Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2025-02-16 09:48:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #167 from dev-sec/micheelengronne-patch-1

Browse source 
missing inputs changed
This commit is contained in:
Michée lengronne 2022-01-12 18:20:45 +01:00 committed by GitHub
commit 8e3a25a606
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
controls/os_spec.rb
View file

@ -33,7 +33,7 @@ rescue NoMethodError
false
end
blacklist = attribute(
blacklist = input(
'blacklist',
value: suid_blacklist.default,
description: 'blacklist of suid/sgid program on system'
@ -57,19 +57,19 @@ cpuvulndir = '/sys/devices/system/cpu/vulnerabilities/'
# /var/tmp v v v
#---------------------------------------------------------
mount_exec_blocklist = attribute(
mount_exec_blocklist = input(
'mount_exec_blocklist',
value: ['/boot', '/dev', '/dev/shm', '/tmp', '/var/log', '/var/log/audit', '/var/tmp'],
description: 'List of mountspoints where \'noexec\' mount option shoud be set'
)
mount_suid_blocklist = attribute(
mount_suid_blocklist = input(
'mount_suid_blocklist',
value: ['/boot', '/dev', '/dev/shm', '/home', '/run', '/tmp', '/var', '/var/log', '/var/log/audit', '/var/tmp'],
description: 'List of mountpoints where \'nosuid\' mount option shoud be set'
)
mount_dev_blocklist = attribute(
mount_dev_blocklist = input(
'mount_dev_blocklist',
value: ['/boot', '/dev/shm', '/home', '/run', '/tmp', '/var', '/var/log', '/var/log/audit', '/var/tmp'],
description: 'List of mountpoints where \'nodev\' mount option shoud be set'