Create SCA policy for Ubuntu 24.04 LTS #23194
Description
| Component | Action type | Main Issue |
|---|---|---|
| SCA | Create |
Main tasks
- Use the latest CIS benchmark PDF from https://downloads.cisecurity.org/#/
- Verify IDs numbers.
- Verify texts are correct: Title, Description, Rationale and Remediation.
- Verify Compliance: CIS, CIS_CSC.
- Verify condition and rules:
- To Pass.
- To Fail.
Checks
Syntax and semantic
- a) ID of each policy must be contiguous.
- b) The order and format set in Documentation must be respected.
- c) YML must be valid to avoid errors.
Content
- a) Compare each check with its analog from CIS Benchmark.
- b) Try maintaining each rule as similar as possible with the
Auditsection from the CIS check. - c) Check that the commands provide the expected output.
- d) When a failure is discovered, check similar policies to avoid repetition of the issue.
Unit testing
- a) Output from
agent.logafter the SCA scan and a raw output of the result of the checks.
Tests results
Analysisd (server or local)
analysisd.debug=2
Auth daemon debug (server)
authd.debug=0
Exec daemon debug (server, local, or Unix agent)
execd.debug=0
Monitor daemon debug (server, local, or Unix agent)
monitord.debug=0
Log collector (server, local or Unix agent)
logcollector.debug=0
Integrator daemon debug (server, local or Unix agent)
integrator.debug=0
Unix agentd
agent.debug=2
Deployment
- a) If the policy it's new, it must be added to the
sca.filestemplates. - b) If the OS has many supported SCA policies, a policy must be set as the default policy. (as example)
- Create SPECS issue
- Create check files issue
Documentation
- a) Ensure documentation SCA list includes the created or updated SCA.