Skip to content

Commit

Permalink
all_apparmor_profiles_in_enforce_complain_mode: Fix OVAL logic
Browse files Browse the repository at this point in the history 
Current OVAL fails with unknown result because the variables are looking
for a subexpression of the subject when there's none. Also remove check
for unconfined as it is not needed
  • Loading branch information
@dodys
dodys committed Mar 13, 2024
1 parent bcc8c93 commit 65e351b
Showing 1 changed file with 2 additions and 13 deletions.
15 changes: 2 additions & 13 deletions ...x_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,12 @@
</ind:textfilecontent54_object>
<ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_enforced_profiles" version="1">
<ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
<ind:pattern operation="pattern match" datatype="string">^.*\(enforce\)$</ind:pattern>
<ind:pattern operation="pattern match" datatype="string">^.*(\(enforce)\))$</ind:pattern>
<ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
<ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_complaining_profiles" version="1">
<ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
<ind:pattern operation="pattern match" datatype="string">^.*\(complain\)$</ind:pattern>
<ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
<ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" version="1">
<ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
<ind:pattern operation="pattern match"
datatype="string">^\.*processes are unconfined.*$</ind:pattern>
<ind:pattern operation="pattern match" datatype="string">^.*(\(complain\))$</ind:pattern>
<ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
<local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_profiles" version="1"
Expand All @@ -47,11 +41,6 @@
</count>
</arithmetic>
</local_variable>
<local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_unconfined_profiles"
version="1" comment="apparmor profiles with unconfined processes">
<object_component item_field="subexpression"
object_ref="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" />
</local_variable>

<ind:variable_object id="{{{ rule_id }}}_obj_all_apparmor_profiles" version="1">
<ind:var_ref>{{{ rule_id }}}_var_num_apparmor_profiles</ind:var_ref>
Expand Down

0 comments on commit 65e351b

Please sign in to comment.