
 Centralized cryptographic policies simplify applying secure ciphers across an operating system and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy'.
--- xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
+++ xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
@@ -79,12 +79,6 @@
 [reference]:
 2.2
 
-[reference]:
-RHEL-09-255055
-
-[reference]:
-SV-257987r991554_rule
-
 [rationale]:
 Overriding the system crypto policy makes the behavior of the SSH service violate expectations,
 and makes system configuration more fragmented.

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
+++ xccdf_org.ssgproject.content_rule_configure_ssh_crypto_policy
@@ -5,7 +5,6 @@
     regexp: (?i)^\s*CRYPTO_POLICY.*$
   tags:
   - CCE-83445-7
-  - DISA-STIG-RHEL-09-255055
   - NIST-800-53-AC-17(2)
   - NIST-800-53-AC-17(a)
   - NIST-800-53-CM-6(a)

New content has different text for rule 'xccdf_org.ssgproject.content_rule_encrypt_partitions'.
--- xccdf_org.ssgproject.content_rule_encrypt_partitions
+++ xccdf_org.ssgproject.content_rule_encrypt_partitions
@@ -233,7 +233,7 @@
 RHEL-09-231190
 
 [reference]:
-SV-257879r958872_rule
+SV-257879r1014836_rule
 
 [rationale]:
 The risk of a system's physical compromise, particularly mobile systems such as

New content has different text for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown'.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown
@@ -165,7 +165,7 @@
 RHEL-09-271100
 
 [reference]:
-SV-258029r991589_rule
+SV-258029r1014857_rule
 
 [reference]:
 SV-258030r991589_rule

New content has different text for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_lock_screen_on_smartcard_removal'.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_lock_screen_on_smartcard_removal
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_lock_screen_on_smartcard_removal
@@ -37,10 +37,10 @@
 RHEL-09-271050
 
 [reference]:
-SV-258019r997071_rule
+SV-258019r1015086_rule
 
 [reference]:
-SV-258020r997072_rule
+SV-258020r1015087_rule
 
 [rationale]:
 Locking the screen automatically when removing the smartcard can

New content has different text for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled'.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled
@@ -142,10 +142,10 @@
 RHEL-09-271060
 
 [reference]:
-SV-258021r997073_rule
+SV-258021r1015088_rule
 
 [reference]:
-SV-258022r997074_rule
+SV-258022r1015089_rule
 
 [rationale]:
 A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate'.
--- xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate
+++ xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate
@@ -147,7 +147,7 @@
 RHEL-09-432025
 
 [reference]:
-SV-258086r997081_rule
+SV-258086r1015095_rule
 
 [rationale]:
 Without re-authentication, users may access resources or perform tasks for which they

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd'.
--- xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd
+++ xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd
@@ -148,7 +148,7 @@
 RHEL-09-611085
 
 [reference]:
-SV-258106r997092_rule
+SV-258106r1015106_rule
 
 [rationale]:
 Without re-authentication, users may access resources or perform tasks for which they

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sudo_require_reauthentication'.
--- xccdf_org.ssgproject.content_rule_sudo_require_reauthentication
+++ xccdf_org.ssgproject.content_rule_sudo_require_reauthentication
@@ -46,7 +46,7 @@
 RHEL-09-432015
 
 [reference]:
-SV-258084r997080_rule
+SV-258084r1015094_rule
 
 [rationale]:
 Without re-authentication, users may access resources or perform tasks for which they

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_subscription-manager_installed'.
--- xccdf_org.ssgproject.content_rule_package_subscription-manager_installed
+++ xccdf_org.ssgproject.content_rule_package_subscription-manager_installed
@@ -47,7 +47,7 @@
 RHEL-09-215010
 
 [reference]:
-SV-257825r997056_rule
+SV-257825r1015079_rule
 
 [rationale]:
 Red Hat Subscription Manager is a local service which tracks installed products

New content has different text for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated'.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated
@@ -188,7 +188,7 @@
 RHEL-09-214015
 
 [reference]:
-SV-257820r997053_rule
+SV-257820r1015076_rule
 
 [rationale]:
 Changes to any software components can have significant effects on the

New content has different text for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages'.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages
@@ -113,7 +113,7 @@
 RHEL-09-214020
 
 [reference]:
-SV-257821r997054_rule
+SV-257821r1015077_rule
 
 [rationale]:
 Changes to any software components can have significant effects to the overall security

New content has different text for rule 'xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled'.
--- xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled
+++ xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled
@@ -182,7 +182,7 @@
 RHEL-09-214025
 
 [reference]:
-SV-257822r997055_rule
+SV-257822r1015078_rule
 
 [rationale]:
 Verifying the authenticity of the software prior to installation validates

New content has different text for rule 'xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed'.
--- xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed
+++ xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed
@@ -201,7 +201,7 @@
 RHEL-09-214010
 
 [reference]:
-SV-257819r997052_rule
+SV-257819r1015075_rule
 
 [rationale]:
 Changes to software components can have significant effects on the overall

New content has different text for rule 'xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled'.
--- xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled
+++ xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled
@@ -158,7 +158,7 @@
 RHEL-09-271015
 
 [reference]:
-SV-258012r958390_rule
+SV-258012r1014855_rule
 
 [reference]:
 SV-258013r958390_rule

New content has different text for rule 'xccdf_org.ssgproject.content_rule_disallow_bypass_password_sudo'.
--- xccdf_org.ssgproject.content_rule_disallow_bypass_password_sudo
+++ xccdf_org.ssgproject.content_rule_disallow_bypass_password_sudo
@@ -27,7 +27,7 @@
 RHEL-09-611145
 
 [reference]:
-SV-258118r997103_rule
+SV-258118r1015117_rule
 
 [rationale]:
 Without re-authentication, users may access resources or perform tasks for which they do not

New content has different text for rule 'xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth'.
--- xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth
+++ xccdf_org.ssgproject.content_rule_account_password_pam_faillock_password_auth
@@ -21,7 +21,7 @@
 RHEL-09-611035
 
 [reference]:
-SV-258096r958388_rule
+SV-258096r1014883_rule
 
 [rationale]:
 If the pam_faillock.so module is not loaded the system will not correctly lockout accounts to prevent

New content has different text for rule 'xccdf_org.ssgproject.content_rule_account_password_pam_faillock_system_auth'.
--- xccdf_org.ssgproject.content_rule_account_password_pam_faillock_system_auth
+++ xccdf_org.ssgproject.content_rule_account_password_pam_faillock_system_auth
@@ -21,7 +21,7 @@
 RHEL-09-611030
 
 [reference]:
-SV-258095r958388_rule
+SV-258095r1014881_rule
 
 [rationale]:
 If the pam_faillock.so module is not loaded the system will not correctly lockout accounts to prevent

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
@@ -232,7 +232,7 @@
 RHEL-09-611070
 
 [reference]:
-SV-258103r997089_rule
+SV-258103r1015103_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_difok'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_difok
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_difok
@@ -183,7 +183,7 @@
 RHEL-09-611115
 
 [reference]:
-SV-258112r997097_rule
+SV-258112r1015111_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root
@@ -51,7 +51,7 @@
 RHEL-09-611060
 
 [reference]:
-SV-258101r997087_rule
+SV-258101r1015101_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required to compromise

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
@@ -232,7 +232,7 @@
 RHEL-09-611065
 
 [reference]:
-SV-258102r997088_rule
+SV-258102r1015102_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat
@@ -178,7 +178,7 @@
 RHEL-09-611120
 
 [reference]:
-SV-258113r997098_rule
+SV-258113r1015112_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required to compromise the password.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat
@@ -175,7 +175,7 @@
 RHEL-09-611125
 
 [reference]:
-SV-258114r997099_rule
+SV-258114r1015113_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required to compromise the password.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
@@ -237,7 +237,7 @@
 RHEL-09-611130
 
 [reference]:
-SV-258115r997100_rule
+SV-258115r1015114_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required to compromise the password.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
@@ -243,7 +243,7 @@
 RHEL-09-611090
 
 [reference]:
-SV-258107r997093_rule
+SV-258107r1015107_rule
 
 [rationale]:
 The shorter the password, the lower the number of possible combinations

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
@@ -225,7 +225,7 @@
 RHEL-09-611100
 
 [reference]:
-SV-258109r997095_rule
+SV-258109r1015109_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_password_auth'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_password_auth
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_password_auth
@@ -24,7 +24,7 @@
 RHEL-09-611040
 
 [reference]:
-SV-258097r997084_rule
+SV-258097r1015098_rule
 
 [rationale]:
 Enabling PAM password complexity permits to enforce strong passwords and consequently

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_system_auth'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_system_auth
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_system_auth
@@ -18,7 +18,7 @@
 RHEL-09-611045
 
 [reference]:
-SV-258098r991589_rule
+SV-258098r1014887_rule
 
 [rationale]:
 Enabling PAM password complexity permits to enforce strong passwords and consequently

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_retry'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_retry
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_retry
@@ -238,7 +238,7 @@
 RHEL-09-611010
 
 [reference]:
-SV-258091r997083_rule
+SV-258091r1015097_rule
 
 [rationale]:
 Setting the password retry prompts that are permitted on a per-session basis to a low value

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
@@ -229,7 +229,7 @@
 RHEL-09-611110
 
 [reference]:
-SV-258111r997096_rule
+SV-258111r1015110_rule
 
 [rationale]:
 Use of a complex password helps to increase the time and resources required to compromise the password.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_libuserconf'.
--- xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_libuserconf
+++ xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_libuserconf
@@ -198,7 +198,7 @@
 RHEL-09-611135
 
 [reference]:
-SV-258116r997101_rule
+SV-258116r1015115_rule
 
 [rationale]:
 Passwords need to be protected at all times, and encryption is the standard method for

New content has different text for rule 'xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs'.
--- xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs
+++ xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs
@@ -200,7 +200,7 @@
 RHEL-09-611140
 
 [reference]:
-SV-258117r997102_rule
+SV-258117r1015116_rule
 
 [rationale]:
 Passwords need to be protected at all times, and encryption is the standard method for

New content has different text for rule 'xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_passwordauth'.
--- xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_passwordauth
+++ xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_passwordauth
@@ -218,7 +218,7 @@
 RHEL-09-671025
 
 [reference]:
-SV-258233r997115_rule
+SV-258233r1015136_rule
 
 [rationale]:
 Passwords need to be protected at all times, and encryption is the standard method for

xccdf_org.ssgproject.content_rule_set_password_hashing_min_rounds_logindefs is missing in new data stream.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_logind_session_timeout'.
--- xccdf_org.ssgproject.content_rule_logind_session_timeout
+++ xccdf_org.ssgproject.content_rule_logind_session_timeout
@@ -308,7 +308,7 @@
 RHEL-09-412080
 
 [reference]:
-SV-258077r970703_rule
+SV-258077r1014874_rule
 
 [rationale]:
 Terminating an idle session within a short time period reduces the window of

xccdf_org.ssgproject.content_rule_package_tmux_installed is missing in new data stream.
xccdf_org.ssgproject.content_rule_configure_bashrc_tmux is missing in new data stream.
xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time is missing in new data stream.
xccdf_org.ssgproject.content_rule_configure_tmux_lock_command is missing in new data stream.
xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding is missing in new data stream.
xccdf_org.ssgproject.content_rule_no_tmux_in_shells is missing in new data stream.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_opensc_installed'.
--- xccdf_org.ssgproject.content_rule_package_opensc_installed
+++ xccdf_org.ssgproject.content_rule_package_opensc_installed
@@ -35,7 +35,7 @@
 RHEL-09-611185
 
 [reference]:
-SV-258126r997110_rule
+SV-258126r1015124_rule
 
 [rationale]:
 Using an authentication device, such as a CAC or token that is separate from

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed'.
--- xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed
+++ xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed
@@ -29,7 +29,7 @@
 RHEL-09-611175
 
 [reference]:
-SV-258124r997108_rule
+SV-258124r1015122_rule
 
 [rationale]:
 The pcsc-lite package must be installed if it is to be available for

New content has different text for rule 'xccdf_org.ssgproject.content_rule_install_smartcard_packages'.
--- xccdf_org.ssgproject.content_rule_install_smartcard_packages
+++ xccdf_org.ssgproject.content_rule_install_smartcard_packages
@@ -44,7 +44,7 @@
 RHEL-09-215075
 
 [reference]:
-SV-257838r997057_rule
+SV-257838r1015080_rule
 
 [rationale]:
 Using an authentication device, such as a CAC or token that is separate from

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_pcscd_enabled'.
--- xccdf_org.ssgproject.content_rule_service_pcscd_enabled
+++ xccdf_org.ssgproject.content_rule_service_pcscd_enabled
@@ -52,7 +52,7 @@
 RHEL-09-611180
 
 [reference]:
-SV-258125r997109_rule
+SV-258125r1015123_rule
 
 [rationale]:
 Using an authentication device, such as a CAC or token that is separate from

New content has different text for rule 'xccdf_org.ssgproject.content_rule_configure_opensc_card_drivers'.
--- xccdf_org.ssgproject.content_rule_configure_opensc_card_drivers
+++ xccdf_org.ssgproject.content_rule_configure_opensc_card_drivers
@@ -237,7 +237,7 @@
 RHEL-09-611160
 
 [reference]:
-SV-258121r997105_rule
+SV-258121r1015119_rule
 
 [rationale]:
 Smart card login provides two-factor authentication stronger than

New content has different text for rule 'xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration'.
--- xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration
+++ xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration
@@ -284,7 +284,7 @@
 RHEL-09-411050
 
 [reference]:
-SV-258049r997078_rule
+SV-258049r1015092_rule
 
 [rationale]:
 Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs'.
--- xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs
@@ -205,7 +205,7 @@
 RHEL-09-411010
 
 [reference]:
-SV-258041r997076_rule
+SV-258041r1015090_rule
 
 [rationale]:
 Any password, no matter how complex, can eventually be cracked. Therefore, passwords

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs'.
--- xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs
@@ -196,7 +196,7 @@
 RHEL-09-611075
 
 [reference]:
-SV-258104r997090_rule
+SV-258104r1015104_rule
 
 [rationale]:
 Enforcing a minimum password lifetime helps to prevent repeated password

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs'.
--- xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs
@@ -228,12 +228,6 @@
 [reference]:
 R31
 
-[reference]:
-RHEL-09-611095
-
-[reference]:
-SV-258108r997094_rule
-
 [rationale]:
 Requiring a minimum password length makes password
 cracking attacks more difficult by ensuring a larger

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs' differs.
--- xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs
@@ -4,7 +4,6 @@
   tags:
   - CCE-83608-0
   - CJIS-5.6.2.1
-  - DISA-STIG-RHEL-09-611095
   - NIST-800-171-3.5.7
   - NIST-800-53-CM-6(a)
   - NIST-800-53-IA-5(1)(a)
@@ -32,7 +31,6 @@
   tags:
   - CCE-83608-0
   - CJIS-5.6.2.1
-  - DISA-STIG-RHEL-09-611095
   - NIST-800-171-3.5.7
   - NIST-800-53-CM-6(a)
   - NIST-800-53-IA-5(1)(a)

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing'.
--- xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing
+++ xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing
@@ -39,7 +39,7 @@
 RHEL-09-411015
 
 [reference]:
-SV-258042r997077_rule
+SV-258042r1015091_rule
 
 [rationale]:
 Any password, no matter how complex, can eventually be cracked. Therefore,

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing'.
--- xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing
+++ xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing
@@ -32,7 +32,7 @@
 RHEL-09-611080
 
 [reference]:
-SV-258105r997091_rule
+SV-258105r1015105_rule
 
 [rationale]:
 Enforcing a minimum password lifetime helps to prevent repeated password

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512'.
--- xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512
+++ xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512
@@ -43,7 +43,7 @@
 RHEL-09-671015
 
 [reference]:
-SV-258231r997114_rule
+SV-258231r1015135_rule
 
 [rationale]:
 Passwords need to be protected at all times, and encryption is the standard method for

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth
@@ -36,7 +36,7 @@
 RHEL-09-611050
 
 [reference]:
-SV-258099r997085_rule
+SV-258099r1015099_rule
 
 [rationale]:
 Using a higher number of rounds makes password cracking attacks more difficult.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_system_auth'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_system_auth
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_system_auth
@@ -34,7 +34,7 @@
 RHEL-09-611055
 
 [reference]:
-SV-258100r997086_rule
+SV-258100r1015100_rule
 
 [rationale]:
 Using a higher number of rounds makes password cracking attacks more difficult.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_no_empty_passwords'.
--- xccdf_org.ssgproject.content_rule_no_empty_passwords
+++ xccdf_org.ssgproject.content_rule_no_empty_passwords
@@ -337,7 +337,7 @@
 RHEL-09-611025
 
 [reference]:
-SV-258094r991589_rule
+SV-258094r1014878_rule
 
 [rationale]:
 If an account has an empty password, anyone could log in and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_use_pam_wheel_for_su'.
--- xccdf_org.ssgproject.content_rule_use_pam_wheel_for_su
+++ xccdf_org.ssgproject.content_rule_use_pam_wheel_for_su
@@ -35,7 +35,7 @@
 RHEL-09-432035
 
 [reference]:
-SV-258088r997082_rule
+SV-258088r1015096_rule
 
 [rationale]:
 The su program allows to run commands with a substitute user and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_tmout'.
--- xccdf_org.ssgproject.content_rule_accounts_tmout
+++ xccdf_org.ssgproject.content_rule_accounts_tmout
@@ -171,7 +171,7 @@
 RHEL-09-412035
 
 [reference]:
-SV-258068r970703_rule
+SV-258068r1014872_rule
 
 [rationale]:
 Terminating an idle session within a short time period reduces

New content has different text for rule 'xccdf_org.ssgproject.content_rule_grub2_admin_username'.
--- xccdf_org.ssgproject.content_rule_grub2_admin_username
+++ xccdf_org.ssgproject.content_rule_grub2_admin_username
@@ -317,7 +317,7 @@
 RHEL-09-212020
 
 [reference]:
-SV-257789r958472_rule
+SV-257789r1014822_rule
 
 [rationale]:
 Having a non-default grub superuser username makes password-guessing attacks less effective.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_rsyslog_nolisten'.
--- xccdf_org.ssgproject.content_rule_rsyslog_nolisten
+++ xccdf_org.ssgproject.content_rule_rsyslog_nolisten
@@ -344,7 +344,7 @@
 RHEL-09-652025
 
 [reference]:
-SV-258143r991589_rule
+SV-258143r1014907_rule
 
 [rationale]:
 Any process which receives messages from the network incurs some risk of receiving malicious

New content has different text for rule 'xccdf_org.ssgproject.content_rule_configure_firewalld_ports'.
--- xccdf_org.ssgproject.content_rule_configure_firewalld_ports
+++ xccdf_org.ssgproject.content_rule_configure_firewalld_ports
@@ -308,12 +308,6 @@
 [reference]:
 1.3
 
-[reference]:
-RHEL-09-251025
-
-[reference]:
-SV-257938r958480_rule
-
 [rationale]:
 In order to prevent unauthorized connection of devices, unauthorized transfer of information,
 or unauthorized tunneling (i.e., embedding of data types within data types), organizations must

New content has different text for rule 'xccdf_org.ssgproject.content_rule_networkmanager_dns_mode'.
--- xccdf_org.ssgproject.content_rule_networkmanager_dns_mode
+++ xccdf_org.ssgproject.content_rule_networkmanager_dns_mode
@@ -18,7 +18,7 @@
 RHEL-09-252040
 
 [reference]:
-SV-257949r991589_rule
+SV-257949r1014841_rule
 
 [rationale]:
 To ensure that DNS resolver settings are respected, a DNS mode in NetworkManager must be configured.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_autofs_disabled'.
--- xccdf_org.ssgproject.content_rule_service_autofs_disabled
+++ xccdf_org.ssgproject.content_rule_service_autofs_disabled
@@ -254,7 +254,7 @@
 RHEL-09-231040
 
 [reference]:
-SV-257849r958498_rule
+SV-257849r1014829_rule
 
 [rationale]:
 Disabling the automounter permits the administrator to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_nodev'.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_nodev
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_nodev
@@ -76,7 +76,7 @@
 RHEL-09-231095
 
 [reference]:
-SV-257860r958804_rule
+SV-257860r1014832_rule
 
 [rationale]:
 The only legitimate location for device files is the /dev directory

New content has different text for rule 'xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid'.
--- xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid
+++ xccdf_org.ssgproject.content_rule_mount_option_boot_nosuid
@@ -83,7 +83,7 @@
 RHEL-09-231100
 
 [reference]:
-SV-257861r958804_rule
+SV-257861r1014834_rule
 
 [rationale]:
 The presence of SUID and SGID executables should be tightly controlled. Users

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled'.
--- xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled
+++ xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled
@@ -25,7 +25,7 @@
 RHEL-09-213020
 
 [reference]:
-SV-257799r997051_rule
+SV-257799r1015074_rule
 
 [rationale]:
 Disabling kexec_load allows greater control of the kernel memory.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sysctl_user_max_user_namespaces'.
--- xccdf_org.ssgproject.content_rule_sysctl_user_max_user_namespaces
+++ xccdf_org.ssgproject.content_rule_sysctl_user_max_user_namespaces
@@ -37,7 +37,7 @@
 RHEL-09-213105
 
 [reference]:
-SV-257816r991589_rule
+SV-257816r1014825_rule
 
 [rationale]:
 It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or system objectives.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled'.
--- xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled
+++ xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled
@@ -452,7 +452,7 @@
 RHEL-09-232260
 
 [reference]:
-SV-257932r991589_rule
+SV-257932r1014838_rule
 
 [rationale]:
 If a device file carries the SELinux type device_t or

New content has different text for rule 'xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay'.
--- xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
+++ xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
@@ -17,7 +17,7 @@
 RHEL-09-252050
 
 [reference]:
-SV-257951r991589_rule
+SV-257951r1014843_rule
 
 [rationale]:
 If unrestricted mail relaying is permitted, unauthorized senders could use this

Platform has been changed for rule 'xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay'
--- xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
+++ xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
@@ -1 +1 @@
-
+oval:ssg-package_postfix:def:1

xccdf_org.ssgproject.content_rule_mount_option_krb_sec_remote_filesystems is missing in new data stream.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_chrony_installed'.
--- xccdf_org.ssgproject.content_rule_package_chrony_installed
+++ xccdf_org.ssgproject.content_rule_package_chrony_installed
@@ -47,7 +47,7 @@
 RHEL-09-252010
 
 [reference]:
-SV-257943r997065_rule
+SV-257943r1015081_rule
 
 [rationale]:
 Time synchronization is important to support time sensitive security mechanisms like

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_chronyd_enabled'.
--- xccdf_org.ssgproject.content_rule_service_chronyd_enabled
+++ xccdf_org.ssgproject.content_rule_service_chronyd_enabled
@@ -29,7 +29,7 @@
 RHEL-09-252015
 
 [reference]:
-SV-257944r997066_rule
+SV-257944r1015082_rule
 
 [rationale]:
 If chrony is in use on the system proper configuration is vital to ensuring time

New content has different text for rule 'xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server'.
--- xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server
+++ xccdf_org.ssgproject.content_rule_chronyd_specify_remote_server
@@ -59,7 +59,7 @@
 RHEL-09-252020
 
 [reference]:
-SV-257945r997067_rule
+SV-257945r1015083_rule
 
 [rationale]:
 If chrony is in use on the system proper configuration is vital to ensuring time

New content has different text for rule 'xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll'.
--- xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll
+++ xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll
@@ -131,7 +131,7 @@
 RHEL-09-252020
 
 [reference]:
-SV-257945r997067_rule
+SV-257945r1015083_rule
 
 [rationale]:
 Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_chronyd_server_directive'.
--- xccdf_org.ssgproject.content_rule_chronyd_server_directive
+++ xccdf_org.ssgproject.content_rule_chronyd_server_directive
@@ -30,7 +30,7 @@
 RHEL-09-252020
 
 [reference]:
-SV-257945r997067_rule
+SV-257945r1015083_rule
 
 [rationale]:
 Depending on the infrastructure being used the pool directive may not be supported.

xccdf_org.ssgproject.content_rule_tftpd_uses_secure_mode is missing in new data stream.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords'.
--- xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
+++ xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
@@ -400,7 +400,7 @@
 RHEL-09-255040
 
 [reference]:
-SV-257984r958486_rule
+SV-257984r1014848_rule
 
 [rationale]:
 Configuring this setting for the SSH daemon provides additional assurance

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_login'.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_login
@@ -442,7 +442,7 @@
 RHEL-09-255045
 
 [reference]:
-SV-257985r997069_rule
+SV-257985r1015085_rule
 
 [rationale]:
 Even though the communications channel may be encrypted, an additional layer of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth'.
--- xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth
+++ xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth
@@ -37,7 +37,7 @@
 RHEL-09-255035
 
 [reference]:
-SV-257983r997068_rule
+SV-257983r1015084_rule
 
 [rationale]:
 Without the use of multifactor authentication, the ease of access to

xccdf_org.ssgproject.content_rule_sshd_use_priv_separation is missing in new data stream.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sssd_certificate_verification'.
--- xccdf_org.ssgproject.content_rule_sssd_certificate_verification
+++ xccdf_org.ssgproject.content_rule_sssd_certificate_verification
@@ -28,7 +28,7 @@
 RHEL-09-611170
 
 [reference]:
-SV-258123r997107_rule
+SV-258123r1015121_rule
 
 [rationale]:
 Ensuring that multifactor solutions certificates are checked via Online Certificate Status Protocol (OCSP)

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sssd_enable_certmap'.
--- xccdf_org.ssgproject.content_rule_sssd_enable_certmap
+++ xccdf_org.ssgproject.content_rule_sssd_enable_certmap
@@ -29,7 +29,7 @@
 RHEL-09-631015
 
 [reference]:
-SV-258132r958452_rule
+SV-258132r1014905_rule
 
 [rationale]:
 Without mapping the certificate used to authenticate to the user account, the ability to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sssd_enable_smartcards'.
--- xccdf_org.ssgproject.content_rule_sssd_enable_smartcards
+++ xccdf_org.ssgproject.content_rule_sssd_enable_smartcards
@@ -92,7 +92,7 @@
 RHEL-09-611165
 
 [reference]:
-SV-258122r997106_rule
+SV-258122r1015120_rule
 
 [rationale]:
 Using an authentication device, such as a CAC or token that is separate from

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sssd_has_trust_anchor'.
--- xccdf_org.ssgproject.content_rule_sssd_has_trust_anchor
+++ xccdf_org.ssgproject.content_rule_sssd_has_trust_anchor
@@ -27,7 +27,7 @@
 RHEL-09-631010
 
 [reference]:
-SV-258131r997113_rule
+SV-258131r1015125_rule
 
 [rationale]:
 Without path validation, an informed trust decision by the relying party cannot be made when

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_usbguard_installed'.
--- xccdf_org.ssgproject.content_rule_package_usbguard_installed
+++ xccdf_org.ssgproject.content_rule_package_usbguard_installed
@@ -35,7 +35,7 @@
 RHEL-09-291015
 
 [reference]:
-SV-258035r997117_rule
+SV-258035r1014859_rule
 
 [rationale]:
 usbguard is a software framework that helps to protect

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_usbguard_enabled'.
--- xccdf_org.ssgproject.content_rule_service_usbguard_enabled
+++ xccdf_org.ssgproject.content_rule_service_usbguard_enabled
@@ -39,7 +39,7 @@
 RHEL-09-291020
 
