[PATCH 1/2] provided details that the RHEL auditing system meets SRG requirements

Mon, 17 Dec 2012 13:36:35 -0800 

Signed-off-by: Jeffrey Blank <[email protected]>
---
 RHEL6/input/auxiliary/srg_support.xml |   39 +++++++++++++++++++++++++++------
 1 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/RHEL6/input/auxiliary/srg_support.xml 
b/RHEL6/input/auxiliary/srg_support.xml
index 7e00479..d80264b 100644
--- a/RHEL6/input/auxiliary/srg_support.xml
+++ b/RHEL6/input/auxiliary/srg_support.xml
@@ -7,10 +7,10 @@ not clearly relate.
 </description>
 
 
-<!-- The CCI/SRG item referenced here are:
+<!-- The CCI/SRG items referenced here are:
      - satisfied (through design and implementation)
      - selected in DoD baseline (per CNSS 1253) -->
-<Rule id="met_inherently">
+<Rule id="met_inherently_generic">
 <title>Product Meets this Requirement</title>
 <rationale>
 Red Hat Enterprise Linux meets this requirement through design and 
implementation.
@@ -21,7 +21,32 @@ compliance. This is a permanent not a finding.
 <description> 
 This requirement is permanent not a finding. No fix is required.
 </description>
-<ref 
disa="56,130,1084,42,66,86,135,185,223,131,132,133,134,85,159,171,172,1694,770,804,162,163,164,345,346,1493,1494,1495,1096,1111,1291,386,156,186,1083,1082,1090,804,1127,1128,1129,1248,1265,1314,1362,1368,1310,1311,1328,1399,1400,1425,1427,1499,1632,1693,1665,1674,206"
 />
+<ref 
disa="42,56,206,1084,66,85,86,185,223,171,172,1694,770,804,162,163,164,345,346,1096,1111,1291,386,156,186,1083,1082,1090,804,1127,1128,1129,1248,1265,1314,1362,1368,1310,1311,1328,1399,1400,1425,1427,1499,1632,1693,1665,1674"
 />
+</Rule>
+
+
+<!-- The CCI/SRG items referenced here relate to auditing, and are:
+     - satisfied (through design and implementation)
+     - selected in DoD baseline (per CNSS 1253) -->
+<Rule id="met_inherently_auditing">
+<title>Product Meets this Requirement</title>
+<rationale>
+The Red Hat Enterprise Linux audit system meets this requirement through 
design and implementation.
+</rationale>
+<ocil>The RHEL6 auditing system supports this requirement and cannot be 
configured to be out of 
+compliance. Every audit record in RHEL includes a timestamp, the operation 
attempted,
+success or failure of the operation, the subject involved (executable/process),
+the object involved (file/path), and security labels for the subject and 
object.
+It also includes the ability to label events with custom key labels.  The 
auditing system
+centralizes the recording of audit events for the entire system and includes
+reduction (<tt>ausearch</tt>), reporting (<tt>aureport</tt>), and real-time
+response (<tt>audispd</tt>) facilities.
+This is a permanent not a finding. 
+</ocil> 
+<description> 
+This requirement is permanent not a finding. No fix is required.
+</description>
+<ref disa="130,131,132,133,134,135,159,174" />
 </Rule>
 
 
@@ -39,14 +64,14 @@ compliance. This is a permanent not a finding.
 <description> 
 This requirement is permanent not a finding. No fix is required.
 </description>
-<ref 
disa="34,35,99,154,226,802,872,1086,1087,1089,1091,1424,1426,1209,1214,1237,1269,1338,1425,1670"
 />
+<ref 
disa="34,35,99,154,226,802,872,1086,1087,1089,1091,1424,1426,1428,1209,1214,1237,1269,1338,1425,1670"
 />
 </Rule> 
 
 
 <!-- The CCI/SRG item listed here are:
      - satisfied (by Rules in the guidance, which include the reference)
      - not selected in DoD baseline -->
-<!-- 
disa="26,27,32,771,772,831,884,888,1095,1115,1117,1250,1339,1348,1353,1428,1464,1496"
 -->
+<!-- 
disa="26,27,32,771,772,831,884,888,1095,1115,1117,1250,1339,1348,1353,1464,1496"
 -->
 
 
 <!-- The CCI/SRG item referenced here are:
@@ -66,7 +91,7 @@ application, policy, or service. This requirement is NA.
 <description> 
 This requirement is NA. No fix is required.
 </description>
-<ref 
disa="21,25,28,29,30,165,221,354,779,780,781,1009,1094,1123,1124,1125,1132,1135,1140,1141,1142,1143,1145,1147,1148,1166,1295,1340,1341,1350,1356,1373,1374,1383,1391,1392,1395,1632,1662"
 />
+<ref 
disa="21,25,28,29,30,165,221,354,553,779,780,781,1009,1094,1123,1124,1125,1132,1135,1140,1141,1142,1143,1145,1147,1148,1166,1295,1340,1341,1350,1356,1373,1374,1383,1391,1392,1395,1662"
 />
 </Rule>
 
 
@@ -109,7 +134,7 @@ application, policy, or service. This requirement is NA.
 <description> 
 This requirement is NA. No fix is required.
 </description>
-<ref 
disa="371,372,535,537,539,1682,370,37,24,1112,1126,1143,1149,1157,1159,1210,1211,1274,1372,1376,1377,1352,1401,1555,1556,1150"
 />
+<ref 
disa="15,371,372,535,537,539,1682,370,37,24,1112,1126,1143,1149,1157,1159,1210,1211,1274,1372,1376,1377,1352,1401,1555,1556,1150"
 />
 </Rule>
 
 
-- 
1.7.1

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to