From f29b768dfca7cdfa57ff54353a9629aeba3b1b6e Mon Sep 17 00:00:00 2001
From: Yoav Hizkiahou <44805943+yoavAqua@users.noreply.github.com>
Date: Mon, 3 Jun 2019 14:56:48 +0300
Subject: [PATCH] fix check 3.2.1.c

Its was I Yoav Rotem :)
fix that won't except comments (start with#) and eq flag instead of string compare in flag: "..... = 0"
---
 cfg/1.1.0/definitions.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cfg/1.1.0/definitions.yaml b/cfg/1.1.0/definitions.yaml
index a39b6a1..03149c3 100644
--- a/cfg/1.1.0/definitions.yaml
+++ b/cfg/1.1.0/definitions.yaml
@@ -4313,10 +4313,13 @@ groups:
             
     - id: 3.2.1.c
       description: "Ensure source routed packets are not accepted"
-      audit: "grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*"   
+      audit: "grep ^[^#]net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*"   
       tests:
         test_items:
-        - flag: "net.ipv4.conf.all.accept_source_route = 0"
+        - flag: "net.ipv4.conf.all.accept_source_route"
+          compare:
+            op: eq
+            value: "0"
           set: true                        
       remediation: |
             Set the following parameters in `/etc/sysctl.conf` or a `/etc/sysctl.d/*` file: