Skip to content

OPENSCAP-4913 - Update audit_file_deletion_events group for RHEL 10#13179

Merged
Mab879 merged 2 commits into
ComplianceAsCode:masterfrom
jan-cerny:audit_file_deletion_events
Mar 20, 2025
Merged

OPENSCAP-4913 - Update audit_file_deletion_events group for RHEL 10#13179
Mab879 merged 2 commits into
ComplianceAsCode:masterfrom
jan-cerny:audit_file_deletion_events

Conversation

@jan-cerny
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny commented Mar 14, 2025

Description:

This PR will update the audit_file_deletion_events group and rules in it for RHEL 10.

Update descriptions with 64bit architecture

If you have 64 bit architecture you need to have 2 lines in the audit rules - one for b32 and second for b64.
The checks and remediations already do that, so we need to align the rule description.

Add renameat2 syscall to audit rules

The audit_file_deletion_events rule checks for the renameat syscall. However, there is a similar syscall renameat2 which
should be checked as well. We don't have a rule for it so in this commit we will create a new rule and add renameat2 syscall everywhere where renameat syscall is used.

Rationale:

Incorporate changes in RHEL 10 as identified by RHEL 10 component maintainers.

Review Hints:

@jan-cerny
Update descriptions with 64bit architecture
31c5783 
If you have 64 bit architecture you need to have 2 lines
in the audit rules - one for b32 and second for b64.
The checks and remediations already do that, so we need
to align the rule description.
@jan-cerny
Add renameat2 syscall to audit rules
9c34ccc 
The audit_file_deletion_events rule checks for the `renameat`
syscall. However, there is a similar syscall `renameat2` which
should be checked as well. We don't have a rule for it so in
this commit we will create a new rule and add `renameat2` syscall
everywhere where `renameat` syscall is used.
@jan-cerny jan-cerny added New Rule Issues or pull requests related to new Rules. Update Rule Issues or pull requests related to Rules updates. Update Profile Issues or pull requests related to Profiles updates. RHEL10 Red Hat Enterprise Linux 10 product related. labels Mar 14, 2025
@jan-cerny jan-cerny added this to the 0.1.77 milestone Mar 14, 2025
@jan-cerny jan-cerny requested review from a team as code owners March 14, 2025 12:27
@Mab879 Mab879 self-assigned this Mar 14, 2025
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 14, 2025

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events
@@ -7,20 +7,20 @@
 for all users and root. If the auditd daemon is configured to use the
 augenrules program to read audit rules during daemon startup (the
 default), add the following line to a file with suffix .rules in the
-directory /etc/audit/rules.d, setting ARCH to either b32 or b64 as
-appropriate for your system:
--a always,exit -F arch=ARCH -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete
+directory /etc/audit/rules.d, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
+-a always,exit -F arch=ARCH -S rmdir,unlink,unlinkat,rename,renameat,renameat2 -F auid>=1000 -F auid!=unset -F key=delete
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following line to
-/etc/audit/audit.rules file, setting ARCH to either b32 or b64 as
-appropriate for your system:
--a always,exit -F arch=ARCH -S rmdir,unlink,unlinkat,rename -S renameat -F auid>=1000 -F auid!=unset -F key=delete
+/etc/audit/audit.rules file, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
+-a always,exit -F arch=ARCH -S rmdir,unlink,unlinkat,rename,renameat2 -S renameat -F auid>=1000 -F auid!=unset -F key=delete
 
 [warning]:
 This rule checks for multiple syscalls related to file deletion;
 it was written with DISA STIG in mind. Other policies should use a
 separate rule for each syscall that needs to be checked. For example:
-audit_rules_file_deletion_events_rmdiraudit_rules_file_deletion_events_unlinkaudit_rules_file_deletion_events_unlinkat
+audit_rules_file_deletion_events_rmdiraudit_rules_file_deletion_events_unlinkaudit_rules_file_deletion_events_unlinkataudit_rules_file_deletion_events_renameaudit_rules_file_deletion_events_renameataudit_rules_file_deletion_events_renameat2
 
 [reference]:
 1

OVAL for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events' differs.
--- oval:ssg-audit_rules_file_deletion_events:def:1
+++ oval:ssg-audit_rules_file_deletion_events:def:1
@@ -4,3 +4,4 @@
 extend_definition oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1
 extend_definition oval:ssg-audit_rules_file_deletion_events_rename:def:1
 extend_definition oval:ssg-audit_rules_file_deletion_events_renameat:def:1
+extend_definition oval:ssg-audit_rules_file_deletion_events_renameat2:def:1

