From 1668ef91b716e581a93211a297c9dbf09a7a1f1f Mon Sep 17 00:00:00 2001
From: Craig Poma <cpoma@mitre.org>
Date: Fri, 11 Oct 2019 19:09:44 -0400
Subject: [PATCH 01/13] Added some missing tests

---
 controls/V-81017.rb | 63 +++++++++++++++++++++++++++++++++++++++++++++
 controls/V-81019.rb | 51 ++++++++++++++++++++++++++++++++++++
 controls/V-81021.rb | 52 +++++++++++++++++++++++++++++++++++++
 3 files changed, 166 insertions(+)
 create mode 100644 controls/V-81017.rb
 create mode 100644 controls/V-81019.rb
 create mode 100644 controls/V-81021.rb

diff --git a/controls/V-81017.rb b/controls/V-81017.rb
new file mode 100644
index 000000000..b48a74f30
--- /dev/null
+++ b/controls/V-81017.rb
@@ -0,0 +1,63 @@
+# encoding: utf-8
+#
+control "V-81017" do
+  title "The Red Hat Enterprise Linux operating system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon."
+  desc  "
+    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a 
+    common process in information systems with limited audit storage capacity. Without the configuration of the \"au-remote\" 
+    plugin, the audisp-remote daemon will not off load the logs from the system being audited.
+  "
+  impact 0.5
+  tag "gtitle": "SRG-OS-000342-GPOS-00133"
+  tag "satisfies": ["SRG-OS-000342-GPOS-00133", "SRG-OS-000479-GPOS-00224"]
+  tag "gid": "V-81017"
+  tag "rid": "SV-95729r1_rule"
+  tag "stig_id": "RHEL-07-030210"
+  tag "cci": ["CCI-001851"]
+  tag "documentable": true
+  tag "nist": ["AU-12 c", "Rev_4"]
+  tag "subsystems": ["audit"]
+  tag "check_id": "C-80731r2_chk"
+  tag "fix_id": "F-87851r2_fix"
+  desc "check", "
+  Verify the \"au-remote\" plugin is configured to always off-load audit logs using the audisp-remote daemon:
+
+  # cat /etc/audisp/plugins.d/au-remote.conf | grep -v \"^#\"
+
+  active = yes
+  direction = out
+  path = /sbin/audisp-remote
+  type = always
+  format = string
+
+  If the \"direction\" setting is not set to \"out\", or the line is commented out, this is a finding.
+
+  If the \"path\" setting is not set to \"/sbin/audisp-remote\", or the line is commented out, this is a finding.
+
+  If the \"type\" setting is not set to \"always\", or the line is commented out, this is a finding.
+  "
+  desc "fix", "
+  Edit the /etc/audisp/plugins.d/au-remote.conf file and add or update the following values:
+
+  direction = out
+  path = /sbin/audisp-remote
+  type = always
+
+  The audit daemon must be restarted for changes to take effect:
+
+  # service auditd restart
+  "
+
+  if file('/etc/audisp/audispd.conf').exist?
+    describe parse_config_file('/etc/audisp/audispd.conf') do
+      its('direction') { should match %r{out$} }
+      its('path') { should match %r{/sbin/audisp-remote$} }
+      its('type') { should match %r{always$} }
+    end
+  else
+    describe "File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually" do
+      skip "File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually"
+    end
+  end
+
+end
diff --git a/controls/V-81019.rb b/controls/V-81019.rb
new file mode 100644
index 000000000..070218743
--- /dev/null
+++ b/controls/V-81019.rb
@@ -0,0 +1,51 @@
+# encoding: utf-8
+#
+control "V-81019" do
+  title "The Red Hat Enterprise Linux operating system must take appropriate action when the audisp-remote buffer is full."
+  desc  "
+   Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a 
+   common process in information systems with limited audit storage capacity. When the remote buffer is full, audit 
+   logs will not be collected and sent to the central log server.
+  "
+  impact 0.5
+  tag "gtitle": "SRG-OS-000342-GPOS-00133"
+  tag "satisfies": ["SRG-OS-000342-GPOS-00133", "SRG-OS-000479-GPOS-00224"]
+  tag "gid": "V-81019"
+  tag "rid": "SV-95731r1_rule"
+  tag "stig_id": "RHEL-07-030210"
+  tag "cci": ["CCI-001851"]
+  tag "documentable": true
+  tag "nist": ["AU-12 c", "Rev_4"]
+  tag "subsystems": ["audit"]
+  tag "check_id": "C-80735r1_chk"
+  tag "fix_id": "F-87853r3_fix"
+  desc "check", "
+  Verify the audisp daemon is configured to take an appropriate action when the internal queue is full:
+
+  # grep \"overflow_action\" /etc/audisp/audispd.conf
+
+  overflow_action = syslog
+
+  If the \"overflow_action\" option is not \"syslog\", \"single\", or \"halt\", or the line is commented out, this is a finding.
+  "
+  desc "fix", "
+  Edit the /etc/audisp/audispd.conf file and add or update the \"overflow_action\" option:
+
+  overflow_action = syslog
+
+  The audit daemon must be restarted for changes to take effect:
+
+  # service auditd restart
+  "
+
+  if file('/etc/audisp/audispd.conf').exist?
+    describe parse_config_file('/etc/audisp/audispd.conf') do
+      its('overflow_action') { should match %r{syslog$|single$|halt$} }
+    end
+  else
+    describe "File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually" do
+      skip "File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually"
+    end
+  end
+
+end
diff --git a/controls/V-81021.rb b/controls/V-81021.rb
new file mode 100644
index 000000000..ce059b6cb
--- /dev/null
+++ b/controls/V-81021.rb
@@ -0,0 +1,52 @@
+# encoding: utf-8
+#
+control "V-81021" do
+  title "The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server."
+  desc  "
+   Information stored in one location is vulnerable to accidental or incidental deletion or alteration. 
+   Off-loading is a common process in information systems with limited audit storage capacity. When audit 
+   logs are not labeled before they are sent to a central log server, the audit data will not be able to 
+   be analyzed and tied back to the correct system.
+  "
+  impact 0.5
+  tag "gtitle": "SRG-OS-000342-GPOS-00133"
+  tag "satisfies": ["SRG-OS-000342-GPOS-00133", "SRG-OS-000479-GPOS-00224"]
+  tag "gid": "V-81021"
+  tag "rid": "SV-95733r1_rule"
+  tag "stig_id": "RHEL-07-030211"
+  tag "cci": ["CCI-001851"]
+  tag "documentable": true
+  tag "nist": ["AU-12 c", "Rev_4"]
+  tag "subsystems": ["audit"]
+  tag "check_id": "C-80737r1_chk"
+  tag "fix_id": "F-87855r2_fix"
+  desc "check", "
+  Verify the audisp daemon is configured to label all off-loaded audit logs:
+
+  # grep \"name_format\" /etc/audisp/audispd.conf
+
+  name_format = hostname
+
+  If the \"name_format\" option is not \"hostname\", \"fqd\", or \"numeric\", or the line is commented out, this is a finding.
+  "
+  desc "fix", "
+  Edit the /etc/audisp/audispd.conf file and add or update the \"name_format\" option:
+
+  name_format = hostname
+
+  The audit daemon must be restarted for changes to take effect:
+
+  # service auditd restart
+  "
+
+  if file('/etc/audisp/audispd.conf').exist?
+    describe parse_config_file('/etc/audisp/audispd.conf') do
+      its('name_format') { should match %r{hostname$|fqd$|\d+} }
+    end
+  else
+    describe "File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually" do
+      skip "File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually"
+    end
+  end
+
+end

From 9ea34a39675c8ad5ea535a49b317ff8c8dfc59c6 Mon Sep 17 00:00:00 2001
From: Craig Poma <cpoma@mitre.org>
Date: Fri, 11 Oct 2019 19:39:30 -0400
Subject: [PATCH 02/13] Added missing tests

---
 controls/V-81009.rb | 42 ++++++++++++++++++++++++++++++++++++++++
 controls/V-81011.rb | 31 ++++++++++++++++++++++++++++++
 controls/V-81013.rb | 31 ++++++++++++++++++++++++++++++
 controls/V-81015.rb | 47 +++++++++++++++++++++++++++++++++++++++++++++
 controls/V-81017.rb |  2 +-
 controls/V-81019.rb |  2 +-
 controls/V-81021.rb |  2 +-
 7 files changed, 154 insertions(+), 3 deletions(-)
 create mode 100644 controls/V-81009.rb
 create mode 100644 controls/V-81011.rb
 create mode 100644 controls/V-81013.rb
 create mode 100644 controls/V-81015.rb

diff --git a/controls/V-81009.rb b/controls/V-81009.rb
new file mode 100644
index 000000000..c409521f0
--- /dev/null
+++ b/controls/V-81009.rb
@@ -0,0 +1,42 @@
+# encoding: utf-8
+#
+control "V-81009" do
+  title "The Red Hat Enterprise Linux operating system must mount /dev/shm with the nodev option."
+  desc  "
+  The \"nodev\" mount option causes the system to not interpret character or block special devices. 
+  Executing character or block special devices from untrusted file systems increases the opportunity 
+  for unprivileged users to attain unauthorized administrative access."
+  impact 0.5
+  tag "gtitle": "SRG-OS-000368-GPOS-00154"
+  tag "gid": "V-81009"
+  tag "rid": "SV-95721r1_rule "
+  tag "stig_id": "RHEL-07-021022"
+  tag "cci": ["CCI-001764"]
+  tag "documentable": false
+  tag "nist": ["CM-6 b", "Rev_4"]
+  tag "subsystems": ['file_system']
+  desc "check", "
+  Verify that the \"nodev\" option is configured for /dev/shm.
+
+  Check that the operating system is configured to use the \"nodev\" option for /dev/shm with the following command:
+
+  # cat /etc/fstab | grep /dev/shm | grep nodev
+
+  tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
+
+  If the \"nodev\" option is not present on the line for \"/dev/shm\", this is a finding.
+
+  Verify \"/dev/shm\" is mounted with the \"nodev\" option:
+
+  # mount | grep \"/dev/shm\" | grep nodev
+
+  If no results are returned, this is a finding.
+  "
+  desc "fix", "
+  Configure the \"/etc/fstab\" to use the \"nodev\" option for all lines containing \"/dev/shm\".
+  "
+
+  describe mount('/dev/shm') do
+    its('options') { should include 'nodev' }
+  end
+end
diff --git a/controls/V-81011.rb b/controls/V-81011.rb
new file mode 100644
index 000000000..5a688109b
--- /dev/null
+++ b/controls/V-81011.rb
@@ -0,0 +1,31 @@
+# encoding: utf-8
+#
+control "V-81011" do
+  title "The Red Hat Enterprise Linux operating system must mount /dev/shm with the nosuid option."
+  desc  "
+  The \"nosuid\" mount option causes the system to not execute \"setuid\" and \setgid\" files with owner privileges. 
+  This option must be used for mounting any file system not containing approved \"setuid\" and \"setguid\" files. 
+  Executing files from untrusted file systems increases the opportunity for unprivileged users to attain 
+  unauthorized administrative access."
+  impact 0.5
+  tag "gtitle": "SRG-OS-000368-GPOS-00154"
+  tag "gid": "V-81011"
+  tag "rid": "SV-95723r1_rule"
+  tag "stig_id": "RHEL-07-021023"
+  tag "cci": ["CCI-001764"]
+  tag "documentable": false
+  tag "nist": ["CM-6 b", "Rev_4"]
+  tag "subsystems": ['file_system']
+  desc "check", "
+  The \"nosuid\" mount option causes the system to not execute \"setuid\" and \"setgid\" files with owner privileges. 
+  This option must be used for mounting any file system not containing approved \"setuid\" and \"setguid\" files. 
+  Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+  "
+  desc "fix", "
+  Configure the system so that /dev/shm is mounted with the \"nosuid\" option.
+  "
+
+  describe mount('/dev/shm') do
+    its('options') { should include 'nosuid' }
+  end
+end
diff --git a/controls/V-81013.rb b/controls/V-81013.rb
new file mode 100644
index 000000000..a992b278c
--- /dev/null
+++ b/controls/V-81013.rb
@@ -0,0 +1,31 @@
+# encoding: utf-8
+#
+control "V-81013" do
+  title "The Red Hat Enterprise Linux operating system must mount /dev/shm with the noexec option."
+  desc  "The \"noexec\" mount option causes the system to not execute binary files. This option 
+  must be used for mounting any file system not containing approved binary files as they may be 
+  incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged 
+  users to attain unauthorized administrative access."
+  impact 0.5
+  tag "gtitle": "SRG-OS-000368-GPOS-00154"
+  tag "gid": "V-81013"
+  tag "rid": "SV-95725r1_rule"
+  tag "stig_id": "RHEL-07-001764"
+  tag "cci": ["CCI-000366"]
+  tag "documentable": false
+  tag "nist": ["CM-6 b", "Rev_4"]
+  tag "subsystems": ['file_system']
+  desc "check", "
+  The \"noexec\" mount option causes the system to not execute binary files. This option must be used 
+  for mounting any file system not containing approved binary files as they may be incompatible. Executing 
+  files from untrusted file systems increases the opportunity for unprivileged users to attain 
+  unauthorized administrative access.
+  "
+  desc "fix", "
+  Configure the system so that /dev/shm is mounted with the \"noexec\" option.
+  "
+
+  describe mount('/dev/shm') do
+    its('options') { should include 'noexec' }
+  end
+end
diff --git a/controls/V-81015.rb b/controls/V-81015.rb
new file mode 100644
index 000000000..ddbc9aefd
--- /dev/null
+++ b/controls/V-81015.rb
@@ -0,0 +1,47 @@
+# encoding: utf-8
+#
+control "V-81015" do
+  title "The Red Hat Enterprise Linux operating system must be configured to use the au-remote plugin."
+  desc  "
+  Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is 
+  a common process in information systems with limited audit storage capacity. Without the configuration of 
+  the \"au-remote\" plugin, the audisp-remote daemon will not off-load the logs from the system being audited.
+  "
+  impact 0.5
+  tag "gtitle": "SRG-OS-000342-GPOS-00133"
+  tag "satisfies": ["SRG-OS-000342-GPOS-00133", "SRG-OS-000479-GPOS-00224"]
+  tag "gid": "V-81015"
+  tag "rid": "SV-95727r1_rule"
+  tag "stig_id": "RHEL-07-030200"
+  tag "cci": ["CCI-001851"]
+  tag "documentable": false
+  tag "nist": ["AU-12 c", "Rev_4"]
+  tag "subsystems": ["audit"]
+  tag "check_id": "C-80729r1_chk"
+  tag "fix_id": "F-87849r2_fix"
+  desc "check", "
+  Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+
+  Off-loading is a common process in information systems with limited audit storage capacity.
+
+  Without the configuration of the \"au-remote\" plugin, the audisp-remote daemon will not off-load the logs from the system being audited.
+  "
+  desc "fix", "
+  Edit the /etc/audisp/plugins.d/au-remote.conf file and change the value of \"active\" to \"yes\".
+
+  The audit daemon must be restarted for changes to take effect:
+
+  # service auditd restart
+  "
+
+  if file('/etc/audisp/audispd.conf').exist?
+    describe parse_config_file('/etc/audisp/audispd.conf') do
+      its('active') { should match %r{yes$} }
+    end
+  else
+    describe "File '/etc/audisp/audispd.conf' cannot be found. This test cannot be checked in a automated fashion and you must check it manually" do
+      skip "File '/etc/audisp/audispd.conf' cannot be found. This check must be performed manually"
+    end
+  end
+
+end
diff --git a/controls/V-81017.rb b/controls/V-81017.rb
index b48a74f30..ddfd198f7 100644
--- a/controls/V-81017.rb
+++ b/controls/V-81017.rb
@@ -14,7 +14,7 @@
   tag "rid": "SV-95729r1_rule"
   tag "stig_id": "RHEL-07-030210"
   tag "cci": ["CCI-001851"]
-  tag "documentable": true
+  tag "documentable": false
   tag "nist": ["AU-12 c", "Rev_4"]
   tag "subsystems": ["audit"]
   tag "check_id": "C-80731r2_chk"
diff --git a/controls/V-81019.rb b/controls/V-81019.rb
index 070218743..0c65b4e3e 100644
--- a/controls/V-81019.rb
+++ b/controls/V-81019.rb
@@ -14,7 +14,7 @@
   tag "rid": "SV-95731r1_rule"
   tag "stig_id": "RHEL-07-030210"
   tag "cci": ["CCI-001851"]
-  tag "documentable": true
+  tag "documentable": false
   tag "nist": ["AU-12 c", "Rev_4"]
   tag "subsystems": ["audit"]
   tag "check_id": "C-80735r1_chk"
diff --git a/controls/V-81021.rb b/controls/V-81021.rb
index ce059b6cb..6e592d551 100644
--- a/controls/V-81021.rb
+++ b/controls/V-81021.rb
@@ -15,7 +15,7 @@
   tag "rid": "SV-95733r1_rule"
   tag "stig_id": "RHEL-07-030211"
   tag "cci": ["CCI-001851"]
-  tag "documentable": true
+  tag "documentable": false
   tag "nist": ["AU-12 c", "Rev_4"]
   tag "subsystems": ["audit"]
   tag "check_id": "C-80737r1_chk"

