Skip to content

Commit

Permalink
Merge branch 'master' into Issue_464
Browse files Browse the repository at this point in the history
  • Loading branch information
ferricoxide authored Oct 26, 2023
2 parents 4a410e4 + b1b3a9a commit 63a5025
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 1 deletion.
59 changes: 59 additions & 0 deletions ash-linux/el8/STIGbyID/cat2/RHEL-08-010201.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Ref Doc: STIG - RHEL 8 v1r11
# Finding ID: V-244525
# Rule ID: SV-244525r917886_rule
# STIG ID: RHEL-08-010201
# SRG ID: SRG-OS-000163-GPOS-00072
# SRG-OS-000126-GPOS-00066
# SRG-OS-000279-GPOS-00109
#
# Finding Level: medium
#
# Rule Summary:
# RHEL 8 be configured so that all network connections associated with SSH
# traffic are terminated after 10 minutes of becoming unresponsive.
#
# References:
# CCI:
# - CCI-001133
# NIST SP 800-53 :: SC-10
# NIST SP 800-53A :: SC-10.1 (ii)
# NIST SP 800-53 Revision 4 :: SC-10
#
###########################################################################
{%- set stig_id = 'RHEL-08-010201' %}
{%- set helperLoc = 'ash-linux/el8/STIGbyID/cat2/files' %}
{%- set skipIt = salt.pillar.get('ash-linux:lookup:skip-stigs', []) %}
{%- set svcName = 'sshd' %}
{%- set cfgFile = '/etc/ssh/sshd_config' %}
{%- set cfgParm = 'ClientAliveInterval' %}
{%- set cfgValue = '600' %}

script_{{ stig_id }}-describe:
cmd.script:
- source: salt://{{ helperLoc }}/{{ stig_id }}.sh
- cwd: /root

{%- if stig_id in skipIt %}
notify_{{ stig_id }}-skipSet:
cmd.run:
- name: 'printf "\nchanged=no comment=''Handler for {{ stig_id }} has been selected for skip.''\n"'
- stateful: True
- cwd: /root
{%- else %}
Fix/set sshd {{ cfgParm }} value:
file.replace:
- name: '{{ cfgFile }}'
- append_if_not_found: True
- not_found_content: |-
# Inserted per STIG {{ stig_id }}
{{ cfgParm }} {{ cfgValue }}
- pattern: '^(|#)\s*{{ cfgParm }}.*'
- repl: '{{ cfgParm }} {{ cfgValue }}'

service_sshd:
service.running:
- name: '{{ svcName }}'
- watch:
- file: 'Fix/set sshd {{ cfgParm }} value'
{%- endif %}
35 changes: 35 additions & 0 deletions ash-linux/el8/STIGbyID/cat2/files/RHEL-08-010201.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/bin/bash
#
# Ref Doc: STIG - RHEL 8 v1r11
# Finding ID: V-244525
# Rule ID: SV-244525r917886_rule
# STIG ID: RHEL-08-010201
# SRG ID: SRG-OS-000163-GPOS-00072
# SRG-OS-000126-GPOS-00066
# SRG-OS-000279-GPOS-00109
#
# Finding Level: medium
#
# Rule Summary:
# RHEL 8 be configured so that all network connections associated with SSH
# traffic are terminated after 10 minutes of becoming unresponsive.
#
# References:
# CCI:
# - CCI-001133
# NIST SP 800-53 :: SC-10
# NIST SP 800-53A :: SC-10.1 (ii)
# NIST SP 800-53 Revision 4 :: SC-10
#
###########################################################################
# Standard outputter function
diag_out() {
echo "${1}"
}

diag_out "--------------------------------------"
diag_out "STIG Finding ID: V-244525"
diag_out " The OS must terminate all SSH"
diag_out " sessions ater 10 minutes of"
diag_out " becoming unresponsive"
diag_out "--------------------------------------"
1 change: 1 addition & 0 deletions ash-linux/el8/STIGbyID/cat2/init.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ include:
- ash-linux.el8.STIGbyID.cat2.OL08-00-010160
- ash-linux.el8.STIGbyID.cat2.RHEL-08-010161
- ash-linux.el8.STIGbyID.cat2.RHEL-08-010200
- ash-linux.el8.STIGbyID.cat2.RHEL-08-010201
- ash-linux.el8.STIGbyID.cat2.RHEL-08-010291
- ash-linux.el8.STIGbyID.cat2.RHEL-08-010490
- ash-linux.el8.STIGbyID.cat2.RHEL-08-010571
Expand Down
2 changes: 1 addition & 1 deletion tests/docker/centos8/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM quay.io/centos/centos:stream8@sha256:f24005786295703fc65e5cd74ab90497a05479fac780790a43eab5729f9e098f
FROM quay.io/centos/centos:stream8@sha256:b1f6889548eda34b2ddc8c2f50a49bf9924164814308e41e90a07e3b30e0db7f


CMD ["/bin/bash"]

0 comments on commit 63a5025

Please sign in to comment.