Add Jinja variable to OS-based path in results

ComplianceAsCode · Mar 2, 2023 · 0eb19d2 · 0eb19d2
1 parent 742c4cd
commit 0eb19d2
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 27 deletions.
diff --git a/.../auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml b/.../auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml
@@ -1,3 +1,9 @@
+{{%- if 'sle' not in product %}}
+  {{%- set path="/usr/sbin" %}}
+{{%- else %}}
+  {{%- set path="/sbin" %}}
+{{%- endif %}}
+
 documentation_complete: true
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - init'
@@ -8,11 +14,11 @@ description: |-
     configured to use the <tt>augenrules</tt> program to read audit rules during
     daemon startup (the default), add a line of the following form to a file with
     suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/init {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/init {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
     utility to read audit rules during daemon startup, add a line of the following
     form to <tt>/etc/audit/audit.rules</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/init {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/init {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
 
 rationale:
     Misuse of the init command may cause availability issues for the system.
@@ -27,11 +33,7 @@ references:
     nist: AU-12(c)
     srg: SRG-OS-000477-GPOS-00222
 
-{{% if 'sle' not in product %}}
-{{{ ocil_fix_srg_privileged_command("init","/usr/sbin/") }}}
-{{% else %}}
-{{{ ocil_fix_srg_privileged_command("init","/sbin/") }}}
-{{% endif %}}
+{{{ ocil_fix_srg_privileged_command("init","{{{ path }}}/") }}}
 
 template:
     name: audit_rules_privileged_commands

diff --git a/...itd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml b/...itd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml
@@ -1,3 +1,9 @@
+{{%- if 'sle' not in product %}}
+  {{%- set path="/usr/sbin" %}}
+{{%- else %}}
+  {{%- set path="/sbin" %}}
+{{%- endif %}}
+
 documentation_complete: true
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - poweroff'
@@ -8,7 +14,7 @@ description: |-
     configured to use the <tt>augenrules</tt> program to read audit rules during
     daemon startup (the default), add a line of the following form to a file with
     suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/poweroff {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/poweroff {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
     utility to read audit rules during daemon startup, add a line of the following
     form to <tt>/etc/audit/audit.rules</tt>:
@@ -27,11 +33,7 @@ references:
     nist: AU-12(c)
     srg: SRG-OS-000477-GPOS-00222
 
-{{% if 'sle' not in product %}}
-{{{ ocil_fix_srg_privileged_command("poweroff","/usr/sbin/") }}}
-{{% else %}}
-{{{ ocil_fix_srg_privileged_command("poweroff","/sbin/") }}}
-{{% endif %}}
+{{{ ocil_fix_srg_privileged_command("poweroff","{{{ path }}}/") }}}
 
 template:
     name: audit_rules_privileged_commands

diff --git a/...uditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml b/...uditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml
@@ -1,3 +1,9 @@
+{{%- if 'sle' not in product %}}
+  {{%- set path="/usr/sbin" %}}
+{{%- else %}}
+  {{%- set path="/sbin" %}}
+{{%- endif %}}
+
 documentation_complete: true
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - reboot'
@@ -8,11 +14,11 @@ description: |-
     configured to use the <tt>augenrules</tt> program to read audit rules during
     daemon startup (the default), add a line of the following form to a file with
     suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/reboot {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/reboot {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
     utility to read audit rules during daemon startup, add a line of the following
     form to <tt>/etc/audit/audit.rules</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/reboot {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/reboot {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
 
 rationale:
     Misuse of the reboot command may cause availability issues for the system.
@@ -27,11 +33,7 @@ references:
     nist: AU-12(c)
     srg: SRG-OS-000477-GPOS-00222
 
-{{% if 'sle' not in product %}}
-{{{ ocil_fix_srg_privileged_command("reboot","/usr/sbin/") }}}
-{{% else %}}
-{{{ ocil_fix_srg_privileged_command("reboot","/sbin/") }}}
-{{% endif %}}
+{{{ ocil_fix_srg_privileged_command("reboot","{{{ path }}}/") }}}
 
 template:
     name: audit_rules_privileged_commands

diff --git a/...itd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml b/...itd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml
@@ -1,3 +1,9 @@
+{{%- if 'sle' not in product %}}
+  {{%- set path="/usr/sbin" %}}
+{{%- else %}}
+  {{%- set path="/sbin" %}}
+{{%- endif %}}
+
 documentation_complete: true
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - shutdown'
@@ -8,11 +14,11 @@ description: |-
     configured to use the <tt>augenrules</tt> program to read audit rules during
     daemon startup (the default), add a line of the following form to a file with
     suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/shutdown {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/shutdown {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
     utility to read audit rules during daemon startup, add a line of the following
     form to <tt>/etc/audit/audit.rules</tt>:
-    <pre>-a always,exit -F path=/usr/sbin/shutdown {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+    <pre>-a always,exit -F path={{{ path }}}/shutdown {{{ perm_x }}}-F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
 
 rationale:
     Misuse of the shutdown command may cause availability issues for the system.
@@ -27,11 +33,7 @@ references:
     nist: AU-12(c)
     srg: SRG-OS-000477-GPOS-00222
 
-{{% if 'sle' not in product %}}
-{{{ ocil_fix_srg_privileged_command("shutdown","/usr/sbin/") }}}
-{{% else %}}
-{{{ ocil_fix_srg_privileged_command("shutdown","/sbin/") }}}
-{{% endif %}}
+{{{ ocil_fix_srg_privileged_command("shutdown","{{{ path }}}/") }}}
 
 template:
     name: audit_rules_privileged_commands