Grimmauld/linux-bench
1
0
Fork 0
forked from mirrors/linux-bench
Code Pull requests Activity

fix check 3.2.1.c

Browse source 
Its was I Yoav Rotem :) 
fix that won't except comments (start with#) and eq flag instead of string compare in flag: "..... = 0"
This commit is contained in:
Yoav Hizkiahou 2019-06-03 14:56:48 +03:00 committed by GitHub
parent 61e54c1bf7
commit f29b768dfc
Failed to generate hash of commit
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
cfg/1.1.0/definitions.yaml
View file

@ -4313,10 +4313,13 @@ groups:
- id: 3.2.1.c - id: 3.2.1.c
description: "Ensure source routed packets are not accepted" description: "Ensure source routed packets are not accepted"
audit: "grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*" audit: "grep ^[^#]net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*"
tests: tests:
test_items: test_items:
- flag: "net.ipv4.conf.all.accept_source_route = 0" - flag: "net.ipv4.conf.all.accept_source_route"
compare:
op: eq
value: "0"
set: true set: true
remediation: | remediation: |
Set the following parameters in `/etc/sysctl.conf` or a `/etc/sysctl.d/*` file: Set the following parameters in `/etc/sysctl.conf` or a `/etc/sysctl.d/*` file: