Re: [PATCH] [bugfix] Inconsistent kernel checking

Fri, 01 Feb 2013 21:31:45 -0800 

On 2/1/13 5:47 PM, Shawn Wells wrote:


0001-bugfix-Inconsistent-kernel-checking.patch


 From 40c0126d7298f6ddb5cf71956cd6b3a2b69b8f7c Mon Sep 17 00:00:00 2001
From: Shawn Wells<[email protected]>
Date: Fri, 1 Feb 2013 17:46:23 -0500
Subject: [PATCH] [bugfix] Inconsistent kernel checking
  As reported by Philip S., OVAL was checking for /bin/false whereas
  the XCCDF macro was still configured for /bin/true

---
  RHEL6/transforms/shorthand2xccdf.xslt |    4 ++--
  1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/RHEL6/transforms/shorthand2xccdf.xslt 
b/RHEL6/transforms/shorthand2xccdf.xslt
index 507238e..d82b5e5 100644
--- a/RHEL6/transforms/shorthand2xccdf.xslt
+++ b/RHEL6/transforms/shorthand2xccdf.xslt
@@ -379,7 +379,7 @@ exclude-result-prefixes="xccdf xhtml dc">
    <xsl:template match="module-disable-macro">
  To configure the system to prevent the <xhtml:code><xsl:value-of 
select="@module"/></xhtml:code>
  kernel module from being loaded, add the following line to a file in the directory 
<xhtml:code>/etc/modprobe.d</xhtml:code>:
-<xhtml:pre xml:space="preserve">install <xsl:value-of select="@module"/> 
/bin/true</xhtml:pre>
+<xhtml:pre xml:space="preserve">install <xsl:value-of select="@module"/> 
/bin/false</xhtml:pre>
    </xsl:template>

  
    <xsl:template match="module-disable-check-macro">

@@ -387,7 +387,7 @@ If the system is configured to prevent the loading of the
  <xhtml:code><xsl:value-of select="@module"/></xhtml:code> kernel module,
  it will contain lines inside any file in <xhtml:code>/etc/modprobe.d</xhtml:code> or the 
deprecated<xhtml:code>/etc/modprobe.conf</xhtml:code>.
  These lines instruct the module loading system to run another program (such as
-<xhtml:code>/bin/true</xhtml:code>) upon a module 
<xhtml:code>install</xhtml:code> event.
+<xhtml:code>/bin/false</xhtml:code>) upon a module 
<xhtml:code>install</xhtml:code> event.
  Run the following command to search for such lines in all files in 
<xhtml:code>/etc/modprobe.d</xhtml:code>
  and the deprecated <xhtml:code>/etc/modprobe.conf</xhtml:code>:
  <xhtml:pre xml:space="preserve">$ grep -r <xsl:value-of select="@module"/> 
/etc/modprobe.conf /etc/modprobe.d</xhtml:pre>
-- 1.7.1


Pushed as a bugfix

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to