 [reference]:
-SV-258036r997118_rule
+SV-258036r1014861_rule
 
 [rationale]:
 The usbguard service must be running in order to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend'.
--- xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend
+++ xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend
@@ -36,7 +36,7 @@
 RHEL-09-291025
 
 [reference]:
-SV-258037r958442_rule
+SV-258037r1014863_rule
 
 [rationale]:
 Using the Linux Audit logging allows for centralized trace

New content has different text for rule 'xccdf_org.ssgproject.content_rule_usbguard_generate_policy'.
--- xccdf_org.ssgproject.content_rule_usbguard_generate_policy
+++ xccdf_org.ssgproject.content_rule_usbguard_generate_policy
@@ -27,7 +27,7 @@
 RHEL-09-291030
 
 [reference]:
-SV-258038r958820_rule
+SV-258038r1017033_rule
 
 [rationale]:
 The usbguard must be configured to allow connected USB devices to work

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_audit_installed'.
--- xccdf_org.ssgproject.content_rule_package_audit_installed
+++ xccdf_org.ssgproject.content_rule_package_audit_installed
@@ -219,7 +219,7 @@
 RHEL-09-653010
 
 [reference]:
-SV-258151r997050_rule
+SV-258151r1015126_rule
 
 [rationale]:
 The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_auditd_enabled'.
--- xccdf_org.ssgproject.content_rule_service_auditd_enabled
+++ xccdf_org.ssgproject.content_rule_service_auditd_enabled
@@ -560,7 +560,7 @@
 RHEL-09-653015
 
 [reference]:
-SV-258152r997058_rule
+SV-258152r1015127_rule
 
 [rationale]:
 Without establishing what type of events occurred, it would be difficult

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sudoers'.
--- xccdf_org.ssgproject.content_rule_audit_rules_sudoers
+++ xccdf_org.ssgproject.content_rule_audit_rules_sudoers
@@ -105,7 +105,7 @@
 RHEL-09-654215
 
 [reference]:
-SV-258217r997059_rule
+SV-258217r1015128_rule
 
 [rationale]:
 The actions taken by system administrators should be audited to keep a record

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d'.
--- xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d
+++ xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d
@@ -105,7 +105,7 @@
 RHEL-09-654220
 
 [reference]:
-SV-258218r997060_rule
+SV-258218r1015129_rule
 
 [rationale]:
 The actions taken by system administrators should be audited to keep a record

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function'.
--- xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function
+++ xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function
@@ -77,7 +77,7 @@
 RHEL-09-654010
 
 [reference]:
-SV-258176r958730_rule
+SV-258176r1014909_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_system_shutdown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_system_shutdown
+++ xccdf_org.ssgproject.content_rule_audit_rules_system_shutdown
@@ -153,7 +153,7 @@
 RHEL-09-654265
 
 [reference]:
-SV-258227r958424_rule
+SV-258227r1014992_rule
 
 [rationale]:
 It is critical for the appropriate personnel to be aware if a system

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
@@ -607,7 +607,7 @@
 RHEL-09-654225
 
 [reference]:
-SV-258219r997061_rule
+SV-258219r1015130_rule
 
 [rationale]:
 In addition to auditing new user and group accounts, these watches

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
@@ -607,7 +607,7 @@
 RHEL-09-654230
 
 [reference]:
-SV-258220r997062_rule
+SV-258220r1015131_rule
 
 [rationale]:
 In addition to auditing new user and group accounts, these watches

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd
@@ -613,7 +613,7 @@
 RHEL-09-654235
 
 [reference]:
-SV-258221r997063_rule
+SV-258221r1015132_rule
 
 [rationale]:
 In addition to auditing new user and group accounts, these watches

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
@@ -622,7 +622,7 @@
 RHEL-09-654240
 
 [reference]:
-SV-258222r997064_rule
+SV-258222r1015133_rule
 
 [rationale]:
 In addition to auditing new user and group accounts, these watches

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
@@ -607,7 +607,7 @@
 RHEL-09-654245
 
 [reference]:
-SV-258223r997075_rule
+SV-258223r1015134_rule
 
 [rationale]:
 In addition to auditing new user and group accounts, these watches

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod
@@ -454,7 +454,7 @@
 RHEL-09-654015
 
 [reference]:
-SV-258177r958412_rule
+SV-258177r1014911_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown
@@ -457,7 +457,7 @@
 RHEL-09-654020
 
 [reference]:
-SV-258178r958412_rule
+SV-258178r1014913_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod
@@ -454,7 +454,7 @@
 RHEL-09-654015
 
 [reference]:
-SV-258177r958412_rule
+SV-258177r1014911_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat
@@ -454,7 +454,7 @@
 RHEL-09-654015
 
 [reference]:
-SV-258177r958412_rule
+SV-258177r1014911_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown
@@ -460,7 +460,7 @@
 RHEL-09-654020
 
 [reference]:
-SV-258178r958412_rule
+SV-258178r1014913_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat
@@ -457,7 +457,7 @@
 RHEL-09-654020
 
 [reference]:
-SV-258178r958412_rule
+SV-258178r1014913_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr
@@ -485,7 +485,7 @@
 RHEL-09-654025
 
 [reference]:
-SV-258179r958412_rule
+SV-258179r1014915_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr
@@ -479,7 +479,7 @@
 RHEL-09-654025
 
 [reference]:
-SV-258179r958412_rule
+SV-258179r1014915_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown
@@ -457,7 +457,7 @@
 RHEL-09-654020
 
 [reference]:
-SV-258178r958412_rule
+SV-258178r1014913_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr
@@ -491,7 +491,7 @@
 RHEL-09-654025
 
