From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E3FB9C77B7A for ; Wed, 17 May 2023 04:12:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684296736; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=XX802CeTSJ5zxcr8+EtS+bOF0crSJpP9S0/DFbkuf9o=; b=NWE7bdrqe9nMrahNMZp6eymyC9L3RZOBWjxbSfFIDkDgGOzKmnxgo4d+lXPC9nwDEwo5xB rJoKE/VYBrJv+yni3XzYkQ5Af9Y99v4ILTXBDxdQq4yu2JtFv7MV74tUZv4MIAt7R+Rl8i qoh9+HvAdQxNyPqNx6Bkh8JvnBqDBN0= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-622-9RAW8LjYN8SsWJYNQRPoDg-1; Wed, 17 May 2023 00:12:12 -0400 X-MC-Unique: 9RAW8LjYN8SsWJYNQRPoDg-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CE75E2932495; Wed, 17 May 2023 04:12:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5E888492C3F; Wed, 17 May 2023 04:12:09 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3B4C319465A8; Wed, 17 May 2023 04:12:09 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 662D519465A4 for ; Wed, 17 May 2023 04:12:08 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 513EEC16024; Wed, 17 May 2023 04:12:08 +0000 (UTC) Received: from x2.localnet (unknown [10.22.16.35]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0C665C15BA0; Wed, 17 May 2023 04:12:07 +0000 (UTC) From: Steve Grubb To: Linux-audit@redhat.com, linux-audit@redhat.com Subject: Re: What STIG audit rule picks up type=SOFTWARE_UPDATE events? Date: Wed, 17 May 2023 00:12:07 -0400 Message-ID: <5677897.DvuYhMxLoT@x2> Organization: Red Hat In-Reply-To: References: <7622dda18a1544c3bb52052019e34d72@jhuapl.edu> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-audit-bounces@redhat.com Sender: "Linux-audit" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGVsbG8sCgpPbiBTdW5kYXksIE1heSAxNCwgMjAyMyA4OjI0OjQ3IFBNIEVEVCBDbGFpcmUgU3Rh ZmZvcmQgd3JvdGU6Cj4gVGhpcyBicmluZ3MgdXAgdGhlIHF1ZXN0aW9uIG9mIHdoZXJlIEkgY2Fu IGZpbmQgdGhlIGF1ZGl0IGV2ZW50cyB3aGljaAo+IGFyZSBnZW5lcmF0ZWQgYnkgcnBtPwoKYXVz ZWFyY2ggLS1zdGFydCB0b2RheSAtbSBTT0ZUV0FSRV9VUERBVEUKCj4gQWxzbyBkbmYveXVtIGlm IHRoZXkgZGlyZWN0bHkgZ2VuZXJhdGUgZXZlbnRzPwoKTm8sIHRoZXkgYXJlIGxpbmtlZCBhZ2Fp bnN0IGxpYnJwbS4gSXQgaW4gdHVybiBoYXMgYSBwbHVnaW4sIHJwbS1wbHVnaW4tCmF1ZGl0LCB3 