SRG Requirement

TEMPLATE srg_requirement_audit_file_watch_rule

Generate a SRG requirement text for audit file watch rules.

Parameters:

  • path (str) – Full path of file to watch

srg_requirement_audit_file_watch_rule(path)

TEMPLATE srg_requirement_audit_syscall

Generate a SRG requirement text for auditing all calls to a syscall.

Parameters:

  • event (str) – Name of the syscall

srg_requirement_audit_syscall(event)

TEMPLATE srg_requirement_audit_unsuccessful_syscall

Generate a SRG requirement text for auditing unsuccessful calls to a syscall.

Parameters:

  • event (str) – Name of the syscall

srg_requirement_audit_unsuccessful_syscall(event)

TEMPLATE srg_requirement_audit_command

Generate a SRG requirement text for auditing a command.

Parameters:

  • command (str) – Name of the command

srg_requirement_audit_command(command)

TEMPLATE srg_requirement_package_removed

Generate a SRG requirement text for package removal.

Parameters:

  • package (str) – Name of the package to be removed

srg_requirement_package_removed(package)

TEMPLATE srg_requirement_kernel_module_disable

Generate a SRG requirement text for package removal.

Parameters:

  • module (str) – Name of the kernel module to be disabled

srg_requirement_kernel_module_disable(module)

TEMPLATE srg_requirement_package_installed

Generate a SRG requirement text for package installed.

Parameters:

  • package (str) – Name of the package to be installed

srg_requirement_package_installed(package)

TEMPLATE srg_requirement_service_enabled

Generate a SRG requirement text for service enabled.

Parameters:

  • service (str) – Name of the service to be enabled

srg_requirement_service_enabled(service)

TEMPLATE srg_requirement_file_owner

SRG requirement for setting the owner on a file.

Parameters:

  • file (str) – The file to set the owner on

  • owner (str) – The owner to be set

srg_requirement_file_owner(file, owner)

TEMPLATE srg_requirement_files_in_directory_owner

SRG requirement for setting the owner on files in a directory.

Parameters:

  • directory (str) – The directory containing files to set the owner on

  • owner (str) – The owner to be set

srg_requirement_files_in_directory_owner(directory, owner)

TEMPLATE srg_requirement_file_group_owner

SRG requirement for setting the group owner on a file.

Parameters:

  • file (str) – The file to set the group owner on

  • group (str) – The group to be set

srg_requirement_file_group_owner(file, group)

TEMPLATE srg_requirement_files_in_directory_group_owner

SRG requirement for setting the group owner on files in a directory.

Parameters:

  • directory (str) – The directory containing files to set the group owner on

  • group (str) – The group to be set

srg_requirement_files_in_directory_group_owner(directory, group)

TEMPLATE srg_requirement_directory_owner

SRG requirement for setting the owner on a directory.

Parameters:

  • file (str) – The directory to set the owner on

  • owner (str) – The owner to be set

srg_requirement_directory_owner(file, owner)

TEMPLATE srg_requirement_directory_group_owner

SRG requirement for setting the group owner on a directory.

Parameters:

  • file (str) – The directory to set the group owner on

  • group (str) – The group to be set

srg_requirement_directory_group_owner(file, group)

TEMPLATE srg_requirement_file_permission

SRG requirement for setting permissions on a file

Parameters:

  • file (str) – The file to set permissions on

  • mode (str) – The mode to be set

srg_requirement_file_permission(file, mode)

TEMPLATE srg_requirement_directory_permission

SRG requirement for setting permissions on a directory

Parameters:

  • file (str) – The directory to set permissions on

  • mode (str) – The mode to be set

srg_requirement_directory_permission(file, mode)

TEMPLATE srg_requirement_files_in_directory_permissions

SRG requirement for setting permissions on files in a directory

Parameters:

  • directory (str) – The directory containing files to set the permissions on

  • mode (str) – The permissions to be set

srg_requirement_files_in_directory_permissions(directory, mode)

TEMPLATE srg_requirement_mount_option

SRG requirement for mount point options

Parameters:

  • path (str) – The path to check

  • option (str) – The mount option to use

srg_requirement_mount_option(path, option)

TEMPLATE srg_requirement_service_disabled

Generate a SRG requirement text for disabling services.

Parameters:

  • service (str) – Name of the service to be disabled

srg_requirement_service_disabled(service)

TEMPLATE srg_requirement_separate_partition

SRG requirement for separate filesystems

Parameters:

  • part (str) – The path to check

srg_requirement_separate_partition(part)