packages/scap-security-guide
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
scap-security-guide/scap-is-modified-to-be-consistent-with-the-specif.patch

73 lines
4.0 KiB
Diff
Raw Permalink Blame History

From 34a439703a12363e348329db2cc1145a7084fe4d Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Tue, 10 Dec 2024 19:25:41 +0800
Subject: [PATCH] the ssg is modified to be consistent with the specifications
---
controls/std_openeuler.yml | 1 +
.../bash/shared.sh | 6 ++++++
.../oval/shared.xml | 4 ++++
.../var_auditd_space_left.var | 1 +
4 files changed, 12 insertions(+)
diff --git a/controls/std_openeuler.yml b/controls/std_openeuler.yml
index 6985d6d..3068afb 100644
--- a/controls/std_openeuler.yml
+++ b/controls/std_openeuler.yml
@@ -1752,6 +1752,7 @@ controls:
rules:
- auditd_data_retention_space_left
- auditd_data_retention_space_left.severity=low
+ - var_auditd_space_left=75MB
- auditd_data_retention_space_left_action
- auditd_data_retention_space_left_action.severity=low
- var_auditd_space_left_action=syslog
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
index 4233f10..293dc77 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
@@ -2,6 +2,12 @@
{{{ bash_instantiate_variables("var_auditd_admin_space_left_percentage") }}}
+{{% if "openeuler" in product %}}
+grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \
+ sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage/g" /etc/audit/auditd.conf || \
+ echo "admin_space_left = $var_auditd_admin_space_left_percentage" >> /etc/audit/auditd.conf
+{{% else %}}
grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \
sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage%/g" /etc/audit/auditd.conf || \
echo "admin_space_left = $var_auditd_admin_space_left_percentage%" >> /etc/audit/auditd.conf
+{{% endif %}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
index 16d7433..b2acd8f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
@@ -17,7 +17,11 @@
<ind:filepath>/etc/audit/auditd.conf</ind:filepath>
<!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
<!-- Require at least one space before and after the equal sign -->
+{{% if "openeuler" in product %}}
+ <ind:pattern operation="pattern match">^[\s]*admin_space_left[\s]+=[\s]+(\d+)[\s]*$</ind:pattern>
+{{% else %}}
<ind:pattern operation="pattern match">^[\s]*admin_space_left[\s]+=[\s]+(\d+)%[\s]*$</ind:pattern>
+{{% endif %}}
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
index 4a3acba..3d86ed4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
@@ -10,6 +10,7 @@ interactive: false
options:
1000MB: 1000
+ 75MB: 75
100MB: 100
250MB: 250
500MB: 500
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink