Optimize 80 rules for openEuler

optimize-80-rules-for-openEuler.patch

@@ -1,101 +1,101 @@
-From 51df8c46acfa272186a64cd166bb134675b1f031 Mon Sep 17 00:00:00 2001
+From a7932d8cba91edbc359c520cd67361b3bb6680aa Mon Sep 17 00:00:00 2001
 From: qsw333 <wangqingsan@huawei.com>
 Date: Thu, 16 Nov 2023 13:50:38 +0800
-Subject: [PATCH] add 80 rules for openEuler
+Subject: [PATCH] second
 
 ---
- .../base/service_haveged_enabled/rule.yml     | 31 ++++++
+ .../base/service_haveged_enabled/rule.yml     |  31 ++
- .../service_dhcpd_disabled/rule.yml           |  2 +-
+ .../service_dhcpd_disabled/rule.yml           |   2 +-
- .../service_named_disabled/rule.yml           |  2 +-
+ .../service_named_disabled/rule.yml           |   2 +-
- .../package_httpd_removed/rule.yml            |  2 +-
+ .../package_httpd_removed/rule.yml            |   2 +-
- .../package_openldap-clients_removed/rule.yml | 23 +++++
+ .../package_openldap-clients_removed/rule.yml |  23 ++
- .../service_rpcbind_disabled/rule.yml         |  2 +-
+ .../service_rpcbind_disabled/rule.yml         |   2 +-
- .../service_nfs-server_disabled/rule.yml      | 33 +++++++
+ .../service_nfs-server_disabled/rule.yml      |  33 ++
- linux_os/guide/services/rsync/group.yml       |  9 ++
+ linux_os/guide/services/rsync/group.yml       |   9 +
- .../rsync/service_rsyncd_disabled/rule.yml    | 20 ++++
+ .../rsync/service_rsyncd_disabled/rule.yml    |  20 ++
- .../service_smb_disabled/rule.yml             |  2 +-
+ .../service_smb_disabled/rule.yml             |   2 +-
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../rule.yml                                  | 23 +++++
+ .../rule.yml                                  |  23 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../rule.yml                                  | 26 +++++
+ .../rule.yml                                  |  26 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../rule.yml                                  | 25 +++++
+ .../rule.yml                                  |  25 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../sshd_configure_correct_interface/rule.yml | 26 +++++
+ .../sshd_configure_correct_interface/rule.yml |  26 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../sshd_disable_AllowTcpForwardindg/rule.yml | 28 ++++++
+ .../sshd_disable_AllowTcpForwardindg/rule.yml |  28 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../sshd_disable_x11_forwarding/rule.yml      | 23 +++++
+ .../sshd_disable_x11_forwarding/rule.yml      |  23 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  54 +++
- .../rule.yml                                  | 25 +++++
+ .../rule.yml                                  |  25 ++
- .../uninstall_software_service/group.yml      |  5 +
+ .../uninstall_software_service/group.yml      |   5 +
- .../network_sniffing_tools/rule.yml           | 24 +++++
+ .../network_sniffing_tools/rule.yml           |  24 ++
- .../rule.yml                                  |  2 +-
+ .../rule.yml                                  |   2 +-
- .../no_forward_files/oval/shared.xml          | 20 ++++
+ .../no_forward_files/oval/shared.xml          |  20 ++
- .../no_forward_files/rule.yml                 | 17 ++++
+ .../no_forward_files/rule.yml                 |  31 ++
- .../rule.yml                                  | 31 ++++++
+ .../rule.yml                                  |  31 ++
- .../rule.yml                                  |  2 +-
+ .../rule.yml                                  |   2 +-
- .../rule.yml                                  |  2 +-
+ .../rule.yml                                  |   2 +-
- .../rule.yml                                  |  2 +-
+ .../rule.yml                                  |   2 +-
- .../rule.yml                                  |  2 +-
+ .../rule.yml                                  |   2 +-
- .../rule.yml                                  | 39 ++++++++
+ .../rule.yml                                  |  39 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  44 +++
- .../audit_rule_admin_privilege/rule.yml       | 30 ++++++
+ .../audit_rules_admin_privilege/rule.yml      |  28 ++
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../rule.yml                                  | 56 +++++++++++
+ .../rule.yml                                  |  56 +++
- .../auditd_data_retention_space_left/rule.yml |  2 +-
+ .../auditd_data_retention_space_left/rule.yml |   2 +-
- .../auditing/grub2_audit_argument/rule.yml    |  2 +-
+ .../auditing/grub2_audit_argument/rule.yml    |   2 +-
- .../rule.yml                                  |  2 +-
+ .../rule.yml                                  |   2 +-
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../configure_dump_journald_log/rule.yml      | 25 +++++
+ .../configure_dump_journald_log/rule.yml      |  25 ++
- .../rule.yml                                  | 24 +++++
+ .../rule.yml                                  |  24 ++
- .../configure_rsyslog_log_rotate/rule.yml     | 48 ++++++++++
+ .../configure_rsyslog_log_rotate/rule.yml     |  48 +++
- .../configure_service_logging/rule.yml        | 26 +++++
+ .../configure_service_logging/rule.yml        |  26 ++
- .../diasable_root_accessing_system/rule.yml   | 50 ++++++++++
+ .../diasable_root_accessing_system/rule.yml   |  50 +++
- .../rsyslog_files_permissions/oval/shared.xml |  1 +
+ .../rsyslog_files_permissions/oval/shared.xml |   1 +
- .../oval/shared.xml                           | 25 +++++
+ .../oval/shared.xml                           |  25 ++
- .../rule.yml                                  | 22 +++++
+ .../rule.yml                                  |  22 ++
- .../rule.yml                                  |  1 +
+ .../rule.yml                                  |   1 +
- .../rule.yml                                  |  1 +
+ .../rule.yml                                  |   1 +
- .../rsyslog_remote_loghost/oval/shared.xml    |  1 +
+ .../rsyslog_remote_loghost/oval/shared.xml    |   1 +
- .../rule.yml                                  | 36 +++++++
+ .../rule.yml                                  |  36 ++
- .../rule.yml                                  | 36 +++++++
+ .../rule.yml                                  |  36 ++
- .../rule.yml                                  | 27 ++++++
+ .../rule.yml                                  |  27 ++
- .../rule.yml                                  | 36 +++++++
+ .../rule.yml                                  |  36 ++
- .../rule.yml                                  | 28 ++++++
+ .../rule.yml                                  |  28 ++
- .../wireless_disable_interfaces/rule.yml      |  2 +-
+ .../wireless_disable_interfaces/rule.yml      |   2 +-
