openstack/ansible-hardening
Code Issues Proposed changes

[Docs] Auditing setuid/setgid applications

Browse Source 
This patch documents some alternatives for RHEL-07-030310 since automating
the STIG requirement is challenging.

Implements: blueprint security-rhel7-stig
Change-Id: I28e9e4c25a98c26ef388bf0f62b9fbe58adbf96b
This commit is contained in:
Major Hayden 2016-11-08 16:20:56 -06:00
parent 9d74dbd915
commit 9e66cde47c
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/metadata/rhel7/RHEL-07-030310.rst
View File

@ -1,7 +1,18 @@
---
id: RHEL-07-030310
status: not implemented
tag: misc
status: exception - manual intervention
tag: auditd
---
This STIG requirement is not yet implemented.
This STIG is difficult to implement in an automated way because the number of
applications on a system with setuid/setgid permissions changes over time.
In addition, adding audit rules for some of these automatically could cause a
significant increase in logging traffic when these applications are used
regularly.
Deployers are urged to do the following instead:
* Minimize the amount of applications with setuid/setgid privileges
* Monitor any new applications that gain setuid/setgid privileges
* Add risky applications with setuid/setgid privileges to auditd for detailed
syscall monitoring