diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml index 825328bc289..55de06a0a9e 100644 --- a/controls/cis_rhel10.yml +++ b/controls/cis_rhel10.yml @@ -1104,6 +1104,7 @@ controls: - l1_workstation status: automated rules: + - package_cron_installed - service_crond_enabled - id: 2.4.1.2 diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml index 9004c842663..05a3e4ac356 100644 --- a/controls/cis_rhel9.yml +++ b/controls/cis_rhel9.yml @@ -1099,6 +1099,7 @@ controls: - l1_workstation status: automated rules: + - package_cron_installed - service_crond_enabled - id: 2.4.1.2 diff --git a/controls/srg_gpos/SRG-OS-000480-GPOS-00227.yml b/controls/srg_gpos/SRG-OS-000480-GPOS-00227.yml index fd92d3a410f..a6859fff206 100644 --- a/controls/srg_gpos/SRG-OS-000480-GPOS-00227.yml +++ b/controls/srg_gpos/SRG-OS-000480-GPOS-00227.yml @@ -100,6 +100,7 @@ controls: - package_nss-tools_installed - package_policycoreutils-python-utils_installed - package_policycoreutils_installed + - package_cron_installed # mount options - mount_option_nodev_remote_filesystems diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml index b7197b06aa2..78f036fe179 100644 --- a/controls/stig_rhel9.yml +++ b/controls/stig_rhel9.yml @@ -958,6 +958,7 @@ controls: - medium title: RHEL 9 cron configuration directories must have a mode of 0700 or less permissive. rules: + - package_cron_installed - file_permissions_cron_d - file_permissions_cron_daily - file_permissions_cron_hourly diff --git a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml index b984b731cf8..5423ff2a970 100644 --- a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml +++ b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml @@ -1,4 +1,4 @@ -{{% if product in ["rhel10", "sle12", "sle15"] %}} +{{% if product in ["rhel9", "rhel10", "sle12", "sle15"] %}} {{% set package_name = "cronie" %}} {{% else %}} {{% set package_name = "cron" %}} @@ -15,6 +15,7 @@ rationale: 'The cron service allow periodic job execution, needed for almost all severity: medium identifiers: + cce@rhel9: CCE-86170-8 cce@rhel10: CCE-86619-4 cce@sle12: CCE-92263-3 cce@sle15: CCE-91379-8 @@ -42,6 +43,7 @@ template: name: package_installed vars: pkgname: cron + pkgname@rhel9: cronie pkgname@rhel10: cronie pkgname@sle12: cronie pkgname@sle15: cronie diff --git a/products/rhel9/profiles/hipaa.profile b/products/rhel9/profiles/hipaa.profile index 01d79b55298..7f0b11fd190 100644 --- a/products/rhel9/profiles/hipaa.profile +++ b/products/rhel9/profiles/hipaa.profile @@ -46,6 +46,7 @@ selections: - package_talk-server_removed - package_telnet_removed - package_telnet-server_removed + - package_cron_installed - service_crond_enabled - service_telnet_disabled - use_kerberos_security_all_exports diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index fee68f16e4d..9ef1cc00f04 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -1,4 +1,3 @@ -CCE-86170-8 CCE-86178-1 CCE-86179-9 CCE-86180-7 diff --git a/tests/data/profile_stability/rhel9/cis.profile b/tests/data/profile_stability/rhel9/cis.profile index badf096b9a3..138a9d96ab8 100644 --- a/tests/data/profile_stability/rhel9/cis.profile +++ b/tests/data/profile_stability/rhel9/cis.profile @@ -286,6 +286,7 @@ selections: - package_audit_installed - package_bind_removed - package_chrony_installed +- package_cron_installed - package_cyrus-imapd_removed - package_dhcp_removed - package_dnsmasq_removed diff --git a/tests/data/profile_stability/rhel9/cis_server_l1.profile b/tests/data/profile_stability/rhel9/cis_server_l1.profile index cb60e30b300..3e7d0f72dbc 100644 --- a/tests/data/profile_stability/rhel9/cis_server_l1.profile +++ b/tests/data/profile_stability/rhel9/cis_server_l1.profile @@ -202,6 +202,7 @@ selections: - package_aide_installed - package_bind_removed - package_chrony_installed +- package_cron_installed - package_cyrus-imapd_removed - package_dhcp_removed - package_dnsmasq_removed diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l1.profile b/tests/data/profile_stability/rhel9/cis_workstation_l1.profile index 8ddf27758a7..9fb9d48d2c2 100644 --- a/tests/data/profile_stability/rhel9/cis_workstation_l1.profile +++ b/tests/data/profile_stability/rhel9/cis_workstation_l1.profile @@ -199,6 +199,7 @@ selections: - package_aide_installed - package_bind_removed - package_chrony_installed +- package_cron_installed - package_cyrus-imapd_removed - package_dhcp_removed - package_dnsmasq_removed diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile index 60fab32147e..cf88a4aa98f 100644 --- a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile +++ b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile @@ -286,6 +286,7 @@ selections: - package_audit_installed - package_bind_removed - package_chrony_installed +- package_cron_installed - package_cyrus-imapd_removed - package_dhcp_removed - package_dnsmasq_removed diff --git a/tests/data/profile_stability/rhel9/stig.profile b/tests/data/profile_stability/rhel9/stig.profile index 397624e7db3..8d280308a30 100644 --- a/tests/data/profile_stability/rhel9/stig.profile +++ b/tests/data/profile_stability/rhel9/stig.profile @@ -370,6 +370,7 @@ selections: - package_audispd-plugins_installed - package_audit_installed - package_chrony_installed +- package_cron_installed - package_crypto-policies_installed - package_fapolicyd_installed - package_firewalld_installed