- .../rule.yml                                  | 26 +++++
+ .../rule.yml                                  |  26 ++
- .../system/network/network_nftables/group.yml | 12 +++
+ .../system/network/network_nftables/group.yml |  12 +
- .../rule.yml                                  | 31 ++++++
+ .../rule.yml                                  |  31 ++
- .../rule.yml                                  | 29 ++++++
+ .../rule.yml                                  |  29 ++
- .../rule.yml                                  | 24 +++++
+ .../rule.yml                                  |  24 ++
- .../rule.yml                                  | 28 ++++++
+ .../rule.yml                                  |  28 ++
- .../rule.yml                                  | 25 +++++
+ .../rule.yml                                  |  25 ++
- .../service_nftables_enabled/rule.yml         | 22 +++++
+ .../service_nftables_enabled/rule.yml         |  22 ++
- .../define_ld_lib_path_correctly/rule.yml     | 41 ++++++++
+ .../define_ld_lib_path_correctly/rule.yml     |  41 +++
- .../files/define_path_strictly/rule.yml       | 44 +++++++++
+ .../files/define_path_strictly/rule.yml       |  44 +++
- .../no_files_globally_writable_files/rule.yml | 34 +++++++
+ .../no_files_globally_writable_files/rule.yml |  34 ++
- .../rule.yml                                  | 38 ++++++++
+ .../rule.yml                                  |  38 ++
- .../rule.yml                                  | 33 +++++++
+ .../rule.yml                                  |  33 ++
- .../partitions_mounted_nodev_mode/rule.yml    | 47 +++++++++
+ .../partitions_mounted_nodev_mode/rule.yml    |  47 +++
- .../partitions_mounted_noexec_mode/rule.yml   | 23 +++++
+ .../partitions_mounted_noexec_mode/rule.yml   |  23 ++
- .../partitions_mounted_nosuid_mode/rule.yml   | 31 ++++++
+ .../partitions_mounted_nosuid_mode/rule.yml   |  31 ++
- .../rule.yml                                  | 29 ++++++
+ .../rule.yml                                  |  29 ++
- .../read_only_partitions_no_modified/rule.yml | 16 ++++
+ .../read_only_partitions_no_modified/rule.yml |  21 ++
- .../sysctl_kernel_yama_ptrace_scope/rule.yml  |  2 +-
+ .../sysctl_kernel_yama_ptrace_scope/rule.yml  |   3 +-
- .../rule.yml                                  | 33 +++++++
+ .../rule.yml                                  |  33 ++
- .../system/software/enabled_seccomp/rule.yml  | 47 +++++++++
+ .../system/software/enabled_seccomp/rule.yml  |  47 +++
- .../crypto/configure_crypto_policy/rule.yml   |  2 +-
+ .../crypto/configure_crypto_policy/rule.yml   |   2 +-
- .../aide/aide_build_database/oval/shared.xml  |  1 +
+ .../aide/aide_build_database/oval/shared.xml  |   1 +
- .../aide/enable_aide_detection/rule.yml       | 40 ++++++++
+ .../aide/enable_aide_detection/rule.yml       |  40 +++
- .../ima_verification/rule.yml                 | 55 +++++++++++
+ .../ima_verification/rule.yml                 |  55 +++
- .../rule.yml                                  | 33 +++++++
+ .../rule.yml                                  |  33 ++
- .../disabled_SysRq/oval/shared.xml            | 25 +++++
+ .../disabled_SysRq/oval/shared.xml            |  25 ++
- .../system-tools/disabled_SysRq/rule.yml      | 30 ++++++
+ .../system-tools/disabled_SysRq/rule.yml      |  30 ++
- .../uninstall_debugging_tools/rule.yml        | 35 +++++++
+ .../uninstall_debugging_tools/rule.yml        |  35 ++
- .../rule.yml                                  | 39 ++++++++
+ .../rule.yml                                  |  39 ++
- openeuler2203/profiles/standard.profile       | 96 +++++++++++++++++++
+ openeuler2203/profiles/standard.profile       | 340 +++++++++++++++++-
- 91 files changed, 2134 insertions(+), 16 deletions(-)
+ 91 files changed, 2443 insertions(+), 17 deletions(-)
  create mode 100644 linux_os/guide/services/base/service_haveged_enabled/rule.yml
  create mode 100644 linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
  create mode 100644 linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs-server_disabled/rule.yml
@@ -121,8 +121,8 @@ Subject: [PATCH] add 80 rules for openEuler
  create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
  create mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification/rule.yml
  create mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privilege_escalation_command/rule.yml
- create mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/oval/shared.xml
+ create mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/oval/shared.xml
- create mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/rule.yml
+ create mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/rule.yml
  create mode 100644 linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left/oval/shared.xml
  create mode 100644 linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left/rule.yml
  create mode 100644 linux_os/guide/system/logging/configure_dump_journald_log/oval/shared.xml
@@ -763,10 +763,10 @@ index 0000000..c301259
 \ No newline at end of file
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/oval/shared.xml
 new file mode 100644
-index 0000000..2c7044f
+index 0000000..e451290
 --- /dev/null
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/oval/shared.xml
-@@ -0,0 +1,25 @@
+@@ -0,0 +1,54 @@
 +<def-group>
 +  <definition class="compliance" id="sshd_prohibit_preset_authorized_keys" version="1">
 +    <metadata>
@@ -774,25 +774,53 @@ index 0000000..2c7044f
 +      <affected family="unix">
 +        <platform>multi_platform_openeuler</platform>
 +      </affected>
-+      <description>SSH service prohibits preset authorized_Keys.</description>
++      <description>Prohibit SSH service shuold setting authorized_Keys</description>
 +    </metadata>
-+    <criteria>
++    <criteria operator="OR">
-+      <criterion comment="SSH service prohibits preset authorized_Keys"
++      <criterion comment="Set authorized_Keys in  /root" test_ref="test_authorized_Keys_root" />
-+      test_ref="test_sshd_prohibit_preset_authorized_keys" />
++      <criterion comment="Set authorized_Keys /home" test_ref="test_authorized_Keys_home" />
 +    </criteria>
 +  </definition>
-+  <ind:textfilecontent54_test check="all" check_existence="all_exist"
++
-+  comment="SSH service prohibits preset authorized_Keys"
++  <!-- NIST scapval validation tool complains that a variable passed to
-+  id="test_sshd_prohibit_preset_authorized_keys" version="1">
++  rsyslog_remote_loghost OVAL check from the XCCDF Rule doesn't have
-+    <ind:object object_ref="obj_test_sshd_prohibit_preset_authorized_keys" />
++  the correct type according to the SCAP specifications.
