|
 |
f89c37 |
From b08b310a02e022d280b76e89282c8b8dcf3b9b55 Mon Sep 17 00:00:00 2001
|
|
|
f89c37 |
From: Watson Sato <wsato@redhat.com>
|
|
|
f89c37 |
Date: Wed, 4 May 2022 10:02:05 +0200
|
|
|
f89c37 |
Subject: [PATCH 1/3] Filter out symlinks
|
|
|
f89c37 |
|
|
|
f89c37 |
Create a list of paths to symlinks to filter out from the count of
|
|
|
f89c37 |
unique filpaths.
|
|
|
f89c37 |
---
|
|
|
f89c37 |
shared/templates/sysctl/oval.template | 29 ++++++++++++++++++++++++++-
|
|
|
f89c37 |
1 file changed, 28 insertions(+), 1 deletion(-)
|
|
|
f89c37 |
|
|
|
f89c37 |
diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template
|
|
|
f89c37 |
index 97487d6114e..1f30ad86ceb 100644
|
|
|
f89c37 |
--- a/shared/templates/sysctl/oval.template
|
|
|
f89c37 |
+++ b/shared/templates/sysctl/oval.template
|
|
|
f89c37 |
@@ -168,9 +168,36 @@
|
|
|
f89c37 |
</count>
|
|
|
f89c37 |
</local_variable>
|
|
|
f89c37 |
|
|
|
f89c37 |
+ <ind:textfilecontent54_object id="object_static_set_sysctls_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
+ <set>
|
|
|
f89c37 |
+ <object_reference>object_static_set_unfiltered_sysctls_{{{ SYSCTLID }}}</object_reference>
|
|
|
f89c37 |
+ <filter action="exclude">state_{{{ SYSCTLID }}}_filepath_is_symlink</filter>
|
|
|
f89c37 |
+ </set>
|
|
|
f89c37 |
+ </ind:textfilecontent54_object>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <ind:textfilecontent54_state id="state_{{{ SYSCTLID }}}_filepath_is_symlink" version="1">
|
|
|
f89c37 |
+ <ind:filepath operation="equals" var_check="at least one" var_ref="local_var_symlinks_{{{ SYSCTLID }}}" datatype="string" />
|
|
|
f89c37 |
+ </ind:textfilecontent54_state>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <local_variable comment="Unique list of symlink conf files" datatype="string" id="local_var_symlinks_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
+ <unique>
|
|
|
f89c37 |
+ <object_component object_ref="object_{{{ SYSCTLID }}}_symlinks" item_field="filepath" />
|
|
|
f89c37 |
+ </unique>
|
|
|
f89c37 |
+ </local_variable>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ Workaround by querying for all conf files found -->
|
|
|
f89c37 |
+ <unix:symlink_object comment="syctl symlinks" id="object_{{{ SYSCTLID }}}_symlinks" version="1">
|
|
|
f89c37 |
+ <unix:filepath operation="equals" var_ref="local_var_conf_files_{{{ SYSCTLID }}}" />
|
|
|
f89c37 |
+ </unix:symlink_object>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <local_variable comment="List of conf files" datatype="string" id="local_var_conf_files_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
+ <object_component object_ref="object_static_set_unfiltered_sysctls_{{{ SYSCTLID }}}" item_field="filepath" />
|
|
|
f89c37 |
+ </local_variable>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
|
|
|
f89c37 |
variable to have no value even when there are valid objects. -->
|
|
|
f89c37 |
- <ind:textfilecontent54_object id="object_static_set_sysctls_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
+ <ind:textfilecontent54_object id="object_static_set_unfiltered_sysctls_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
<set>
|
|
|
f89c37 |
<object_reference>object_static_etc_sysctls_{{{ SYSCTLID }}}</object_reference>
|
|
|
f89c37 |
<object_reference>object_static_run_usr_sysctls_{{{ SYSCTLID }}}</object_reference>
|
|
|
f89c37 |
|
|
|
f89c37 |
From 29bf2a53d29624aa21fe91d5ad0ee34260514b6f Mon Sep 17 00:00:00 2001
|
|
|
f89c37 |
From: Watson Sato <wsato@redhat.com>
|
|
|
f89c37 |
Date: Wed, 4 May 2022 11:18:46 +0200
|
|
|
f89c37 |
Subject: [PATCH 2/3] Avoid using empty variable when no symlinks exist
|
|
|
f89c37 |
|
|
|
f89c37 |
This avoids directly referencing a variable that may have no values.
