File: bash.template

package info (click to toggle)
scap-security-guide 0.1.79-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,704 kB
  • sloc: xml: 244,677; sh: 84,647; python: 33,203; makefile: 27
file content (27 lines) | stat: -rw-r--r-- 1,221 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# platform = multi_platform_all

# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
# Note: 32-bit and 64-bit kernel syscall numbers not always line up =>
#       it's required on a 64-bit system to check also for the presence
#       of 32-bit's equivalent of the corresponding rule.
#       (See `man 7 audit.rules` for details )
[ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64")

for ARCH in "${RULE_ARCHS[@]}"
do
	ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
	OTHER_FILTERS=""
	{{% if "ol" in families or 'rhel' in product or 'ubuntu' in product %}}
	AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=unset"
	{{% else %}}
	AUID_FILTERS=""
	{{% endif %}}
	SYSCALL="{{{ NAME }}}"
	KEY="modules"
	SYSCALL_GROUPING="{{{ SYSCALL_GROUPING }}}"
	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
	{{{ bash_fix_audit_syscall_rule("augenrules", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
	{{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
done