++
++  This happens because we don't use the received variable in the check,
++  thus its type is not defined anywhere in the check, we only use it when
++  remediating the rule.
++
++  To work around this we define an external variable just to set
++  the type of the variable to be as SCAP specification defines.  -->
++  <external_variable comment="used for remediation only" datatype="string" id="sshd_prohibit_preset_authorized_keys_address" version="1"/>
++
++  <ind:textfilecontent54_test check="all" check_existence="none_exist"
++  comment="Ensures authorized_Keys set in /root"
++  id="test_authorized_Keys_root" version="1">
++    <ind:object object_ref="object_authorized_Keys_root" />
 +  </ind:textfilecontent54_test>
-+  <ind:textfilecontent54_object id="obj_test_sshd_prohibit_preset_authorized_keys" version="1">
++
-+    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
++  <ind:textfilecontent54_test check="all" check_existence="none_exist"
-+    <ind:pattern operation="pattern match">authorized_keys</ind:pattern>
++  comment="Ensures authorized_Keys set in /home"
++  id="test_authorized_Keys_home" version="1">
++    <ind:object object_ref="object_authorized_Keys_home" />
++  </ind:textfilecontent54_test>
++
++  <ind:textfilecontent54_object id="object_authorized_Keys_root" version="1">
++    <ind:path>/root</ind:path>
++    <ind:filename operation="pattern match">authorized_keys</ind:filename>
++    <ind:pattern operation="pattern match">.*</ind:pattern>
 +    <ind:instance datatype="int">1</ind:instance>
 +  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_authorized_Keys_home" version="1">
++    <ind:path>/home</ind:path>
++    <ind:filename operation="pattern match">authorized_keys</ind:filename>
++    <ind:pattern operation="pattern match">.*</ind:pattern>
++    <ind:instance datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++
 +</def-group>
-\ No newline at end of file
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/rule.yml
 new file mode 100644
 index 0000000..145f45d
@@ -909,10 +937,10 @@ index 0000000..eab54dd
 \ No newline at end of file
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
 new file mode 100644
-index 0000000..9d8969f
+index 0000000..92ca05a
 --- /dev/null
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
-@@ -0,0 +1,17 @@
+@@ -0,0 +1,31 @@
 +documentation_complete: true
 +
 +prodtype: openeuler2203
@@ -925,6 +953,20 @@ index 0000000..9d8969f
 +    no related email forwarding scenarios, it is recommended to delete the
 +    <tt>.forward</tt> file.
 +
++    <p><tt>Use the following script to check:</tt></p>
++    <ul>
++    <li>If there is no return output, it means that there is no ".forward" file in all Home directories:
++    <pre>#!/bin/bash
++    
++    grep -E -v '^(halt|sync|shutdown)' "/etc/passwd" | awk -F ":" '($7 != "/bin/false" &amp;&amp; $7 != "/sbin/nologin") {print $6}' | while read home;
++    do
++        if [ -d "$home" ]; then
++            find $home -name ".forward"
++        fi
++    done</pre>
++    </li>
++    </ul>
++
 +rationale: |- 
 +    If there is a <tt>.forward</tt> file, it may cause user emails carrying
 +    sensitive information to be automatically forwarded to high-risk mailboxes.
@@ -1063,47 +1105,63 @@ index 0000000..1e4f780
 +
 +severity: low
 \ No newline at end of file
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/oval/shared.xml
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/oval/shared.xml
 new file mode 100644
-index 0000000..b70b4d9
+index 0000000..55af169
 --- /dev/null
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/oval/shared.xml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/oval/shared.xml
-@@ -0,0 +1,25 @@
+@@ -0,0 +1,44 @@
 +<def-group>
-+  <definition class="compliance" id="audit_rule_admin_privilege" version="1">
++  <definition class="compliance" id="audit_rules_admin_privilege" version="1">
 +    <metadata>
 +      <title>Audit rules for administrator privileged operations should be configured</title>
-+      <affected family="unix">
++      {{{- oval_affected(products) }}}
-+        <platform>multi_platform_openeuler</platform>
-+      </affected>
 +      <description>Configure audit rules for administrator privileged operations</description>
 +    </metadata>
-+    <criteria>
++
-+      <criterion comment="Configure audit rules for administrator privileged operations"
++<criteria operator="OR">
-+      test_ref="test_audit_rule_admin_privilege" />
++
++      <!-- Test the augenrules case -->
++      <criteria operator="AND">
++        <extend_definition comment="audit augenrules" definition_ref="audit_rules_augenrules" />
++        <criterion comment="audit augenrules configuration locked" test_ref="test_admin_privilege_augenrules" />
++      </criteria>
++
++      <!-- Test the auditctl case -->
++      <criteria operator="AND">
++        <extend_definition comment="audit auditctl" definition_ref="audit_rules_auditctl" />
++        <criterion comment="audit auditctl configuration locked" test_ref="test_admin_privilege_auditctl" />
++      </criteria>
++
 +    </criteria>
 +  </definition>
-+  <ind:textfilecontent54_test check="all" check_existence="all_exist"
++
-+  comment="recorded authentication-related event"
++  <ind:textfilecontent54_test check="all" comment="audit augenrules configuration locked" id="test_admin_privilege_augenrules" version="1">
-+  id="test_audit_rule_admin_privilege" version="1">
++    <ind:object object_ref="object_admin_privilege_augenrules" />
-+    <ind:object object_ref="obj_test_audit_rule_admin_privilege" />
 +  </ind:textfilecontent54_test>
