Skip to content

Commit

Permalink
Add OVAL check for apparmor profile rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@teacup-on-rockingchair
teacup-on-rockingchair committed Nov 14, 2023
1 parent 740e967 commit 944c816
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions ...x_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<def-group>
<definition class="compliance" id="{{{ rule_id }}}" version="1">
{{{ oval_metadata("Ensure AppArmor profiles are in enforce complain mode") }}}
<criteria operator="AND">
</criteria>
</definition>
<ind:textfilecontent54_object id="obj_apparmor_profiles" version="1">
<ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
<ind:pattern operation="pattern match" datatype="string">^.*$</ind:pattern>
<ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
<ind:textfilecontent54_object id="obj_apparmor_enforced_profiles" version="1">
<ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
<ind:pattern operation="pattern match" datatype="string">^\(enforce\)*$</ind:pattern>
<ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
<ind:textfilecontent54_object id="obj_apparmor_complaining_profiles" version="1">
<ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
<ind:pattern operation="pattern match" datatype="string">^\(complain\)*$</ind:pattern>
<ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
<local_variable datatype="int" id="var_num_apparmor_profiles" version="1" comment="apparmor profiles">
<object_component item_field="subexpression" object_ref="obj_apparmor_profiles" />
</local_variable>
<local_variable datatype="int" id="var_num_apparmor_enforced_profiles" version="1" comment="enforce apparmor profiles">
<object_component item_field="subexpression" object_ref="obj_apparmor_enforced_profiles" />
</local_variable>
<local_variable datatype="int" id="var_num_apparmor_complaining_profiles" version="1" comment="enforce apparmor profiles">
<object_component item_field="subexpression" object_ref="obj_apparmor_complaining_profiles" />
</local_variable>
</def-group>

0 comments on commit 944c816

Please sign in to comment.