From 1c403af00f39fcfa3c7cf898b1e832d4580cfb59 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Thu, 5 May 2022 10:28:34 +0200 Subject: [PATCH] PR #8704 edited manually - Restrict test to sysctl.conf and /usr/sysctl.d - Separate the state from the object and check it --- .../tests/wrong_value_d_directory.fail.sh | 12 ++++++------ shared/templates/sysctl/oval.template | 18 ++++++++++-------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh index 48a2665..5fb8ddc 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh @@ -5,19 +5,19 @@ setting_name="kernel.randomize_va_space" setting_value="2" # sysctl -w "$setting_name=$setting_value" -if grep -q "^$setting_name" /usr/lib/sysctl.d/50-sysctl.conf; then - sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /usr/lib/sysctl.d/50-sysctl.conf +if grep -q "^$setting_name" /etc/sysctl.conf; then + sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /etc/sysctl.conf else - echo "$setting_name = $setting_value" >> /usr/lib/sysctl.d/50-sysctl.conf + echo "$setting_name = $setting_value" >> /etc/sysctl.conf fi setting_name="kernel.randomize_va_space" setting_value="0" # sysctl -w "$setting_name=$setting_value" -if grep -q "^$setting_name" /etc/sysctl.d/99-sysctl.conf; then - sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /etc/sysctl.d/99-sysctl.conf +if grep -q "^$setting_name" /etc/sysctl.d/98-sysctl.conf; then + sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /etc/sysctl.d/98-sysctl.conf else - echo "$setting_name = $setting_value" >> /etc/sysctl.d/99-sysctl.conf + echo "$setting_name = $setting_value" >> /etc/sysctl.d/98-sysctl.conf fi sysctl --system diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template index 564cc33..97f1e05 100644 --- a/shared/templates/sysctl/oval.template +++ b/shared/templates/sysctl/oval.template @@ -6,21 +6,15 @@ {{% macro state_static_sysctld(prefix) -%}} -{{%- if SYSCTLVAL == "" %}} -{{%- endif -%}} {{%- endmacro -%}} {{%- macro sysctl_match() -%}} {{%- if SYSCTLVAL == "" -%}} ^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*(\d+)[\s]*$ 1 {{%- else -%}} -{{% if OPERATION == "pattern match" %}} - ^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*{{{ SYSCTLVAL_REGEX }}}[\s]*$ -{{% else %}} - ^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*{{{ SYSCTLVAL }}}[\s]*$ -{{% endif %}} - 1 + ^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*(.*)[\s]*$ + 1 {{%- endif -%}} {{%- endmacro -%}} {{%- if "P" in FLAGS -%}} @@ -258,6 +252,14 @@ +{{% else %}} + +{{% if OPERATION == "pattern match" %}} + {{{ SYSCTLVAL_REGEX }}} +{{% else %}} + {{{ SYSCTLVAL }}} +{{% endif %}} + {{% endif %}} {{%- endif -%}} -- 2.34.1