Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve OVAL readability in auditd_audispd_configure_sufficiently_large_partition #12083

Merged
merged 1 commit into from
Jun 21, 2024
Merged

Improve OVAL readability in auditd_audispd_configure_sufficiently_large_partition #12083

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 15 additions & 9 deletions ...ditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/oval/shared.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,34 +1,40 @@
{{% if product not in ['ubuntu2204'] %}}
{{% if target_oval_version >= [5, 11.2] %}}
<def-group oval_version="5.11.2">
<definition class="compliance" id="auditd_audispd_configure_sufficiently_large_partition" version="1">
<definition class="compliance" id="{{{ rule_id }}}" version="1">
{{{ oval_metadata("Configure a sufficiently large partition for audit logs.") }}}
<criteria>
<criterion comment="Check that the partition with audit logs is at least 10G large" test_ref="test_aacsflp" />
<criterion test_ref="test_aacsflp"
comment="Check that the partition with audit logs is at least 10G large"/>
</criteria>
</definition>

<!-- partition for the mount point for audit logs -->
<linux:partition_object id="obj_aacsflp_audit_partition" version="1">
<linux:mount_point operation="equals">/var/log/audit</linux:mount_point>
</linux:partition_object>

<!-- total partition size in bytes -->
<local_variable id="var_aacsflp_audit_partition_size" comment="total capacity (in bytes) of the audit partition" datatype="string" version="1">
<local_variable id="var_aacsflp_audit_partition_size" datatype="string" version="1"
comment="total capacity (in bytes) of the audit partition">
<arithmetic arithmetic_operation="multiply">
<object_component item_field="block_size" object_ref="obj_aacsflp_audit_partition" />
<object_component item_field="total_space" object_ref="obj_aacsflp_audit_partition" />
<object_component object_ref="obj_aacsflp_audit_partition" item_field="block_size"/>
<object_component object_ref="obj_aacsflp_audit_partition" item_field="total_space"/>
</arithmetic>
</local_variable>

<ind:variable_object id="obj_aacsflp_audit_partition_size" version="1">
<ind:var_ref>var_aacsflp_audit_partition_size</ind:var_ref>
</ind:variable_object>

<ind:variable_test id="test_aacsflp" version="1" check="all" check_existence="all_exist" comment="Check that the partition with audit logs is at least 10G large">
<ind:object object_ref="obj_aacsflp_audit_partition_size" />
<ind:state state_ref="state_aacsflp_partition_sufficiently_large" />
<ind:variable_test id="test_aacsflp" check="all" check_existence="all_exist" version="1"
comment="Check that the partition with audit logs is at least 10G large">
<ind:object object_ref="obj_aacsflp_audit_partition_size"/>
<ind:state state_ref="state_aacsflp_partition_sufficiently_large"/>
</ind:variable_test>

<ind:variable_state id="state_aacsflp_partition_sufficiently_large" version="1">
<ind:value operation="greater than or equal" datatype="int">10000000000</ind:value>
<ind:value operation="greater than or equal" datatype="int">10000000000</ind:value>
</ind:variable_state>
</def-group>
{{% endif %}}
Expand Down
Loading