Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix audit_rules_privileged_commands_unix2_chkpwd #12886

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Fix audit_rules_privileged_commands_unix2_chkpwd #12886

wants to merge 1 commit into from
+24 −10

Conversation

ggbecker
Copy link
Member

Description:

  • Fix audit_rules_privileged_commands_unix2_chkpwd

Rationale:

Review Hints:

  • tests/automatus.py rule --libvirt qemu:///system rhel10 --debug --datastream build/ssg-rhel10-ds.xml --remediate-using bash --scenarios only_chkpwd_rule.fail audit_rules_privileged_commands_unix2_chkpwd

I'm opening as draft as it should fix the issue but I didn't have time to verify it. I should get back to this next week, in the meantime feel free to reuse the idea and close this one in case you fix it in another PR.

@ggbecker ggbecker added bugfix Fixes to reported bugs. RHEL10 Red Hat Enterprise Linux 10 product related. labels Jan 23, 2025
@ggbecker ggbecker added this to the 0.1.76 milestone Jan 23, 2025
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Jan 23, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 23, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@github-actions GitHub Actions
Copy link

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd
@@ -8,11 +8,11 @@
 configured to use the augenrules program to read audit rules during
 daemon startup (the default), add a line of the following form to a file with
 suffix .rules in the directory /etc/audit/rules.d:
--a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
+-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add a line of the following
 form to /etc/audit/audit.rules:
--a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
+-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
 
 [reference]:
 1

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 23, 2025

Code Climate has analyzed commit a00ae30 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfix Fixes to reported bugs. do-not-merge/work-in-progress Used by openshift-ci bot. RHEL10 Red Hat Enterprise Linux 10 product related.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.

Automatus audit_rules_privileged_commands_unix2_chkpwd/only_chkpwd_rule.fail fails on RHEL-10
1 participant
@ggbecker