From d25fc4ce4b45e58688429561d9ea7815bb0c3283 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Wed, 4 Sep 2024 11:27:22 +0200 Subject: [PATCH] remove setup of augenrules-like environment in audit_rules_privileged_commands template Augenrules is default option as far as I know. This is the only case of test scenarios where this is set. I decided to remove it. --- .../tests/augenrules_comented_value.fail.sh | 2 -- .../tests/augenrules_correct_value.pass.sh | 2 -- .../tests/augenrules_missing_auid.fail.sh | 2 -- .../tests/augenrules_missing_perm_x.fail.sh | 2 -- 4 files changed, 8 deletions(-) diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_comented_value.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_comented_value.fail.sh index 960a430b51ec..b13a1785fed0 100644 --- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_comented_value.fail.sh +++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_comented_value.fail.sh @@ -2,8 +2,6 @@ source common.sh -sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/augenrules%" /usr/lib/systemd/system/auditd.service - echo \ "# -a always,exit -F path={{{ PATH }}} ${perm_x} -F auid>={{{ auid }}} -F auid!=unset -k test_key" \ >> /etc/audit/rules.d/test_key.rules diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_correct_value.pass.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_correct_value.pass.sh index fe289a9efb77..b85577fa3d5d 100644 --- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_correct_value.pass.sh +++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_correct_value.pass.sh @@ -2,8 +2,6 @@ source common.sh -sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/augenrules%" /usr/lib/systemd/system/auditd.service - echo \ "-a always,exit -F path={{{ PATH }}} ${perm_x} -F auid>={{{ auid }}} -F auid!=unset -k test_key" \ >> /etc/audit/rules.d/test_key.rules diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_auid.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_auid.fail.sh index 4634cc9416cb..7a1dbd88a7fb 100644 --- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_auid.fail.sh +++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_auid.fail.sh @@ -2,6 +2,4 @@ source common.sh -sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/augenrules%" /usr/lib/systemd/system/auditd.service - echo "-a always,exit -F path={{{ PATH }}} ${perm_x} -k test_key" >> /etc/audit/rules.d/test_key.rules diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh index 1cad343387bb..fd902a02045a 100644 --- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh +++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh @@ -3,7 +3,5 @@ source common.sh -sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/augenrules%" /usr/lib/systemd/system/auditd.service - echo "-a always,exit -F path={{{ PATH }}} -F auid>={{{ auid }}} -F auid!=unset -k test_key" \ >> /etc/audit/rules.d/test_key.rules