Add handler for V-230466

ash-linux/el8/STIGbyID/cat2/RHEL-08-030590.sls

@@ -0,0 +1,57 @@
+# Ref Doc:    STIG - RHEL 8 v1r11
+# Finding ID: V-230466
+# Rule ID:    SV-230466r627750_rule
+# STIG ID:    RHEL-08-030590
+# SRG ID:     SRG-OS-000037-GPOS-00015
+#             SRG-OS-000042-GPOS-00020
+#             SRG-OS-000062-GPOS-00031
+#             SRG-OS-000062-GPOS-00031
+#             SRG-OS-000392-GPOS-00172
+#             SRG-OS-000462-GPOS-00206
+#             SRG-OS-000471-GPOS-00215
+#             SRG-OS-000473-GPOS-00218
+#
+# Finding Level: medium
+#
+# Rule Summary:
+#       Successful/unsuccessful modifications to the faillock log file
+#       in RHEL 8 must generate an audit record.
+#
+# References:
+#   CCI:
+#     - CCI-000169
+#         NIST SP 800-53 :: AU-12 a
+#         NIST SP 800-53A :: AU-12.1 (ii)
+#         NIST SP 800-53 Revision 4 :: AU-12 a
+#
+###########################################################################
+{%- set stig_id = 'RHEL-08-030590' %}
+{%- set helperLoc = 'ash-linux/el8/STIGbyID/cat2/files' %}
+{%- set ruleFile = '/etc/audit/rules.d/logins.rules' %}
+{%- set skipIt = salt.pillar.get('ash-linux:lookup:skip-stigs', []) %}
+
+script_{{ stig_id }}-describe:
+  cmd.script:
+    - source: salt://{{ helperLoc }}/{{ stig_id }}.sh
+    - cwd: /root
+
+{%- if stig_id in skipIt %}
+notify_{{ stig_id }}-skipSet:
+  cmd.run:
+    - name: 'printf "\nchanged=no comment=''Handler for {{ stig_id }} has been selected for skip.''\n"'
+    - stateful: True
+    - cwd: /root
+{%- else %}
+Log faillock modifications ({{ stig_id }}):
+  file.replace:
+    - name: '{{ ruleFile }}'
+    - append_if_not_found: True
+    - not_found_content: |-
+
+        # Inserted per STIG ID {{ stig_id }}
+        -w /var/log/faillock -p wa -k logins
+    - pattern: '^(#|)-w\s*\/var\/log\/faillock\s\s*-p\s\s*wa\s\s*-k\s\s*logins'
+    - repl: '-w /var/log/faillock -p wa -k logins'
+    - unless:
+        cmd: 'grep -P ''^(#|)-w\s*\/var\/log\/faillock\s\s*-p\s\s*wa\s\s*-k\s\s*logins'' /etc/audit/rules.d/*'
+{%- endif %}

ash-linux/el8/STIGbyID/cat2/files/RHEL-08-030590.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+# Ref Doc:    STIG - RHEL 8 v1r11
+# Finding ID: V-230466
+# Rule ID:    SV-230466r627750_rule
+# STIG ID:    RHEL-08-030590
+# SRG ID:     SRG-OS-000037-GPOS-00015
+#             SRG-OS-000042-GPOS-00020
+#             SRG-OS-000062-GPOS-00031
+#             SRG-OS-000062-GPOS-00031
+#             SRG-OS-000392-GPOS-00172
+#             SRG-OS-000462-GPOS-00206
+#             SRG-OS-000471-GPOS-00215
+#             SRG-OS-000473-GPOS-00218
+#
+# Finding Level: medium
+#
+# Rule Summary:
+#       Successful/unsuccessful modifications to the faillock log file
+#       in RHEL 8 must generate an audit record.
+#
+# References:
+#   CCI:
+#     - CCI-000169
+#         NIST SP 800-53 :: AU-12 a
+#         NIST SP 800-53A :: AU-12.1 (ii)
+#         NIST SP 800-53 Revision 4 :: AU-12 a
+#
+###########################################################################
+# Standard outputter function
+diag_out() {
+   echo "${1}"
+}
+
+diag_out "--------------------------------------"
+diag_out "STIG Finding ID: V-230466"
+diag_out "     Modifications to the faillock log"
+diag_out "     file must generate an audit"
+diag_out "     record"
+diag_out "--------------------------------------"

ash-linux/el8/STIGbyID/cat2/init.sls

@@ -13,6 +13,7 @@ include:
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-020090
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-020180
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-020231
+  - ash-linux.el8.STIGbyID.cat2.RHEL-08-030590
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-030740
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-040090
   - ash-linux.el8.STIGbyID.cat2.RHEL-08-040123