-+  <ind:textfilecontent54_object id="obj_test_audit_rule_admin_privilege" version="1">
++  <ind:textfilecontent54_object id="object_admin_privilege_augenrules" version="1">
++    <ind:filepath operation="pattern match">^/etc/audit/rules\.d/.*\.rules$</ind:filepath>
++    <ind:pattern operation="pattern match">^\-w[\s]+sudo\.log[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b[\s]+(-k[\s]+|-F[\s]+key=)[-\w]+[\s]*$</ind:pattern>
++    <ind:instance datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_test check="all" comment="audit auditctl configuration locked" id="test_admin_privilege_auditctl" version="1">
++    <ind:object object_ref="object_admin_privilege_auditctl" />
++  </ind:textfilecontent54_test>
++  <ind:textfilecontent54_object id="object_admin_privilege_auditctl" version="1">
 +    <ind:filepath>/etc/audit/audit.rules</ind:filepath>
 +    <ind:pattern operation="pattern match">^\-w[\s]+sudo\.log[\s]+\-p[\s]+\b([rx]*w[rx]*a[rx]*|[rx]*a[rx]*w[rx]*)\b[\s]+(-k[\s]+|-F[\s]+key=)[-\w]+[\s]*$</ind:pattern>
 +    <ind:instance datatype="int">1</ind:instance>
 +  </ind:textfilecontent54_object>
-+</def-group>
-\ No newline at end of file
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/rule.yml
-new file mode 100644
-index 0000000..a5e0923
---- /dev/null
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rule_admin_privilege/rule.yml
-@@ -0,0 +1,30 @@
-+documentation_complete: true
 +
-+prodtype: openeuler2203
++</def-group>
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/rule.yml
+new file mode 100644
+index 0000000..63304a8
+--- /dev/null
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_admin_privilege/rule.yml
+@@ -0,0 +1,28 @@
++documentation_complete: true
 +
 +title: 'Audit rules for administrator privileged operations should be configured'
 +
@@ -1359,7 +1417,7 @@ index 0000000..ec95d20
 \ No newline at end of file
 diff --git a/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml b/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml
 new file mode 100644
-index 0000000..d0bcf1f
+index 0000000..e45ebb7
 --- /dev/null
 +++ b/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml
 @@ -0,0 +1,48 @@
@@ -1400,7 +1458,7 @@ index 0000000..d0bcf1f
 +    <p><tt>It can not be scanned automatically, please check it manually.</tt></p>
 +    <ul>
 +    <li>Check whether the relevant fields have been configured in the /etc/logrotate.d/rsyslog file:
-+    <pre>$ cat /etc/logrotate.d/rsyslog | grep -iE "\/var\/log|maxage|rotate|compress|size"</pre>
++    <pre>$ cat /etc/logrotate.d/rsyslog | grep -iE "\/var\/log|maxage|\&lt;rotate\&gt;|compress|size"</pre>
 +    </li>
 +    </ul>
 +
@@ -2457,10 +2515,10 @@ index 0000000..848fed1
 \ No newline at end of file
 diff --git a/linux_os/guide/system/permissions/partitions/read_only_partitions_no_modified/rule.yml b/linux_os/guide/system/permissions/partitions/read_only_partitions_no_modified/rule.yml
 new file mode 100644
-index 0000000..f929c84
+index 0000000..b63d688
 --- /dev/null
 +++ b/linux_os/guide/system/permissions/partitions/read_only_partitions_no_modified/rule.yml
-@@ -0,0 +1,16 @@
+@@ -0,0 +1,21 @@
 +documentation_complete: true
 +
 +prodtype: openeuler2203
@@ -2472,6 +2530,11 @@ index 0000000..f929c84
 +    avoid unintentional or malicious data tampering and reduce the attack surface.
 +
 +    <p><tt>It can not be scanned automatically, please check it manually.</tt></p>
++    <ul>
++    <li>Use the mount command to check whether the mounted file system meets the requirements:
++    <pre>$ mount | grep "/root/readonly" | grep "\&lt;ro\&gt;"</pre>
++    </li>
++    </ul> 
 +
 +rationale: |-
 +    
@@ -2479,7 +2542,7 @@ index 0000000..f929c84
 +severity: high
 \ No newline at end of file
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
-index cd07fd0..ce86997 100644
+index cd07fd0..cd68dad 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
 @@ -1,6 +1,6 @@
@@ -2490,6 +2553,12 @@ index cd07fd0..ce86997 100644
  
  title: 'Restrict usage of ptrace to descendant processes'
  
+@@ -33,4 +33,5 @@ template:
+     vars:
+         sysctlvar: kernel.yama.ptrace_scope
+         sysctlval: '1'
++        sysctlval@openeuler2203: '0'
+         datatype: int
 diff --git a/linux_os/guide/system/selinux/disabled_unconfined_service_t_programs/rule.yml b/linux_os/guide/system/selinux/disabled_unconfined_service_t_programs/rule.yml
 new file mode 100644
 index 0000000..dc1881b
@@ -2915,109 +2984,507 @@ index 0000000..69b0c59
 +severity: high
 \ No newline at end of file
 diff --git a/openeuler2203/profiles/standard.profile b/openeuler2203/profiles/standard.profile
-index de6890c..0297edc 100644
+index de6890c..1f4de10 100644
 --- a/openeuler2203/profiles/standard.profile
 +++ b/openeuler2203/profiles/standard.profile
-@@ -164,3 +164,99 @@ selections:
+@@ -9,158 +9,496 @@ description: |-
+ 
+ selections:
+     - package_telnet_removed
++    - package_telnet_removed.severity=high
+     - package_tftp-server_removed
++    - package_tftp-server_removed.severity=high
+     - package_tftp_removed
++    - package_tftp_removed.severity=high
+     - package_net-snmp_removed
++    - package_net-snmp_removed.severity=high
+     - accounts_no_uid_except_zero
++    - accounts_no_uid_except_zero.severity=high
+     - file_owner_etc_passwd
++    - file_owner_etc_passwd.severity=high
+     - file_groupowner_etc_passwd
++    - file_groupowner_etc_passwd.severity=high
+     - file_permissions_etc_passwd
++    - file_permissions_etc_passwd.severity=high
+     - file_owner_etc_shadow
++    - file_owner_etc_shadow.severity=high
+     - file_groupowner_etc_shadow
++    - file_groupowner_etc_shadow.severity=high
