weixin_39800112
weixin_39800112
2020-12-05 21:23

Add new rule file_owner_sapmnt_SID_exe to profile sap on ol7

Description:

  • Add new rule file_owner_sapmnt_SID_exe to profile sap on ol7
  • Add new OVAL template for verifying directory/file ownership
  • Add function to generate OVAL from template for verifying directory/file ownership
  • The existing csv format "PATH, USER, [ALT_ANME]" is extended with "[directory|file], [PATHREGEX]"
  • Limitation: it only works when each OS/VM only has one SAP System ID (SID) and hence one sidadm. I may take uid of sidadm users from /etc/passwd into a variable, but it looks the file_test will compare user_id with each item in the variable and hope it equals to each of them. The result if false if there are two uids from /etc/passwd that get into the variable. Any advise on how to deal with this situation?

Rationale:

  • I was planning to merge permissions, owner and groupowner to one rule access_privileges but am hesitated because the limitation on file_owner.

The file_permissions and file_groupowner does not have the above issue. Both are ready to create pull request if they do not need to get into one rule access_privileges. If you want to have a look: https://github.com/xiruiyang/scap-security-guide/tree/permissions https://github.com/xiruiyang/scap-security-guide/tree/groupowner or I may create separate pull request for them?

该提问来源于开源项目:ComplianceAsCode/content

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39821874 weixin_39821874 5月前

    Hello ! Thanks for updating the PR.

    Cheers ! There are no PEP8 issues in this Pull Request. :beers:

    Comment last updated on June 07, 2018 at 11:52 Hours UTC
    点赞 评论 复制链接分享
  • weixin_39626298 weixin_39626298 5月前

    Please rebase this against upstream master to get rid of the merge commits.

    点赞 评论 复制链接分享
  • weixin_39626298 weixin_39626298 5月前

    for reference, you don't have to close and reopen, you can do something like this:

    
    git checkout master
    git pull upstream master --ff-only
    git checkout $feature_branch
    git rebase -i master
    git push --force origin $feature_branch
    

    This will update github and jenkins and everything.

    点赞 评论 复制链接分享
  • weixin_39800112 weixin_39800112 5月前

    Will open a new PR later. Thanks.

    点赞 评论 复制链接分享

相关推荐