From ee40b5e3f1bc952685efb00fdaf54f184edee3c6 Mon Sep 17 00:00:00 2001
From: Craig Poma <cpoma@mitre.org>
Date: Sat, 12 Oct 2019 15:39:09 -0400
Subject: [PATCH 03/13] Added ability to skips test that have been deprecated
 and removed from the STIG. Currently the following have been removed from the
 Latest STIG RHEL7 V2R4     V-71895 - The operating system must set the idle
 delay setting for all connection types.     V-71981 - The operating system
 must prevent the installation of software, patches, service packs, device
 drivers, or operating system components of packages without verification of
 the repository metadata.     V-72143 - The operating system must generate
 audit records for all successful/unsuccessful account access count events.   
  V-72169 - All uses of the sudoedit command must be audited.     V-72181 -
 All uses of the pt_chown command must be audited.     V-72193 - All uses of
 the rmmod command must be audited     V-72195 - All uses of the modprobe
 command must be audited.     V-72215 - The system must update the virus scan
 program every seven days or more frequently     V-72435 - The operating
 system must implement smart card logons for multifactor authentication for
 access to privileged accounts.     V-78995 - The operating system must
 prevent a user from overriding the screensaver lock-enabled setting for the
 graphical user interface.

---
 attributes.yml      | 14 +++++++++++
 controls/V-71895.rb | 38 ++++++++++++-----------------
 controls/V-71981.rb | 31 ++++++++++++++++--------
 controls/V-72143.rb | 41 +++++++++++++++++++------------
 controls/V-72169.rb | 39 +++++++++++++++++++-----------
 controls/V-72181.rb | 39 +++++++++++++++++++-----------
 controls/V-72193.rb | 39 +++++++++++++++++++-----------
 controls/V-72195.rb | 43 +++++++++++++++++++++------------
 controls/V-72215.rb | 59 +++++++++++++++++++++++++++------------------
 controls/V-72435.rb | 43 ++++++++++++---------------------
 controls/V-78995.rb | 24 ++++++++++++------
 11 files changed, 246 insertions(+), 164 deletions(-)

diff --git a/attributes.yml b/attributes.yml
index 01cb6331c..97fbfdba3 100644
--- a/attributes.yml
+++ b/attributes.yml
@@ -4,6 +4,20 @@
 # Controls that are known to consistently have long run times can be disabled with this attribute
 disable_slow_controls: false
 
+# Skips test that have been deprecated and removed from the STIG. 
+# Currently the following have been removed from the Latest STIG RHEL7 V2R4
+#    V-71895 - The operating system must set the idle delay setting for all connection types.
+#    V-71981 - The operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of packages without verification of the repository metadata.
+#    V-72143 - The operating system must generate audit records for all successful/unsuccessful account access count events.
+#    V-72169 - All uses of the sudoedit command must be audited.
+#    V-72181 - All uses of the pt_chown command must be audited.
+#    V-72193 - All uses of the rmmod command must be audited
+#    V-72195 - All uses of the modprobe command must be audited.
+#    V-72215 - The system must update the virus scan program every seven days or more frequently
+#    V-72435 - The operating system must implement smart card logons for multifactor authentication for access to privileged accounts.
+#    V-78995 - The operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
+skip_deprecated_test: true
+
 # V-72081 - 'monitor_kernel_log', (bool)
 # Set this to false if your system availability concern is not documented or
 # there is no monitoring of the kernel log
diff --git a/controls/V-71895.rb b/controls/V-71895.rb
index 5535b0ff4..917753fdf 100644
--- a/controls/V-71895.rb
+++ b/controls/V-71895.rb
@@ -1,24 +1,9 @@
 # encoding: utf-8
 #
-=begin
------------------
-Benchmark: Red Hat Enterprise Linux 7 Security Technical Implementation Guide
-Status: Accepted
-
-This Security Technical Implementation Guide is published as a tool to improve
-the security of Department of Defense (DoD) information systems. The
-requirements are derived from the National Institute of Standards and
-Technology (NIST) 800-53 and related documents. Comments or proposed revisions
-to this document should be sent via email to the following address:
-disa.stig_spt@mail.mil.
-
-Release Date: 2017-03-08
-Version: 1
-Publisher: DISA
-Source: STIG.DOD.MIL
-uri: http://iase.disa.mil
------------------
-=end
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
 
 control "V-71895" do
   title "The operating system must set the idle delay setting for all connection
@@ -82,9 +67,16 @@
 
