Hello Warren,
thank you for the question. I do not know the answer, please let me
investigate it.
Thank you,
Vojtech Polasek
Dne 20. 09. 23 v 21:31 Warren Debildos napsal(a):
Hi,
I am using the OpenSCAP with profile CIS RHEL8 v2.0.0, released 2022-02-23
I am getting a fail on clock_settime
Description:
If the auditd daemon is configured to use the augenrules program to
read audit rules during daemon startup (the default), add the
following line to a file with suffix .rules in the directory
/etc/audit/rules.d:
-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change
According to the CIS Benchmark for RHEL 8 v 2.0.0 the following rules
should be added:
-a always,exit -F arch=b64 -S adjtimex,settimeofday,clock_settime -k
time- change
-a always,exit -F arch=b32 -S adjtimex,settimeofday,clock_settime -k
time- change
-w /etc/localtime -p wa -k time-change
From where did we get the "-F a0=0x0" information?
Thanks,
Warren
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://listman.redhat.com/mailman/listinfo/open-scap-list
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://listman.redhat.com/mailman/listinfo/open-scap-list
