the ssg is modified to be consistent with the specifications
This commit is contained in:
jinlun
parent
41eb1b69ee
commit
0e1fec5fca
72
scap-is-modified-to-be-consistent-with-the-specif.patch
Normal file
72
scap-is-modified-to-be-consistent-with-the-specif.patch
Normal file
@ -0,0 +1,72 @@
|
||||
From 34a439703a12363e348329db2cc1145a7084fe4d Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Tue, 10 Dec 2024 19:25:41 +0800
|
||||
Subject: [PATCH] the ssg is modified to be consistent with the specifications
|
||||
|
||||
---
|
||||
controls/std_openeuler.yml | 1 +
|
||||
.../bash/shared.sh | 6 ++++++
|
||||
.../oval/shared.xml | 4 ++++
|
||||
.../var_auditd_space_left.var | 1 +
|
||||
4 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/controls/std_openeuler.yml b/controls/std_openeuler.yml
|
||||
index 6985d6d..3068afb 100644
|
||||
--- a/controls/std_openeuler.yml
|
||||
+++ b/controls/std_openeuler.yml
|
||||
@@ -1752,6 +1752,7 @@ controls:
|
||||
rules:
|
||||
- auditd_data_retention_space_left
|
||||
- auditd_data_retention_space_left.severity=low
|
||||
+ - var_auditd_space_left=75MB
|
||||
- auditd_data_retention_space_left_action
|
||||
- auditd_data_retention_space_left_action.severity=low
|
||||
- var_auditd_space_left_action=syslog
|
||||
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
|
||||
index 4233f10..293dc77 100644
|
||||
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
|
||||
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
|
||||
@@ -2,6 +2,12 @@
|
||||
|
||||
{{{ bash_instantiate_variables("var_auditd_admin_space_left_percentage") }}}
|
||||
|
||||
+{{% if "openeuler" in product %}}
|
||||
+grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \
|
||||
+ sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage/g" /etc/audit/auditd.conf || \
|
||||
+ echo "admin_space_left = $var_auditd_admin_space_left_percentage" >> /etc/audit/auditd.conf
|
||||
+{{% else %}}
|
||||
grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \
|
||||
sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage%/g" /etc/audit/auditd.conf || \
|
||||
echo "admin_space_left = $var_auditd_admin_space_left_percentage%" >> /etc/audit/auditd.conf
|
||||
+{{% endif %}}
|
||||
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
|
||||
index 16d7433..b2acd8f 100644
|
||||
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
|
||||
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
|
||||
@@ -17,7 +17,11 @@
|
||||
<ind:filepath>/etc/audit/auditd.conf</ind:filepath>
|
||||
<!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
|
||||
<!-- Require at least one space before and after the equal sign -->
|
||||
+{{% if "openeuler" in product %}}
|
||||
+ <ind:pattern operation="pattern match">^[\s]*admin_space_left[\s]+=[\s]+(\d+)[\s]*$</ind:pattern>
|
||||
+{{% else %}}
|
||||
<ind:pattern operation="pattern match">^[\s]*admin_space_left[\s]+=[\s]+(\d+)%[\s]*$</ind:pattern>
|
||||
+{{% endif %}}
|
||||
<ind:instance datatype="int">1</ind:instance>
|
||||
</ind:textfilecontent54_object>
|
||||
|
||||
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
|
||||
index 4a3acba..3d86ed4 100644
|
||||
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
|
||||
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
|
||||
@@ -10,6 +10,7 @@ interactive: false
|
||||
|
||||
options:
|
||||
1000MB: 1000
|
||||
+ 75MB: 75
|
||||
100MB: 100
|
||||
250MB: 250
|
||||
500MB: 500
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: scap-security-guide
|
||||
Version: 0.1.68
|
||||
Release: 8
|
||||
Release: 9
|
||||
Summary: Security guidance and baselines in SCAP formats
|
||||
License: BSD-3-Clause
|
||||
URL: https://github.com/ComplianceAsCode/content/
|
||||
@ -10,6 +10,7 @@ Patch0001: add-openeuler-support.patch
|
||||
Patch0002: add-openeuler-control-rules.patch
|
||||
Patch0003: optimize-rules-for-openEuler.patch
|
||||
Patch0004: add-openeuler-automatic-hardening.patch
|
||||
Patch0005: scap-is-modified-to-be-consistent-with-the-specif.patch
|
||||
|
||||
BuildArch: noarch
|
||||
BuildRequires: libxslt, expat, python3, openscap-scanner >= 1.2.5, cmake >= 3.8, python3-jinja2, python3-PyYAML
|
||||
@ -65,6 +66,9 @@ cd build
|
||||
%doc %{_docdir}/%{name}/tables/*.html
|
||||
|
||||
%changelog
|
||||
* Tue Dec 10 2024 jinlun <jinlun@huawei.com> - 0.1.68-9
|
||||
- the ssg is modified to be consistent with the specifications
|
||||
|
||||
* Thu Dec 5 2024 xuce <xuce10@h-partners.com> - 0.1.68-8
|
||||
- fix strong MACs and permission of cron.allow and at.allow
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user