From a1a97cb4da24a89af5367c775b1b6cf34e908d55 Mon Sep 17 00:00:00 2001 From: Miha Purg Date: Tue, 14 Nov 2023 14:52:00 +0100 Subject: [PATCH 1/2] Add ubuntu product to audit_rules_kernel_odule_loading_delete tests --- .../tests/correct_rules.pass.sh | 2 +- .../tests/missing_auid_filter.fail.sh | 2 +- .../tests/wrong_list_action.fail.sh | 2 +- .../tests/wrong_syscall.fail.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh index a95b199a978..4c66a1fdeb3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh @@ -3,7 +3,7 @@ rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules -{{% if "ol" in product or 'rhel' in product %}} +{{% if "ol" in product or 'rhel' in product or 'ubuntu' in product %}} echo "-a always,exit -F arch=b32 -S delete_module -F auid>={{{ uid_min }}} -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules echo "-a always,exit -F arch=b64 -S delete_module -F auid>={{{ uid_min }}} -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules {{% else %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh index ebf2a9cab12..1b8463b158f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8 +# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,Ubuntu 20.04 # packages = audit rm -f /etc/audit/rules.d/* diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh index 66ff80851fe..70669c323a3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh @@ -3,7 +3,7 @@ rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules\ -{{% if "ol" in product or 'rhel' in product %}} +{{% if "ol" in product or 'rhel' in product or 'ubuntu' in product %}} echo "-a never,exit -F arch=b32 -S delete_module -F auid>={{{ uid_min }}} -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules echo "-a never,exit -F arch=b64 -S delete_module -F auid>={{{ uid_min }}} -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules {{% else %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh index 380bb01f1a7..13359e8d200 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh @@ -3,7 +3,7 @@ rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules -{{% if "ol" in product or 'rhel' in product %}} +{{% if "ol" in product or 'rhel' in product or 'ubuntu' in product %}} echo "-a always,exit -F arch=b32 -S delete -F auid>={{{ uid_min }}} -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules echo "-a always,exit -F arch=b64 -S delete -F auid>={{{ uid_min }}} -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules {{% else %}} From 6f70a60b6446149361da47ce41a9b6077269f260 Mon Sep 17 00:00:00 2001 From: Miha Purg Date: Tue, 14 Nov 2023 15:18:11 +0100 Subject: [PATCH 2/2] Change to multi_platform_ubuntu --- .../tests/missing_auid_filter.fail.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh index 1b8463b158f..1bf2449b44f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,Ubuntu 20.04 +# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu # packages = audit rm -f /etc/audit/rules.d/*