Add /etc/shells rules to CIS control 6.1.9

controls/cis_rhel7.yml

@@ -2383,8 +2383,11 @@ controls:
     levels:
     - l1_server
     - l1_workstation
-    status: pending
-    # TODO: new rule needed
+    status: automated
+    rules:
+    - file_owner_etc_shells
+    - file_groupowner_etc_shells
+    - file_permissions_etc_shells
 
   - id: 6.1.10
     title: Ensure permissions on /etc/security/opasswd are configured (Automated)

linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shells/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel7,rhel8
 
 title: 'Verify Group Who Owns /etc/shells File'
 
@@ -14,9 +14,11 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel7: CCE-86624-4
     cce@rhel8: CCE-87030-3
 
 references:
+    cis@rhel7: 6.1.9
     cis@rhel8: 6.1.10
     nist: AC-3,MP-2
 

linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shells/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel7,rhel8
 
 title: 'Verify Who Owns /etc/shells File'
 
@@ -14,9 +14,11 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel7: CCE-86622-8
     cce@rhel8: CCE-87055-0
 
 references:
+    cis@rhel7: 6.1.9
     cis@rhel8: 6.1.10
     nist: AC-3,MP-2
 

linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shells/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel7,rhel8
 
 title: 'Verify Permissions on /etc/shells File'
 
@@ -14,9 +14,11 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel7: CCE-86626-9
     cce@rhel8: CCE-86634-3
 
 references:
+    cis@rhel7: 6.1.9
     cis@rhel8: 6.1.10
     nist: AC-3,MP-2
 

shared/references/cce-redhat-avail.txt

@@ -294,9 +294,6 @@ CCE-86610-3
 CCE-86613-7
 CCE-86619-4
 CCE-86620-2
-CCE-86622-8
-CCE-86624-4
-CCE-86626-9
 CCE-86627-7
 CCE-86628-5
 CCE-86629-3