Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amazon Linux 2022 SCA policy - check 4 to 4.1.3.21 #3845

Closed
Tracked by #3838
72nomada opened this issue Jan 26, 2023 · 1 comment
Closed
Tracked by #3838

Amazon Linux 2022 SCA policy - check 4 to 4.1.3.21 #3845

72nomada opened this issue Jan 26, 2023 · 1 comment
Labels
dev-testing feature/sca level/subtask Subtask issue type/test
Milestone
Amazon Linux 2022...

Comments

@72nomada
Copy link

Target version Related issue Related PR
4.4.x #3838 wazuh/wazuh#15681
Check Id and Name Status Extra
4 Logging and Auditing
4.1 Configure System Accounting (auditd)
4.1.1 Ensure auditing is enabled
4.1.1.1 Ensure auditd is installed (Automated)
4.1.1.2 Ensure auditd service is enabled (Automated)
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled (Automated)
4.1.1.4 Ensure audit_backlog_limit is sufficient (Automated)
4.1.2 Configure Data Retention
4.1.2.1 Ensure audit log storage size is configured (Automated)
4.1.2.2 Ensure audit logs are not automatically deleted (Automated)
4.1.2.3 Ensure system is disabled when audit logs are full (Automated)
4.1.3 Configure auditd rules
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected (Automated)
4.1.3.2 Ensure actions as another user are always logged (Automated)
4.1.3.3 Ensure events that modify the sudo log file are collected (Automated)
4.1.3.4 Ensure events that modify date and time information are collected (Automated)
4.1.3.5 Ensure events that modify the system's network environment are collected (Automated)
4.1.3.6 Ensure use of privileged commands are collected (Automated)
4.1.3.7 Ensure unsuccessful file access attempts are collected (Automated)
4.1.3.8 Ensure events that modify user/group information are collected (Automated)
4.1.3.9 Ensure discretionary access control permission modification events are collected (Automated)
4.1.3.10 Ensure successful file system mounts are collected (Automated)
4.1.3.11 Ensure session initiation information is collected (Automated)
4.1.3.12 Ensure login and logout events are collected (Automated)
4.1.3.13 Ensure file deletion events by users are collected (Automated)
4.1.3.14 Ensure events that modify the system's Mandatory Access Controls are collected (Automated)
4.1.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded (Automated)
4.1.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded (Automated)
4.1.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded (Automated)
4.1.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded (Automated)
4.1.3.19 Ensure kernel module loading unloading and modification is collected (Automated)
4.1.3.20 Ensure the audit configuration is immutable (Automated)
4.1.3.21 Ensure the running and on disk configuration is the same (Manual)
@72nomada 72nomada mentioned this issue Jan 26, 2023
Closed
29 tasks
@jmv74211 jmv74211 added this to the Amazon Linux 2022 SCA policy milestone Feb 1, 2023
mauromalara added a commit that referenced this issue Mar 2, 2023
@mauromalara
refactor(#3845): remove library
b299617 
and remove MySQL credentials
jmv74211 pushed a commit that referenced this issue Mar 9, 2023
@mauromalara
merge(#3835): add new modules to support migration tool
0ec8088 
* feat(#3835): add new module to support migration tool.

* feat(#3835): add function to remove the status file.

* refactor(#3835): rename module.

* fix(#3835): fix cve5 references and minor changes applied

* fix(#3835): apply linter corrections.

* refactor(#3835): change the way of running the tool.

* fix(#3835): minor changes applied.

* docs(#3835): change copyright message.

* fix(#3835): change name of variables.

* docs(#3835): improve utility function documentation.

* refactor(#3835): move function to file library and minor changes.

* fix(#3835): improve some code and add docs.

* fix(#3835): catch specific exceptions.

* fix(#3835): add platform and version specs.

* refactor(#3845): remove library

and remove MySQL credentials

* fix(#3835): fix attribute error.

* refactor(#3835): refactor library to adapt the tests.

* refactor(#3835): remove unused function.
QU3B1M pushed a commit that referenced this issue Mar 15, 2023
@mauromalara @QU3B1M
merge(#3835): add new modules to support migration tool
9f77c9a 
* feat(#3835): add new module to support migration tool.

* feat(#3835): add function to remove the status file.

* refactor(#3835): rename module.

* fix(#3835): fix cve5 references and minor changes applied

* fix(#3835): apply linter corrections.

* refactor(#3835): change the way of running the tool.

* fix(#3835): minor changes applied.

* docs(#3835): change copyright message.

* fix(#3835): change name of variables.

* docs(#3835): improve utility function documentation.

* refactor(#3835): move function to file library and minor changes.

* fix(#3835): improve some code and add docs.

* fix(#3835): catch specific exceptions.

* fix(#3835): add platform and version specs.

* refactor(#3845): remove library

and remove MySQL credentials

* fix(#3835): fix attribute error.

* refactor(#3835): refactor library to adapt the tests.

* refactor(#3835): remove unused function.
Deblintrake09 pushed a commit that referenced this issue Apr 24, 2023
@mauromalara @Deblintrake09
merge(#3835): add new modules to support migration tool
e6e1cd7 
* feat(#3835): add new module to support migration tool.

* feat(#3835): add function to remove the status file.

* refactor(#3835): rename module.

* fix(#3835): fix cve5 references and minor changes applied

* fix(#3835): apply linter corrections.

* refactor(#3835): change the way of running the tool.

* fix(#3835): minor changes applied.

* docs(#3835): change copyright message.

* fix(#3835): change name of variables.

* docs(#3835): improve utility function documentation.

* refactor(#3835): move function to file library and minor changes.

* fix(#3835): improve some code and add docs.

* fix(#3835): catch specific exceptions.

* fix(#3835): add platform and version specs.

* refactor(#3845): remove library

and remove MySQL credentials

* fix(#3835): fix attribute error.

* refactor(#3835): refactor library to adapt the tests.

* refactor(#3835): remove unused function.
@juliamagan juliamagan added level/subtask Subtask issue and removed level/task Task issue labels Apr 27, 2023
@Rebits
Copy link
Member

Rebits commented May 15, 2023

Not planned

@Rebits Rebits closed this as completed May 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dev-testing feature/sca level/subtask Subtask issue type/test
Projects
None yet
Milestone
Amazon Linux 2022 SCA policy
Development

No branches or pull requests
4 participants
@Rebits @jmv74211 @72nomada @juliamagan