From f89db6825dbf08cba3bc5d473e8edb8c077cbad6 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 30 Nov 2023 17:19:30 +0100
Subject: [PATCH] remove explicit remediations, check and tests from templated
 rule audit_rules_privileged_commands_kmod

---
 .../ansible/shared.yml                        |  8 ----
 .../bash/shared.sh                            |  5 ---
 .../oval/shared.xml                           | 39 -------------------
 .../tests/auditctl_correct_value.pass.sh      |  5 ---
 .../tests/augenrules_correct_value.pass.sh    |  4 --
 .../tests/ocp4/e2e.yml                        |  3 --
 6 files changed, 64 deletions(-)
 delete mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/ansible/shared.yml
 delete mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/bash/shared.sh
 delete mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/oval/shared.xml
 delete mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/auditctl_correct_value.pass.sh
 delete mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/augenrules_correct_value.pass.sh
 delete mode 100644 linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/ocp4/e2e.yml

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/ansible/shared.yml
deleted file mode 100644
index b1ea1bf3892..00000000000
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/ansible/shared.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-# platform = multi_platform_all
-# reboot = false
-# strategy = restrict
-# complexity = low
-# disruption = low
-
-{{{ ansible_audit_augenrules_add_watch_rule(path='/usr/bin/kmod', permissions='x', key='modules') }}}
-{{{ ansible_audit_auditctl_add_watch_rule(path='/usr/bin/kmod', permissions='x', key='modules') }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/bash/shared.sh
deleted file mode 100644
index 876621c0e37..00000000000
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/bash/shared.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-# platform = multi_platform_all
-
-# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
-{{{ bash_fix_audit_watch_rule("auditctl", "/usr/bin/kmod", "x", "modules") }}}
-{{{ bash_fix_audit_watch_rule("augenrules", "/usr/bin/kmod", "x", "modules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/oval/shared.xml
deleted file mode 100644
index a3b5217ef77..00000000000
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/oval/shared.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<def-group>
-    <definition class="compliance" id="audit_rules_privileged_commands_kmod" version="1">
-      {{{ oval_metadata("Ensure audit rule for all uses of the kmod command is enabled.") }}}
-  
-      <criteria operator="OR">
-  
-        <!-- Test the augenrules case -->
-        <criteria operator="AND">
-          <extend_definition comment="audit augenrules" definition_ref="audit_rules_augenrules" />
-          <criterion comment="audit augenrules kmod" test_ref="test_kmod_augenrules" />
-        </criteria>
-  
-        <!-- Test the auditctl case -->
-        <criteria operator="AND">
-          <extend_definition comment="audit auditctl" definition_ref="audit_rules_auditctl" />
-          <criterion comment="audit auditctl kmod" test_ref="test_kmod_auditctl" />
-        </criteria>
-      </criteria>
-    </definition>
-  
-    <ind:textfilecontent54_test check="all" check_existence="only_one_exists" comment="audit augenrules kmod" id="test_kmod_augenrules" version="1">
-      <ind:object object_ref="object_kmod_augenrules" />
-    </ind:textfilecontent54_test>
-    <ind:textfilecontent54_object id="object_kmod_augenrules" version="1">
-      <ind:filepath operation="pattern match">^/etc/audit/rules\.d/.*\.rules$</ind:filepath>
-      <ind:pattern operation="pattern match">^[\s]*-w[\s]+/usr/bin/kmod[\s]+-p[\s]+x[\s]+-k[\s]+modules[\s]*$</ind:pattern>
-      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-    </ind:textfilecontent54_object>
-  
-    <ind:textfilecontent54_test check="all" check_existence="only_one_exists" comment="audit auditctl kmod" id="test_kmod_auditctl" version="1">
-      <ind:object object_ref="object_kmod_auditctl" />
-    </ind:textfilecontent54_test>
-    <ind:textfilecontent54_object id="object_kmod_auditctl" version="1">
-      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
-      <ind:pattern operation="pattern match">^[\s]*-w[\s]+/usr/bin/kmod[\s]+-p[\s]+x[\s]+-k[\s]+modules[\s]*$</ind:pattern>
-      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-    </ind:textfilecontent54_object>
-  
-  </def-group>
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/auditctl_correct_value.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/auditctl_correct_value.pass.sh
deleted file mode 100644
index f70af8714a5..00000000000
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/auditctl_correct_value.pass.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# packages = audit
-
-echo "-w /usr/bin/kmod -p x -k modules" >> /etc/audit/audit.rules
-sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/augenrules_correct_value.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/augenrules_correct_value.pass.sh
deleted file mode 100644
index 31849a9a90d..00000000000
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/augenrules_correct_value.pass.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-# packages = audit
-
-echo "-w /usr/bin/kmod -p x -k modules" >> /etc/audit/rules.d/modules.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/ocp4/e2e.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/ocp4/e2e.yml
deleted file mode 100644
index fd9b313e87b..00000000000
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/tests/ocp4/e2e.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-default_result: FAIL
-result_after_remediation: PASS