rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
da87b3ef00
scap-security-guide/SOURCES/scap-security-guide-0.1.62-sysctl-restrict_symlink_test_to_oval_5_10-PR_8721.patch
CentOS Sources 78369b4189 import scap-security-guide-0.1.60-9.el8_6
2022-06-29 03:34:02 +00:00

43 lines
2.0 KiB
Diff
Raw Blame History

From 484ceb5641f53a8f3b505099a3bebb8d5e481f1a Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 6 May 2022 11:31:31 +0200
Subject: [PATCH] Restrict the symlink test to OVAL 5.11
The symlink_test was added in OVAL 5.11 and is not availble in 5.10.
The 5.10 version of the sysctl template will not check for sysctl
options defined in more than on file.
---
shared/templates/sysctl/oval.template | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template
index ba4e65cbaef..53456a90a01 100644
--- a/shared/templates/sysctl/oval.template
+++ b/shared/templates/sysctl/oval.template
@@ -114,7 +114,9 @@
<criterion comment="kernel static parameter {{{ SYSCTLVAR }}} set to {{{ COMMENT_VALUE }}} in /usr/lib/sysctl.d/*.conf"
test_ref="test_static_usr_lib_sysctld_{{{ SYSCTLID }}}"/>
</criteria>
+{{% if target_oval_version >= [5, 11] %}}
<criterion comment="Check that {{{ SYSCTLID }}} is defined in only one file" test_ref="test_sysctl_{{{ SYSCTLID }}}_defined_in_one_file" />
+{{% endif %}}
</criteria>
</definition>
@@ -140,6 +142,7 @@
{{{ state_static_sysctld("usr_lib_sysctld") }}}
</ind:textfilecontent54_test>
+{{% if target_oval_version >= [5, 11] %}}
<ind:variable_test check="all" check_existence="all_exist" comment="Check that only one file contains {{{ SYSCTLID }}}"
id="test_sysctl_{{{ SYSCTLID }}}_defined_in_one_file" version="1">
<ind:object object_ref="oject_sysctl_{{{ SYSCTLID }}}_defined_in_one_file" />
@@ -214,6 +217,7 @@
<unix:symlink_object comment="syctl symlinks" id="object_{{{ SYSCTLID }}}_symlinks" version="1">
<unix:filepath operation="equals" var_ref="local_var_conf_files_{{{ SYSCTLID }}}" />
</unix:symlink_object>
+{{% endif %}}
<local_variable comment="List of conf files" datatype="string" id="local_var_conf_files_{{{ SYSCTLID }}}" version="1">
<object_component object_ref="object_static_set_unfiltered_sysctls_{{{ SYSCTLID }}}" item_field="filepath" />
Reference in New Issue View Git Blame Copy Permalink