From 0aea99dba711abac37f52605f3c4bb70d4284157 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Sun, 17 Nov 2024 15:19:57 -0800 Subject: [PATCH] More updates to the Linux policy (#447) - Cleanup remediation steps headings - Make sure Debian uses apt-get not apt - Don't use sudo with commands. We assume root or they add sudo on their own everywhere Signed-off-by: Tim Smith --- core/mondoo-linux-security.mql.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml index d5108ea7..ece4f05b 100644 --- a/core/mondoo-linux-security.mql.yaml +++ b/core/mondoo-linux-security.mql.yaml @@ -1164,16 +1164,14 @@ queries: remediation: |- Run this command to install `auditd`: - ### Debian/Ubuntu and derivatives - ### RHEL/Fedora/Amazon Linux and derivatives ``` dnf install audit audit-libs ``` - ### Debian/Ubuntu + ### Debian/Ubuntu and derivatives ``` - apt install auditd audispd-plugins + apt-get install auditd audispd-plugins ``` ### SLES and openSUSE @@ -1230,14 +1228,14 @@ queries: ### RHEL/Fedora/Amazon Linux and derivatives ``` - sudo grub2-mkconfig -o /boot/grub2/grub.cfg + grub2-mkconfig -o /boot/grub2/grub.cfg ``` **Note:** The path looks different for UEFI systems. ### Debian/Ubuntu and derivatives ``` - sudo update-grub + update-grub ``` - uid: mondoo-linux-security-audit-log-storage-size-is-configured title: Ensure audit log storage size is configured @@ -2368,6 +2366,7 @@ queries: - uid: mondoo-linux-security-ssh-protocol-is-set-to-2 title: Ensure SSH Protocol is set to 2 impact: 80 + # openssh-server 7.6 and later remove support for protocol v1 filters: package('openssh-server').version == /6./ || package('openssh-server').version == /7\.[0|1|2|3|4|5]/ mql: | sshd.config.params["Protocol"] == 2