scap-security-guide/SOURCES/scap-security-guide-0.1.62-sysctl-restrict_symlink_test_to_oval_5_10-PR_8721.patch
2022-06-29 03:34:02 +00:00

43 lines
2.0 KiB
Diff

From 484ceb5641f53a8f3b505099a3bebb8d5e481f1a Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 6 May 2022 11:31:31 +0200
Subject: [PATCH] Restrict the symlink test to OVAL 5.11
The symlink_test was added in OVAL 5.11 and is not availble in 5.10.
The 5.10 version of the sysctl template will not check for sysctl
options defined in more than on file.
---
shared/templates/sysctl/oval.template | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template
index ba4e65cbaef..53456a90a01 100644
--- a/shared/templates/sysctl/oval.template
+++ b/shared/templates/sysctl/oval.template
@@ -114,7 +114,9 @@
<criterion comment="kernel static parameter {{{ SYSCTLVAR }}} set to {{{ COMMENT_VALUE }}} in /usr/lib/sysctl.d/*.conf"
test_ref="test_static_usr_lib_sysctld_{{{ SYSCTLID }}}"/>
</criteria>
+{{% if target_oval_version >= [5, 11] %}}
<criterion comment="Check that {{{ SYSCTLID }}} is defined in only one file" test_ref="test_sysctl_{{{ SYSCTLID }}}_defined_in_one_file" />
+{{% endif %}}
</criteria>
</definition>
@@ -140,6 +142,7 @@
{{{ state_static_sysctld("usr_lib_sysctld") }}}
</ind:textfilecontent54_test>
+{{% if target_oval_version >= [5, 11] %}}
<ind:variable_test check="all" check_existence="all_exist" comment="Check that only one file contains {{{ SYSCTLID }}}"
id="test_sysctl_{{{ SYSCTLID }}}_defined_in_one_file" version="1">
<ind:object object_ref="oject_sysctl_{{{ SYSCTLID }}}_defined_in_one_file" />
@@ -214,6 +217,7 @@
<unix:symlink_object comment="syctl symlinks" id="object_{{{ SYSCTLID }}}_symlinks" version="1">
<unix:filepath operation="equals" var_ref="local_var_conf_files_{{{ SYSCTLID }}}" />
</unix:symlink_object>
+{{% endif %}}
<local_variable comment="List of conf files" datatype="string" id="local_var_conf_files_{{{ SYSCTLID }}}" version="1">
<object_component object_ref="object_static_set_unfiltered_sysctls_{{{ SYSCTLID }}}" item_field="filepath" />