fix

2023-05-19 01:39:08 +08:00 · 2023-05-19 01:39:08 +08:00 · e72f93dfa0
commit e72f93dfa0
parent f21f424cb7
1 changed files with 12 additions and 9 deletions
--- a/enable-76-rules-for-openEuler.patch
+++ b/enable-76-rules-for-openEuler.patch
@ -1,6 +1,6 @@
-From 808277d4cd1bb001fc2925034f1e770f51b70aa9 Mon Sep 17 00:00:00 2001
+From 262435c4b8c511cf8afc5927051cb0948415f593 Mon Sep 17 00:00:00 2001
-From: "steven.y.gui" <steven_ygui@163.com>
+From: steven_ygui <steven_ygui@163.com>
-Date: Sun, 25 Jun 2023 17:23:33 +0800
+Date: Fri, 19 May 2023 01:37:20 +0800
 Subject: [PATCH] enable-76-rules-for-openEuler.patch
 ---
@ -92,7 +92,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch
 .../files/no_files_unowned_by_user/rule.yml   |  2 +-
 .../files/no_hide_exec_files/oval/shared.xml  | 40 +++++++++
 .../files/no_hide_exec_files/rule.yml         | 14 +++
- .../sysctl_kernel_kptr_restrict/rule.yml      |  5 ++
+ .../sysctl_kernel_kptr_restrict/rule.yml      |  8 +-
 .../sysctl_kernel_dmesg_restrict/rule.yml     |  2 +-
 .../oval/shared.xml                           |  1 +
 .../configure_ssh_crypto_policy/rule.yml      |  2 +-
@ -105,7 +105,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch
 shared/macros-oval.jinja                      | 73 ++++++++++++++++
 shared/templates/template_OVAL_sysctl         |  4 +
 ssg/constants.py                              |  4 +-
- 101 files changed, 1519 insertions(+), 36 deletions(-)
+ 101 files changed, 1521 insertions(+), 37 deletions(-)
 create mode 100644 linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml
 create mode 100644 linux_os/guide/services/ftp/package_ftp_removed/rule.yml
 create mode 100644 linux_os/guide/services/ssh/ssh_server/disable_host_auth/oval/shared.xml
@ -2226,13 +2226,16 @@ index 0000000..5c8bc4b
 +severity: medium
 +
 diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
-index 2408bd0..53cb7f6 100644
+index 2408bd0..a5bd907 100644
 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
-@@ -3,6 +3,11 @@ documentation_complete: true
+@@ -2,7 +2,13 @@ documentation_complete: true
 title: 'Restrict Exposed Kernel Pointer Addresses Access'
- description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'
+-description: '{{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}'
 +description: |-
 +    {{{ describe_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}
 +    {{% if product in ["openeuler2203"] %}}
 +    To ensure easy maintenance and location, 
 +    the kptr_restrict parameter is set to 0 by default in the openEuler release. 
@ -2665,5 +2668,5 @@ index 401c60d..aa081d8 100644
     "opensuse": [
         "cpe:/o:opensuse:leap:42.1",
 -- 
-2.21.0.windows.1
+2.33.0