scap-security-guide/SOURCES/scap-security-guide-0.1.52-add-grub2-platform-to-more-rules_PR_5952.patch
2021-09-10 04:18:45 +00:00

89 lines
4.0 KiB
Diff

From d455dc468ef51dd595ce6184f1d31ebf4c20ab9c Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Wed, 22 Jul 2020 09:52:50 +0200
Subject: [PATCH] Add grub2 platform to grub2 kernel option rules
This will make sure these rules are applicable only when grub2
(grub2-pc) is installed.
---
linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 2 ++
.../system/auditing/grub2_audit_backlog_limit_argument/rule.yml | 2 +-
.../system/permissions/mounting/grub2_nousb_argument/rule.yml | 2 ++
.../guide/system/permissions/restrictions/poisoning/group.yml | 2 ++
.../restrictions/poisoning/grub2_page_poison_argument/rule.yml | 2 +-
.../restrictions/poisoning/grub2_slub_debug_argument/rule.yml | 2 +-
7 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index 00cb7f9b6c..5f3a47a776 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -102,6 +102,8 @@ warnings:
{{% endif %}}
</ul>
+platform: grub2
+
template:
name: grub2_bootloader_argument
vars:
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index 6cab6f7bfe..aa95957b58 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -60,7 +60,7 @@ warnings:
{{% endif %}}
</ul>
-platform: machine
+platform: grub2
template:
name: grub2_bootloader_argument
diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
index a3c1f48231..407ba2c069 100644
--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
@@ -37,3 +37,5 @@ warnings:
Disabling all kernel support for USB will cause problems for systems
with USB-based keyboards, mice, or printers. This configuration is
infeasible for systems which require USB devices, which is common.
+
+platform: grub2
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/group.yml b/linux_os/guide/system/permissions/restrictions/poisoning/group.yml
index 6a7a370f2b..030a3e9918 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/group.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/group.yml
@@ -6,3 +6,5 @@ description: |-
Memory Poisoning consists of writing a special value to uninitialized or freed memory.
Poisoning can be used as a mechanism to prevent leak of information and detection of
corrupted memory.
+
+platform: machine
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index e3047ef223..2d97ec75ea 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -60,7 +60,7 @@ warnings:
{{% endif %}}
</ul>
-platform: machine
+platform: grub2
template:
name: grub2_bootloader_argument
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index 024c93f18b..39ca33b77a 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -60,7 +60,7 @@ warnings:
{{% endif %}}
</ul>
-platform: machine
+platform: grub2
template:
name: grub2_bootloader_argument