Skip to content

Commit

Permalink
Merge pull request #159 from SemioticLabs/Move-uname-to-global-variable
Browse files Browse the repository at this point in the history
Convert uname variable to global variable
  • Loading branch information
schurzi authored Nov 24, 2023
2 parents 3ed97df + bb91c0a commit a71bc1e
Showing 1 changed file with 11 additions and 17 deletions.
28 changes: 11 additions & 17 deletions controls/4_1_configure_system_accounting_auditd.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
title '4.1 Configure System Accounting (auditd)'

uid_min = login_defs.UID_MIN.to_i
uname_machine = command('uname -m').stdout.strip

control 'cis-dil-benchmark-4.1.1.1' do
title 'Ensure audit log storage size is configured'
Expand Down Expand Up @@ -150,8 +151,7 @@
its('content') { should match %r{^-w /etc/localtime -p wa -k time-change$} }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64' || uname == 'aarch64'
if uname_machine == 'x86_64' || uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S adjtimex -S settimeofday -k time-change$/) }
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S clock_settime -k time-change$/) }
Expand Down Expand Up @@ -196,8 +196,7 @@
its('content') { should match %r{^-w /etc/sysconfig/network -p wa -k system-locale$} }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64' || uname == 'aarch64'
if uname_machine == 'x86_64' || uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S sethostname -S setdomainname -k system-locale$/) }
end
Expand Down Expand Up @@ -276,8 +275,7 @@
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64'
if uname_machine == 'x86_64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
Expand All @@ -286,7 +284,7 @@
end

# For aarch64 the symbols chmod, chown and lchown are not available
if uname == 'aarch64'
if uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S fchmod -S fchmodat -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S fchown -S fchownat -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
Expand All @@ -310,16 +308,15 @@
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64'
if uname_machine == 'x86_64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
end
end

# For aarch64 the symbols creat and open are not available
if uname == 'aarch64'
if uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
Expand Down Expand Up @@ -358,8 +355,7 @@
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b32 -S mount -F auid>=#{uid_min} -F auid!=4294967295 -k mounts$/) }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64' || uname == 'aarch64'
if uname_machine == 'x86_64' || uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S mount -F auid>=#{uid_min} -F auid!=4294967295 -k mounts$/) }
end
Expand All @@ -380,15 +376,14 @@
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=#{uid_min} -F auid!=4294967295 -k delete$/) }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64'
if uname_machine == 'x86_64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=#{uid_min} -F auid!=4294967295 -k delete$/) }
end
end

# For aarch64 the symbols unlink and rename are not available
if uname == 'aarch64'
if uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S unlinkat -S renameat -F auid>=#{uid_min} -F auid!=4294967295 -k delete$/) }
end
Expand Down Expand Up @@ -442,8 +437,7 @@
its('content') { should match(%r{^-w /sbin/modprobe -p x -k modules$}) }
end

uname = command('uname -m').stdout.strip
if uname == 'x86_64' || uname == 'aarch64'
if uname_machine == 'x86_64' || uname_machine == 'aarch64'
describe file('/etc/audit/audit.rules') do
its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S init_module -S delete_module -k modules$/) }
end
Expand Down

0 comments on commit a71bc1e

Please sign in to comment.