Fix file_permissions_etc_audit_rulesd in Image Mode #12855
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The rule file_permissions_etc_audit_rulesd fails in a scan executed after VM deployment of a CentOS Stream 9 bootable container image hardened with the STIG profile. The rule requires that all files in the `/etc/audit/rules.d/*.rules` directory need to have mode 0600. However, the scan report shows 2 files with mode 0640. This rule passed during the build of the bootable container image. Therefore, the offending files were created after the rule is evaluated. These files are created by a remediation of a different rule `audit_rules_kernel_module_loading_delete`. We can fix the problem by setting the expected mode at the time of creating these files. The file mode set by `bash_fix_audit_syscall_rule` was inconsistent: on line 1768 we set it to 0600, but in this case we just removed permissions of the others. With this fix the file mode value in the macro will be consistently set to 0600.
jan-cerny
added
Bash
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
Code Climate has analyzed commit 5e183ab and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.9% (0.0% change). View more on Code Climate. |
matusmarhefka
approved these changes
Jan 20, 2025
matusmarhefka
merged commit b813196
into
ComplianceAsCode:master
108 of 109 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The rule file_permissions_etc_audit_rulesd fails in a scan executed after VM deployment of a CentOS Stream 9 bootable container image hardened with the STIG profile. The rule requires that all files in the
/etc/audit/rules.d/*.rulesdirectory need to have mode 0600. However, the scan report shows 2 files with mode 0640. This rule passed during the build of the bootable container image. Therefore, the offending files were created after the rule is evaluated. These files are created by a remediation of a different ruleaudit_rules_kernel_module_loading_delete. We can fix the problem by setting the expected mode at the time of creating these files. The file mode set bybash_fix_audit_syscall_rulewas inconsistent: on line 1768 we set it to 0600, but in this case we just removed permissions of the others. With this fix the file mode value in the macro will be consistently set to 0600.