renamed tests due to dupes

Signed-off-by: Mark Bolwell <[email protected]>
ansible-lockdown · Apr 15, 2024 · a2398c0 · a2398c0
1 parent 2cb782b
commit a2398c0
Show file tree

Hide file tree

Showing 15 changed files with 27 additions and 24 deletions.
diff --git a/Cat_1/RHEL-07-010290.yml b/Cat_1/RHEL-07-010290.yml
@@ -1,10 +1,10 @@
 {{ if .Vars.RHEL_07_010290 }}
 command:
-  check_nullok:
+  check_nullok_pam:
     title: RHEL_07_010290 | The Red Hat Enterprise Linux operating system must not allow accounts configured with blank or null passwords.
     exec: "grep nullok /etc/pam.d/system-auth /etc/pam.d/password-auth"
     exit-status: 1
-    stdout: 
+    stdout:
     - '!/./'
     meta:
       Cat: 1

diff --git a/Cat_1/RHEL-07-010291.yml b/Cat_1/RHEL-07-010291.yml
@@ -1,10 +1,10 @@
 {{ if .Vars.RHEL_07_010291 }}
 command:
-  check_nullok:
+  check_nullok_shadow:
     title: RHEL_07_010291 | The Red Hat Enterprise Linux operating system must not have accounts configured with blank or null passwords.
     exec: "awk -F: '!$2 {print $1}' /etc/shadow"
     exit-status: 0
-    stdout: 
+    stdout:
     - '!/./'
     meta:
       Cat: 1

diff --git a/Cat_2/RHEL-07-020029.yml b/Cat_2/RHEL-07-020029.yml
@@ -1,7 +1,8 @@
 {{ if .Vars.RHEL_07_020029 }}
 package:
-  aide:
+  aide_installed:
     title: RHEL-07-020029 | Must use a file integrity tool to verify correct operation of all security functions | package
+    name: aide
     installed: true
     meta:
       Cat: 2

diff --git a/Cat_2/RHEL-07-020101.yml b/Cat_2/RHEL-07-020101.yml
@@ -1,6 +1,6 @@
 {{ if .Vars.RHEL_07_020101 }}
 command:
-  modprobe_dccp:
+  modprobe_dccp_module:
     title: RHEL-07-020101 | Must be configured so that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required.
     exec: grep dccp /etc/modprobe.d/dccp.conf
     exit-status: 0
@@ -27,7 +27,7 @@ command:
       Rule_ID: SV-204450r942897_rule
       STIG_ID: RHEL-07-020101
       Vul_ID: V-204450
-  modprobe_dccp:
+  modprobe_dccp_loaded:
     title: RHEL-07-020101 | Must be configured so that the Datagram Congestion Control Protocol (DCCP) kernel module is disabled unless required. | running
     exit-status: 0
     exec: 'modprobe -n -v dccp'

diff --git a/Cat_2/RHEL-07-021620.yml b/Cat_2/RHEL-07-021620.yml
@@ -1,8 +1,9 @@
 {{ if .Vars.RHEL_07_021620 }}
 package:
-  aide:
+  aide_fips:
     title: RHEL-07-021620 | Must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories.
     installed: true
+    name: aide
     meta:
       Cat: 2
       CCI: CCI-000366

diff --git a/Cat_2/RHEL-07-030630.yml b/Cat_2/RHEL-07-030630.yml
@@ -1,11 +1,11 @@
 {{ if .Vars.RHEL_07_030630 }}
 command:
-  semanage_auditd_rules:
-    title: RHEL-07-030630 | Must audit all uses of the semanage command. | config
+  password_auditd_rules:
+    title: RHEL-07-030630 | The Red Hat Enterprise Linux operating system must audit all uses of the passwd command. | config
     exec: grep -i semanage /etc/audit/rules.d/99_auditd.rules
     exit-status: 0
     stdout:
-    - '/^-a always,exit -F path=/usr/sbin/semanage -F auid>={{ .Vars.rhel7stig_int_uid }} -F auid!=(4294967295|unset) -k privileged-priv_change/'
+    - '/^-a always,exit -F path=/usr/sbin/passwd -F auid>={{ .Vars.rhel7stig_int_uid }} -F auid!=(4294967295|unset) -k privileged-passwd/'
     meta:
       Cat: 2
       CCI:
@@ -16,12 +16,12 @@ command:
       Rule_ID: SV-204542r833121_rule
       STIG_ID: RHEL-07-030630
       Vul_ID: V-204542
-  audit_semanage_running:
-    title: RHEL-07-030630 | Must audit all uses of the semanage command. | running
-    exec: auditctl -l | grep -w "semanage"
+  password_semanage_running:
+    title: RHEL-07-030630 | The Red Hat Enterprise Linux operating system must audit all uses of the passwd command. | running
+    exec: auditctl -l | grep -w "/passwd"
     exit-status: 0
     stdout:
-    - '/^-a always,exit -S all -F path=/usr/sbin/semanage -F auid>={{ .Vars.rhel7stig_int_uid }} -F auid!=(4294967295|unset|-1) -F key=privileged-priv_change/'
+    - '/^-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid> auid>={{ .Vars.rhel7stig_int_uid }} -F auid!=(4294967295|unset|-1) -F key=privileged-passwd/'
     meta:
       Cat: 2
       CCI:

