Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt SCA rulesets to 3.10 syntax #406

Merged
merged 263 commits into from
Aug 20, 2019
Merged

Adapt SCA rulesets to 3.10 syntax #406

merged 263 commits into from
Aug 20, 2019

Conversation

JuantAldea
Copy link
Contributor

@JuantAldea JuantAldea commented May 22, 2019
edited
Loading

Addresses issue #404

This PR adapts the rulesets for the SCA syntax introduced in Wazuh 3.10, corrects several mistakes.

Changes include:

  • Rule logic inversion. Rules are written so that "true" is the expected, success, value.
  • Removal of semicolon as rule end mark.
  • Usage of the 3.10 whole rule negation operator not, which negates the rule result. Removes previous IN/NIN notation.
  • Usage of the 3.10 new rule type for numerical comparison n:.
  • Compliance field format changed to allow lists.
  • Proper formating of YML files.
  • Fixing several mistakes in the rules themselves.
  • Debian & Windows policy splitting.
  • Removal of generic ssh, pw and audit_rcl policies.
  • Policies renamed to remove "_rcl".
  • Addition of HIPAA y NIST 800 53 compliance mapping.

@JuantAldea JuantAldea changed the base branch from master to 3.10 May 22, 2019 16:40
@JuantAldea
Copy link
Contributor Author

JuantAldea commented May 24, 2019
edited
Loading

Adapted

  • Generics
  • Debian
  • Red Hat 7

Comments

  • Several rules fixed on the fly.

JuantAldea and others added 25 commits May 27, 2019 12:32
@JuantAldea
Fix errors
8a60d1b
@JuantAldea
Adapt RHEL5
f8a1c82
@JuantAldea
Fix requirements
b502bbf
@JuantAldea
Add missing :
7eab838
@JuantAldea
Use a more sematically appropriate condition for some checks
2c6344d
@JuantAldea
Adapt SLES policies
685c117
@JuantAldea
Adapt Solaris 11
d9920e7
@JuantAldea
Adapt mysql EE
f44be09
@JuantAldea
Fix debian rule
d70e588
@JuantAldea
Adapt mysql policies
3e1510a
@JuantAldea
Adapt Apache policies
5380fde
@JuantAldea
Fix apache rule
c6f8dee
@JuantAldea
Adapt Darwin 10.11 El Capitan
b9084b0
@JuantAldea
Change one any to an all
4e7099b
@JuantAldea
Adapt Darwin 10.12 Sierra
e6facc3
@JuantAldea
Adapt Darwin 10.13 High Sierra
6ddde54
@JuantAldea
Rewrite check
b35bc7e
@JuantAldea
Simplify some checks
72ee58e
Adapt Microsoft Office 2016 rules
796c946
@JuantAldea
WIP W10 L1, some testing needed
b577749
@JuantAldea
Adapt Windows 10 L2
2b22180
@JuantAldea
Adapt cis_win2012r2_domainL2_rcl.yml
9cb9e04
Adapt Windows 2012 L1 L2
b743b4f
@JuantAldea
Add newlines to windows/cis_win2012r2_memberL1_rcl.yml
c0e576e
Complete some checks and remove useless rules
21573d5
@chemamartinez chemamartinez marked this pull request as ready for review August 12, 2019 08:59
@chemamartinez chemamartinez merged commit eded967 into 3.10 Aug 20, 2019
@chemamartinez chemamartinez deleted the 404-adapt-sca-rules-to-new-syntax branch August 20, 2019 13:40
@chemamartinez chemamartinez mentioned this pull request Aug 20, 2019
Closed
@chemamartinez chemamartinez mentioned this pull request Sep 9, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@JuantAldea JuantAldea

@chemamartinez chemamartinez

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@JuantAldea @chemamartinez @AdriiiPRodri @cristgl @crd1985 @carlocas