From 8918445e2c910527760295c2e5ebb05b8653b768 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Thu, 10 Oct 2024 13:03:11 +0000 Subject: [PATCH] [BOOT-5264] Change output and link to clarify options --- include/tests_boot_services | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/tests_boot_services b/include/tests_boot_services index 967b98a6..8a11014f 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -1090,6 +1090,8 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Run systemd-analyze security" Display --indent 2 --text "- Running 'systemd-analyze security'" + Display --indent 6 --text "Unit name (exposure value) and predicate" + Display --indent 6 --text "--------------------------------" ${SYSTEMDANALYZEBINARY} security | while read UNIT EXPOSURE PREDICATE HAPPY; do if [ "${UNIT}" = "UNIT" ]; then continue @@ -1111,13 +1113,13 @@ ;; UNSAFE | DANGEROUS) STATUS="${STATUS_UNSAFE}" - COLOR=RED + COLOR=YELLOW ;; esac - Display --indent 8 --text "- ${UNIT}:" --result "${STATUS}" --color "${COLOR}" - LogText "Result: ${UNIT}: ${EXPOSURE} ${STATUS}" + Display --indent 4 --text "- ${UNIT} (value=${EXPOSURE})" --result "${STATUS}" --color "${COLOR}" + LogText "Result: ${UNIT} has exposure value ${EXPOSURE} with predicate '${STATUS}'" done - ReportSuggestion "${TEST_NO}" "Consider hardening system services" "Run '${SYSTEMDANALYZEBINARY} security SERVICE' for each service" + ReportSuggestion "${TEST_NO}" "Consider hardening system services" "Run '${SYSTEMDANALYZEBINARY} security SERVICE' for each service" "Learn about systemd features to secure services: https://linux-audit.com/systemd/systemd-features-to-secure-units-and-services/" fi # #################################################################################