tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove trailing space from '-w /sbin/insmod -p x -k modules' line which causes check from 8.1.17_record_kernel_modules.sh to fail unless audit rule also contains trailing space

This commit is contained in:
SG 2019-10-04 09:02:32 -06:00
parent 15f788cd55
commit 139e9fb683
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bin/hardening/8.1.17_record_kernel_modules.sh
View File

@ -14,13 +14,13 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=4
ARCH64_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
ARCH64_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-w /bin/kmod -p x -k modules
-a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules
-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules'
ARCH32_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
ARCH32_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-w /bin/kmod -p x -k modules
@ -34,8 +34,8 @@ audit () {
d_IFS=$IFS
IFS=$'\n'
is_64bit_arch
if [ $FNRET=0 ]; then
AUDIT_PARAMS=$ARCH64_AUDIT_PARAMS
if [ $FNRET=0 ]; then
AUDIT_PARAMS=$ARCH64_AUDIT_PARAMS
else
AUDIT_PARAMS=$ARCH32_AUDIT_PARAMS
fi