From 34a439703a12363e348329db2cc1145a7084fe4d Mon Sep 17 00:00:00 2001 From: jinlun Date: Tue, 10 Dec 2024 19:25:41 +0800 Subject: [PATCH] the ssg is modified to be consistent with the specifications --- controls/std_openeuler.yml | 1 + .../bash/shared.sh | 6 ++++++ .../oval/shared.xml | 4 ++++ .../var_auditd_space_left.var | 1 + 4 files changed, 12 insertions(+) diff --git a/controls/std_openeuler.yml b/controls/std_openeuler.yml index 6985d6d..3068afb 100644 --- a/controls/std_openeuler.yml +++ b/controls/std_openeuler.yml @@ -1752,6 +1752,7 @@ controls: rules: - auditd_data_retention_space_left - auditd_data_retention_space_left.severity=low + - var_auditd_space_left=75MB - auditd_data_retention_space_left_action - auditd_data_retention_space_left_action.severity=low - var_auditd_space_left_action=syslog diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh index 4233f10..293dc77 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh @@ -2,6 +2,12 @@ {{{ bash_instantiate_variables("var_auditd_admin_space_left_percentage") }}} +{{% if "openeuler" in product %}} +grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \ + sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage/g" /etc/audit/auditd.conf || \ + echo "admin_space_left = $var_auditd_admin_space_left_percentage" >> /etc/audit/auditd.conf +{{% else %}} grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \ sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage%/g" /etc/audit/auditd.conf || \ echo "admin_space_left = $var_auditd_admin_space_left_percentage%" >> /etc/audit/auditd.conf +{{% endif %}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml index 16d7433..b2acd8f 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml @@ -17,7 +17,11 @@ /etc/audit/auditd.conf +{{% if "openeuler" in product %}} + ^[\s]*admin_space_left[\s]+=[\s]+(\d+)[\s]*$ +{{% else %}} ^[\s]*admin_space_left[\s]+=[\s]+(\d+)%[\s]*$ +{{% endif %}} 1 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var index 4a3acba..3d86ed4 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var @@ -10,6 +10,7 @@ interactive: false options: 1000MB: 1000 + 75MB: 75 100MB: 100 250MB: 250 500MB: 500 -- 2.33.0