+     - file_permissions_etc_shadow
++    - file_permissions_etc_shadow.severity=high
+     - file_owner_etc_group
++    - file_owner_etc_group.severity=high
+     - file_groupowner_etc_group
++    - file_groupowner_etc_group.severity=high
+     - file_permissions_etc_group
++    - file_permissions_etc_group.severity=high
+     - file_owner_etc_gshadow
++    - file_owner_etc_gshadow.severity=high
+     - file_groupowner_etc_gshadow
++    - file_groupowner_etc_gshadow.severity=high
+     - file_permissions_etc_gshadow
++    - file_permissions_etc_gshadow.severity=high
+     - accounts_user_interactive_home_directory_exists
++    - accounts_user_interactive_home_directory_exists.severity=high
+     - gid_passwd_group_same
++    - gid_passwd_group_same.severity=high
+     - var_password_pam_minlen=8
+     - accounts_password_pam_minlen
++    - accounts_password_pam_minlen.severity=high
+     - accounts_password_pam_minclass
++    - accounts_password_pam_minclass.severity=high
+     - var_password_pam_ucredit=0
+     - accounts_password_pam_ucredit
++    - accounts_password_pam_ucredit.severity=high
+     - var_password_pam_lcredit=0
+     - accounts_password_pam_lcredit
++    - accounts_password_pam_lcredit.severity=high
+     - var_password_pam_dcredit=0
+     - accounts_password_pam_dcredit
++    - accounts_password_pam_dcredit.severity=high
+     - var_password_pam_ocredit=0
+     - accounts_password_pam_ocredit
++    - accounts_password_pam_ocredit.severity=high
+     - accounts_password_pam_retry
++    - accounts_password_pam_retry.severity=high
+     - accounts_password_pam_unix_remember
++    - accounts_password_pam_unix_remember.severity=high
+     - set_password_hashing_algorithm_systemauth
++    - set_password_hashing_algorithm_systemauth.severity=high
+     - accounts_maximum_age_login_defs
+-    - var_accounts_minimum_age_login_defs=0
++    - accounts_maximum_age_login_defs.severity=high
++    - var_accounts_maximum_age_login_defs=90
+     - accounts_minimum_age_login_defs
++    - accounts_minimum_age_login_defs.severity=high
++    - var_accounts_minimum_age_login_defs=0
+     - accounts_password_warn_age_login_defs
++    - accounts_password_warn_age_login_defs.severity=high
+     - sshd_disable_empty_passwords
++    - sshd_disable_empty_passwords.severity=high
+     - grub2_uefi_password
++    - grub2_uefi_password.severity=high
+     - require_singleuser_auth
++    - require_singleuser_auth.severity=high
+     - accounts_passwords_pam_faillock_deny
++    - accounts_passwords_pam_faillock_deny.severity=high
+     - accounts_passwords_pam_faillock_deny_root
++    - accounts_passwords_pam_faillock_deny_root.severity=high
+     - var_accounts_passwords_pam_faillock_unlock_time=300
+     - accounts_passwords_pam_faillock_unlock_time
++    - accounts_passwords_pam_faillock_unlock_time.severity=high
+     - var_accounts_tmout=5_min
+     - accounts_tmout
++    - accounts_tmout.severity=high
+     - sshd_allow_only_protocol2
++    - sshd_allow_only_protocol2.severity=high
+     - sshd_disable_rhosts
++    - sshd_disable_rhosts.severity=high
+     - disable_host_auth
++    - disable_host_auth.severity=high
+     - configure_ssh_crypto_policy
++    - configure_ssh_crypto_policy.severity=high
+     - sysctl_kernel_randomize_va_space
++    - sysctl_kernel_randomize_va_space.severity=high
+     - sysctl_kernel_dmesg_restrict
++    - sysctl_kernel_dmesg_restrict.severity=high
+     - sysctl_kernel_kptr_restrict
++    - sysctl_kernel_kptr_restrict.severity=high
+     - no_files_unowned_by_user
++    - no_files_unowned_by_user.severity=high
+     - file_permissions_ungroupowned
++    - file_permissions_ungroupowned.severity=high
+     - dir_perms_world_writable_sticky_bits
++    - dir_perms_world_writable_sticky_bits.severity=high
+     - var_accounts_user_umask=077
+     - accounts_umask_etc_bashrc
++    - accounts_umask_etc_bashrc.severity=high
+     - service_auditd_enabled
++    - service_auditd_enabled.severity=high
+     - auditd_data_retention_max_log_file_action
++    - auditd_data_retention_max_log_file_action.severity=high
+     - auditd_data_retention_num_logs
++    - auditd_data_retention_num_logs.severity=high
+     - service_rsyslog_enabled
++    - service_rsyslog_enabled.severity=high
+     - package_python2_removed
++    - package_python2_removed.severity=high
+     - ensure_gpgcheck_never_disabled
++    - ensure_gpgcheck_never_disabled.severity=high
+     - login_accounts_are_necessary
++    - login_accounts_are_necessary.severity=high
+     - accounts_are_necessary
++    - accounts_are_necessary.severity=high
+     - group_unique_id
++    - group_unique_id.severity=high
+     - account_unique_id
++    - account_unique_id.severity=high
+     - account_unique_group_id
++    - account_unique_group_id.severity=high
+     - account_unique_name
++    - account_unique_name.severity=high
+     - group_unique_name
++    - group_unique_name.severity=high
+     - accounts_password_pam_dictcheck
++    - accounts_password_pam_dictcheck.severity=high
+     - verify_owner_password
++    - verify_owner_password.severity=high
+     - no_name_contained_in_password
++    - no_name_contained_in_password.severity=high
+     - sshd_strong_kex=standard_openeuler2203
+     - sshd_use_strong_kex
++    - sshd_use_strong_kex.severity=high
+     - sshd_use_strong_pubkey
++    - sshd_use_strong_pubkey.severity=high
+     - sshd_enable_pam
++    - sshd_enable_pam.severity=high
+     - sshd_use_strong_macs
++    - sshd_use_strong_macs.severity=high
+     - sshd_use_strong_ciphers
++    - sshd_use_strong_ciphers.severity=high