diff --git a/Cat_2/RHEL-07-030700.yml b/Cat_2/RHEL-07-030700.yml
@@ -17,7 +17,6 @@ command:
       Rule_ID: SV-204549r603261_rule
       STIG_ID: RHEL-07-030700
       Vul_ID: V-204549
-command:
   audit_sudoers_running:
     title: RHEL-07-030700 | Must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory. | running
     exec: auditctl -l | grep -w "sudoers"

diff --git a/Cat_2/RHEL-07-030710.yml b/Cat_2/RHEL-07-030710.yml
@@ -17,7 +17,6 @@ command:
       Rule_ID: SV-204550r833142_rule
       STIG_ID: RHEL-07-030710
       Vul_ID: V-204550
-command:
   audit_newgrp_running:
     title: RHEL-07-030710 | Must audit all uses of the newgrp command.| running
     exec: auditctl -l | grep -w "newgrp"

diff --git a/Cat_2/RHEL-07-030740.yml b/Cat_2/RHEL-07-030740.yml
@@ -17,7 +17,6 @@ command:
       Rule_ID: SV-204552r833148_rule
       STIG_ID: RHEL-07-030740
       Vul_ID: V-204552
-command:
   audit_mount_running:
     title: RHEL-07-030740 | Must audit all uses of the mount command and syscall.| running
     exec: auditctl -l | grep -w "mount"

diff --git a/Cat_2/RHEL-07-040110.yml b/Cat_2/RHEL-07-040110.yml
@@ -1,6 +1,6 @@
 {{ if .Vars.RHEL_07_040110 }}
 command:
-  ciphers_sshd_config:
+  ciphers_sshd_config_dod:
     title: RHEL-07-040110 | must implement DoD-approved encryption to protect the confidentiality of SSH connections.
     exec: grep -i ciphers /etc/ssh/sshd_config
     exit-status: 0

diff --git a/Cat_2/RHEL-07-040180.yml b/Cat_2/RHEL-07-040180.yml
@@ -1,8 +1,9 @@
 {{ if .Vars.rhel7stig_auth_settings.use_sssd }}
   {{ if .Vars.RHEL_07_040190 }}
 service:
-  sssd:
+  sssd_ldap_auth_comms:
     title: RHEL-07-040180 | Must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.
+    name: sssd
     running: true
     enabled: true
     meta:

diff --git a/Cat_2/RHEL-07-040190.yml b/Cat_2/RHEL-07-040190.yml
@@ -1,8 +1,9 @@
 {{ if .Vars.rhel7stig_auth_settings.use_sssd }}
   {{ if .Vars.RHEL_07_040190 }}
 service:
-  sssd:
+  sssd_ldap_comms:
     title: RHEL-07-040190 | Must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications.
+    name: sssd
     running: true
     enabled: true
     meta:

diff --git a/Cat_2/RHEL-07-040200.yml b/Cat_2/RHEL-07-040200.yml
@@ -1,8 +1,9 @@
 {{ if .Vars.rhel7stig_auth_settings.use_sssd }}
   {{ if .Vars.RHEL_07_040200 }}
 service:
-  sssd:
+  sssd_peer_x509:
     title: RHEL-07-040200 | Must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications.
+    name: sssd
     running: true
     enabled: true
     meta:

diff --git a/Cat_2/RHEL-07-040712.yml b/Cat_2/RHEL-07-040712.yml
@@ -1,6 +1,6 @@
 {{ if .Vars.RHEL_07_040712 }}
 command:
-  ciphers_sshd_config:
+  ciphers_sshd_config_fips:
     title: RHEL-07-040712 | The Red Hat Enterprise Linux operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
     exec: grep -i kex /etc/ssh/sshd_config
     exit-status: 0

diff --git a/Cat_3/RHEL-07-021600.yml b/Cat_3/RHEL-07-021600.yml
@@ -1,7 +1,8 @@
 {{ if .Vars.RHEL_07_021600 }}
 package:
-  aide:
+  aide_acls:
     title: RHEL-07-021600 | Must be configured so that the file integrity tool is configured to verify Access Control Lists (ACLs). | Aide Installed
+    name: aide
     installed: true
     meta:
       Cat: 3