From fe733c1e8b1c28f5199ea2a99d076c25539d6ddc Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Mon, 11 Mar 2024 13:35:59 +0100 Subject: [PATCH 1/2] all_apparmor_profiles_in_enforce_complain_mode: Fix OVAL logic Current OVAL fails with unknown result because the variables are looking for a subexpression of the subject when there's none. Also remove check for unconfined as it is not needed --- .../oval/shared.xml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml index 9347535cf47..15b4579e171 100644 --- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml +++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml @@ -8,23 +8,17 @@ /sys/kernel/security/apparmor/profiles - ^.*$ + ^(.*)$ 1 /sys/kernel/security/apparmor/profiles - ^.*\(enforce\)$ + ^.*(\(enforce\))$ 1 /sys/kernel/security/apparmor/profiles - ^.*\(complain\)$ - 1 - - - /sys/kernel/security/apparmor/profiles - ^\.*processes are unconfined.*$ + ^.*(\(complain\))$ 1 - - - {{{ rule_id }}}_var_num_apparmor_profiles From bbff64717af89206785051d3f69cac1b6a79f6a8 Mon Sep 17 00:00:00 2001 From: Eduardo Barretto Date: Wed, 13 Mar 2024 18:23:41 +0100 Subject: [PATCH 2/2] all_apparmor_profiles_in_enforce_complain_mode: tests: Make tests work in Ubuntu --- .../tests/correct_all_apparmor_profiles_in_complain.pass.sh | 2 +- .../tests/correct_all_apparmor_profiles_in_enforce.pass.sh | 2 +- .../tests/incorrect_all_apparmor_profiles.fail.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh index 37770affadf..f5eda3fe5f4 100644 --- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh +++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# packages = apparmor +# packages = apparmor-utils #Replace apparmor definitions apparmor_parser -q -r /etc/apparmor.d/ diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh index 9b64f995da9..cba089f4309 100644 --- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh +++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# packages = apparmor +# packages = apparmor-utils #Replace apparmor definitions apparmor_parser -q -r /etc/apparmor.d/ diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh index c9c33527421..11227496723 100644 --- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh +++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# packages = apparmor +# packages = apparmor-utils #Configure the OS to unload all AppArmor profiles aa-teardown