+     - grub2_nosmap_argument_absent
++    - grub2_nosmap_argument_absent.severity=high
+     - grub2_nosmep_argument_absent
++    - grub2_nosmep_argument_absent.severity=high
+     - package_ftp_removed
++    - package_ftp_removed.severity=high
+     - no_empty_symlink_files
++    - no_empty_symlink_files.severity=high
+     - no_hide_exec_files
++    - no_hide_exec_files.severity=high
+     - no_lowprivilege_users_writeable_cmds_in_crontab_file
++    - no_lowprivilege_users_writeable_cmds_in_crontab_file.severity=high
+     - service_debug-shell_disabled
++    - service_debug-shell_disabled.severity=high
+     - service_avahi-daemon_disabled
++    - service_avahi-daemon_disabled.severity=high
+     - package_openldap-servers_removed
++    - package_openldap-servers_removed.severity=high
+     - service_cups_disabled
++    - service_cups_disabled.severity=high
+     - package_ypserv_removed
++    - package_ypserv_removed.severity=high
+     - package_ypbind_removed
++    - package_ypbind_removed.severity=high
+     - account_temp_expire_date
++    - account_temp_expire_date.severity=low
+     - no_netrc_files
++    - no_netrc_files.severity=low
+     - service_chronyd_or_ntpd_enabled
++    - service_chronyd_or_ntpd_enabled.severity=low
+     - chronyd_or_ntpd_specify_remote_server
++    - chronyd_or_ntpd_specify_remote_server.severity=low
+     - kernel_module_sctp_disabled
++    - kernel_module_sctp_disabled.severity=low
+     - kernel_module_tipc_disabled
++    - kernel_module_tipc_disabled.severity=low
+     - sshd_set_loglevel_verbose
++    - sshd_set_loglevel_verbose.severity=low
+     - sshd_set_max_auth_tries
++    - sshd_set_max_auth_tries.severity=low
+     - sshd_max_auth_tries_value=3
+     - sshd_do_not_permit_user_env
++    - sshd_do_not_permit_user_env.severity=high
+     - sshd_disable_user_known_hosts_ex
++    - sshd_disable_user_known_hosts_ex.severity=high
+     - sshd_disable_rhosts_rsa
++    - sshd_disable_rhosts_rsa.severity=high
+     - service_firewalld_enabled
++    - service_firewalld_enabled.severity=low
+     - set_firewalld_default_zone
++    - set_firewalld_default_zone.severity=low
+     - disable_unnecessary_service_and_ports 
++    - disable_unnecessary_service_and_ports.severity=low
+     - service_iptables_enabled
++    - service_iptables_enabled.severity=low
+     - service_ip6tables_enabled
++    - service_ip6tables_enabled.severity=low
+     - set_iptables_default_rule
++    - set_iptables_default_rule.severity=low
+     - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts.severity=high
+     - sysctl_net_ipv4_conf_all_accept_redirects
++    - sysctl_net_ipv4_conf_all_accept_redirects.severity=high
+     - sysctl_net_ipv6_conf_all_accept_redirects
++    - sysctl_net_ipv6_conf_all_accept_redirects.severity=high
+     - sysctl_net_ipv4_conf_all_secure_redirects
++    - sysctl_net_ipv4_conf_all_secure_redirects.severity=high
+     - sysctl_net_ipv4_conf_default_secure_redirects
++    - sysctl_net_ipv4_conf_default_secure_redirects.severity=high
+     - sysctl_net_ipv4_conf_all_send_redirects
++    - sysctl_net_ipv4_conf_all_send_redirects.severity=high
+     - sysctl_net_ipv4_conf_default_send_redirects
++    - sysctl_net_ipv4_conf_default_send_redirects.severity=high
+     - sysctl_net_ipv4_conf_all_rp_filter
++    - sysctl_net_ipv4_conf_all_rp_filter.severity=high
+     - sysctl_net_ipv4_ip_forward
++    - sysctl_net_ipv4_ip_forward.severity=high
+     - sysctl_net_ipv6_conf_all_forwarding
++    - sysctl_net_ipv6_conf_all_forwarding.severity=high
+     - sysctl_net_ipv4_conf_all_accept_source_route
++    - sysctl_net_ipv4_conf_all_accept_source_route.severity=high
+     - sysctl_net_ipv6_conf_all_accept_source_route
++    - sysctl_net_ipv6_conf_all_accept_source_route.severity=high
+     - sysctl_net_ipv4_tcp_syncookies
++    - sysctl_net_ipv4_tcp_syncookies.severity=high
+     - sysctl_net_ipv4_conf_all_log_martians
++    - sysctl_net_ipv4_conf_all_log_martians.severity=low
+     - sysctl_net_ipv4_conf_default_log_martians
++    - sysctl_net_ipv4_conf_default_log_martians.severity=low
+     - sysctl_fs_suid_dumpable
++    - sysctl_fs_suid_dumpable.severity=high
+     - selinux_state
++    - selinux_state.severity=low
+     - selinux_policytype
++    - selinux_policytype.severity=low
+     - sysctl_fs_protected_symlinks
++    - sysctl_fs_protected_symlinks.severity=high
+     - sysctl_fs_protected_hardlinks
++    - sysctl_fs_protected_hardlinks.severity=high
+     - kernel_module_usb-storage_disabled
++    - kernel_module_usb-storage_disabled.severity=low
+     - service_crond_enabled
++    - service_crond_enabled.severity=high
+     - cron_and_at_config
++    - cron_and_at_config.severity=high
+     - audit_rules_login_events
++    - audit_rules_login_events.severity=low
+     - audit_rules_usergroup_modification_group
++    - audit_rules_usergroup_modification_group.severity=low
+     - audit_rules_usergroup_modification_gshadow
++    - audit_rules_usergroup_modification_gshadow.severity=low
+     - audit_rules_usergroup_modification_opasswd
++    - audit_rules_usergroup_modification_opasswd.severity=low
+     - audit_rules_usergroup_modification_passwd
++    - audit_rules_usergroup_modification_passwd.severity=low
+     - audit_rules_usergroup_modification_shadow
++    - audit_rules_usergroup_modification_shadow.severity=low
+     - audit_rules_kernel_module_install_and_remove
++    - audit_rules_kernel_module_install_and_remove.severity=low
+     - rsyslog_cron_logging
++    - rsyslog_cron_logging.severity=high
+     - ensure_minimum_permission
++    - ensure_minimum_permission.severity=high
+     - opened_files_count_limited