|
|
|
f89c37 |
If no symlinks are found, 'local_var_symlinks_{{{ SYSCTLID }}}' will
|
|
|
f89c37 |
have "no values".
|
|
|
f89c37 |
Using this variable in the state comparison will automatically cause the
|
|
|
f89c37 |
definition to evaluate to "unknown".
|
|
|
f89c37 |
|
|
|
f89c37 |
What we do here is inject a blank string with the use of <set>, this
|
|
|
f89c37 |
way, when no symlinks are found, the variable has a single blank string.
|
|
|
f89c37 |
---
|
|
|
f89c37 |
shared/templates/sysctl/oval.template | 32 ++++++++++++++++++++++++++-
|
|
|
f89c37 |
1 file changed, 31 insertions(+), 1 deletion(-)
|
|
|
f89c37 |
|
|
|
f89c37 |
diff --git a/shared/templates/sysctl/oval.template b/shared/templates/sysctl/oval.template
|
|
|
f89c37 |
index 1f30ad86ceb..0b5cde45045 100644
|
|
|
f89c37 |
--- a/shared/templates/sysctl/oval.template
|
|
|
f89c37 |
+++ b/shared/templates/sysctl/oval.template
|
|
|
f89c37 |
@@ -176,9 +176,39 @@
|
|
|
f89c37 |
</ind:textfilecontent54_object>
|
|
|
f89c37 |
|
|
|
f89c37 |
<ind:textfilecontent54_state id="state_{{{ SYSCTLID }}}_filepath_is_symlink" version="1">
|
|
|
f89c37 |
- <ind:filepath operation="equals" var_check="at least one" var_ref="local_var_symlinks_{{{ SYSCTLID }}}" datatype="string" />
|
|
|
f89c37 |
+ <ind:filepath operation="equals" var_check="at least one" var_ref="local_var_safe_symlinks_{{{ SYSCTLID }}}" datatype="string" />
|
|
|
f89c37 |
</ind:textfilecontent54_state>
|
|
|
f89c37 |
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ This ultimately avoids referencing a variable with "no values",
|
|
|
f89c37 |
+ we reference a variable with a blank string -->
|
|
|
f89c37 |
+ <local_variable comment="Unique list of symlink conf files" datatype="string" id="local_var_safe_symlinks_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
+ <unique>
|
|
|
f89c37 |
+ <object_component object_ref="var_object_symlink_{{{ SYSCTLID }}}" item_field="value" />
|
|
|
f89c37 |
+ </unique>
|
|
|
f89c37 |
+ </local_variable>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <ind:variable_object id="var_object_symlink_{{{ SYSCTLID }}}" comment="combine the blank string with symlink paths found" version="1">
|
|
|
f89c37 |
+ <set>
|
|
|
f89c37 |
+ <object_reference>var_obj_symlink_{{{ SYSCTLID }}}</object_reference>
|
|
|
f89c37 |
+ <object_reference>var_obj_blank_{{{ SYSCTLID }}}</object_reference>
|
|
|
f89c37 |
+ </set>
|
|
|
f89c37 |
+ </ind:variable_object>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <ind:variable_object id="var_obj_blank_{{{ SYSCTLID }}}" comment="variable object of the blank string" version="1">
|
|
|
f89c37 |
+ <ind:var_ref>local_var_blank_path_{{{ SYSCTLID }}}</ind:var_ref>
|
|
|
f89c37 |
+ </ind:variable_object>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <local_variable comment="Blank string" datatype="string" id="local_var_blank_path_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
+ <literal_component datatype="string"></literal_component>
|
|
|
f89c37 |
+ </local_variable>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ <ind:variable_object id="var_obj_symlink_{{{ SYSCTLID }}}" comment="variable object of the symlinks found" version="1">
|
|
|
f89c37 |
+ <ind:var_ref>local_var_symlinks_{{{ SYSCTLID }}}</ind:var_ref>
|
|
|
f89c37 |
+ </ind:variable_object>
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+
|
|
|
f89c37 |
<local_variable comment="Unique list of symlink conf files" datatype="string" id="local_var_symlinks_{{{ SYSCTLID }}}" version="1">
|
|
|
f89c37 |
<unique>
|
|
|
f89c37 |
<object_component object_ref="object_{{{ SYSCTLID }}}_symlinks" item_field="filepath" />
|
|
|
f89c37 |
|
|
|
f89c37 |
From 7e9e091517131d30c60a649795d477435017c97b Mon Sep 17 00:00:00 2001
|
|
|
f89c37 |
From: Watson Sato <wsato@redhat.com>
|
|
|
f89c37 |
