Ensure all rules in RHCOS4 DS have CCE identifier

yuumasato · yuumasato · commit 2df3d60da5fc · 2026-03-05T17:26:08.000+01:00
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml
@@ -15,6 +15,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-90416-9
     cce@sle12: CCE-83192-5
     cce@sle15: CCE-92576-8
     cce@slmicro5: CCE-93841-5
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_etc_selinux/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_etc_selinux/rule.yml
@@ -13,6 +13,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88995-6
     cce@rhel10: CCE-90737-8
     cce@sle15: CCE-92694-9
     cce@sle16: CCE-96212-6
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
@@ -13,6 +13,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88596-2
     cce@rhel8: CCE-86342-3
     cce@rhel9: CCE-86343-1
     cce@rhel10: CCE-88117-7
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification_network_scripts/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification_network_scripts/rule.yml
@@ -13,6 +13,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-90033-2
     cce@rhel8: CCE-86939-6
     cce@rhel9: CCE-86940-4
     cce@rhel10: CCE-90731-1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
@@ -18,6 +18,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88856-0
     cce@rhel8: CCE-90175-1
     cce@rhel9: CCE-90176-9
     cce@rhel10: CCE-88688-7
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
@@ -18,6 +18,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88024-5
     cce@rhel8: CCE-89497-2
     cce@rhel9: CCE-89498-0
     cce@rhel10: CCE-89020-2
diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml
@@ -20,6 +20,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-90250-2
     cce@rhel8: CCE-80871-7
     cce@rhel9: CCE-84164-3
 
diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
@@ -17,6 +17,7 @@ rationale: |-
 severity: low
 
 identifiers:
+    cce@rhcos4: CCE-89670-4
     cce@rhel8: CCE-82408-6
     cce@rhel9: CCE-86505-5
     cce@rhel10: CCE-87806-6
diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
@@ -12,6 +12,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88516-0
     cce@rhel8: CCE-82409-4
     cce@rhel9: CCE-84194-0
     cce@sle12: CCE-92245-0
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
@@ -12,6 +12,7 @@ rationale: |-
 severity: high
 
 identifiers:
+    cce@rhcos4: CCE-87843-9
     cce@rhel8: CCE-82414-4
     cce@rhel9: CCE-84159-3
     cce@rhel10: CCE-88674-7
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
@@ -15,6 +15,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88298-5
     cce@rhel8: CCE-82413-6
     cce@rhel9: CCE-84160-1
     cce@sle12: CCE-92246-8
diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
@@ -16,6 +16,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-90536-4
     cce@rhel8: CCE-82874-9
     cce@rhel9: CCE-84215-3
     cce@rhel10: CCE-89591-2
diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml
@@ -11,6 +11,7 @@ rationale: 'Turn off unneeded services to reduce attack surface.'
 severity: unknown
 
 identifiers:
+    cce@rhcos4: CCE-86928-9
     cce@rhel8: CCE-82861-6
     cce@rhel9: CCE-90795-6
     cce@rhel10: CCE-86174-0
diff --git a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml
@@ -13,6 +13,9 @@ rationale: |-
 
 severity: medium
 
+identifiers:
+    cce@rhcos4: CCE-86709-3
+
 ocil_clause: 'the package is installed'
 
 ocil: '{{{ ocil_package(package="openssh-server") }}}'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
@@ -25,6 +25,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88196-1
     cce@rhel8: CCE-85987-6
     cce@rhel9: CCE-88048-4
     cce@rhel10: CCE-88135-9
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
@@ -16,6 +16,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88685-3
     cce@rhel8: CCE-85915-7
     cce@rhel9: CCE-86696-2
     cce@rhel10: CCE-88090-6
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
@@ -14,6 +14,7 @@ rationale: 'Only root should be able to modify important boot parameters.'
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-89127-5
     cce@rhel8: CCE-85913-2
     cce@rhel9: CCE-86695-4
     cce@rhel10: CCE-89243-0
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
@@ -15,6 +15,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88839-6
     cce@rhel8: CCE-85912-4
     cce@rhel9: CCE-85925-6
     cce@rhel10: CCE-88815-6
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
@@ -16,6 +16,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-89516-9
     cce@rhel8: CCE-87231-7
     cce@rhel9: CCE-86761-4
     cce@rhel10: CCE-90381-5
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-89605-0
     cce@rhel8: CCE-80796-6
     cce@rhel9: CCE-83945-6
     cce@rhel10: CCE-90261-9
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
@@ -17,6 +17,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-87871-0
     cce@rhel8: CCE-80797-4
     cce@rhel9: CCE-83948-0
     cce@rhel10: CCE-90043-1
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88189-6
     cce@rhel8: CCE-80798-2
     cce@rhel9: CCE-83950-6
     cce@rhel10: CCE-89210-9
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
@@ -17,6 +17,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-87133-5
     cce@rhel8: CCE-80799-0
     cce@rhel9: CCE-83930-8
     cce@rhel10: CCE-87579-9
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-87800-9
     cce@rhel8: CCE-80801-4
     cce@rhel9: CCE-83925-8
     cce@rhel10: CCE-86870-3
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-88141-7
     cce@rhel8: CCE-80802-2
     cce@rhel9: CCE-83924-1
     cce@rhel10: CCE-87701-9
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
@@ -11,6 +11,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-89312-3
     cce@rhel8: CCE-80803-0
     cce@rhel9: CCE-83943-1
     cce@rhel10: CCE-87827-2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
@@ -14,6 +14,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-89484-0
     cce@rhel8: CCE-80804-8
     cce@rhel9: CCE-83926-6
     cce@rhel10: CCE-86857-0
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
@@ -12,6 +12,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-90126-4
     cce@rhel8: CCE-80810-5
     cce@rhel9: CCE-83934-0
     cce@rhel10: CCE-88868-5
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
@@ -20,6 +20,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-86641-8
     cce@rhel8: CCE-80811-3
     cce@rhel9: CCE-83921-7
     cce@rhel10: CCE-86975-0
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
@@ -14,6 +14,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-87939-5
     cce@rhel8: CCE-80812-1
     cce@rhel9: CCE-83931-6
     cce@rhel10: CCE-90644-6
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
@@ -23,6 +23,7 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhcos4: CCE-89361-0
     cce@rhel8: CCE-80813-9
     cce@rhel9: CCE-83941-5
     cce@rhel10: CCE-88433-8
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
@@ -15,6 +15,7 @@ rationale: |-
 severity: high
 
 identifiers:
+    cce@rhcos4: CCE-89156-4
     cce@rhel8: CCE-82877-2
     cce@rhel9: CCE-84069-4
     cce@rhel10: CCE-90410-2
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
@@ -60,6 +60,7 @@ rationale: |-
 severity: high
 
 identifiers:
+    cce@rhcos4: CCE-89503-7
     cce@rhel8: CCE-80789-1
     cce@rhel9: CCE-90849-1
     cce@rhel10: CCE-89165-5
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