aGljaCBnZW5lcmF0ZXMgdGhlIGF1ZGl0IGV2ZW50cy4KCj4gQSB2ZXJ5IHF1aWNrIHNjYW4gb2Yg dGhlIHJwbSBzb3VyY2UgY29kZSBkb2Vzbid0IHJldmVhbCBhbnl0aGluZy4KCmh0dHBzOi8vZ2l0 aHViLmNvbS9ycG0tc29mdHdhcmUtbWFuYWdlbWVudC9ycG0vYmxvYi9tYXN0ZXIvcGx1Z2lucy9h dWRpdC5jCgotU3RldmUKCj4gT24gNS8xNC8yMyAxNDo0NiwgU3RldmVuIEdydWJiIHdyb3RlOgo+ ID4gSGVsbG8sCj4gPiAKPiA+IAo+ID4gT24gRnJpLCBNYXkgMTIsIDIwMjMgYXQgNToyM+KAr1BN IFdpZXByZWNodCwgS2FyZW4gTS4KPiA+IAo+ID4gPEthcmVuLldpZXByZWNodEBqaHVhcGwuZWR1 PiB3cm90ZToKPiA+ICAgICBBbGwsCj4gPiAgICAgCj4gPiAgICAgRG8geW91IGhhcHBlbiB0byBr bm93IHdoaWNoIGlmIHRoZSBzdGFuZGFyZCBTVElHIHJ1bGVzIGlzIHBpY2tpbmcKPiA+ICAgICB1 cCAgIHR5cGU9U09GVFdBUkVfVVBEQVRFIGV2ZW50cyBvbiBSSEVMIDcgYW5kIDggPwo+ID4gCj4g PiBOb25lLiBycG0gaGFzIGJlZW4gYWx0ZXJlZCB0byBwcm9kdWNlIHRoZXNlIG11Y2ggdGhlIHNh bWUgYXMgcGFtCj4gPiBwcm9kdWNlcyBsb2dpbiBldmVudHMuIEl0IHdhcyB0b28gdHJpY2t5IHRv IHRlbGwgdGhlIGludGVudCB0byB1cGRhdGUKPiA+IHZzIHF1ZXJ5aW5nIHRoZSBycG0gZGF0YWJh c2UuIEFuZCB5b3UgaGF2ZSBubyB3YXkgdG8gYW5zd2VyIHRoZQo+ID4gcXVlc3Rpb24gYWJvdXQg c3VjY2VzcyB3aXRob3V0IG9yaWdpbmF0aW5nIGZyb20gaW5zaWRlIHJwbSBpdHNlbGYuIEkKPiA+ IGRvbid0IHRoaW5rIGFueSBleHRlcm5hbCBydWxlcyBjYW4gbWVldCBhbGwgcmVxdWlyZW1lbnRz IGltcG9zZWQgYnkKPiA+IE9TUFAsIHdoaWNoIHRoZSBTVElHIGF1ZGl0IHJ1bGVzIGFyZSBsb29z ZWx5IGJhc2VkIG9uLgo+ID4gCj4gPiAtU3RldmUKPiA+IAo+ID4gICAgICAgSeKAmW0gdHJ5aW5n IHRvIGZpZ3VyZSBvdXQgaWYgd2UgbWlzc2VkIG9uZSBvZiB0aGVzZSBydWxlcyBvbiBhbgo+ID4g ICAgIFVidW50dSAyMCBzeXN0ZW0gd2UgYXJlIGNvbmZpZ3VyaW5nICBvciBpZiBtYXliZSB0aGUg YXVkaXQKPiA+ICAgICBzdWJzeXN0ZW0gaW1wbGVtZW50YXRpb24gb24gdGhhdCBzeXN0ZW0gZG9l c27igJl0IHBpY2sgdXAgYWxsIG9mIHRoZQo+ID4gICAgIHNhbWUgcmVjb3JkIHR5cGVzIGFzIHdl IGdldCBvbiBvdXIgUkhFTCBib3hlcy4gSSByZWFsaXplZCB3aGVuIEkKPiA+ICAgICBzdGFydGVk IGxvb2tpbmcgYXQgdGhpcyB0aGF0IGl04oCZcyBub3QgZWFzeSB0byBkZXRlcm1pbmUgd2hpY2gK PiA+ICAgICBhdWRpdCBydWxlIGlzIHBpY2tpbmcgdXAgYSBwYXJ0aWN1bGFyIGV2ZW50IGlmIGl0 4oCZcyBub3Qgb25lIG9mIHRoZQo+ID4gICAgIHJ1bGUgdGhhdCBoYXMgYSBrZXkgYXNzb2NpYXRl ZCB3aXRoIGl0Lgo+ID4gICAgIAo+ID4gICAgIEFzIGEgcG9zc2libGUgYWx0ZXJuYXRpdmUsICAg SSByYW4gYWNyb3NzIGEgc2FtcGxlIGF1ZGl0LnJ1bGVzCj4gPiAgICAgIGxpc3QgaGVyZSBHaXRI dWIgLSBOZW8yM3gwL2F1ZGl0ZDogQmVzdCBQcmFjdGljZSBBdWRpdGQKPiA+ICAgICBDb25maWd1 