1- documentation_complete: True
1+ documentation_complete: true
22
33reference: https://www.hhs.gov/hipaa/for-professionals/index.html
44
@@ -17,148 +17,72 @@ description: |-
1717 Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).
1818
1919selections:
20- - grub2_password
21- - grub2_uefi_password
22- - file_groupowner_grub2_cfg
23- - file_groupowner_efi_grub2_cfg
24- - file_permissions_grub2_cfg
25- - file_permissions_efi_grub2_cfg
26- - file_owner_grub2_cfg
27- - file_owner_efi_grub2_cfg
28- - grub2_disable_interactive_boot
29- - no_direct_root_logins
30- - no_empty_passwords
31- - require_singleuser_auth
32- - restrict_serial_port_logins
33- - securetty_root_login_console_only
34- - service_debug-shell_disabled
35- - disable_ctrlaltdel_reboot
36- - disable_ctrlaltdel_burstaction
37- - dconf_db_up_to_date
38- - dconf_gnome_remote_access_credential_prompt
39- - dconf_gnome_remote_access_encryption
40- - sshd_disable_empty_passwords
41- - sshd_disable_root_login
42- - libreswan_approved_tunnels
20+ - hipaa:all
4321 - no_rsh_trust_files
44- - package_rsh-server_removed
45- - package_talk_removed
46- - package_talk-server_removed
47- - package_telnet_removed
48- - package_telnet-server_removed
49- - package_xinetd_removed
50- - service_crond_enabled
51- - service_rexec_disabled
52- - service_rlogin_disabled
53- - service_telnet_disabled
54- - service_xinetd_disabled
55- - use_kerberos_security_all_exports
56- - var_authselect_profile=sssd
57- - enable_authselect
58- - disable_host_auth
59- - sshd_allow_only_protocol2
60- - sshd_disable_compression
61- - sshd_disable_gssapi_auth
62- - sshd_disable_kerb_auth
63- - sshd_do_not_permit_user_env
64- - sshd_enable_strictmodes
65- - sshd_enable_warning_banner
66- - var_sshd_set_keepalive=0
67- - sshd_set_keepalive_0
68- - encrypt_partitions
6922 - var_system_crypto_policy=fips
70- - configure_crypto_policy
71- - configure_ssh_crypto_policy
72- - var_selinux_policy_name=targeted
73- - var_selinux_state=enforcing
74- - grub2_enable_selinux
75- - sebool_selinuxuser_execheap
76- - sebool_selinuxuser_execmod
77- - sebool_selinuxuser_execstack
78- - selinux_confinement_of_daemons
79- - selinux_policytype
80- - selinux_state
81- - service_kdump_disabled
82- - sysctl_fs_suid_dumpable
83- - sysctl_kernel_dmesg_restrict
84- - sysctl_kernel_randomize_va_space
85- - rpm_verify_hashes
86- - rpm_verify_permissions
23+ - '!audit_rules_dac_modification_fchmodat2'
24+ - '!audit_rules_file_deletion_events_renameat2'
25+ - '!audit_rules_kernel_module_loading_finit'
26+ - '!audit_rules_mac_modification_usr_share'
27+ - '!audit_rules_privileged_commands_unix2_chkpwd'
28+ - '!audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat'
29+ - '!audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write'
30+ - '!audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order'
31+ - '!audit_rules_unsuccessful_file_modification_open_o_creat'
32+ - '!audit_rules_unsuccessful_file_modification_open_o_trunc_write'
33+ - '!audit_rules_unsuccessful_file_modification_open_rule_order'
34+ - '!audit_rules_unsuccessful_file_modification_openat_o_creat'
35+ - '!audit_rules_unsuccessful_file_modification_openat_o_trunc_write'
36+ - '!audit_rules_unsuccessful_file_modification_openat_rule_order'
37+ - '!audit_rules_unsuccessful_file_modification_rename'
38+ - '!audit_rules_unsuccessful_file_modification_renameat'
39+ - '!audit_rules_unsuccessful_file_modification_unlink'
40+ - '!audit_rules_unsuccessful_file_modification_unlinkat'
41+ - '!auditd_data_retention_action_mail_acct'
42+ - '!auditd_data_retention_admin_space_left_action'
43+ - '!auditd_data_retention_max_log_file_action'
44+ - '!auditd_data_retention_max_log_file_action_stig'
45+ - '!auditd_data_retention_space_left_action'
46+ - '!coreos_audit_option'
47+ - '!coreos_disable_interactive_boot'
48+ - '!coreos_enable_selinux_kernel_argument'
49+ - '!coreos_nousb_kernel_argument'
50+ - '!ensure_almalinux_gpgkey_installed'
51+ - '!ensure_fedora_gpgkey_installed'
52+ - '!ensure_gpgcheck_repo_metadata'
53+ - '!ensure_suse_gpgkey_installed'
54+ - '!file_groupowner_user_cfg'
55+ - '!file_owner_user_cfg'
56+ - '!file_permissions_grub2_cfg'
57+ - '!file_permissions_user_cfg'
58+ - '!grub2_admin_username'
59+ - '!grub2_uefi_admin_username'
60+ - '!package_audit-audispd-plugins_installed'
