Merge pull request #13846 from sig-bsi-grundschutz/fix-bsi

Mab879 · web-flow · commit 63855bf175f9 · 2025-09-03T10:18:39.000-05:00
Fix bsi conflicts
diff --git a/controls/bsi_sys_1_1_rhel9.yml b/controls/bsi_sys_1_1_rhel9.yml
@@ -525,6 +525,12 @@ controls:
 
           - rpm_verify_hashes
           - rpm_verify_ownership
+
+      related_rules:
+      # while rpm_verify_permissions is a part of how to detect changes, it conflicts
+      # with permission hardening rules like the cron_permissions rules and therelike.
+      # it is more important to harden the permissions to prevent change, than it is to
+      # ensure that the permissions are the same as in the rpm database.
           - rpm_verify_permissions
 
     - id: SYS.1.1.A28
diff --git a/products/rhel9/profiles/bsi-2022.profile b/products/rhel9/profiles/bsi-2022.profile
diff --git a/products/rhel9/profiles/bsi.profile b/products/rhel9/profiles/bsi.profile
@@ -19,4 +19,10 @@ description: |-
     - Building-Block SYS.1.1 General Server
     - Building-Block SYS.1.3 Linux Server
 
-extends: bsi-2022
+selections:
+    - bsi_sys_1_1_rhel9:all
+    - bsi_sys_1_3_rhel9:all
+
+    # BSI APP.4.4.A4
+    - var_selinux_policy_name=targeted
+    - var_selinux_state=enforcing
