From 461724126868506136f6d49bf874b80fa5435cab Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Mon, 21 Aug 2023 14:42:43 +0200
Subject: [PATCH 1/2] add anssi references to rules

---
 linux_os/guide/system/auditing/package_audit_installed/rule.yml | 2 +-
 linux_os/guide/system/auditing/service_auditd_enabled/rule.yml  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
index b71d4e054a9..6606405c77f 100644
--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -17,7 +17,7 @@ identifiers:
     cce@sle15: CCE-85612-0
 
 references:
-    anssi: BP28(R50)
+    anssi: BP28(R33),BP28(R73)
     cis@alinux3: 4.1.1.1
     cis@rhel7: 4.1.1.1
     cis@rhel8: 4.1.1.1
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
index 6bcfbc03a55..5891551b89d 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -32,6 +32,7 @@ identifiers:
     cce@sle15: CCE-85581-7
 
 references:
+    anssi: BP28(R33),BP28(R73)
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
     cis@alinux2: 4.1.2
     cis@alinux3: 4.1.1.2

From 468b1b4d23583d98b1044d143a5f2b339bf1f331 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Mon, 21 Aug 2023 14:42:59 +0200
Subject: [PATCH 2/2] add rules enabling audit to ANSSI control file

---
 controls/anssi.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/controls/anssi.yml b/controls/anssi.yml
index 7a0d14fc1f1..b142387b668 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
@@ -817,6 +817,8 @@ controls:
     - sshd_disable_root_login
     - package_sudo_installed
     - audit_rules_privileged_commands_sudo
+    - service_auditd_enabled
+    - package_audit_installed
 
   - id: R34
     title: Deactivation of service accounts
@@ -1427,6 +1429,8 @@ controls:
     - audit_rules_privileged_commands_kmod
 
     - audit_rules_immutable
+    - service_auditd_enabled
+    - package_audit_installed
 
   - id: R74
     title: Configuring the local messaging service