mirrors/linux-bench
1
0
Fork 1
mirror of https://github.com/aquasecurity/linux-bench.git synced 2025-02-23 06:35:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Correct YAML lint errors

Browse source
This commit is contained in:
Liz Rice 2020-12-21 17:53:44 +00:00 committed by GitHub
parent 599b4a1100
commit 7439ea9dab
Failed to generate hash of commit
1 changed files with 16 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
cfg/2.0.0/definitions.yaml
View file

@ -1479,7 +1479,6 @@ groups:
op: eq op: eq
value: "0" value: "0"
set: false set: false
test_items:
- flag: "enforcing" - flag: "enforcing"
compare: compare:
op: eq op: eq
@ -2456,7 +2455,7 @@ groups:
test_items: test_items:
- flag: "restrict -4 default kod nomodify notrap nopeer noquery" - flag: "restrict -4 default kod nomodify notrap nopeer noquery"
set: true set: true
flag: "restrict -6 default kod nomodify notrap nopeer noquery" - flag: "restrict -6 default kod nomodify notrap nopeer noquery"
set: true set: true
remediation: | remediation: |
Add or edit restrict lines in `/etc/ntp.conf` to match the following: Add or edit restrict lines in `/etc/ntp.conf` to match the following:
@ -6736,7 +6735,6 @@ groups:
and add the following lines: and add the following lines:
-w /etc/sudoers -p wa -k scope -w /etc/sudoers -p wa -k scope
-w /etc/sudoers.d/ -p wa -k scope -w /etc/sudoers.d/ -p wa -k scope
scored: true scored: true
- id: 4.1.16.b - id: 4.1.16.b
@ -6755,14 +6753,6 @@ groups:
and add the following lines: and add the following lines:
-w /etc/sudoers -p wa -k scope -w /etc/sudoers -p wa -k scope
-w /etc/sudoers.d/ -p wa -k scope -w /etc/sudoers.d/ -p wa -k scope
scored: true
remediation: |
Add the following line to the `/etc/audit/rules.d/*.rules` file:
-w /etc/sudoers -p wa -k scope
-w /etc/sudoers.d/ -p wa -k scope
scored: true scored: true
- id: 4.1.17.a - id: 4.1.17.a
@ -6780,7 +6770,6 @@ groups:
Example: vi /etc/audit/rules.d/audit.rules Example: vi /etc/audit/rules.d/audit.rules
and add the following lines: and add the following lines:
-w /var/log/sudo.log -p wa -k actions -w /var/log/sudo.log -p wa -k actions
scored: true scored: true
- id: 4.1.17.b - id: 4.1.17.b
@ -6795,7 +6784,6 @@ groups:
Example: vi /etc/audit/rules.d/audit.rules Example: vi /etc/audit/rules.d/audit.rules
and add the following lines: and add the following lines:
-w /var/log/sudo.log -p wa -k actions -w /var/log/sudo.log -p wa -k actions
scored: true scored: true
- id: 4.1.18.a - id: 4.1.18.a
@ -6820,7 +6808,6 @@ groups:
-w /sbin/rmmod -p x -k modules -w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules -w /sbin/modprobe -p x -k modules
-a always,exit -F arch=b64 -S init_module -S delete_module -k modules -a always,exit -F arch=b64 -S init_module -S delete_module -k modules
scored: true scored: true
- id: 4.1.18.b - id: 4.1.18.b
@ -6845,10 +6832,8 @@ groups:
-w /sbin/rmmod -p x -k modules -w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules -w /sbin/modprobe -p x -k modules
-a always,exit -F arch=b64 -S init_module -S delete_module -k modules -a always,exit -F arch=b64 -S init_module -S delete_module -k modules
scored: true scored: true
scored: true
- id: 4.1.19 - id: 4.1.19
description: "Ensure the audit configuration is immutable" description: "Ensure the audit configuration is immutable"
audit: "grep ^\\s*[^#] /etc/audit/rules.d/*.rules | tail -1" audit: "grep ^\\s*[^#] /etc/audit/rules.d/*.rules | tail -1"