[PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively

Wed, 16 Apr 2014 05:45:07 -0700 

Patch summary:
  * check for 'nousb' argument on kernel command line in /etc/grub.conf
    within the bootloader_nousb_argument check in a case-insensitive way
  * update comments where appropriate
  * add test attestation timestamp
  * replace path + filename ind construct with filepath one

Testing report:
  * Tested on RHEL-6. Works fine.

Please review.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team


From ee20ed82a1de7af715f124ba04177a79d5b69978 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Wed, 16 Apr 2014 14:37:20 +0200
Subject: [PATCH] [RHEL/6] Search for nousb kernel command line argument in
 /etc/grub.conf          within bootloader_nousb_argument check
 case-insensitively

Signed-off-by: Jan Lieskovsky <[email protected]>
---
 RHEL/6/input/checks/bootloader_nousb_argument.xml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/RHEL/6/input/checks/bootloader_nousb_argument.xml b/RHEL/6/input/checks/bootloader_nousb_argument.xml
index 7c869c0..f19ba3b 100644
--- a/RHEL/6/input/checks/bootloader_nousb_argument.xml
+++ b/RHEL/6/input/checks/bootloader_nousb_argument.xml
@@ -5,19 +5,19 @@
       <affected family="unix">
         <platform>Red Hat Enterprise Linux 6</platform>
       </affected>
-      <description>Look for argument "nousb" in the kernel line in /etc/grub.conf</description>
+      <description>Case-insensitively look for argument "nousb" in the kernel line in /etc/grub.conf</description>
+      <reference source="JL" ref_id="20140416" ref_url="test_attestation" />
     </metadata>
     <criteria>
-      <criterion test_ref="test_bootloader_nousb_argument" comment="look for argument 'nousb' in the kernel line in /etc/grub.conf" />
+      <criterion test_ref="test_bootloader_nousb_argument" comment="case-insensitively look for argument 'nousb' in the kernel line in /etc/grub.conf" />
     </criteria>
   </definition>
-  <ind:textfilecontent54_test check="all" comment="look for argument 'nousb' in the kernel line in /etc/grub.conf" id="test_bootloader_nousb_argument" version="1">
+  <ind:textfilecontent54_test check="all" comment="case-insensitively look for argument 'nousb' in the kernel line in /etc/grub.conf" id="test_bootloader_nousb_argument" version="1">
     <ind:object object_ref="object_bootloader_nousb_argument" />
   </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="object_bootloader_nousb_argument" version="1">
-    <ind:path>/etc</ind:path>
-    <ind:filename>grub.conf</ind:filename>
-    <ind:pattern operation="pattern match">^\s*kernel\s/vmlinuz.*nousb.*$</ind:pattern>
+  <ind:textfilecontent54_object id="object_bootloader_nousb_argument" version="2">
+    <ind:filepath>/etc/grub.conf</ind:filepath>
+    <ind:pattern operation="pattern match">^\s*kernel\s/vmlinuz.*(?i)nousb(?-i).*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 </def-group>
-- 
1.8.3.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to