Skip to content

Commit dae5726

Browse files
vojtapolasekvojtapolasek
committed
Merge pull request #7254 from matejak/remediation_metadata
Remove specific metadata in shared Bash remediations (cherry picked from commit 6446ebb)
1 parent 3ce05d0 commit dae5726

File tree

43 files changed

+43
-76
lines changed
  • linux_os/guide
    • services
    • system
      • accounts
        • accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash
        • accounts-restrictions
        • accounts-session
      • auditing
        • auditd_configure_rules
          • audit_kernel_module_loading
            • audit_rules_kernel_module_loading_delete/bash
            • audit_rules_kernel_module_loading_finit/bash
            • audit_rules_kernel_module_loading_init/bash
            • audit_rules_kernel_module_loading/bash
          • audit_rules_system_shutdown/bash
          • directory_access_var_log_audit/bash
        • policy_rules/audit_rules_for_ospp/bash
      • bootloader-zipl/zipl_bootmap_is_up_to_date/bash
      • network/network-iptables
        • iptables_activation/set_ip6tables_default_rule/bash
        • iptables_ruleset_modifications
      • permissions
        • files
          • dir_perms_world_writable_root_owned/bash
          • permissions_within_important_dirs
        • restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/bash
      • software
        • integrity
          • crypto/harden_ssh_client_crypto_policy/bash
          • software-integrity/aide/aide_scan_notification/bash
        • updating

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

43 files changed

+43
-76
lines changed

linux_os/guide/services/kerberos/kerberos_disable_no_keytab/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
1+
# platform = multi_platform_all
22

33
rm -f /etc/*.keytab

linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,Red Hat Enterprise Linux 8
1+
# platform = multi_platform_all
22

33
if grep -q 'OPTIONS=.*' /etc/sysconfig/chronyd; then
44
# trying to solve cases where the parameter after OPTIONS

linux_os/guide/services/usbguard/usbguard_allow_hid/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
1+
# platform = multi_platform_all
22

33
# path of file with Usbguard rules
44
rulesfile="/etc/usbguard/rules.conf"

linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/bin/bash
2-
# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
2+
# platform = multi_platform_all
33

44

55
echo "allow with-interface match-all { 03:*:* 09:00:* }" >> /etc/usbguard/rules.conf

linux_os/guide/services/usbguard/usbguard_allow_hub/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
1+
# platform = multi_platform_all
22

33

44
echo "allow with-interface match-all { 09:00:* }" >> /etc/usbguard/rules.conf

linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
1+
# platform = multi_platform_all
22
# reboot = true
33
# strategy = restrict
44
# complexity = low

linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
1+
# platform = multi_platform_all
22
# reboot = true
33
# strategy = restrict
44
# complexity = low

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux
1+
# platform = multi_platform_all
22
. /usr/share/scap-security-guide/remediation_functions
33
{{{ bash_instantiate_variables("var_password_pam_retry") }}}
44

linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/bash/fedora.sh

Lines changed: 0 additions & 11 deletions
This file was deleted.

linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/bash/shared.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_rhv
1+
# platform = multi_platform_all
22
. /usr/share/scap-security-guide/remediation_functions
33
{{{ bash_instantiate_variables("var_accounts_minimum_age_login_defs") }}}
44

0 commit comments

Comments
 (0)