cmF0aW9uIDxodHRwczovL2dpdGh1Yi5jb20vTmVvMjN4MC9hdWRpdGQ+ICAoYWN0dWFsIHJ1bGVz Cj4gPiAgICAgZmlsZSBpcyBoZXJlOiBhdWRpdGQvYXVkaXQucnVsZXMgYXQgbWFzdGVyIMK3IE5l bzIzeDAvYXVkaXRkIMK3Cj4gPiAgICAgR2l0SHViCj4gPiAgICAgPGh0dHBzOi8vZ2l0aHViLmNv bS9OZW8yM3gwL2F1ZGl0ZC9ibG9iL21hc3Rlci9hdWRpdC5ydWxlcz4pIHdoaWNoCj4gPiAgICAg aW5jbHVkZWQgc29tZSBzb2Z0d2FyZSBtYW5hZ2VtZW50IHJ1bGVzIHRoYXQgZG9u4oCZdCBhcHBl YXIgdG8gYmUKPiA+ICAgICAgcGFydCBvZiB0aGUgc3RhbmRhcmQg4oCcMzAtc3RpZy5ydWxlc+KA nSAuCj4gPiAgICAgCj4gPiAgICAgSWYgdGhlIHN0YW5kYXJkIFNUSUcgcnVsZXMgZG9u4oCZdCBw aWNrIHVwICB0eXBlPVNPRlRXQVJFX1VQREFURQo+ID4gICAgIGV2ZW50cyBvbiBVYnVudHUyMCwg IEkgbWlnaHQgYWRkIHNvbWUgb2YgdGhlc2UgLCBzbyBJIHdhcyBob3BpbmcKPiA+ICAgICB0byBo YXZlIGEgcXVpY2sgc2FuaXR5IGNoZWNrIG9uIHdoZXRoZXIgdGhlc2UgbG9vayBsaWtlCj4gPiAg ICAgYXBwcm9wcmlhdGUgYWx0ZXJuYXRpdmVzLiAgQW55IHJlY29tbWVuZGF0aW9ucyBvciBjb21t ZW50cwo+ID4gICAgIHJlZ2FyZGluZyB0aGVzZSBzYW1wbGUgcnVsZXMgd291bGQgYmUgbXVjaCBh cHByZWNpYXRlZC4gIEJhc2ljYWxseQo+ID4gICAgIGl0IGxvb2tzIHRvIG1lIGxpa2UgdGhleSBh cmUganVzdCBzZXR0aW5nIHdhdGNoZXMgZm9yIGFueW9uZQo+ID4gICAgICBleGVjdXRpbmcgdGhl c2UgdmFyaW91cyBjb21tYW5kcywgd2hpY2ggc2hvdWxkbuKAmXQgY2F1c2UgdG8gbXVjaAo+ID4g ICAgIG5vaXNlIGluIHRoZSBsb2dzIGV4Y2VwdCBtYXliZSB3aGVuIHdlIGFyZSBwYXRjaGluZyB3 aGljaCBpcyBvbmUKPiA+ICAgICBvZiB0aGUgY29udGludW91cyBtb25pdG9yaW5nIGl0ZW1zIEkg IG5lZWQgdG8gYmUgYWJsZSB0byBjb25maXJtLgo+ID4gICAgIAo+ID4gICAgIFRoYW5rcyBtdWNo IQo+ID4gICAgIAo+ID4gICAgIEthcmVuIFdpZXByZWNodAo+ID4gICAgIAo+ID4gICAgICMgU29m dHdhcmUgTWFuYWdlbWVudAo+ID4gICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQo+ID4gICAgIAo+ID4gICAgICMgUlBNIChSZWRoYXQv Q2VudE9TKQo+ID4gICAgIAo+ID4gICAgIC13IC91c3IvYmluL3JwbSAtcCB4IC1rIHNvZnR3YXJl X21nbXQKPiA+ICAgICAKPiA+ICAgICAtdyAvdXNyL2Jpbi95dW0gLXAgeCAtayBzb2Z0d2FyZV9t Z210Cj4gPiAgICAgCj4gPiAgICAgIyBETkYgKEZlZG9yYS9SZWRIYXQgOC9DZW50T1MgOCkKPiA+ ICAgICAKPiA+ICAgICAtdyAvdXNyL2Jpbi9kbmYgLXAgeCAtayBzb2Z0d2FyZV9tZ210Cj4gPiAg ICAgCj4gPiAgICAgIyBZQVNUL1p5cHBlci9SUE0gKFN1U0UpCj4gPiAgICAgCj4gPiAgICAgLXcg L3NiaW4veWFzdCAtcCB4IC1rIHNvZnR3YXJlX21nbXQKPiA+ICAgICAKPiA+ICAgICAtdyAvc2Jp bi95YXN0MiAtcCB4IC1rIHNvZnR3YXJlX21nbXQKPiA+ICAgICAKPiA+ICAgICAtdyAvYmluL3Jw