++    - opened_files_count_limited.severity=high
+     - sysctl_net_ipv4_tcp_timestamps
++    - sysctl_net_ipv4_tcp_timestamps.severity=low
+     - sysctl_net_ipv4_tcp_fin_timeout
++    - sysctl_net_ipv4_tcp_fin_timeout.severity=high
+     - sysctl_net_ipv4_tcp_max_syn_backlog
++    - sysctl_net_ipv4_tcp_max_syn_backlog.severity=low
+     - sysctl_net_ipv4_disable_arp_proxy
++    - sysctl_net_ipv4_disable_arp_proxy.severity=high
+     - sysctl_net_ipv4_icmp_echo_ignore_all
++    - sysctl_net_ipv4_icmp_echo_ignore_all.severity=low
+     - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
++    - sysctl_net_ipv4_icmp_ignore_bogus_error_responses.severity=high
+     - su_only_for_wheel
++    - su_only_for_wheel.severity=high
+     - sudo_not_for_all_users
++    - sudo_not_for_all_users.severity=high
+     - only_root_can_run_pkexec
++    - only_root_can_run_pkexec.severity=high
+     - su_always_set_path
++    - su_always_set_path.severity=high
      - file_permissions_unauthorized_world_writable
++    - file_permissions_unauthorized_world_writable.severity=low
      - file_permissions_unauthorized_suid
++    - file_permissions_unauthorized_suid.severity=high
      - file_permissions_unauthorized_sgid
++    - file_permissions_unauthorized_sgid.severity=high
 +    - network_sniffing_tools
++    - network_sniffing_tools.severity=high
 +    - service_rsyncd_disabled
++    - service_rsyncd_disabled.severity=high
 +    - package_openldap-clients_removed
++    - package_openldap-clients_removed.severity=high
 +    - no_forward_files
++    - no_forward_files.severity=low
 +    - sshd_configure_correct_interface
++    - sshd_configure_correct_interface.severity=low
 +    - sshd_concurrent_unauthenticated_connections
++    - sshd_concurrent_unauthenticated_connections.severity=low
 +    - sshd_configure_concurrent_sessions
++    - sshd_configure_concurrent_sessions.severity=low
 +    - sshd_disable_x11_forwarding
++    - sshd_disable_x11_forwarding.severity=high
 +    - sshd_configure_correct_LoginGraceTime
++    - sshd_configure_correct_LoginGraceTime.severity=low
 +    - sshd_disable_AllowTcpForwardindg
++    - sshd_disable_AllowTcpForwardindg.severity=high
 +    - sshd_prohibit_preset_authorized_keys
++    - sshd_prohibit_preset_authorized_keys.severity=high
 +    - network_interface_binding_corrently
++    - network_interface_binding_corrently.severity=low
 +    - iptables_loopback_policy_configured_corrently
++    - iptables_loopback_policy_configured_corrently.severity=low
 +    - iptables_input_policy_configured_corrently
++    - iptables_input_policy_configured_corrently.severity=low
 +    - iptables_output_policy_configured_corrently
++    - iptables_output_policy_configured_corrently.severity=low
 +    - iptables_association_policy_configured_corrently
++    - iptables_association_policy_configured_corrently.severity=low
 +    - service_nftables_enabled
++    - service_nftables_enabled.severity=low
 +    - nftables_configure_default_deny_policy
++    - nftables_configure_default_deny_policy.severity=low
 +    - nftables_loopback_policy_configured_corrently
++    - nftables_loopback_policy_configured_corrently.severity=low
 +    - nftables_input_policy_configured_corrently
++    - nftables_input_policy_configured_corrently.severity=low
 +    - nftables_output_policy_configured_corrently
++    - nftables_output_policy_configured_corrently.severity=low
 +    - nftables_association_policy_configured_corrently
++    - nftables_association_policy_configured_corrently.severity=low
 +    - sudoers_disable_low_privileged_configure
++    - sudoers_disable_low_privileged_configure.severity=high
 +    - no_files_globally_writable_files
++    - no_files_globally_writable_files.severity=high
 +    - removed_unnecessary_file_mount_support
++    - removed_unnecessary_file_mount_support.severity=high
 +    - read_only_partitions_no_modified
++    - read_only_partitions_no_modified.severity=high
 +    - partitions_mounted_nodev_mode
++    - partitions_mounted_nodev_mode.severity=high
 +    - partitions_mounted_noexec_mode
++    - partitions_mounted_noexec_mode.severity=high
 +    - partitoin_mounted_noexec_or_nodev
++    - partitoin_mounted_noexec_or_nodev.severity=high
 +    - partitions_mounted_nosuid_mode
++    - partitions_mounted_nosuid_mode.severity=high
 +    - audit_privilege_escalation_command
-+    - audit_rule_admin_privilege
++    - audit_privilege_escalation_command.severity=low
++    - audit_rules_admin_privilege
++    - audit_rules_admin_privilege.severity=low
 +    - recorded_authentication_related_event
++    - recorded_authentication_related_event.severity=high
 +    - rsyslog_files_permissions
++    - rsyslog_files_permissions.severity=low
 +    - partitions_manage_hard_drive_data
++    - partitions_manage_hard_drive_data.severity=low
 +    - uninstall_debugging_tools
++    - uninstall_debugging_tools.severity=high
 +    - uninstall_development_and_compliation_tools
++    - uninstall_development_and_compliation_tools.severity=high
 +    - package_xorg-x11-server-common_removed
++    - package_xorg-x11-server-common_removed.severity=high
 +    - package_httpd_removed
++    - package_httpd_removed.severity=low
 +    - service_smb_disabled
++    - service_smb_disabled.severity=low
 +    - service_named_disabled
++    - service_named_disabled.severity=high
 +    - service_nfs-server_disabled
++    - service_nfs-server_disabled.severity=low
 +    - service_rpcbind_disabled
++    - service_rpcbind_disabled.severity=low
 +    - service_dhcpd_disabled
++    - service_dhcpd_disabled.severity=low
 +    - configure_first_logging_change_password
