rpms / scap-security-guide

Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.54-use_osrelease_check_system_arch-PR_6458.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f8899dc431d93f8111ec18b6783c8e69fdb47c56
  2.   SOURCES
  3.   scap-security-guide-0.1.54-use_osrelease_check_system_arch-PR_6458.patch
Blob History Raw
f8899d 
From a1ecfdad4c1187ccd645615b4b7b0e431e8a2d9d Mon Sep 17 00:00:00 2001
f8899d 
From: Watson Sato <wsato@redhat.com>
f8899d 
Date: Mon, 7 Dec 2020 11:11:48 +0100
f8899d 
Subject: [PATCH] Check kernel osrelease instead of using uname test
f8899d
f8899d 
Check /proc/sys/kernel/osrelease to get arch of system.
f8899d 
uname test is not supported in offline mode
f8899d 
---
f8899d 
 ...oc_sys_kernel_osrelease_arch_not_s390x.xml | 34 +++++++++++++++++++
f8899d 
 3 files changed, 35 insertions(+), 29 deletions(-)
f8899d 
 create mode 100644 shared/checks/oval/proc_sys_kernel_osrelease_arch_not_s390x.xml
f8899d
f8899d 
diff --git a/shared/checks/oval/proc_sys_kernel_osrelease_arch_not_s390x.xml b/shared/checks/oval/proc_sys_kernel_osrelease_arch_not_s390x.xml
f8899d 
new file mode 100644
f8899d 
index 0000000000..1fc625a1e7
f8899d 
--- /dev/null
f8899d 
+++ b/shared/checks/oval/proc_sys_kernel_osrelease_arch_not_s390x.xml
f8899d 
@@ -0,0 +1,34 @@
f8899d 
+<def-group>
f8899d 
+
f8899d 
+  version="1">
f8899d 
+    <metadata>
f8899d 
+      <title>Test for different architecture than s390x</title>
f8899d 
+      <affected family="unix">
f8899d 
+        <platform>multi_platform_all</platform>
f8899d 
+      </affected>
f8899d 
+      <description>Check that architecture of kernel in /proc/sys/kernel/osrelease is not s390x</description>
f8899d 
+    </metadata>
f8899d 
+    <criteria>
f8899d 
+
f8899d 
+      test_ref="test_proc_sys_kernel_osrelease_arch_s390x" negate="true"/>
f8899d 
+    </criteria>
f8899d 
+  </definition>
f8899d 
+
f8899d 
+      comment="proc_sys_kernel is for s390x architecture"
f8899d 
+      id="test_proc_sys_kernel_osrelease_arch_s390x"
f8899d 
+  version="1">
f8899d 
+    <ind:object object_ref="object_proc_sys_kernel_osrelease_arch_s390x" />
f8899d 
+    <ind:state state_ref="state_proc_sys_kernel_osrelease_arch_s390x" />
f8899d 
+  </ind:textfilecontent54_test>
f8899d 
+
f8899d 
+  <ind:textfilecontent54_object id="object_proc_sys_kernel_osrelease_arch_s390x" version="1">
f8899d 
+    <ind:filepath>/proc/sys/kernel/osrelease</ind:filepath>
f8899d 
+    <ind:pattern operation="pattern match">^.*\.(.*)$</ind:pattern>
f8899d 
+    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
f8899d 
+  </ind:textfilecontent54_object>
f8899d 
+
f8899d 
+  <ind:textfilecontent54_state id="state_proc_sys_kernel_osrelease_arch_s390x" version="1">
f8899d 
+    <ind:subexpression datatype="string" operation="pattern match">^s390x$</ind:subexpression>
f8899d 
+  </ind:textfilecontent54_state>
f8899d 
+
f8899d 
+</def-group>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation