From 2c44d72b156dc60c435981aff8f7c215c271dfac Mon Sep 17 00:00:00 2001 From: zulfilee Date: Mon, 24 Nov 2025 16:58:37 +0530 Subject: [PATCH] PCOM 51 Misc fixes --- ubuntu-fips/22.04/fix.sh | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/ubuntu-fips/22.04/fix.sh b/ubuntu-fips/22.04/fix.sh index 0a9c41ed..126e0a24 100755 --- a/ubuntu-fips/22.04/fix.sh +++ b/ubuntu-fips/22.04/fix.sh @@ -4539,9 +4539,7 @@ do else # Rule isn't present yet. Append it at the end of $audit_rules_file file # with proper key - echo "-w /run/utmp -p wa -k session" >> "$audit_rules_file" - echo "-w /var/run/utmp -p wa -k session" >> "$audit_rules_file" fi done # Create a list of audit *.rules files that should be inspected for presence and correctness @@ -4617,7 +4615,6 @@ do else # Rule isn't present yet. Append it at the end of $audit_rules_file file # with proper key - echo "-w /run/utmp -p wa -k session" >> "$audit_rules_file" fi done @@ -28414,3 +28411,20 @@ fi (>&2 echo "FIX FOR THIS RULE 'xccdf_org.ssgproject.content_rule_auditd_offload_logs' IS MISSING!") # END fix for 'xccdf_org.ssgproject.content_rule_auditd_offload_logs' +############################################################################### +# Misc fixes for STIG Compliance +############################################################################### +audit_rule_file_session=/etc/audit/rules.d/session.rules +echo "-w /var/run/utmp -p wa -k session" >> "$audit_rule_file_session" + +audit_rule_file_modules=/etc/audit/rules.d/modules.rules +echo "-w /bin/kmod -p x -k modules" >> "$audit_rule_file_modules" + +audit_rule_file_cronjob=/etc/audit/rules.d/cronjob.rules +echo "-w /etc/cron.d/ -p wa -k cronjob" >> "$audit_rule_file_cronjob" +echo "-w /var/spool/cron/ -p wa -k cronjobs" >> "$audit_rule_file_cronjob" + +chmod 640 "$audit_rule_file_cronjob" +chmod 740 /bin/journalctl + +# END of Misc fixes for STIG Compliance