|
 |
973b04 |
From d455dc468ef51dd595ce6184f1d31ebf4c20ab9c Mon Sep 17 00:00:00 2001
|
|
|
973b04 |
From: Watson Sato <wsato@redhat.com>
|
|
|
973b04 |
Date: Wed, 22 Jul 2020 09:52:50 +0200
|
|
|
973b04 |
Subject: [PATCH] Add grub2 platform to grub2 kernel option rules
|
|
|
973b04 |
|
|
|
973b04 |
This will make sure these rules are applicable only when grub2
|
|
|
973b04 |
(grub2-pc) is installed.
|
|
|
973b04 |
---
|
|
|
973b04 |
linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 2 ++
|
|
|
973b04 |
.../system/auditing/grub2_audit_backlog_limit_argument/rule.yml | 2 +-
|
|
|
973b04 |
.../system/permissions/mounting/grub2_nousb_argument/rule.yml | 2 ++
|
|
|
973b04 |
.../guide/system/permissions/restrictions/poisoning/group.yml | 2 ++
|
|
|
973b04 |
.../restrictions/poisoning/grub2_page_poison_argument/rule.yml | 2 +-
|
|
|
973b04 |
.../restrictions/poisoning/grub2_slub_debug_argument/rule.yml | 2 +-
|
|
|
973b04 |
7 files changed, 11 insertions(+), 3 deletions(-)
|
|
|
973b04 |
|
|
|
973b04 |
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
|
|
|
973b04 |
index 00cb7f9b6c..5f3a47a776 100644
|
|
|
973b04 |
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
|
|
|
973b04 |
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
|
|
|
973b04 |
@@ -102,6 +102,8 @@ warnings:
|
|
|
973b04 |
{{% endif %}}
|
|
|
973b04 |
|
|
|
973b04 |
|
|
|
973b04 |
+platform: grub2
|
|
|
973b04 |
+
|
|
|
973b04 |
template:
|
|
|
973b04 |
name: grub2_bootloader_argument
|
|
|
973b04 |
vars:
|
|
|
973b04 |
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
|
|
|
973b04 |
index 6cab6f7bfe..aa95957b58 100644
|
|
|
973b04 |
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
|
|
|
973b04 |
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
|
|
|
973b04 |
@@ -60,7 +60,7 @@ warnings:
|
|
|
973b04 |
{{% endif %}}
|
|
|
973b04 |
|
|
|
973b04 |
|
|
|
973b04 |
-platform: machine
|
|
|
973b04 |
+platform: grub2
|
|
|
973b04 |
|
|
|
973b04 |
template:
|
|
|
973b04 |
name: grub2_bootloader_argument
|
|
|
973b04 |
diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
|
|
|
973b04 |
index a3c1f48231..407ba2c069 100644
|
|
|
973b04 |
--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
|
|
|
973b04 |
+++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
|
|
|
973b04 |
@@ -37,3 +37,5 @@ warnings:
|
|
|
973b04 |
Disabling all kernel support for USB will cause problems for systems
|
|
|
973b04 |
with USB-based keyboards, mice, or printers. This configuration is
|
|
|
973b04 |
infeasible for systems which require USB devices, which is common.
|
|
|
973b04 |
+
|
|
|
973b04 |
+platform: grub2
|
|
|
973b04 |
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/group.yml b/linux_os/guide/system/permissions/restrictions/poisoning/group.yml
|
|
|
973b04 |
index 6a7a370f2b..030a3e9918 100644
|
|
|
973b04 |
--- a/linux_os/guide/system/permissions/restrictions/poisoning/group.yml
|
|
|
973b04 |
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/group.yml
|
|
|
973b04 |
@@ -6,3 +6,5 @@ description: |-
|
|
|
973b04 |
Memory Poisoning consists of writing a special value to uninitialized or freed memory.
|
|
|
973b04 |
Poisoning can be used as a mechanism to prevent leak of information and detection of
|
|
|
973b04 |
corrupted memory.
|
|
|
973b04 |
+
|
|
|
973b04 |
+platform: machine
|
|
|
973b04 |
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
|
|
|
973b04 |
index e3047ef223..2d97ec75ea 100644
|
|
|
973b04 |
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
|
|
|
973b04 |
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
|
|
|
973b04 |
@@ -60,7 +60,7 @@ warnings:
|
|
|
973b04 |
{{% endif %}}
|
|
|
973b04 |
|
|
|
973b04 |
|
|
|
973b04 |
-platform: machine
|
|
|
973b04 |
+platform: grub2
|
|
|
973b04 |
|
|
|
973b04 |
template:
|
|
|
973b04 |
name: grub2_bootloader_argument
|
|
|
973b04 |
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
|
|
|
973b04 |
index 024c93f18b..39ca33b77a 100644
|
|
|
973b04 |
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
|
|
|
973b04 |
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
|
|
|
973b04 |
@@ -60,7 +60,7 @@ warnings:
|
|
|
973b04 |
{{% endif %}}
|
|
|
973b04 |
|
|
|
973b04 |
|
|
|
973b04 |
-platform: machine
|
|
|
973b04 |
+platform: grub2
|
|
|
973b04 |
|
|
|
973b04 |
template:
|
|
|
973b04 |
name: grub2_bootloader_argument
|