Research Highlight - CIS Linux Content Normalization and Roll up

Summary

Last year Tenable Research implemented an audit language feature, ‘roll up’, that enabled us to achieve 1-1 alignment between benchmark recommendations and scan results. As we have implemented new versions of our content we have ensured that we write new checks using this feature.

This announcement is to notify our customer base that we have invested in normalizing our remaining CIS Linux content to fully utilize this roll up feature, and that we will be releasing this normalized content out of band from version updates on June 1, 2024. 

Customers should expect that where previously there were multiple tests and results to evaluate certain recommendations, that they are now aggregated as one report. Each individual test will be included in the actual output of the single report.

Example actual output:

All of the following must pass to satisfy this requirement:

-------------------------

PASSED - auditd.conf - action_mail_acct

Compliant file(s):

      /etc/audit/auditd.conf - regex '(?i)^[\s]*action_mail_acct[\s]*=' found - expect '(?i)^[\s]*action_mail_acct[\s]*=[\s]*root[\s]*$' found in the following lines:

          23: action_mail_acct = root

-------------------------

PASSED - auditd.conf - admin_space_left_action

Compliant file(s):

      /etc/audit/auditd.conf - regex '(?i)^[\s]*admin_space_left_action[\s]*=' found - expect '(?i)^[\s]*admin_space_left_action[\s]*=[\s]*halt[\s]*$' found in the following lines:

          25: admin_space_left_action = HALT

-------------------------

PASSED - auditd.conf - space_left_action

Compliant file(s):

      /etc/audit/auditd.conf - regex '(?i)^[\s]*space_left_action[\s]*=' found - expect '(?i)^[\s]*space_left_action[\s]*=[\s]*email[\s]*$' found in the following lines:

          21: space_left_action = email

Previously the example above would have had a single result for each test. We hope that these changes improve the customer experience as it relates to their reporting and evaluation obligations.

Tenable Audit Files Affected:

CIS AlmaLinux OS 8 Benchmark 3.0.0

CIS AlmaLinux OS 9 Benchmark 1.0.0

CIS Amazon Linux 2023 Benchmark 1.0.0

CIS CentOS Linux 8 Benchmark 2.0.0

CIS Debian Linux 10 Benchmark 2.0.0

CIS Debian Linux 11 Benchmark 1.0.0

CIS Fedora 28 Family Linux Benchmark 2.0.0

CIS Oracle Linux 8 Benchmark 3.0.0

CIS Oracle Linux 9 Benchmark 1.0.0

CIS Red Hat Enterprise Linux 8 Benchmark 3.0.0

CIS Red Hat Enterprise Linux 9 Benchmark 1.0.0

CIS Rocky Linux 8 Benchmark 2.0.0

CIS Rocky Linux 9 Benchmark 1.0.0

CIS SUSE Linux Enterprise 15 Benchmark 1.1.1

CIS Ubuntu Linux 20.04 LTS Benchmark 2.0.1

CIS Ubuntu Linux 22.04 LTS Benchmark 1.0.0

Target Release Date

June 1, 2024.