fixed 252160

mitre · Apr 9, 2024 · 4d7227a · 4d7227a
1 parent fe9fb22
commit 4d7227a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 11 deletions.
diff --git a/spec/ansible/roles/mongo-stig/tasks/cat1.yml b/spec/ansible/roles/mongo-stig/tasks/cat1.yml
@@ -83,11 +83,21 @@
     - enterprise
 
 - name: "HIGH | SV-252160 | MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB."
-  ansible.builtin.shell: |
-      chown {{ mongo_owner }}:{{ mongo_group }} {{ certificate_key_file_dest }}
-      chmod {{ mongo_permissions }} {{ certificate_key_file_dest }}
-      chown {{ mongo_owner }}:{{ mongo_group }} {{ ca_file_dest }}
-      chmod {{ mongo_permissions }} {{ ca_file_dest }}
+  block:
+    - name: "HIGH | SV-252160 | MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | Certificate Key File"
+      ansible.builtin.file: 
+        path: "{{ certificate_key_file_dest }}"
+        owner: "{{ mongo_owner }}"
+        group: "{{ mongo_group }}"
+        mode: "{{ mongo_permissions }}"
+
+    - name: "HIGH | SV-252160 | MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | CA File"
+      ansible.builtin.file: 
+        path: "{{ ca_file_dest }}"
+        owner: "{{ mongo_owner }}"
+        group: "{{ mongo_group }}"
+        mode: "{{ mongo_permissions }}"
+
   ignore_errors: true
   tags:
     - cat1

diff --git a/spec/ansible/roles/mongo-stig/tasks/cat2.yml b/spec/ansible/roles/mongo-stig/tasks/cat2.yml
@@ -1,27 +1,27 @@
 ---
 - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components."
   block:
-    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | syslog option"
+    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | Syslog Option"
       yedit:
         src: "{{ mongod_config_path }}"
         key: auditLog.destination
         value: "{{ audit_log_destination}}"
       when: audit_log_destination == "syslog"
 
-    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | check for file directory"
+    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | Check for file directory"
       ansible.builtin.file:
         path: "{{ mongo_audit_directory_path }}"
         state: directory
         mode: "{{ mongo_permissions }}"
       when: audit_log_destination == "file"
 
-    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | check if file exists"
+    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | Check if file exists"
       ansible.builtin.file:
         path: "{{ mongo_audit_file_path }}"
         state: touch
       when: audit_log_destination == "file"
 
-    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | file option"
+    - name: "MEDIUM | SV-252134 | MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | File option"
       yedit:
         src: "{{ mongod_config_path }}"
         edits:
@@ -114,14 +114,14 @@
 
 - name: "MEDIUM | SV-252142 | MongoDB must prevent unauthorized and unintended information transfer via shared system resources."
   block:
-    - name: "MEDIUM | SV-252142 | MongoDB must prevent unauthorized and unintended information transfer via shared system resources. | conf file"
+    - name: "MEDIUM | SV-252142 | MongoDB must prevent unauthorized and unintended information transfer via shared system resources. | Conf file"
       ansible.builtin.file: 
         path: "{{ mongod_config_path }}"
         owner: "{{ mongo_owner }}"
         group: "{{ mongo_group}}"
         mode: "{{ mongo_permissions }}"
 
-    - name: "MEDIUM | SV-252142 | MongoDB must prevent unauthorized and unintended information transfer via shared system resources. | data directory"
+    - name: "MEDIUM | SV-252142 | MongoDB must prevent unauthorized and unintended information transfer via shared system resources. | Data directory"
       ansible.builtin.file: 
         path: "{{ data_file_directory_path }}"
         owner: "{{ mongo_owner }}"