1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
# platform = Red Hat Enterprise Linux 7, multi_platform_fedora
# Include source function library.
. /usr/share/scap-security-guide/remediation_functions
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
[ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64")
for ARCH in "${RULE_ARCHS[@]}"
do
PATTERN="-a always,exit -F arch=$ARCH -S %ATTR%.*"
GROUP="perm_mod"
FULL_RULE="-a always,exit -F arch=$ARCH -S %ATTR% -F auid>=1000 -F auid!=4294967295 -F key=perm_mod"
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE"
fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE"
done
|