Date: Wed, 4 May 2022 11:41:13 +0200
|
|
|
f89c37 |
Subject: [PATCH 3/3] Add test scenarios for sysctl symlink
|
|
|
f89c37 |
|
|
|
f89c37 |
---
|
|
|
f89c37 |
.../tests/symlink_different_option.pass.sh | 15 +++++++++++++++
|
|
|
f89c37 |
.../tests/symlink_repeated_sysctl_conf.pass.sh | 11 +++++++++++
|
|
|
f89c37 |
.../tests/symlink_same_option.fail.sh | 15 +++++++++++++++
|
|
|
f89c37 |
3 files changed, 41 insertions(+)
|
|
|
f89c37 |
create mode 100644 linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_different_option.pass.sh
|
|
|
f89c37 |
create mode 100644 linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_repeated_sysctl_conf.pass.sh
|
|
|
f89c37 |
create mode 100644 linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_same_option.fail.sh
|
|
|
f89c37 |
|
|
|
f89c37 |
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_different_option.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_different_option.pass.sh
|
|
|
f89c37 |
new file mode 100644
|
|
|
f89c37 |
index 00000000000..714a8815134
|
|
|
f89c37 |
--- /dev/null
|
|
|
f89c37 |
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_different_option.pass.sh
|
|
|
f89c37 |
@@ -0,0 +1,15 @@
|
|
|
f89c37 |
+#!/bin/bash
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# Clean sysctl config directories
|
|
|
f89c37 |
+rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+sed -i "/net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf
|
|
|
f89c37 |
+echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# Configure a different sysctl option
|
|
|
f89c37 |
+echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.d/90-test.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# Add a symlink
|
|
|
f89c37 |
+ln -s /etc/sysctl.d/90-test.conf /etc/sysctl.d/99-sysctl.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+sysctl -w net.ipv4.conf.default.accept_source_route=0
|
|
|
f89c37 |
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_repeated_sysctl_conf.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_repeated_sysctl_conf.pass.sh
|
|
|
f89c37 |
new file mode 100644
|
|
|
f89c37 |
index 00000000000..1fbbf1b0675
|
|
|
f89c37 |
--- /dev/null
|
|
|
f89c37 |
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_repeated_sysctl_conf.pass.sh
|
|
|
f89c37 |
@@ -0,0 +1,11 @@
|
|
|
f89c37 |
+#!/bin/bash
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# Clean sysctl config directories
|
|
|
f89c37 |
+rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+sed -i "/net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf
|
|
|
f89c37 |
+echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+ln -s /etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+sysctl -w net.ipv4.conf.default.accept_source_route=0
|
|
|
f89c37 |
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_same_option.fail.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_same_option.fail.sh
|
|
|
f89c37 |
new file mode 100644
|
|
|
f89c37 |
index 00000000000..51530f6e80c
|
|
|
f89c37 |
--- /dev/null
|
|
|
f89c37 |
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/symlink_same_option.fail.sh
|
|
|
f89c37 |
@@ -0,0 +1,15 @@
|
|
|
f89c37 |
+#!/bin/bash
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# Clean sysctl config directories
|
|
|
f89c37 |
+rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+sed -i "/net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf
|
|
|
f89c37 |
+echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# Configure the same sysctl option
|
|
|
f89c37 |
+echo "net.ipv4.conf.default.accept_source_route = 0" >> /etc/sysctl.d/90-test.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+# and add a symlink
|
|
|
f89c37 |
+ln -s /etc/sysctl.d/90-test.conf /etc/sysctl.d/99-sysctl.conf
|
|
|
f89c37 |
+
|
|
|
f89c37 |
+sysctl -w net.ipv4.conf.default.accept_source_route=0
|