From 6b431fc6c5f01ccb1c434fe402cd8461df8be387 Mon Sep 17 00:00:00 2001 From: Miha Purg Date: Thu, 30 Jan 2025 12:33:46 +0100 Subject: [PATCH] Move auditd file permission rules to auditing group to fix rule order When remediating the whole Ubuntu 24.04 CIS Level 2 profile, these rules were executed before package_audit_installed, resulting in errors due to missing configuration and binary files: - file_groupownership_audit_binaries - file_ownership_audit_binaries - file_permissions_audit_binaries - file_permissions_etc_audit_auditd - file_permissions_etc_audit_rules - file_permissions_etc_audit_rulesd Moving them to the auditing group places them after auditd is installed, fixing the issue. --- .../file_groupownership_audit_binaries/rule.yml | 0 .../file_ownership_audit_binaries/rule.yml | 0 .../file_permissions_audit_binaries/rule.yml | 0 .../policy/stig/shared.yml | 0 .../file_permissions_etc_audit_auditd/rule.yml | 0 .../tests/stricter_permissions.pass.sh | 0 .../file_permissions_etc_audit_rules/rule.yml | 0 .../tests/lenient_permissions.fail.sh | 0 .../tests/stricter_permissions.pass.sh | 0 .../policy/stig/shared.yml | 0 .../file_permissions_etc_audit_rulesd/rule.yml | 0 .../tests/lenient_permissions.fail.sh | 0 .../tests/stricter_permissions.pass.sh | 0 .../guide/auditing/file_permissions_auditd/group.yml | 9 +++++++++ 14 files changed, 9 insertions(+) rename linux_os/guide/{system/permissions/files/permissions_within_important_dirs => auditing/file_permissions_auditd}/file_groupownership_audit_binaries/rule.yml (100%) rename linux_os/guide/{system/permissions/files/permissions_within_important_dirs => auditing/file_permissions_auditd}/file_ownership_audit_binaries/rule.yml (100%) rename linux_os/guide/{system/permissions/files/permissions_within_important_dirs => auditing/file_permissions_auditd}/file_permissions_audit_binaries/rule.yml (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_auditd/policy/stig/shared.yml (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_auditd/rule.yml (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_auditd/tests/stricter_permissions.pass.sh (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rules/rule.yml (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rules/tests/lenient_permissions.fail.sh (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rules/tests/stricter_permissions.pass.sh (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rulesd/policy/stig/shared.yml (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rulesd/rule.yml (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rulesd/tests/lenient_permissions.fail.sh (100%) rename linux_os/guide/{system/permissions/files => auditing/file_permissions_auditd}/file_permissions_etc_audit_rulesd/tests/stricter_permissions.pass.sh (100%) create mode 100644 linux_os/guide/auditing/file_permissions_auditd/group.yml diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml b/linux_os/guide/auditing/file_permissions_auditd/file_groupownership_audit_binaries/rule.yml similarity index 100% rename from linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_groupownership_audit_binaries/rule.yml diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml b/linux_os/guide/auditing/file_permissions_auditd/file_ownership_audit_binaries/rule.yml similarity index 100% rename from linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_ownership_audit_binaries/rule.yml diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_audit_binaries/rule.yml similarity index 100% rename from linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_audit_binaries/rule.yml diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/policy/stig/shared.yml b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_auditd/policy/stig/shared.yml similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/policy/stig/shared.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_auditd/policy/stig/shared.yml diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_auditd/rule.yml similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_auditd/rule.yml diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/stricter_permissions.pass.sh b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_auditd/tests/stricter_permissions.pass.sh similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/tests/stricter_permissions.pass.sh rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_auditd/tests/stricter_permissions.pass.sh diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rules/rule.yml b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rules/rule.yml similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rules/rule.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rules/rule.yml diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rules/tests/lenient_permissions.fail.sh b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rules/tests/lenient_permissions.fail.sh similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rules/tests/lenient_permissions.fail.sh rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rules/tests/lenient_permissions.fail.sh diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rules/tests/stricter_permissions.pass.sh b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rules/tests/stricter_permissions.pass.sh similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rules/tests/stricter_permissions.pass.sh rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rules/tests/stricter_permissions.pass.sh diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/policy/stig/shared.yml b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/policy/stig/shared.yml similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/policy/stig/shared.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/policy/stig/shared.yml diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/rule.yml similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/rule.yml diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/lenient_permissions.fail.sh b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/tests/lenient_permissions.fail.sh similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/lenient_permissions.fail.sh rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/tests/lenient_permissions.fail.sh diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/stricter_permissions.pass.sh b/linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/tests/stricter_permissions.pass.sh similarity index 100% rename from linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/tests/stricter_permissions.pass.sh rename to linux_os/guide/auditing/file_permissions_auditd/file_permissions_etc_audit_rulesd/tests/stricter_permissions.pass.sh diff --git a/linux_os/guide/auditing/file_permissions_auditd/group.yml b/linux_os/guide/auditing/file_permissions_auditd/group.yml new file mode 100644 index 00000000000..28686d520b3 --- /dev/null +++ b/linux_os/guide/auditing/file_permissions_auditd/group.yml @@ -0,0 +1,9 @@ +documentation_complete: true + +title: 'System Accounting with auditd' + +description: |- + The audit service provides substantial capabilities + for recording system activities. This section + deals with permissions of auditd related files. +