Skip to content

Commit

Permalink
Merge pull request #11869 from mpurg/enh_audit_rules_watch
Browse files Browse the repository at this point in the history 
Enhancements for template audit_rules_watch
  • Loading branch information
@dodys
dodys committed Apr 30, 2024
2 parents 0c4bba8 + 8c4b173 commit 3ca5d60
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 8 deletions.
4 changes: 2 additions & 2 deletions shared/templates/audit_rules_watch/ansible.template
View file
Expand Up @@ -4,5 +4,5 @@
# complexity = low
# disruption = low

{{{ ansible_audit_augenrules_add_watch_rule(path=PATH, permissions="wa", key=rule_id) }}}
{{{ ansible_audit_auditctl_add_watch_rule(path=PATH, permissions="wa", key=rule_id) }}}
{{{ ansible_audit_augenrules_add_watch_rule(path=PATH, permissions="wa", key=KEY) }}}
{{{ ansible_audit_auditctl_add_watch_rule(path=PATH, permissions="wa", key=KEY) }}}
4 changes: 2 additions & 2 deletions shared/templates/audit_rules_watch/bash.template
View file
@@ -1,4 +1,4 @@
# platform = multi_platform_all

{{{ bash_fix_audit_watch_rule("auditctl", PATH, "wa", rule_id) }}}
{{{ bash_fix_audit_watch_rule("augenrules", PATH, "wa", rule_id) }}}
{{{ bash_fix_audit_watch_rule("auditctl", PATH, "wa", KEY) }}}
{{{ bash_fix_audit_watch_rule("augenrules", PATH, "wa", KEY) }}}
14 changes: 10 additions & 4 deletions shared/templates/audit_rules_watch/oval.template
View file
Expand Up @@ -3,10 +3,16 @@
{{{ oval_metadata("Check if actions on '" ~ PATH ~ "' are configured to be audited") }}}

<criteria operator="OR">
<!-- Test the augenrules case -->
<criterion comment="audit {{{ PATH }}} augenrules" test_ref="test_{{{ rule_id }}}_augenrules" />
<!-- Test the auditctl case -->
<criterion comment="audit {{{ PATH }}} auditctl" test_ref="test_{{{ rule_id }}}_auditctl" />
<criteria operator="AND">
<!-- Test the augenrules case -->
<extend_definition comment="audit augenrules" definition_ref="audit_rules_augenrules" />
<criterion comment="audit {{{ PATH }}} augenrules" test_ref="test_{{{ rule_id }}}_augenrules" />
</criteria>
<criteria operator="AND">
<!-- Test the auditctl case -->
<extend_definition comment="audit auditctl" definition_ref="audit_rules_auditctl" />
<criterion comment="audit {{{ PATH }}} auditctl" test_ref="test_{{{ rule_id }}}_auditctl" />
</criteria>
</criteria>

</definition>
Expand Down
2 changes: 2 additions & 0 deletions shared/templates/audit_rules_watch/template.py
View file
@@ -1,2 +1,4 @@
def preprocess(data, lang):
if "key" not in data:
data["key"] = data["_rule_id"]
return data

0 comments on commit 3ca5d60

Please sign in to comment.