OCIL for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events' differs.
--- ocil:ssg-audit_rules_file_deletion_events_ocil:questionnaire:1
+++ ocil:ssg-audit_rules_file_deletion_events_ocil:questionnaire:1
@@ -18,5 +18,9 @@
 renameat system call, run the following command:
 $ sudo grep "renameat" /etc/audit/audit.*
 If the system is configured to audit this activity, it will return a line.
+To determine if the system is configured to audit calls to the
+renameat2 system call, run the following command:
+$ sudo grep "renameat2" /etc/audit/audit.*
+If the system is configured to audit this activity, it will return a line.
       Is it the case that no line is returned?
       
bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events
@@ -10,9 +10,9 @@
 	ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
 	OTHER_FILTERS=""
 	AUID_FILTERS="-F auid>=1000 -F auid!=unset"
-	SYSCALL="rmdir unlink unlinkat rename renameat"
+	SYSCALL="rmdir unlink unlinkat rename renameat renameat2"
 	KEY="delete"
-	SYSCALL_GROUPING="rmdir unlink unlinkat rename renameat"
+	SYSCALL_GROUPING="rmdir unlink unlinkat rename renameat renameat2"
 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 	unset syscall_a
 unset syscall_grouping

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
@@ -7,13 +7,13 @@
 for all users and root. If the auditd daemon is configured to use the
 augenrules program to read audit rules during daemon startup (the
 default), add the following line to a file with suffix .rules in the
-directory /etc/audit/rules.d, setting ARCH to either b32 or b64 as
-appropriate for your system:
+directory /etc/audit/rules.d, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S rename -F auid>=1000 -F auid!=unset -F key=delete
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following line to
-/etc/audit/audit.rules file, setting ARCH to either b32 or b64 as
-appropriate for your system:
+/etc/audit/audit.rules file, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S rename -F auid>=1000 -F auid!=unset -F key=delete
 
 [reference]:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
@@ -12,7 +12,7 @@
 	AUID_FILTERS="-F auid>=1000 -F auid!=unset"
 	SYSCALL="rename"
 	KEY="delete"
-	SYSCALL_GROUPING="unlink unlinkat rename renameat rmdir"
+	SYSCALL_GROUPING="unlink unlinkat rename renameat renameat2 rmdir"
 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 	unset syscall_a
 unset syscall_grouping

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
@@ -58,6 +58,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rename in /etc/audit/rules.d/
@@ -136,6 +137,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rename in /etc/audit/audit.rules
@@ -212,6 +214,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rename in /etc/audit/rules.d/
@@ -290,6 +293,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rename in /etc/audit/audit.rules

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
@@ -7,13 +7,13 @@
 for all users and root. If the auditd daemon is configured to use the
 augenrules program to read audit rules during daemon startup (the
 default), add the following line to a file with suffix .rules in the
-directory /etc/audit/rules.d, setting ARCH to either b32 or b64 as
-appropriate for your system:
+directory /etc/audit/rules.d, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S renameat -F auid>=1000 -F auid!=unset -F key=delete
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following line to
-/etc/audit/audit.rules file, setting ARCH to either b32 or b64 as
-appropriate for your system:
+/etc/audit/audit.rules file, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S renameat -F auid>=1000 -F auid!=unset -F key=delete
 
 [reference]:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
@@ -12,7 +12,7 @@
 	AUID_FILTERS="-F auid>=1000 -F auid!=unset"
 	SYSCALL="renameat"
 	KEY="delete"
-	SYSCALL_GROUPING="unlink unlinkat rename renameat rmdir"
+	SYSCALL_GROUPING="unlink unlinkat rename renameat renameat2 rmdir"
 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 	unset syscall_a
 unset syscall_grouping

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
@@ -57,6 +57,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of renameat in /etc/audit/rules.d/
@@ -135,6 +136,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of renameat in /etc/audit/audit.rules
@@ -210,6 +212,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of renameat in /etc/audit/rules.d/
@@ -288,6 +291,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of renameat in /etc/audit/audit.rules

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
@@ -7,13 +7,13 @@
 for all users and root. If the auditd daemon is configured to use the
 augenrules program to read audit rules during daemon startup (the
 default), add the following line to a file with suffix .rules in the
-directory /etc/audit/rules.d, setting ARCH to either b32 or b64 as
-appropriate for your system:
+directory /etc/audit/rules.d, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S rmdir -F auid>=1000 -F auid!=unset -F key=delete
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following line to
-/etc/audit/audit.rules file, setting ARCH to either b32 or b64 as
-appropriate for your system:
+/etc/audit/audit.rules file, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S rmdir -F auid>=1000 -F auid!=unset -F key=delete
 
 [reference]:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
@@ -12,7 +12,7 @@
 	AUID_FILTERS="-F auid>=1000 -F auid!=unset"
 	SYSCALL="rmdir"
 	KEY="delete"
-	SYSCALL_GROUPING="unlink unlinkat rename renameat rmdir"
+	SYSCALL_GROUPING="unlink unlinkat rename renameat renameat2 rmdir"
 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 	unset syscall_a
 unset syscall_grouping

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
@@ -58,6 +58,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rmdir in /etc/audit/rules.d/
@@ -136,6 +137,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rmdir in /etc/audit/audit.rules
@@ -212,6 +214,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rmdir in /etc/audit/rules.d/
@@ -290,6 +293,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of rmdir in /etc/audit/audit.rules

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
@@ -7,13 +7,13 @@
 for all users and root. If the auditd daemon is configured to use the
 augenrules program to read audit rules during daemon startup (the
 default), add the following line to a file with suffix .rules in the
-directory /etc/audit/rules.d, setting ARCH to either b32 or b64 as
-appropriate for your system:
+directory /etc/audit/rules.d, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S unlink -F auid>=1000 -F auid!=unset -F key=delete
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following line to
-/etc/audit/audit.rules file, setting ARCH to either b32 or b64 as
-appropriate for your system:
+/etc/audit/audit.rules file, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S unlink -F auid>=1000 -F auid!=unset -F key=delete
 
 [reference]:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
@@ -12,7 +12,7 @@
 	AUID_FILTERS="-F auid>=1000 -F auid!=unset"
 	SYSCALL="unlink"
 	KEY="delete"
-	SYSCALL_GROUPING="unlink unlinkat rename renameat rmdir"
+	SYSCALL_GROUPING="unlink unlinkat rename renameat renameat2 rmdir"
 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 	unset syscall_a
 unset syscall_grouping

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
@@ -58,6 +58,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlink in /etc/audit/rules.d/
@@ -136,6 +137,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlink in /etc/audit/audit.rules
@@ -212,6 +214,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlink in /etc/audit/rules.d/
@@ -290,6 +293,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlink in /etc/audit/audit.rules

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
@@ -7,13 +7,13 @@
 for all users and root. If the auditd daemon is configured to use the
 augenrules program to read audit rules during daemon startup (the
 default), add the following line to a file with suffix .rules in the
-directory /etc/audit/rules.d, setting ARCH to either b32 or b64 as
-appropriate for your system:
+directory /etc/audit/rules.d, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S unlinkat -F auid>=1000 -F auid!=unset -F key=delete
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following line to
-/etc/audit/audit.rules file, setting ARCH to either b32 or b64 as
-appropriate for your system:
+/etc/audit/audit.rules file, setting ARCH to either b32 for 32-bit
+system, or having two lines for both b32 and b64 in case your system is 64-bit:
 -a always,exit -F arch=ARCH -S unlinkat -F auid>=1000 -F auid!=unset -F key=delete
 
 [reference]:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
@@ -12,7 +12,7 @@
 	AUID_FILTERS="-F auid>=1000 -F auid!=unset"
 	SYSCALL="unlinkat"
 	KEY="delete"
-	SYSCALL_GROUPING="unlink unlinkat rename renameat rmdir"
+	SYSCALL_GROUPING="unlink unlinkat rename renameat renameat2 rmdir"
 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 	unset syscall_a
 unset syscall_grouping

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
@@ -57,6 +57,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlinkat in /etc/audit/rules.d/
@@ -135,6 +136,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlinkat in /etc/audit/audit.rules
@@ -210,6 +212,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlinkat in /etc/audit/rules.d/
@@ -288,6 +291,7 @@
       - unlinkat
       - rename
       - renameat
+      - renameat2
       - rmdir
 
   - name: Check existence of unlinkat in /etc/audit/audit.rules

@qlty-cloud-legacy
Copy link
Copy Markdown

qlty-cloud-legacy Bot commented Mar 14, 2025

Code Climate has analyzed commit 9c34ccc and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

Mab879
Mab879 approved these changes Mar 14, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will wait a few days for other distros to approve as well.

Xeicker
Xeicker approved these changes Mar 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Xeicker Xeicker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Mab879
Copy link
Copy Markdown
Member

Mab879 commented Mar 20, 2025

Waving Automaus tests as they pass locally.

@Mab879
Copy link
Copy Markdown
Member

Mab879 commented Mar 20, 2025

Automatus tests as they pass locally, waiving.

Merging now since we just ensuring rules are excluded from a profile.

@Mab879 Mab879 merged commit dd40762 into ComplianceAsCode:master Mar 20, 2025
@jan-cerny jan-cerny changed the title Update audit_file_deletion_events group for RHEL 10 OPENSCAP-4913 - Update audit_file_deletion_events group for RHEL 10 Mar 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

+1 more reviewer

@Xeicker Xeicker Xeicker approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Mab879 Mab879

Labels

New Rule Issues or pull requests related to new Rules. RHEL10 Red Hat Enterprise Linux 10 product related. Update Profile Issues or pull requests related to Profiles updates. Update Rule Issues or pull requests related to Rules updates.

Projects

None yet

Milestone

0.1.77

Development

Successfully merging this pull request may close these issues.

3 participants

@jan-cerny @Mab879 @Xeicker