 [reference]:
-SV-258179r958412_rule
+SV-258179r1014915_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr
@@ -479,7 +479,7 @@
 RHEL-09-654025
 
 [reference]:
-SV-258179r958412_rule
+SV-258179r1014915_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr
@@ -490,7 +490,7 @@
 RHEL-09-654025
 
 [reference]:
-SV-258179r958412_rule
+SV-258179r1014915_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
@@ -455,7 +455,7 @@
 RHEL-09-654025
 
 [reference]:
-SV-258179r958412_rule
+SV-258179r1014915_rule
 
 [rationale]:
 The changing of file permissions could indicate that a user is attempting to

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl'.
--- xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl
+++ xccdf_org.ssgproject.content_rule_audit_rules_execution_chacl
@@ -63,7 +63,7 @@
 RHEL-09-654035
 
 [reference]:
-SV-258181r958412_rule
+SV-258181r1014918_rule
 
 [rationale]:
 Without generating audit records that are specific to the security and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl'.
--- xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl
+++ xccdf_org.ssgproject.content_rule_audit_rules_execution_setfacl
@@ -57,7 +57,7 @@
 RHEL-09-654040
 
 [reference]:
-SV-258182r958412_rule
+SV-258182r1014920_rule
 
 [rationale]:
 Without generating audit records that are specific to the security and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon'.
--- xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon
+++ xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon
@@ -291,7 +291,7 @@
 RHEL-09-654045
 
 [reference]:
-SV-258183r958412_rule
+SV-258183r1014922_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage'.
--- xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage
+++ xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage
@@ -306,7 +306,7 @@
 RHEL-09-654050
 
 [reference]:
-SV-258184r958412_rule
+SV-258184r1014924_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_execution_setfiles'.
--- xccdf_org.ssgproject.content_rule_audit_rules_execution_setfiles
+++ xccdf_org.ssgproject.content_rule_audit_rules_execution_setfiles
@@ -81,7 +81,7 @@
 RHEL-09-654055
 
 [reference]:
-SV-258185r958412_rule
+SV-258185r1014926_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool'.
--- xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool
+++ xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool
@@ -279,7 +279,7 @@
 RHEL-09-654060
 
 [reference]:
-SV-258186r958412_rule
+SV-258186r1014928_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
@@ -449,7 +449,7 @@
 RHEL-09-654065
 
 [reference]:
-SV-258187r958412_rule
+SV-258187r1014930_rule
 
 [rationale]:
 Auditing file deletions will create an audit trail for files that are removed

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
@@ -449,7 +449,7 @@
 RHEL-09-654065
 
 [reference]:
-SV-258187r958412_rule
+SV-258187r1014930_rule
 
 [rationale]:
 Auditing file deletions will create an audit trail for files that are removed

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
@@ -446,7 +446,7 @@
 RHEL-09-654065
 
 [reference]:
-SV-258187r958412_rule
+SV-258187r1014930_rule
 
 [rationale]:
 Auditing file deletions will create an audit trail for files that are removed

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
@@ -449,7 +449,7 @@
 RHEL-09-654065
 
 [reference]:
-SV-258187r958412_rule
+SV-258187r1014930_rule
 
 [rationale]:
 Auditing file deletions will create an audit trail for files that are removed

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
@@ -449,7 +449,7 @@
 RHEL-09-654065
 
 [reference]:
-SV-258187r958412_rule
+SV-258187r1014930_rule
 
 [rationale]:
 Auditing file deletions will create an audit trail for files that are removed

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
@@ -433,7 +433,7 @@
 RHEL-09-654070
 
 [reference]:
-SV-258188r958412_rule
+SV-258188r1014932_rule
 
 [rationale]:
 Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
@@ -436,7 +436,7 @@
 RHEL-09-654070
 
 [reference]:
-SV-258188r958412_rule
+SV-258188r1014932_rule
 
 [rationale]:
 Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
@@ -436,7 +436,7 @@
 RHEL-09-654070
 
 [reference]:
-SV-258188r958412_rule
+SV-258188r1014932_rule
 
 [rationale]:
 Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at
@@ -424,7 +424,7 @@
 RHEL-09-654070
 
 [reference]:
-SV-258188r958412_rule
+SV-258188r1014932_rule
 
 [rationale]:
 Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
@@ -436,7 +436,7 @@
 RHEL-09-654070
 
 [reference]:
-SV-258188r958412_rule
+SV-258188r1014932_rule
 
 [rationale]:
 Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
@@ -436,7 +436,7 @@
 RHEL-09-654070
 
 [reference]:
-SV-258188r958412_rule
+SV-258188r1014932_rule
 
 [rationale]:
 Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
@@ -416,7 +416,7 @@
 RHEL-09-654075
 
 [reference]:
-SV-258189r958412_rule
+SV-258189r1014934_rule
 
 [rationale]:
 The removal of kernel modules can be used to alter the behavior of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
@@ -416,7 +416,7 @@
 RHEL-09-654080
 
 [reference]:
-SV-258190r958412_rule
+SV-258190r1014936_rule
 
 [rationale]:
 The addition/removal of kernel modules can be used to alter the behavior of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
@@ -416,7 +416,7 @@
 RHEL-09-654080
 
 [reference]:
-SV-258190r958412_rule
+SV-258190r1014936_rule
 
 [rationale]:
 The addition of kernel modules can be used to alter the behavior of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock'.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock
@@ -404,7 +404,7 @@
 RHEL-09-654250
 
 [reference]:
-SV-258224r958846_rule
+SV-258224r1014988_rule
 
 [rationale]:
 Manual editing of these files may indicate nefarious activity, such

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog'.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog
@@ -431,7 +431,7 @@
 RHEL-09-654255
 
 [reference]:
-SV-258225r958412_rule
+SV-258225r1014990_rule
 
 [rationale]:
 Manual editing of these files may indicate nefarious activity, such

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_privileged_commands_init'.
--- xccdf_org.ssgproject.content_rule_audit_privileged_commands_init
+++ xccdf_org.ssgproject.content_rule_audit_privileged_commands_init
@@ -27,7 +27,7 @@
 RHEL-09-654185
 
 [reference]:
-SV-258211r991586_rule
+SV-258211r1014976_rule
 
 [rationale]:
 Misuse of the init command may cause availability issues for the system.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_privileged_commands_poweroff'.
--- xccdf_org.ssgproject.content_rule_audit_privileged_commands_poweroff
+++ xccdf_org.ssgproject.content_rule_audit_privileged_commands_poweroff
@@ -27,7 +27,7 @@
 RHEL-09-654190
 
 [reference]:
-SV-258212r991586_rule
+SV-258212r1014978_rule
 
 [rationale]:
 Misuse of the poweroff command may cause availability issues for the system.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_privileged_commands_reboot'.
--- xccdf_org.ssgproject.content_rule_audit_privileged_commands_reboot
+++ xccdf_org.ssgproject.content_rule_audit_privileged_commands_reboot
@@ -27,7 +27,7 @@
 RHEL-09-654195
 
 [reference]:
-SV-258213r991586_rule
+SV-258213r1014980_rule
 
 [rationale]:
 Misuse of the reboot command may cause availability issues for the system.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_privileged_commands_shutdown'.
--- xccdf_org.ssgproject.content_rule_audit_privileged_commands_shutdown
+++ xccdf_org.ssgproject.content_rule_audit_privileged_commands_shutdown
@@ -27,7 +27,7 @@
 RHEL-09-654200
 
 [reference]:
-SV-258214r991586_rule
+SV-258214r1017037_rule
 
 [rationale]:
 Misuse of the shutdown command may cause availability issues for the system.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage
@@ -303,7 +303,7 @@
 RHEL-09-654085
 
 [reference]:
-SV-258191r958412_rule
+SV-258191r1014938_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh
@@ -291,7 +291,7 @@
 RHEL-09-654090
 
 [reference]:
-SV-258192r958412_rule
+SV-258192r1014940_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab
@@ -264,7 +264,7 @@
 RHEL-09-654095
 
 [reference]:
-SV-258193r958412_rule
+SV-258193r1014942_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd
@@ -294,7 +294,7 @@
 RHEL-09-654100
 
 [reference]:
-SV-258194r958412_rule
+SV-258194r1014944_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
@@ -87,7 +87,7 @@
 RHEL-09-654105
 
 [reference]:
-SV-258195r958412_rule
+SV-258195r1014946_rule
 
 [rationale]:
 Without generating audit records that are specific to the security and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount
@@ -66,7 +66,7 @@
 RHEL-09-654180
 
 [reference]:
-SV-258210r958412_rule
+SV-258210r1014974_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp
@@ -294,7 +294,7 @@
 RHEL-09-654110
 
 [reference]:
-SV-258196r958412_rule
+SV-258196r1014948_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pam_timestamp_check
@@ -269,7 +269,7 @@
 RHEL-09-654115
 
 [reference]:
-SV-258197r958412_rule
+SV-258197r1014950_rule
 
 [rationale]:
 Misuse of privileged functions, either intentionally or unintentionally by

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_postdrop'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_postdrop
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_postdrop
@@ -264,7 +264,7 @@
 RHEL-09-654125
 
 [reference]:
-SV-258199r958412_rule
+SV-258199r1014952_rule
 
 [rationale]:
 Misuse of privileged functions, either intentio

... The diff is trimmed here ...

@vojtapolasek vojtapolasek self-assigned this Oct 30, 2024
@@ -1847,7 +1847,8 @@ controls:
- medium
title: RHEL 9 SSH daemon must be configured to use system-wide crypto policies.
rules:
- configure_ssh_crypto_policy
- harden_sshd_ciphers_opensshserver_conf_crypto_policy
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if this rule should be here. Reading the relevant STIG, it seems that the audit part does not mention desired ciphers at all. But the rule you use actually checks for exact ciphers in files provided by crypto-policies package. I think we need a new rule as this STIG checks rather for correct include directives than for actual ciphers configured.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New rule added.

@Mab879
Copy link
Member Author

Mab879 commented Nov 1, 2024

/packit build

Copy link

codeclimate bot commented Nov 4, 2024

Code Climate has analyzed commit ab49c2d and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.

@vojtapolasek
Copy link
Collaborator

LGTM now, thank you. Failing tests fail because new rules are currently present only in rhel9 benchmark.

@vojtapolasek vojtapolasek merged commit 87f9f1e into ComplianceAsCode:master Nov 4, 2024
100 of 105 checks passed
@Mab879 Mab879 deleted the rhel9_stig_v2r2 branch November 4, 2024 16:20
@christopher-davidson
Copy link

@Mab879 I believe this PR should have also bumped "version: V2R1" to "version: V2R2" in /products/rhel9/profiles/stig.profile/ and /products/rhel9/profiles/stig_gui.profile/

@Mab879 Mab879 mentioned this pull request Nov 11, 2024
@Mab879
Copy link
Member Author

Mab879 commented Nov 11, 2024

@Mab879 I believe this PR should have also bumped "version: V2R1" to "version: V2R2" in /products/rhel9/profiles/stig.profile/ and /products/rhel9/profiles/stig_gui.profile/

Thanks for pointing this out. Fixed in #12597.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update RHEL9 DISA STIG to V2R2
3 participants