Merge pull request #14590 from jan-cerny/fix_container_applicability

Fix rule applicability for container environments

Author: Mab879

components/bash.yml

@@ -3,6 +3,7 @@ packages:
 - bash
 rules:
 - accounts_umask_etc_bashrc
+- file_permission_user_bash_history
 - accounts_umask_etc_csh_cshrc
 - accounts_umask_etc_profile
 - accounts_umask_root

components/krb5.yml

@@ -3,9 +3,11 @@ groups:
 name: krb5
 packages:
 - krb5
+- krb5-libs
 - krb5-server
 - krb5-workstation
 rules:
+- configure_kerberos_crypto_policy
 - kerberos_disable_no_keytab
 - package_krb5-server_removed
 - package_krb5-workstation_removed

components/openssh.yml

@@ -94,6 +94,8 @@ rules:
 - sshd_use_strong_rng
 - sshd_x11_use_localhost
 - sshd_include_crypto_policy
+- harden_sshd_ciphers_openssh_conf_crypto_policy
 - harden_sshd_crypto_policy
+- harden_sshd_macs_openssh_conf_crypto_policy
 templates:
 - sshd_lineinfile

components/openssl.yml

@@ -4,5 +4,7 @@ name: openssl
 packages:
 - openssl
 rules:
+- configure_openssl_crypto_policy
+- configure_openssl_tls_crypto_policy
 - only_allow_dod_certs
 - only_allow_specific_certs

components/pam.yml

@@ -112,6 +112,7 @@ rules:
 - ensure_root_password_configured
 - ensure_shadow_group_empty
 - ensure_sudo_group_restricted
+- file_etc_security_opasswd
 - file_groupowner_etc_issue
 - file_groupowner_etc_issue_net
 - file_groupowner_etc_motd
@@ -121,7 +122,6 @@ rules:
 - file_owner_etc_motd
 - file_ownership_home_directories
 - file_ownership_lastlog
-- file_permission_user_bash_history
 - file_permissions_etc_issue
 - file_permissions_etc_issue_net
 - file_permissions_etc_motd

linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml

@@ -41,3 +41,5 @@ ocil: |-
     <pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre>
     The output should return:
     <pre>USELDAPAUTH=yes</pre>
+
+platform: system_with_kernel

linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml

@@ -33,3 +33,5 @@ template:
     name: package_installed
     vars:
         pkgname: openssh-clients
+
+platform: system_with_kernel

linux_os/guide/services/ssh/ssh_client/group.yml

@@ -9,3 +9,5 @@ description: |-
     influence only the default SSH client configuration. Changes in this group
     can be overridden by the client user by modifying files within the
     <pre>~/.ssh</pre> directory or by supplying parameters on the command line.
+
+platform: package[openssh-clients]

linux_os/guide/system/accounts/accounts-session/file_permission_user_bash_history/rule.yml

@@ -32,3 +32,5 @@ fixtext: |-
     Note: The example will be for the smithj user, who has a home directory of "/home/smithj".
 
     $ sudo chmod 0600 /home/smithj/.bash_history
+
+platform: package[bash]

linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml

@@ -32,3 +32,5 @@ ocil: |-
     {{{ ocil_file_owner(file="/etc/security/opasswd", owner="root") }}}
     {{{ ocil_file_group_owner(file="/etc/security/opasswd", group="root") }}}
     {{{ ocil_file_permissions(file="/etc/security/opasswd", perms="0600") }}}
+
+platform: package[pam]