++    - configure_first_logging_change_password.severity=high
 +    - sshd_disable_root_login
++    - sshd_disable_root_login.severity=high
 +    - warning_banners_contain_reasonable_information
++    - warning_banners_contain_reasonable_information.severity=high
 +    - diasable_root_accessing_system
++    - diasable_root_accessing_system.severity=low
 +    - wireless_disable_interfaces
++    - wireless_disable_interfaces.severity=low
 +    - sshd_enable_warning_banner
++    - sshd_enable_warning_banner.severity=low
 +    - disabled_SysRq
++    - disabled_SysRq.severity=high
 +    - sysctl_kernel_yama_ptrace_scope
++    - sysctl_kernel_yama_ptrace_scope.severity=low
 +    - disabled_unconfined_service_t_programs
++    - disabled_unconfined_service_t_programs.severity=low
 +    - enabled_seccomp
++    - enabled_seccomp.severity=low
 +    - define_ld_lib_path_correctly
++    - define_ld_lib_path_correctly.severity=high
 +    - define_path_strictly
++    - define_path_strictly.severity=low
 +    - grub2_audit_argument
++    - grub2_audit_argument.severity=low
 +    - grub2_audit_backlog_limit_argument
++    - grub2_audit_backlog_limit_argument.severity=low
 +    - audit_rules_immutable
++    - audit_rules_immutable.severity=low
 +    - auditd_data_retention_max_log_file
++    - auditd_data_retention_max_log_file.severity=high
 +    - auditd_data_retention_max_log_file_action
++    - auditd_data_retention_max_log_file_action.severity=high
 +    - auditd_data_retention_space_left
++    - auditd_data_retention_space_left.severity=low
 +    - auditd_data_retention_space_left_action
++    - auditd_data_retention_space_left_action.severity=low
 +    - auditd_data_retention_admin_space_left
++    - auditd_data_retention_admin_space_left.severity=low
 +    - auditd_data_retention_admin_space_left_action
++    - auditd_data_retention_admin_space_left_action.severity=low
 +    - auditd_data_disk_error_action
++    - auditd_data_disk_error_action.severity=low
 +    - auditd_data_disk_full_action
++    - auditd_data_disk_full_action.severity=low
 +    - audit_rules_sysadmin_actions
++    - audit_rules_sysadmin_actions.severity=low
 +    - audit_rules_session_events
++    - audit_rules_session_events.severity=low
 +    - audit_rules_time_adjtimex
++    - audit_rules_time_adjtimex.severity=low
 +    - audit_rules_time_clock_settime
++    - audit_rules_time_clock_settime.severity=low
 +    - audit_rules_time_settimeofday
++    - audit_rules_time_settimeofday.severity=low
 +    - audit_rules_time_stime
++    - audit_rules_time_stime.severity=low
 +    - audit_rules_time_watch_localtime
++    - audit_rules_time_watch_localtime.severity=low
 +    - audit_rules_mac_modification
++    - audit_rules_mac_modification.severity=low
 +    - audit_rules_networkconfig_modification
++    - audit_rules_networkconfig_modification.severity=low
 +    - audit_rules_successful_file_modification
++    - audit_rules_successful_file_modification.severity=low
 +    - audit_rules_unsuccessful_file_modification_open
++    - audit_rules_unsuccessful_file_modification_open.severity=low
 +    - audit_rules_unsuccessful_file_modification_ftruncate
++    - audit_rules_unsuccessful_file_modification_ftruncate.severity=low
 +    - audit_rules_unsuccessful_file_modification_creat
++    - audit_rules_unsuccessful_file_modification_creat.severity=low
 +    - audit_rules_unsuccessful_file_modification_openat
++    - audit_rules_unsuccessful_file_modification_openat.severity=low
 +    - audit_rules_file_deletion_events_rename
++    - audit_rules_file_deletion_events_rename.severity=low
 +    - audit_rules_file_deletion_events_renameat
++    - audit_rules_file_deletion_events_renameat.severity=low
 +    - audit_rules_file_deletion_events_unlink
++    - audit_rules_file_deletion_events_unlink.severity=low
 +    - audit_rules_file_deletion_events_unlinkat
++    - audit_rules_file_deletion_events_unlinkat.severity=low
 +    - audit_rules_media_export
++    - audit_rules_media_export.severity=low
 +    - configure_service_logging
++    - configure_service_logging.severity=low
 +    - configure_dump_journald_log
++    - configure_dump_journald_log.severity=high
 +    - configure_rsyslog_log_rotate
++    - configure_rsyslog_log_rotate.severity=high
 +    - rsyslog_remote_loghost
++    - rsyslog_remote_loghost.severity=low
 +    - rsyslog_accept_remote_messages_tcp
++    - rsyslog_accept_remote_messages_tcp.severity=low
 +    - rsyslog_accept_remote_messages_udp
++    - rsyslog_accept_remote_messages_udp.severity=low
 +    - ima_verification
++    - ima_verification.severity=low
 +    - enable_aide_detection
++    - enable_aide_detection.severity=low
 +    - service_haveged_enabled
++    - service_haveged_enabled.severity=low
 +    - configure_crypto_policy
++    - configure_crypto_policy.severity=low
 -- 
 2.42.0.windows.2
 

scap-security-guide.spec

@@ -15,7 +15,7 @@ Patch0006:init-openEuler-ssg-project.patch
 Patch0007:enable-76-rules-for-openEuler.patch
 Patch0008:enable-54-rules-for-openEuler.patch
 Patch0009:add-15-rules-for-openeuler.patch
-Patch0010:add-80-rules-for-openeuler.patch 
+Patch0010:optimize-80-rules-for-openEuler.patch
 
 BuildArch:	noarch
 BuildRequires: 	libxslt, expat, python3, openscap-scanner >= 1.2.5, cmake >= 3.8, python3-jinja2, python3-PyYAML
@@ -70,7 +70,7 @@ cd build
 %doc %{_docdir}/%{name}/tables/*.html
 
 %changelog
-* Mon Dec 4 2023 wangqingsan <wangqingsan@huawei.com> - 0.1.49-10
+* Fri Dec 8 2023 wangqingsan <wangqingsan@huawei.com> - 0.1.49-10
 - enable 80 rules for openEuler
 
 * Fri Nov 17 2023 wangqingsan <wangqingsan@huawei.com> - 0.1.49-9