From e72f93dfa02499223c7d4ff658d99f18687bb9e2 Mon Sep 17 00:00:00 2001 From: steven_ygui Date: Fri, 19 May 2023 01:39:08 +0800 Subject: [PATCH] fix --- enable-76-rules-for-openEuler.patch | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/enable-76-rules-for-openEuler.patch b/enable-76-rules-for-openEuler.patch index 0955ac5..3b86709 100644 --- a/enable-76-rules-for-openEuler.patch +++ b/enable-76-rules-for-openEuler.patch @@ -1,6 +1,6 @@ -From 808277d4cd1bb001fc2925034f1e770f51b70aa9 Mon Sep 17 00:00:00 2001 -From: "steven.y.gui" -Date: Sun, 25 Jun 2023 17:23:33 +0800 +From 262435c4b8c511cf8afc5927051cb0948415f593 Mon Sep 17 00:00:00 2001 +From: steven_ygui +Date: Fri, 19 May 2023 01:37:20 +0800 Subject: [PATCH] enable-76-rules-for-openEuler.patch --- @@ -92,7 +92,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch .../files/no_files_unowned_by_user/rule.yml | 2 +- .../files/no_hide_exec_files/oval/shared.xml | 40 +++++++++ .../files/no_hide_exec_files/rule.yml | 14 +++ - .../sysctl_kernel_kptr_restrict/rule.yml | 5 ++ + .../sysctl_kernel_kptr_restrict/rule.yml | 8 +- .../sysctl_kernel_dmesg_restrict/rule.yml | 2 +- .../oval/shared.xml | 1 + .../configure_ssh_crypto_policy/rule.yml | 2 +- @@ -105,7 +105,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch shared/macros-oval.jinja | 73 ++++++++++++++++ shared/templates/template_OVAL_sysctl | 4 + ssg/constants.py | 4 +- - 101 files changed, 1519 insertions(+), 36 deletions(-) + 101 files changed, 1521 insertions(+), 37 deletions(-) create mode 100644 linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml create mode 100644 linux_os/guide/services/ftp/package_ftp_removed/rule.yml create mode 100644 linux_os/guide/services/ssh/ssh_server/disable_host_auth/oval/shared.xml @@ -2226,13 +2226,16 @@ index 0000000..5c8bc4b +severity: medium + diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml -index 2408bd0..53cb7f6 100644 +index 2408bd0..a5bd907 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml -@@ -3,6 +3,11 @@ documentation_complete: true +@@ -2,7 +2,13 @@ documentation_complete: true + title: 'Restrict Exposed Kernel Pointer Addresses Access' - description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}' +-description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}' ++description: |- ++ {{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}} + {{% if product in ["openeuler2203"] %}} + To ensure easy maintenance and location, + the kptr_restrict parameter is set to 0 by default in the openEuler release. @@ -2665,5 +2668,5 @@ index 401c60d..aa081d8 100644 "opensuse": [ "cpe:/o:opensuse:leap:42.1", -- -2.21.0.windows.1 +2.33.0