 /org/gnome/desktop/screensaver/idle-delay"
 
-  describe command("grep -i idle-delay /etc/dconf/db/*/locks/*") do
-    its('stdout.strip') { should_not cmp "" }
-    its('stderr') { should_not match /.*No such file or directory\n?$/ }
+
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe command("grep -i idle-delay /etc/dconf/db/*/locks/*") do
+      its('stdout.strip') { should_not cmp "" }
+      its('stderr') { should_not match /.*No such file or directory\n?$/ }
+    end
+    only_if { package('gnome-desktop3').installed? }
   end
-  only_if { package('gnome-desktop3').installed? }
 end
diff --git a/controls/V-71981.rb b/controls/V-71981.rb
index d9d582b2e..7d7191fa6 100644
--- a/controls/V-71981.rb
+++ b/controls/V-71981.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-71981" do
   title "The operating system must prevent the installation of software,
 patches, service packs, device drivers, or operating system components of
@@ -52,19 +57,25 @@
 repo_gpgcheck=1"
   tag "fix_id": "F-78333r1_fix"
 
-  yum_conf = file('/etc/yum.conf')
-
-  describe yum_conf.path do
-    context yum_conf do
-      it { should exist }
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
     end
+  else
+    yum_conf = file('/etc/yum.conf')
+
+    describe yum_conf.path do
+      context yum_conf do
+        it { should exist }
+      end
 
-    if yum_conf.exist?
-      context '[main]' do
-        context 'repo_gpgcheck' do
-          it { expect( ini(yum_conf.path)['main'][subject] ).to cmp 1 }
+      if yum_conf.exist?
+        context '[main]' do
+          context 'repo_gpgcheck' do
+            it { expect( ini(yum_conf.path)['main'][subject] ).to cmp 1 }
+          end
         end
       end
     end
-  end
+  end  
 end
diff --git a/controls/V-72143.rb b/controls/V-72143.rb
index be8452d8a..95dd82a3b 100644
--- a/controls/V-72143.rb
+++ b/controls/V-72143.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-72143" do
   title "The operating system must generate audit records for all
 successful/unsuccessful account access count events."
@@ -51,22 +56,28 @@
     impact 0.0
   end
 
-  describe auditd.file(audit_file) do
-    its('permissions') { should_not cmp [] }
-    its('action') { should_not include 'never' }
-  end if file(audit_file).exist?
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe auditd.file(audit_file) do
+      its('permissions') { should_not cmp [] }
+      its('action') { should_not include 'never' }
+    end if file(audit_file).exist?
 
-  # Resource creates data structure including all usages of file
-  perms = auditd.file(audit_file).permissions
+    # Resource creates data structure including all usages of file
+    perms = auditd.file(audit_file).permissions
 
-  perms.each do |perm|
-    describe perm do
-      it { should include 'w' }
-      it { should include 'a' }
-    end
-  end if file(audit_file).exist?
+    perms.each do |perm|
+      describe perm do
+        it { should include 'w' }
+        it { should include 'a' }
+      end
+    end if file(audit_file).exist?
 
-  describe "The #{audit_file} file does not exist" do
-    skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
-  end if !file(audit_file).exist?
+    describe "The #{audit_file} file does not exist" do
+      skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
+    end if !file(audit_file).exist?
+  end  
 end
diff --git a/controls/V-72169.rb b/controls/V-72169.rb
index 6d06f7c7b..351a78355 100644
--- a/controls/V-72169.rb
+++ b/controls/V-72169.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-72169" do
   title "All uses of the sudoedit command must be audited."
   desc  "
@@ -51,21 +56,27 @@
     impact 0.0
   end
 
-  describe auditd.file(audit_file) do
-    its('permissions') { should_not cmp [] }
-    its('action') { should_not include 'never' }
-  end if file(audit_file).exist?
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe auditd.file(audit_file) do
+      its('permissions') { should_not cmp [] }
+      its('action') { should_not include 'never' }
+    end if file(audit_file).exist?
 
-  # Resource creates data structure including all usages of file
-  perms = auditd.file(audit_file).permissions
+    # Resource creates data structure including all usages of file
+    perms = auditd.file(audit_file).permissions
 
-  perms.each do |perm|
-    describe perm do
-      it { should include 'x' }
-    end
-  end if file(audit_file).exist?
+    perms.each do |perm|
+      describe perm do
+        it { should include 'x' }
+      end
+    end if file(audit_file).exist?
 
-  describe "The #{audit_file} file does not exist" do
-    skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
-  end if !file(audit_file).exist?
+    describe "The #{audit_file} file does not exist" do
+      skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
+    end if !file(audit_file).exist?
+  end  
 end
diff --git a/controls/V-72181.rb b/controls/V-72181.rb
index df50b4d97..e73e70533 100644
--- a/controls/V-72181.rb
+++ b/controls/V-72181.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-72181" do
   title "All uses of the pt_chown command must be audited."
   desc  "
@@ -55,21 +60,27 @@
     impact 0.0
   end
 
-  describe auditd.file(audit_file) do
-    its('permissions') { should_not cmp [] }
-    its('action') { should_not include 'never' }
-  end if file(audit_file).exist?
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe auditd.file(audit_file) do
+      its('permissions') { should_not cmp [] }
+      its('action') { should_not include 'never' }
+    end if file(audit_file).exist?
 
-  # Resource creates data structure including all usages of file
-  perms = auditd.file(audit_file).permissions
+    # Resource creates data structure including all usages of file
+    perms = auditd.file(audit_file).permissions
 
-  perms.each do |perm|
-    describe perm do
-      it { should include 'x' }
-    end
-  end if file(audit_file).exist?
+    perms.each do |perm|
+      describe perm do
+        it { should include 'x' }
+      end
+    end if file(audit_file).exist?
 
-  describe "The #{audit_file} file does not exist" do
-    skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
-  end if !file(audit_file).exist?
+    describe "The #{audit_file} file does not exist" do
+      skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
+    end if !file(audit_file).exist?
+  end  
 end
diff --git a/controls/V-72193.rb b/controls/V-72193.rb
index fa42be47e..d6a81143d 100644
--- a/controls/V-72193.rb
+++ b/controls/V-72193.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-72193" do
   title "All uses of the rmmod command must be audited."
   desc  "
@@ -51,21 +56,27 @@
     impact 0.0
   end
 
-  describe auditd.file(audit_file) do
-    its('permissions') { should_not cmp [] }
-    its('action') { should_not include 'never' }
-  end if file(audit_file).exist?
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe auditd.file(audit_file) do
+      its('permissions') { should_not cmp [] }
+      its('action') { should_not include 'never' }
+    end if file(audit_file).exist?
 
-  # Resource creates data structure including all usages of file
-  perms = auditd.file(audit_file).permissions
+    # Resource creates data structure including all usages of file
+    perms = auditd.file(audit_file).permissions
 
-  perms.each do |perm|
-    describe perm do
-      it { should include 'x' }
-    end
-  end if file(audit_file).exist?
+    perms.each do |perm|
+      describe perm do
+        it { should include 'x' }
+      end
+    end if file(audit_file).exist?
 
-  describe "The #{audit_file} file does not exist" do
-    skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
-  end if !file(audit_file).exist?
+    describe "The #{audit_file} file does not exist" do
+      skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
+    end if !file(audit_file).exist?
+  end  
 end
diff --git a/controls/V-72195.rb b/controls/V-72195.rb
index 938e0dcc5..8599f0150 100644
--- a/controls/V-72195.rb
+++ b/controls/V-72195.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-72195" do
   title "All uses of the modprobe command must be audited."
   desc  "
@@ -55,21 +60,27 @@
     impact 0.0
   end
 
-  describe auditd.file(audit_file) do
-    its('permissions') { should_not cmp [] }
-    its('action') { should_not include 'never' }
-  end if file(audit_file).exist?
-
-  # Resource creates data structure including all usages of file
-  perms = auditd.file(audit_file).permissions
-
-  perms.each do |perm|
-    describe perm do
-      it { should include 'x' }
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
     end
-  end if file(audit_file).exist?
-
-  describe "The #{audit_file} file does not exist" do
-    skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
-  end if !file(audit_file).exist?
+  else
+    describe auditd.file(audit_file) do
+      its('permissions') { should_not cmp [] }
+      its('action') { should_not include 'never' }
+    end if file(audit_file).exist?
+
+    # Resource creates data structure including all usages of file
+    perms = auditd.file(audit_file).permissions
+
+    perms.each do |perm|
+      describe perm do
+        it { should include 'x' }
+      end
+    end if file(audit_file).exist?
+
+    describe "The #{audit_file} file does not exist" do
+      skip "The #{audit_file} file does not exist, this requirement is Not Applicable."
+    end if !file(audit_file).exist?
+  end  
 end
diff --git a/controls/V-72215.rb b/controls/V-72215.rb
index 80005e3b1..bb707532b 100644
--- a/controls/V-72215.rb
+++ b/controls/V-72215.rb
@@ -1,5 +1,10 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
+
 control "V-72215" do
   title "The system must update the virus scan program every seven days or more
 frequently."
@@ -66,32 +71,38 @@
   desc "fix", "Update the virus scan software and virus definition files."
   tag "fix_id": "F-78569r2_fix"
 
-  sec_per_wk = 604800
-
-  describe.one do
-	  describe systemd_service('nails') do
-	    it { should be_running }
-	  end
-	  describe systemd_service('clamav-daemon.socket') do
-	    it { should be_running }
-	  end
-  end
-
-  if systemd_service('nails').running?
-	  virus_defs = Dir["/opt/NAI/LinuxShield/engine/dat/*.dat"]
-    virus_defs.each do |curr_def|
-	    describe file(curr_def).mtime.to_i do
-		    it { should >= Time.now.to_i - sec_per_wk }
-	    end
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    sec_per_wk = 604800
+
+    describe.one do
+  	  describe systemd_service('nails') do
+  	    it { should be_running }
+  	  end
+  	  describe systemd_service('clamav-daemon.socket') do
+  	    it { should be_running }
+  	  end
+    end
+
+    if systemd_service('nails').running?
+  	  virus_defs = Dir["/opt/NAI/LinuxShield/engine/dat/*.dat"]
+      virus_defs.each do |curr_def|
+  	    describe file(curr_def).mtime.to_i do
+  		    it { should >= Time.now.to_i - sec_per_wk }
+  	    end
+      end
     end
-  end
 
-  if systemd_service('clamav-daemon.socket').running?
-	  cvd_files = Dir["/var/lib/clamav/*.cvd"]
-    cvd_files.each do |curr_file|
-      describe file(curr_file).mtime.to_i do
-	      it { should >= Time.now.to_i - sec_per_wk }
+    if systemd_service('clamav-daemon.socket').running?
+  	  cvd_files = Dir["/var/lib/clamav/*.cvd"]
+      cvd_files.each do |curr_file|
+        describe file(curr_file).mtime.to_i do
+  	      it { should >= Time.now.to_i - sec_per_wk }
+        end
       end
     end
-  end
+  end  
 end
diff --git a/controls/V-72435.rb b/controls/V-72435.rb
index e7820b9da..a1e3c9a69 100644
--- a/controls/V-72435.rb
+++ b/controls/V-72435.rb
@@ -1,24 +1,9 @@
 # encoding: utf-8
 #
-=begin
------------------
-Benchmark: Red Hat Enterprise Linux 7 Security Technical Implementation Guide
-Status: Accepted
-
-This Security Technical Implementation Guide is published as a tool to improve
-the security of Department of Defense (DoD) information systems. The
-requirements are derived from the National Institute of Standards and
-Technology (NIST) 800-53 and related documents. Comments or proposed revisions
-to this document should be sent via email to the following address:
-disa.stig_spt@mail.mil.
-
-Release Date: 2017-03-08
-Version: 1
-Publisher: DISA
-Source: STIG.DOD.MIL
-uri: http://iase.disa.mil
------------------
-=end
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
 
 control "V-72435" do
   title "The operating system must implement smart card logons for multifactor
@@ -86,13 +71,17 @@
 # authconfig --enablesmartcard --smartcardaction=1 --update
 # authconfig --enablerequiresmartcard --update"
 
-
-  describe command("authconfig --test | grep -i \"smartcard for login is\" | awk '{ print $NF }'") do
-    its('stdout.strip') { should eq 'enabled' }
-  end
-
-  describe command('authconfig --test | grep -i "smartcard removal action" | awk \'{ print $NF }\'') do
-    its('stdout.strip') { should_not be nil }
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe command("authconfig --test | grep -i \"smartcard for login is\" | awk '{ print $NF }'") do
+      its('stdout.strip') { should eq 'enabled' }
+    end
+
+    describe command('authconfig --test | grep -i "smartcard removal action" | awk \'{ print $NF }\'') do
+      its('stdout.strip') { should_not be nil }
+    end
   end
-
 end
diff --git a/controls/V-78995.rb b/controls/V-78995.rb
index 9bad177be..a5fcc19e9 100644
--- a/controls/V-78995.rb
+++ b/controls/V-78995.rb
@@ -1,5 +1,9 @@
 # encoding: utf-8
 #
+skip_deprecated_test = input(
+  'skip_deprecated_test',
+  value: true,
+  description: 'Skips test that have been deprecated and removed from the STIG.')
 
 control "V-78995" do
   title "The operating system must prevent a user from overriding the
@@ -73,11 +77,17 @@
 "
   tag "fix_id": "F-85745r1_fix"
 
-  describe command("gsettings writable org.gnome.desktop.screensaver lock-enabled") do
-    its('stdout.strip') { should cmp 'false' }
-  end if package('gnome-desktop3').installed?
-
-  describe "The GNOME desktop is not installed" do
-    skip "The GNOME desktop is not installed, this control is Not Applicable."
-  end if !package('gnome-desktop3').installed?
+  if skip_deprecated_test
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    end
+  else
+    describe command("gsettings writable org.gnome.desktop.screensaver lock-enabled") do
+      its('stdout.strip') { should cmp 'false' }
+    end if package('gnome-desktop3').installed?
+
+    describe "The GNOME desktop is not installed" do
+      skip "The GNOME desktop is not installed, this control is Not Applicable."
+    end if !package('gnome-desktop3').installed?
+  end  
 end

From 746e9bfb266b87d12d5bf82ea66f9ee92650512b Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:03:03 -0500
Subject: [PATCH 04/13] Update V-71895.rb

Fixed some typos.
---
 controls/V-71895.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-71895.rb b/controls/V-71895.rb
index 917753fdf..9a61d3eb1 100644
--- a/controls/V-71895.rb
+++ b/controls/V-71895.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-71895" do
   title "The operating system must set the idle delay setting for all connection
@@ -69,8 +69,8 @@
 
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe command("grep -i idle-delay /etc/dconf/db/*/locks/*") do

From 00f3d5e806795d4818445e3983eed2381bc97648 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:03:35 -0500
Subject: [PATCH 05/13] Update V-71981.rb

