Update Rocky Linux 9 RULESET to meet CIS Benchmark v2.0.0 - 06-25-2024
31 views
Skip to first unread message
Nikita Rousseau
Sep 11, 2025, 9:09:04 AM (9 days ago) Sep 11
to Wazuh | Mailing List
Dear Wazuh community,
I recently finished to update the Rocky 9 sca/ruleset to the new CIS 2.0.0 version.
The associated PR is now ready for review at https://github.com/wazuh/wazuh/pull/31432/commits
This associated issue is at https://github.com/wazuh/wazuh/issues/31431
Since it is my first contribution to wazuh, please feel free to notify me if I need to sign documents (for OSS contributions) or join some more tests to the PR.
Have a great week,
Nikita
I recently finished to update the Rocky 9 sca/ruleset to the new CIS 2.0.0 version.
The associated PR is now ready for review at https://github.com/wazuh/wazuh/pull/31432/commits
This associated issue is at https://github.com/wazuh/wazuh/issues/31431
Since it is my first contribution to wazuh, please feel free to notify me if I need to sign documents (for OSS contributions) or join some more tests to the PR.
Have a great week,
Nikita
Isaac Yusuf
Sep 11, 2025, 9:47:54 AM (9 days ago) Sep 11
to Wazuh | Mailing List
Hello Nikita,
Thank you very much for your contribution!
Efforts such as these help the open source community grow!
Due to the backlog of numerous PRs from other users still pending review, it may take some time to reach this review. When our development team reviews and tests it, you will be mentioned in the PR, and credit will be given to you in future releases when it is merged.
Thank you once again for your contribution to the project!
Nikita Rousseau
Sep 15, 2025, 1:11:47 PM (5 days ago) Sep 15
to Wazuh | Mailing List
Hi,
Thank you Yusuf for your message ! :) Indeed, the effort is quite substantial, but validating the PR will also be it is own challenge !
I published even more checks :
31721 3.1.3 Ensure bluetooth services are not in use. (Automated)
31722 5.1.4 Ensure sshd Ciphers are configured. (Automated)
31723 5.1.11 Ensure sshd GSSAPIAuthentication is disabled. (Automated)
31724 5.4.1.4 Ensure strong password hashing algorithm is configured. (Automated)
31725 7.1.9 Ensure permissions on /etc/shells are configured. (Automated)
31726 7.1.10 Ensure permissions on /etc/security/opasswd are configured (Automated)
31727 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support (Automated)
31728 1.6.4 Ensure system wide crypto policy disables macs less than 128 bits (Automated)
31729 1.6.5 Ensure system wide crypto policy disables cbc for ssh (Automated)
31730 1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for ssh (Manual)
31731 1.6.7 Ensure system wide crypto policy disables EtM for ssh (Manual)
31732 2.3.3 Ensure chrony is not run as the root user (Automated)
31733 5.1.5 Ensure sshd KexAlgorithms is configured (Automated)
31734 5.1.6 Ensure sshd MACs are configured (Automated)
31735 6.2.4.1 Ensure access to all logfiles has been configured (Automated)
31736 6.2.1.4 Ensure only one logging system is in use (Automated)
I also backported the recent commits :
- https://github.com/wazuh/wazuh/commit/833b405d8a60feafb071b693b94a620c585f73fb
- https://github.com/wazuh/wazuh/commit/c0dc1fc0386852259e82f0fa1acfcfd61755aaea
- https://github.com/wazuh/wazuh/commit/4e4bb7ce1e991c902478247fcaea752665a008a0
I will join the results and evidence later this week (following the instructions here : https://github.com/wazuh/wazuh/pull/31432#issuecomment-3293099674 ).
Regards,
Nikita
Nikita Rousseau
Sep 15, 2025, 1:11:48 PM (5 days ago) Sep 15
to Wazuh | Mailing List
Reply all
Reply to author
Forward
0 new messages