Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-26 04:50:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

improve style

Browse source
This commit is contained in:
Christoph Hartmann 2016-02-16 12:39:00 +01:00
parent caaf7e6327
commit 8ff2ada319
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
controls/sysctl_spec.rb
View file

@ -337,12 +337,18 @@ control 'sysctl-33' do
impact 1.0
title 'CPU No execution Flag or Kernel ExecShield'
desc 'Kernel features and CPU flags provide a protection against buffer overflows. The CPU NX Flag and the kernel parameter exec-shield prevents code execution on a per memory page basis. If the CPU supports the NX-Flag then this should be used instead of the kernel parameter exec-shield.'
flags = parse_config_file('/proc/cpuinfo', assignment_re: /^([^:]*?)\s+:\s+(.*?)$/).flags.to_s.split(' ')
describe '/proc/cpuinfo' do
it 'Flags should include NX' do
expect(flags).to include('nx')
end
end
# parse for cpu flags
flags = parse_config_file('/proc/cpuinfo', assignment_re: /^([^:]*?)\s+:\s+(.*?)$/).flags
flags ||= ''
flags = flags.split(' ')
unless flags.include?('nx')
# if no nx flag is present, we require exec-shield
describe kernel_parameter('kernel.exec-shield') do