61+ - '!package_audit_installed'
62+ - '!package_cron_installed'
63+ - '!package_rsh_removed'
64+ - '!package_rsyslog_installed'
65+ - '!package_talk-server_removed'
66+ - '!package_talk_removed'
67+ - '!package_tcp_wrappers_removed'
68+ - '!package_ypbind_removed'
69+ - '!package_ypserv_removed'
70+ - '!partition_for_var_log_audit'
71+ - '!require_emergency_target_auth'
72+ - '!service_cron_enabled'
73+ - '!service_rsh_disabled'
74+ - '!service_rsyslog_enabled'
75+ - '!service_ypbind_disabled'
76+ - '!service_zebra_disabled'
77+ - '!sshd_disable_rhosts_rsa'
78+ - '!sshd_disable_user_known_hosts'
79+ - '!sshd_set_keepalive'
80+ - '!sshd_use_approved_ciphers'
81+ - '!sshd_use_approved_macs'
82+ - '!sshd_use_directory_configuration'
83+ - '!sshd_use_priv_separation'
84+ - '!ensure_redhat_gpgkey_installed'
85+ - '!sysctl_kernel_exec_shield'
86+ - var_sshd_set_keepalive=0
8787 - ensure_oracle_gpgkey_installed
88- - ensure_gpgcheck_globally_activated
89- - ensure_gpgcheck_never_disabled
90- - ensure_gpgcheck_local_packages
91- - grub2_audit_argument
92- - service_auditd_enabled
93- - audit_rules_privileged_commands_sudo
94- - audit_rules_privileged_commands_su
95- - audit_rules_immutable
96- - kernel_module_usb-storage_disabled
97- - service_autofs_disabled
98- - auditd_audispd_syslog_plugin_activated
99- - rsyslog_remote_loghost
100- - auditd_data_retention_flush
101- - audit_rules_dac_modification_chmod
102- - audit_rules_dac_modification_chown
103- - audit_rules_dac_modification_fchmodat
104- - audit_rules_dac_modification_fchmod
105- - audit_rules_dac_modification_fchownat
106- - audit_rules_dac_modification_fchown
107- - audit_rules_dac_modification_fremovexattr
108- - audit_rules_dac_modification_fsetxattr
109- - audit_rules_dac_modification_lchown
110- - audit_rules_dac_modification_lremovexattr
111- - audit_rules_dac_modification_lsetxattr
112- - audit_rules_dac_modification_removexattr
113- - audit_rules_dac_modification_setxattr
114- - audit_rules_execution_chcon
115- - audit_rules_execution_restorecon
116- - audit_rules_execution_semanage
117- - audit_rules_execution_setsebool
118- - audit_rules_file_deletion_events_renameat
119- - audit_rules_file_deletion_events_rename
120- - audit_rules_file_deletion_events_rmdir
121- - audit_rules_file_deletion_events_unlinkat
122- - audit_rules_file_deletion_events_unlink
123- - audit_rules_kernel_module_loading_delete
124- - audit_rules_kernel_module_loading_init
125- - audit_rules_login_events_faillock
126- - audit_rules_login_events_lastlog
127- - audit_rules_login_events_tallylog
128- - audit_rules_mac_modification
129- - audit_rules_media_export
130- - audit_rules_networkconfig_modification
131- - audit_rules_privileged_commands_chage
132- - audit_rules_privileged_commands_chsh
133- - audit_rules_privileged_commands_crontab
134- - audit_rules_privileged_commands_gpasswd
135- - audit_rules_privileged_commands_newgrp
136- - audit_rules_privileged_commands_pam_timestamp_check
137- - audit_rules_privileged_commands_passwd
138- - audit_rules_privileged_commands_postdrop
139- - audit_rules_privileged_commands_postqueue
140- - audit_rules_privileged_commands_ssh_keysign
141- - audit_rules_privileged_commands_sudoedit
142- - audit_rules_privileged_commands_umount
143- - audit_rules_privileged_commands_unix_chkpwd
144- - audit_rules_privileged_commands_userhelper
145- - audit_rules_session_events
146- - audit_rules_sysadmin_actions
147- - audit_rules_system_shutdown
148- - var_audit_failure_mode=panic
149- - audit_rules_time_adjtimex
150- - audit_rules_time_clock_settime
151- - audit_rules_time_settimeofday
152- - audit_rules_time_stime
153- - audit_rules_time_watch_localtime
154- - audit_rules_unsuccessful_file_modification_creat
155- - audit_rules_unsuccessful_file_modification_ftruncate
156- - audit_rules_unsuccessful_file_modification_openat
157- - audit_rules_unsuccessful_file_modification_open_by_handle_at
158- - audit_rules_unsuccessful_file_modification_open
159- - audit_rules_unsuccessful_file_modification_truncate
160- - audit_rules_usergroup_modification_group
161- - audit_rules_usergroup_modification_gshadow
162- - audit_rules_usergroup_modification_opasswd
163- - audit_rules_usergroup_modification_passwd
164- - audit_rules_usergroup_modification_shadow
88+ - package_rsh-server_removed
0 commit comments