bSAtcCB4IC1rIHNvZnR3YXJlX21nbXQKPiA+ICAgICAKPiA+ICAgICAtdyAvdXNyL2Jpbi96eXBw ZXIgLWsgc29mdHdhcmVfbWdtdAo+ID4gICAgIAo+ID4gICAgICMgRFBLRyAvIEFQVC1HRVQgKERl Ymlhbi9VYnVudHUpCj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9iaW4vZHBrZyAtcCB4IC1rIHNv ZnR3YXJlX21nbXQKPiA+ICAgICAKPiA+ICAgICAtdyAvdXNyL2Jpbi9hcHQgLXAgeCAtayBzb2Z0 d2FyZV9tZ210Cj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9iaW4vYXB0LWFkZC1yZXBvc2l0b3J5 IC1wIHggLWsgc29mdHdhcmVfbWdtdAo+ID4gICAgIAo+ID4gICAgIC13IC91c3IvYmluL2FwdC1n ZXQgLXAgeCAtayBzb2Z0d2FyZV9tZ210Cj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9iaW4vYXB0 aXR1ZGUgLXAgeCAtayBzb2Z0d2FyZV9tZ210Cj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9iaW4v d2FqaWcgLXAgeCAtayBzb2Z0d2FyZV9tZ210Cj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9iaW4v c25hcCAtcCB4IC1rIHNvZnR3YXJlX21nbXQKPiA+ICAgICAKPiA+ICAgICAjIFBJUCgzKSAoUHl0 aG9uIGluc3RhbGxzKQo+ID4gICAgIAo+ID4gICAgIC13IC91c3IvYmluL3BpcCAtcCB4IC1rIFQx MDcyX3RoaXJkX3BhcnR5X3NvZnR3YXJlCj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9sb2NhbC9i aW4vcGlwIC1wIHggLWsgVDEwNzJfdGhpcmRfcGFydHlfc29mdHdhcmUKPiA+ICAgICAKPiA+ICAg ICAtdyAvdXNyL2Jpbi9waXAzIC1wIHggLWsgVDEwNzJfdGhpcmRfcGFydHlfc29mdHdhcmUKPiA+ ICAgICAKPiA+ICAgICAtdyAvdXNyL2xvY2FsL2Jpbi9waXAzIC1wIHggLWsgVDEwNzJfdGhpcmRf cGFydHlfc29mdHdhcmUKPiA+ICAgICAKPiA+ICAgICAjIG5wbQo+ID4gICAgIAo+ID4gICAgICMj IFQxMDcyIHRoaXJkIHBhcnR5IHNvZnR3YXJlCj4gPiAgICAgCj4gPiAgICAgIyMgaHR0cHM6Ly93 d3cubnBtanMuY29tCj4gPiAgICAgCj4gPiAgICAgIyMgaHR0cHM6Ly9kb2NzLm5wbWpzLmNvbS9j bGkvdjYvY29tbWFuZHMvbnBtLWF1ZGl0Cj4gPiAgICAgCj4gPiAgICAgLXcgL3Vzci9iaW4vbnBt IC1wIHggLWsgVDEwNzJfdGhpcmRfcGFydHlfc29mdHdhcmUKPiA+ICAgICAKPiA+ICAgICAtLQo+ ID4gICAgIExpbnV4LWF1ZGl0IG1haWxpbmcgbGlzdAo+ID4gICAgIExpbnV4LWF1ZGl0QHJlZGhh dC5jb20KPiA+ICAgICBodHRwczovL2xpc3RtYW4ucmVkaGF0LmNvbS9tYWlsbWFuL2xpc3RpbmZv L2xpbnV4LWF1ZGl0Cj4gPiAKPiA+IC0tCj4gPiBMaW51eC1hdWRpdCBtYWlsaW5nIGxpc3QKPiA+ IExpbnV4LWF1ZGl0QHJlZGhhdC5jb20KPiA+IGh0dHBzOi8vbGlzdG1hbi5yZWRoYXQuY29tL21h aWxtYW4vbGlzdGluZm8vbGludXgtYXVkaXQKCgoKCi0tCkxpbnV4LWF1ZGl0IG1haWxpbmcgbGlz dApMaW51eC1hdWRpdEByZWRoYXQuY29tCmh0dHBzOi8vbGlzdG1hbi5yZWRoYXQuY29tL21haWxt YW4vbGlzdGluZm8vbGludXgtYXVkaXQK