Introduce template audit_rules_kernel_module_loading #14024
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use template audit_rules_kernel_module_loading instead of static content in rules audit_rules_kernel_module_loading_create, audit_rules_kernel_module_loading_delete audit_rules_kernel_module_loading_finit, audit_rules_kernel_module_loading_init, audit_rules_kernel_module_loading_query. This change unifies the content and reduces code duplication.
Unify rule descriptions in rules that use the audit_rules_kernel_module_loading template.
Refactor the OVAL code in audit_rules_kernel_module_loading template by moving the common code to a new Jinja macro. The point of this change is to have just a single definition of the regular expression. That allows us to change the regular expression more easily.
Create templated test scenarios for the audit_rules_kernel_module_loading template, based on existing scenarios in rule audit_rules_kernel_module_loading_delete. Remove some per-rule test scenarios to prevent duplication.
jan-cerny
requested review from
Mab879,
matusmarhefka and
vojtapolasek
as code owners
|
@jan-cerny: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@yuumasato @Vincent056 @rhmdnd Can you please review the k8s remediation? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Introduce new template
audit_rules_kernel_module_loadingand use this template in rules inaudit_kernel_module_loadinggroup instead of static content. This change reduces code duplication and unifies code among similar rules.Rationale:
Consequence of this change is that the rule
audit_rules_kernel_module_loading_createnow will start containing-F auid>=1000 -F auid!=unsetin the audit rule that was missing there.Resolves: https://issues.redhat.com/browse/RHEL-102334
Review Hints:
Run automatus tests for audit_rules_kernel_module_loading_create and other rules.