From f29b768dfca7cdfa57ff54353a9629aeba3b1b6e Mon Sep 17 00:00:00 2001 From: Yoav Hizkiahou <44805943+yoavAqua@users.noreply.github.com> Date: Mon, 3 Jun 2019 14:56:48 +0300 Subject: [PATCH 1/2] fix check 3.2.1.c Its was I Yoav Rotem :) fix that won't except comments (start with#) and eq flag instead of string compare in flag: "..... = 0" --- cfg/1.1.0/definitions.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cfg/1.1.0/definitions.yaml b/cfg/1.1.0/definitions.yaml index a39b6a1..03149c3 100644 --- a/cfg/1.1.0/definitions.yaml +++ b/cfg/1.1.0/definitions.yaml @@ -4313,10 +4313,13 @@ groups: - id: 3.2.1.c description: "Ensure source routed packets are not accepted" - audit: "grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*" + audit: "grep ^[^#]net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*" tests: test_items: - - flag: "net.ipv4.conf.all.accept_source_route = 0" + - flag: "net.ipv4.conf.all.accept_source_route" + compare: + op: eq + value: "0" set: true remediation: | Set the following parameters in `/etc/sysctl.conf` or a `/etc/sysctl.d/*` file: From 740a260ebee8a750647131492a86da9a133811bd Mon Sep 17 00:00:00 2001 From: yoavrotems Date: Thu, 26 Sep 2019 00:27:44 +0300 Subject: [PATCH 2/2] Update definitions.yaml --- cfg/1.1.0/definitions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/1.1.0/definitions.yaml b/cfg/1.1.0/definitions.yaml index 03149c3..1a703a6 100644 --- a/cfg/1.1.0/definitions.yaml +++ b/cfg/1.1.0/definitions.yaml @@ -4313,7 +4313,7 @@ groups: - id: 3.2.1.c description: "Ensure source routed packets are not accepted" - audit: "grep ^[^#]net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*" + audit: "grep ^\\s*net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*" tests: test_items: - flag: "net.ipv4.conf.all.accept_source_route"