mirror of
https://github.com/hardenedlinux/harbian-audit.git
synced 2025-07-31 01:24:58 +02:00
remove trailing space from '-w /sbin/insmod -p x -k modules' line which causes check from 8.1.17_record_kernel_modules.sh to fail unless audit rule also contains trailing space
This commit is contained in:
SG
parent
15f788cd55
commit
139e9fb683
@ -14,13 +14,13 @@ set -u # One variable unset, it's over
|
|||||||
|
|
||||||
HARDENING_LEVEL=4
|
HARDENING_LEVEL=4
|
||||||
|
|
||||||
ARCH64_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
|
ARCH64_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
|
||||||
-w /sbin/rmmod -p x -k modules
|
-w /sbin/rmmod -p x -k modules
|
||||||
-w /sbin/modprobe -p x -k modules
|
-w /sbin/modprobe -p x -k modules
|
||||||
-w /bin/kmod -p x -k modules
|
-w /bin/kmod -p x -k modules
|
||||||
-a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules
|
-a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules
|
||||||
-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules'
|
-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules'
|
||||||
ARCH32_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
|
ARCH32_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
|
||||||
-w /sbin/rmmod -p x -k modules
|
-w /sbin/rmmod -p x -k modules
|
||||||
-w /sbin/modprobe -p x -k modules
|
-w /sbin/modprobe -p x -k modules
|
||||||
-w /bin/kmod -p x -k modules
|
-w /bin/kmod -p x -k modules
|
||||||
@ -34,8 +34,8 @@ audit () {
|
|||||||
d_IFS=$IFS
|
d_IFS=$IFS
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
is_64bit_arch
|
is_64bit_arch
|
||||||
if [ $FNRET=0 ]; then
|
if [ $FNRET=0 ]; then
|
||||||
AUDIT_PARAMS=$ARCH64_AUDIT_PARAMS
|
AUDIT_PARAMS=$ARCH64_AUDIT_PARAMS
|
||||||
else
|
else
|
||||||
AUDIT_PARAMS=$ARCH32_AUDIT_PARAMS
|
AUDIT_PARAMS=$ARCH32_AUDIT_PARAMS
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user