|
 |
e1877a |
From 1c403af00f39fcfa3c7cf898b1e832d4580cfb59 Mon Sep 17 00:00:00 2001
|
|
|
e1877a |
From: Watson Sato <wsato@redhat.com>
|
|
|
e1877a |
Date: Thu, 5 May 2022 10:28:34 +0200
|
|
|
e1877a |
Subject: [PATCH] PR #8704 edited manually
|
|
|
e1877a |
|
|
|
e1877a |
- Restrict test to sysctl.conf and /usr/sysctl.d
|
|
|
e1877a |
- Separate the state from the object and check it
|
|
|
e1877a |
---
|
|
|
e1877a |
.../tests/wrong_value_d_directory.fail.sh | 12 ++++++------
|
|
|
e1877a |
shared/templates/sysctl/oval.template | 18 ++++++++++--------
|
|
|
e1877a |
2 files changed, 16 insertions(+), 14 deletions(-)
|
|
|
e1877a |
|
|
|
e1877a |
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh
|
|
|
e1877a |
index 48a2665..5fb8ddc 100644
|
|
|
e1877a |
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh
|
|
|
e1877a |
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/tests/wrong_value_d_directory.fail.sh
|
|
|
e1877a |
@@ -5,19 +5,19 @@
|
|
|
e1877a |
setting_name="kernel.randomize_va_space"
|
|
|
e1877a |
setting_value="2"
|
|
|
e1877a |
# sysctl -w "$setting_name=$setting_value"
|
|
|
e1877a |
-if grep -q "^$setting_name" /usr/lib/sysctl.d/50-sysctl.conf; then
|
|
|
e1877a |
- sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /usr/lib/sysctl.d/50-sysctl.conf
|
|
|
e1877a |
+if grep -q "^$setting_name" /etc/sysctl.conf; then
|
|
|
e1877a |
+ sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /etc/sysctl.conf
|
|
|
e1877a |
else
|
|
|
e1877a |
- echo "$setting_name = $setting_value" >> /usr/lib/sysctl.d/50-sysctl.conf
|
|
|
e1877a |
+ echo "$setting_name = $setting_value" >> /etc/sysctl.conf
|
|
|
e1877a |
fi
|
|
|
e1877a |
|
|
|
e1877a |
setting_name="kernel.randomize_va_space"
|
|
|
e1877a |
setting_value="0"
|
|
|
e1877a |
# sysctl -w "$setting_name=$setting_value"
|
|
|
e1877a |
-if grep -q "^$setting_name" /etc/sysctl.d/99-sysctl.conf; then
|
|
|
e1877a |
- sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /etc/sysctl.d/99-sysctl.conf
|
|
|
e1877a |
+if grep -q "^$setting_name" /etc/sysctl.d/98-sysctl.conf; then
|
|
|
e1877a |
+ sed -i "s/^$setting_name.*/$setting_name = $setting_value/" /etc/sysctl.d/98-sysctl.conf
|
|
|
e1877a |
else
|
|
|
e1877a |
- echo "$setting_name = $setting_value" >> /etc/sysctl.d/99-sysctl.conf
|
|
|
e1877a |
+ echo "$setting_name = $setting_value" >> /etc/sysctl.d/98-sysctl.conf
|
|
|
e1877a |
fi
|
|
|
e1877a |
|
|
|
e1877a |
sysctl --system
|
|
|
e1877a |
diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template
|
|
|
e1877a |
index 564cc33..97f1e05 100644
|
|
|
e1877a |
--- a/shared/templates/sysctl/oval.template
|
|
|
e1877a |
+++ b/shared/templates/sysctl/oval.template
|
|
|
e1877a |
@@ -6,21 +6,15 @@
|
|
|
e1877a |
|
|
|
e1877a |
{{% macro state_static_sysctld(prefix) -%}}
|
|
|
e1877a |
<ind:object object_ref="object_static_{{{ prefix }}}_{{{ SYSCTLID }}}" />
|
|
|
e1877a |
-{{%- if SYSCTLVAL == "" %}}
|
|
|
e1877a |
<ind:state state_ref="state_static_sysctld_{{{ SYSCTLID }}}" />
|
|
|
e1877a |
-{{%- endif -%}}
|
|
|
e1877a |
{{%- endmacro -%}}
|
|
|
e1877a |
{{%- macro sysctl_match() -%}}
|
|
|
e1877a |
{{%- if SYSCTLVAL == "" -%}}
|
|
|
e1877a |
<ind:pattern operation="pattern match">^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*(\d+)[\s]*$</ind:pattern>
|
|
|
e1877a |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
e1877a |
{{%- else -%}}
|
|
|
e1877a |
-{{% if OPERATION == "pattern match" %}}
|
|
|
e1877a |
- <ind:pattern operation="pattern match">^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*{{{ SYSCTLVAL_REGEX }}}[\s]*$</ind:pattern>
|
|
|
e1877a |
-{{% else %}}
|
|
|
e1877a |
- <ind:pattern operation="pattern match">^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*{{{ SYSCTLVAL }}}[\s]*$</ind:pattern>
|
|
|
e1877a |
-{{% endif %}}
|
|
|
e1877a |
- <ind:instance datatype="int">1</ind:instance>
|
|
|
e1877a |
+ <ind:pattern operation="pattern match">^[\s]*{{{ SYSCTLVAR }}}[\s]*=[\s]*(.*)[\s]*$</ind:pattern>
|
|
|
e1877a |
+ <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
e1877a |
{{%- endif -%}}
|
|
|
e1877a |
{{%- endmacro -%}}
|
|
|
e1877a |
{{%- if "P" in FLAGS -%}}
|
|
|
e1877a |
@@ -258,6 +252,14 @@
|
|
|
e1877a |
</ind:textfilecontent54_state>
|
|
|
e1877a |
|
|
|
e1877a |
<external_variable comment="External variable for {{{ SYSCTLVAR }}}" datatype="{{{ DATATYPE }}}" id="sysctl_{{{ SYSCTLID }}}_value" version="1" />
|
|
|
e1877a |
+{{% else %}}
|
|
|
e1877a |
+ <ind:textfilecontent54_state id="state_static_sysctld_{{{ SYSCTLID }}}" version="1">
|
|
|
e1877a |
+{{% if OPERATION == "pattern match" %}}
|
|
|
e1877a |
+ <ind:subexpression operation="{{{ OPERATION }}}" datatype="{{{ DATATYPE }}}">{{{ SYSCTLVAL_REGEX }}}</ind:subexpression>
|
|
|
e1877a |
+{{% else %}}
|
|
|
e1877a |
+ <ind:subexpression operation="{{{ OPERATION }}}" datatype="{{{ DATATYPE }}}">{{{ SYSCTLVAL }}}</ind:subexpression>
|
|
|
e1877a |
+{{% endif %}}
|
|
|
e1877a |
+ </ind:textfilecontent54_state>
|
|
|
e1877a |
{{% endif %}}
|
|
|
e1877a |
</def-group>
|
|
|
e1877a |
{{%- endif -%}}
|
|
|
e1877a |
--
|
|
|
e1877a |
2.34.1
|
|
|
e1877a |
|