Fixed some typos.
---
 controls/V-71981.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-71981.rb b/controls/V-71981.rb
index 7d7191fa6..586f561e1 100644
--- a/controls/V-71981.rb
+++ b/controls/V-71981.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-71981" do
   title "The operating system must prevent the installation of software,
@@ -58,8 +58,8 @@
   tag "fix_id": "F-78333r1_fix"
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     yum_conf = file('/etc/yum.conf')

From ab31ab9d73e7b7ffc5132d53a59fab790a9af826 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:05:54 -0500
Subject: [PATCH 06/13] Update V-72143.rb

Fixed some typos.
---
 controls/V-72143.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72143.rb b/controls/V-72143.rb
index 95dd82a3b..019deb19b 100644
--- a/controls/V-72143.rb
+++ b/controls/V-72143.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72143" do
   title "The operating system must generate audit records for all
@@ -57,8 +57,8 @@
   end
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe auditd.file(audit_file) do

From afc403239abf649d8c0bb2ad5ebd87c33568ffc4 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:06:35 -0500
Subject: [PATCH 07/13] Update V-72169.rb

Fixed some typos.
---
 controls/V-72169.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72169.rb b/controls/V-72169.rb
index 351a78355..63e38c8c3 100644
--- a/controls/V-72169.rb
+++ b/controls/V-72169.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72169" do
   title "All uses of the sudoedit command must be audited."
@@ -57,8 +57,8 @@
   end
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe auditd.file(audit_file) do

From 93fc5e9416e34ce4dd32b16593e1d043e190d669 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:07:18 -0500
Subject: [PATCH 08/13] Update V-72181.rb

Fixed some typos.
---
 controls/V-72181.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72181.rb b/controls/V-72181.rb
index e73e70533..5d74b56a7 100644
--- a/controls/V-72181.rb
+++ b/controls/V-72181.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72181" do
   title "All uses of the pt_chown command must be audited."
@@ -61,8 +61,8 @@
   end
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe auditd.file(audit_file) do

From d87c9098de2ef157c5d534e13a3c92ff4f93e315 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:08:24 -0500
Subject: [PATCH 09/13] Update V-72193.rb

Fixed some typos.
---
 controls/V-72193.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72193.rb b/controls/V-72193.rb
index d6a81143d..20e78237e 100644
--- a/controls/V-72193.rb
+++ b/controls/V-72193.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72193" do
   title "All uses of the rmmod command must be audited."
@@ -57,8 +57,8 @@
   end
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe auditd.file(audit_file) do

From 8734a31a0eb81cc272a676049dca12af22cf86b8 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:09:17 -0500
Subject: [PATCH 10/13] Update V-72195.rb

---
 controls/V-72195.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72195.rb b/controls/V-72195.rb
index 8599f0150..570f19e4a 100644
--- a/controls/V-72195.rb
+++ b/controls/V-72195.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72195" do
   title "All uses of the modprobe command must be audited."
@@ -61,8 +61,8 @@
   end
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe auditd.file(audit_file) do

From 66ae13d88fd78677c1a6d6cbcc291b580720f4a7 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:10:48 -0500
Subject: [PATCH 11/13] Update V-72215.rb

Fixed some typos.
---
 controls/V-72215.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72215.rb b/controls/V-72215.rb
index bb707532b..3e76e873d 100644
--- a/controls/V-72215.rb
+++ b/controls/V-72215.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72215" do
   title "The system must update the virus scan program every seven days or more
@@ -72,8 +72,8 @@
   tag "fix_id": "F-78569r2_fix"
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     sec_per_wk = 604800

From 9564b2caf73d58763d39c6672c3a049ea4a0ffe3 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:11:49 -0500
Subject: [PATCH 12/13] Update V-72435.rb

Fixed some typos.
---
 controls/V-72435.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-72435.rb b/controls/V-72435.rb
index a1e3c9a69..3f926c388 100644
--- a/controls/V-72435.rb
+++ b/controls/V-72435.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-72435" do
   title "The operating system must implement smart card logons for multifactor
@@ -72,8 +72,8 @@
 # authconfig --enablerequiresmartcard --update"
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe command("authconfig --test | grep -i \"smartcard for login is\" | awk '{ print $NF }'") do

From f221a934e4894270423ef98f577d6d6756cd1ed1 Mon Sep 17 00:00:00 2001
From: Danny Haynes <dhaynes@mitre.org>
Date: Thu, 14 Nov 2019 13:12:32 -0500
Subject: [PATCH 13/13] Update V-78995.rb

Fixed some typos.
---
 controls/V-78995.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/controls/V-78995.rb b/controls/V-78995.rb
index a5fcc19e9..a61c86532 100644
--- a/controls/V-78995.rb
+++ b/controls/V-78995.rb
@@ -3,7 +3,7 @@
 skip_deprecated_test = input(
   'skip_deprecated_test',
   value: true,
-  description: 'Skips test that have been deprecated and removed from the STIG.')
+  description: 'Skips tests that have been deprecated and removed from the STIG.')
 
 control "V-78995" do
   title "The operating system must prevent a user from overriding the
@@ -78,8 +78,8 @@
   tag "fix_id": "F-85745r1_fix"
 
   if skip_deprecated_test
-    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True" do
-      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run becuase 'skip_deprecated_test' is set to True"
+    describe "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True" do
+      skip "This control has been deprecated out of the RHEL7 STIG. It will not be run because 'skip_deprecated_test' is set to True"
     end
   else
     describe command("gsettings writable org.gnome.desktop.screensaver lock-enabled") do