Merge pull request #2627 from yuumasato/tests_for_ctrlaltdel_burstact…

…ion_and_audit_rules_time Tests for ctrlaltdel burstaction and audit rules time
ComplianceAsCode · Feb 26, 2018 · 344c878 · 344c878
2 parents da9e3bd + a235c73
commit 344c878
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 0 deletions.
diff --git a/...ccounts/group_accounts-physical/rule_disable_ctrlaltdel_burstaction/correct_value.pass.sh b/...ccounts/group_accounts-physical/rule_disable_ctrlaltdel_burstaction/correct_value.pass.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+if grep -q "^CtrlAltDelBurstAction=" /etc/systemd/system.conf; then
+	sed -i "s/^CtrlAltDelBurstAction.*/CtrlAltDelBurstAction=none/" /etc/systemd/system.conf
+else
+	echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf
+fi
diff --git a/...counts/group_accounts-physical/rule_disable_ctrlaltdel_burstaction/line_not_there.fail.sh b/...counts/group_accounts-physical/rule_disable_ctrlaltdel_burstaction/line_not_there.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+sed -i "/^CtrlAltDelBurstAction.*/d" /etc/systemd/system.conf
diff --git a/..._accounts/group_accounts-physical/rule_disable_ctrlaltdel_burstaction/wrong_value.fail.sh b/..._accounts/group_accounts-physical/rule_disable_ctrlaltdel_burstaction/wrong_value.fail.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+if grep -q "^CtrlAltDelBurstAction=" /etc/systemd/system.conf; then
+	sed -i "s/^CtrlAltDelBurstAction.*/CtrlAltDelBurstAction=poweroff-immediate/" /etc/systemd/system.conf
+else
+	echo "CtrlAltDelBurstAction=poweroff-immediate" >> /etc/systemd/system.conf
+fi
diff --git a/...nfigure_rules/group_audit_time_rules/rule_audit_rules_time_adjtimex/correct_value.pass.sh b/...nfigure_rules/group_audit_time_rules/rule_audit_rules_time_adjtimex/correct_value.pass.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+if grep -qv "^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+adjtimex[\s]+|([\s]+|[,])adjtimex([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" /etc/audit/rules.d/*.rules; then
+	echo "-a always,exit -F arch=b32 -S adjtimex -k audit_time_rules" >> /etc/audit/rules.d/time.rules
+	echo "-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules" >> /etc/audit/rules.d/time.rules
+fi
diff --git a/...figure_rules/group_audit_time_rules/rule_audit_rules_time_adjtimex/line_not_there.fail.sh b/...figure_rules/group_audit_time_rules/rule_audit_rules_time_adjtimex/line_not_there.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+sed -i "/^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+adjtimex[\s]+|([\s]+|[,])adjtimex([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$/d" /etc/audit/rules.d/*.rules
diff --git a/...ure_rules/group_audit_time_rules/rule_audit_rules_time_settimeofday/correct_value.pass.sh b/...ure_rules/group_audit_time_rules/rule_audit_rules_time_settimeofday/correct_value.pass.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+if grep -qv "^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+settimeofday[\s]+|([\s]+|[,])settimeofday([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" /etc/audit/rules.d/*.rules; then
+	echo "-a always,exit -F arch=b32 -S settimeofday -k audit_time_rules" >> /etc/audit/rules.d/time.rules
+	echo "-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules" >> /etc/audit/rules.d/time.rules
+fi
diff --git a/...re_rules/group_audit_time_rules/rule_audit_rules_time_settimeofday/line_not_there.fail.sh b/...re_rules/group_audit_time_rules/rule_audit_rules_time_settimeofday/line_not_there.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+sed -i "/^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+settimeofday[\s]+|([\s]+|[,])settimeofday([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$/d" /etc/audit/rules.d/*.rules
diff --git a/..._configure_rules/group_audit_time_rules/rule_audit_rules_time_stime/correct_value.pass.sh b/..._configure_rules/group_audit_time_rules/rule_audit_rules_time_stime/correct_value.pass.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+if grep -qv "^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+stime[\s]+|([\s]+|[,])stime([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" /etc/audit/rules.d/*.rules; then
+	echo "-a always,exit -F arch=b32 -S stime -k audit_time_rules" >> /etc/audit/rules.d/time.rules
+fi
diff --git a/...configure_rules/group_audit_time_rules/rule_audit_rules_time_stime/line_not_there.fail.sh b/...configure_rules/group_audit_time_rules/rule_audit_rules_time_stime/line_not_there.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# profiles = xccdf_org.ssgproject.content_profile_ospp-rhel7
+
+sed -i "/^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32.*(-S[\s]+stime[\s]+|([\s]+|[,])stime([\s]+|[,])).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$/d" /etc/audit/rules.d/*.rules