On 4/16/14, 3:27 AM, Jan Lieskovsky wrote:
Patch summary:
* Check for presence of audit=1 in /etc/grub.conf case-insensitively
* Update comments where appropriate
* Add test attestation entry
* Replace path+filename ind construct with the filepath one
Testing report:
Tested on RHEL-6. Works fine.
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-RHEL-6-Case-insensitively-check-the-presence-of-audi.patch
From d201d11687b8adf6db93ce5b4b9b3d2d86d68d59 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky<[email protected]>
Date: Wed, 16 Apr 2014 12:11:38 +0200
Subject: [PATCH] [RHEL/6] Case-insensitively check the presence of audit=1
expression on the kernel command line in /etc/grub.conf within
bootloader_audit_argument check
Signed-off-by: Jan Lieskovsky<[email protected]>
---
RHEL/6/input/checks/bootloader_audit_argument.xml | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/RHEL/6/input/checks/bootloader_audit_argument.xml
b/RHEL/6/input/checks/bootloader_audit_argument.xml
index e22bb17..b20d5c0 100644
--- a/RHEL/6/input/checks/bootloader_audit_argument.xml
+++ b/RHEL/6/input/checks/bootloader_audit_argument.xml
@@ -5,19 +5,19 @@
<affected family="unix">
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
- <description>Look for argument audit=1 in the kernel line in
/etc/grub.conf.</description>
+ <description>Case-insensitively look for argument audit=1 in the kernel line
in /etc/grub.conf.</description>
+ <reference source="JL" ref_id="20140416" ref_url="test_attestation" />
</metadata>
<criteria>
- <criterion test_ref="test_bootloader_audit_argument" comment="check for audit=1
in /etc/grub.conf" />
+ <criterion test_ref="test_bootloader_audit_argument" comment="case-insensitively
check for audit=1 in /etc/grub.conf" />
</criteria>
</definition>
- <ind:textfilecontent54_test check="all" comment="check for audit=1 in /etc/grub.conf"
id="test_bootloader_audit_argument" version="1">
+ <ind:textfilecontent54_test check="all" comment="case-insensitively check for audit=1 in
/etc/grub.conf" id="test_bootloader_audit_argument" version="1">
<ind:object object_ref="object_bootloader_audit_argument" />
</ind:textfilecontent54_test>
- <ind:textfilecontent54_object id="object_bootloader_audit_argument"
version="1">
- <ind:path>/etc</ind:path>
- <ind:filename>grub.conf</ind:filename>
- <ind:pattern operation="pattern
match">^\s*kernel\s/vmlinuz.*audit=1.*$</ind:pattern>
+ <ind:textfilecontent54_object id="object_bootloader_audit_argument"
version="2">
+ <ind:filepath>/etc/grub.conf</ind:filepath>
+ <ind:pattern operation="pattern
match">^\s*kernel\s/vmlinuz.*(?i)audit(?-i)=1.*$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
</def-group>
-- 1.8.3.1
ack
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
