From d455dc468ef51dd595ce6184f1d31ebf4c20ab9c Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Wed, 22 Jul 2020 09:52:50 +0200 Subject: [PATCH] Add grub2 platform to grub2 kernel option rules This will make sure these rules are applicable only when grub2 (grub2-pc) is installed. --- linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 2 ++ .../system/auditing/grub2_audit_backlog_limit_argument/rule.yml | 2 +- .../system/permissions/mounting/grub2_nousb_argument/rule.yml | 2 ++ .../guide/system/permissions/restrictions/poisoning/group.yml | 2 ++ .../restrictions/poisoning/grub2_page_poison_argument/rule.yml | 2 +- .../restrictions/poisoning/grub2_slub_debug_argument/rule.yml | 2 +- 7 files changed, 11 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml index 00cb7f9b6c..5f3a47a776 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml @@ -102,6 +102,8 @@ warnings: {{% endif %}} +platform: grub2 + template: name: grub2_bootloader_argument vars: diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml index 6cab6f7bfe..aa95957b58 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml @@ -60,7 +60,7 @@ warnings: {{% endif %}} -platform: machine +platform: grub2 template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml index a3c1f48231..407ba2c069 100644 --- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml +++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml @@ -37,3 +37,5 @@ warnings: Disabling all kernel support for USB will cause problems for systems with USB-based keyboards, mice, or printers. This configuration is infeasible for systems which require USB devices, which is common. + +platform: grub2 diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/group.yml b/linux_os/guide/system/permissions/restrictions/poisoning/group.yml index 6a7a370f2b..030a3e9918 100644 --- a/linux_os/guide/system/permissions/restrictions/poisoning/group.yml +++ b/linux_os/guide/system/permissions/restrictions/poisoning/group.yml @@ -6,3 +6,5 @@ description: |- Memory Poisoning consists of writing a special value to uninitialized or freed memory. Poisoning can be used as a mechanism to prevent leak of information and detection of corrupted memory. + +platform: machine diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml index e3047ef223..2d97ec75ea 100644 --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml @@ -60,7 +60,7 @@ warnings: {{% endif %}} -platform: machine +platform: grub2 template: name: grub2_bootloader_argument diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml index 024c93f18b..39ca33b77a 100644 --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml @@ -60,7 +60,7 @@ warnings: {{% endif %}} -platform: machine +platform: grub2 template: name: grub2_bootloader_argument