mirrors/linux-bench
1
0
Fork 1
mirror of https://github.com/aquasecurity/linux-bench.git synced 2025-02-23 06:35:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix check 3.2.1.c

Browse source 
Its was I Yoav Rotem :) 
fix that won't except comments (start with#) and eq flag instead of string compare in flag: "..... = 0"
This commit is contained in:
Yoav Hizkiahou 2019-06-03 14:56:48 +03:00 committed by GitHub
parent 61e54c1bf7
commit f29b768dfc
Failed to generate hash of commit
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
cfg/1.1.0/definitions.yaml
View file

@ -4313,10 +4313,13 @@ groups:
- id: 3.2.1.c
description: "Ensure source routed packets are not accepted"
audit: "grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*"
audit: "grep ^[^#]net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*"
tests:
test_items:
- flag: "net.ipv4.conf.all.accept_source_route = 0"
- flag: "net.ipv4.conf.all.accept_source_route"
compare:
op: eq
value: "0"
set: true
remediation: |
Set the following parameters in `/etc/sysctl.conf` or a `/etc/sysctl.d/*` file: