implement RHEL-09-654097

Author: vojtapolasek

products/rhel9/controls/stig_rhel9.yml

@@ -3501,6 +3501,16 @@ controls:
           - audit_rules_privileged_commands_crontab
       status: automated
 
+    - id: RHEL-09-654097
+      levels:
+          - medium
+      title: RHEL 9 must audit any script or executable called by cron as root or by any privileged user.
+      rules:
+          - audit_rules_etc_cron_d
+          - audit_rules_var_spool_cron
+      status: automated
+
+
     - id: RHEL-09-654100
       levels:
           - medium

tests/data/profile_stability/rhel9/stig.profile

@@ -71,6 +71,7 @@ audit_rules_dac_modification_removexattr
 audit_rules_dac_modification_setxattr
 audit_rules_dac_modification_umount
 audit_rules_dac_modification_umount2
+audit_rules_etc_cron_d
 audit_rules_execution_chacl
 audit_rules_execution_chcon
 audit_rules_execution_semanage
@@ -124,6 +125,7 @@ audit_rules_usergroup_modification_gshadow
 audit_rules_usergroup_modification_opasswd
 audit_rules_usergroup_modification_passwd
 audit_rules_usergroup_modification_shadow
+audit_rules_var_spool_cron
 auditd_audispd_configure_sufficiently_large_partition
 auditd_data_disk_error_action_stig
 auditd_data_disk_full_action_stig

tests/data/profile_stability/rhel9/stig_gui.profile

@@ -71,6 +71,7 @@ audit_rules_dac_modification_removexattr
 audit_rules_dac_modification_setxattr
 audit_rules_dac_modification_umount
 audit_rules_dac_modification_umount2
+audit_rules_etc_cron_d
 audit_rules_execution_chacl
 audit_rules_execution_chcon
 audit_rules_execution_semanage
@@ -124,6 +125,7 @@ audit_rules_usergroup_modification_gshadow
 audit_rules_usergroup_modification_opasswd
 audit_rules_usergroup_modification_passwd
 audit_rules_usergroup_modification_shadow
+audit_rules_var_spool_cron
 auditd_audispd_configure_sufficiently_large_partition
 auditd_data_disk_error_action_stig
 auditd_data_disk_full_action_stig