ComplianceAsCode / content

Description of problem:

The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content doesn't pass the scan by the external content.

Details:

Rule CCE-88173-0 which is auditd_audispd_configure_sufficiently_large_partition is notchecked (however, I see OVAL implemented) by our content. The equivalent rule in DISA STIG checks the requirement and results in fail.

Outcome:

SSG and DISA contents are aligned

SCAP Security Guide Version:

latest master

External Content's Version:

RHEL9 V1R2

-   id: RHEL-09-653030
    levels:
        - medium
    title:
        RHEL 9 must allocate audit record storage capacity to store at least one
        week's worth of audit records.
    rules:
        - auditd_audispd_configure_sufficiently_large_partition

Should be easy fix remove this:

content/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/oval/shared.xml

Line 1 in 093b315

DISA SCAP RHEL9 content defines:

    <oval:schema_version>5.11.2</oval:schema_version>

https://github.com/ComplianceAsCode/content/blob/master/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml#L16732

The PR #11816 solved this DISA misalignment issue but also revealed other issues related to OVAL version. Therefore, the change will be reverted by #11917 so we can better work in a long-term solution.

Once the #11917 is merged, this issue will be reopened while the #11891 will be closed.

CCE-88173-0 is `notchecked` by SSG, however for DISA STIG it `fail`

Description of problem:

Details:

Outcome:

SCAP Security Guide Version:

External Content's Version: