1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
{{% if ARG_NEGATE %}}
{{% set negate_string = "not " %}}
{{%- else %}}
{{% set negate_string = "" %}}
{{%- endif %}}
{{% if ARG_VALUE %}}
{{% set name_value = ARG_NAME + "=" + ARG_VALUE %}}
{{%- else %}}
{{% set name_value = ARG_NAME %}}
{{%- endif %}}
<def-group>
<definition class="compliance" id="{{{ _RULE_ID }}}" version="2">
{{{ oval_metadata("Ensure " + name_value +" argument is " + negate_string + "present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline.") }}}
<criteria operator="AND">
<criteria operator="OR">
<criteria operator="AND">
{{{- oval_file_absent_criterion('/boot/loader/entries/ostree-2.*.conf')}}}
{{{- oval_argument_value_in_line_criterion('/boot/loader/entries/ostree-1.*.conf', ARG_NAME, ARG_VALUE, 'Linux kernel', negate=ARG_NEGATE) }}}
</criteria>
<criteria operator="AND">
{{{- oval_argument_value_in_line_criterion('/boot/loader/entries/ostree-2.*.conf', ARG_NAME, ARG_VALUE, 'Linux kernel', negate=ARG_NEGATE) }}}
</criteria>
</criteria>
<criteria operator="AND">
{{{- oval_argument_value_in_line_criterion('/proc/cmdline', ARG_NAME, ARG_VALUE, 'Linux kernel', negate=ARG_NEGATE) }}}
</criteria>
</criteria>
</definition>
{{{- oval_file_absent('/boot/loader/entries/ostree-2.*.conf') }}}
{{{-
oval_argument_value_in_line_test('/boot/loader/entries/ostree-1.*.conf', ARG_NAME, ARG_VALUE, 'options ', is_regex=ARG_IS_REGEX) }}}
{{{- oval_argument_value_in_line_test('/boot/loader/entries/ostree-2.*.conf', ARG_NAME, ARG_VALUE, 'options ', is_regex=ARG_IS_REGEX) }}}
{{{- oval_argument_value_in_line_test('/proc/cmdline', ARG_NAME, ARG_VALUE, 'BOOT_IMAGE', is_regex=ARG_IS_REGEX) }}}
</def-group>
|
