Fix Text

TEMPLATE fixtext_audit_file_watch_rule

How to fix an audit rule that watches a file.

Parameters

path (str) – Full path of file to watch

key (str) – Auditd key for the system

rule_path (str) – Full path to where the rule wil

fixtext_audit_file_watch_rule(path, key, rule_path)

TEMPLATE fixtext_audit_rules_file_deletion_events

Generate a fixtext for audit rules for file deletion events

Parameters

syscall – Sycall name

fixtext_audit_rules_file_deletion_events(syscall)

TEMPLATE fixtext_audit_rules_dac_modification_chmod

Generate a fixtext for audit rules for dac modification events - chmod

Parameters

syscall – Sycall name

fixtext_audit_rules_dac_modification_chmod(syscall)

TEMPLATE fixtext_audit_rules_dac_modification_chown

Generate a fixtext for audit rules for dac modification events - chown

Parameters

syscall – Sycall name

fixtext_audit_rules_dac_modification_chown(syscall)

TEMPLATE fixtext_audit_rules_dac_modification_chown

Generate a fixtext for audit rules for dac modification events - chown

Parameters

syscall – Sycall name

fixtext_audit_rules_dac_modification_chown(syscall)

TEMPLATE fixtext_audit_rules_dac_modification_attr

Generate a fixtext for audit rules for dac modification events - attr

Parameters

syscall – Sycall name

fixtext_audit_rules_dac_modification_attr(syscall)

TEMPLATE fixtext_audit_rules_unsuccessful_file_modification_creat

Generate a fixtext for audit rules for unsuccessful audit - creat

Parameters

syscall – Sycall name

fixtext_audit_rules_unsuccessful_file_modification_creat(syscall)

TEMPLATE fixtext_dconf_ini_file

Human readable text for how to fix ini files

Parameters

section (str) – Section on the value to be set

parameter (str) – parameter to be change

value (str) – value to be set

fixtext_dconf_ini_file(section, parameter, value)

TEMPLATE fixtext_dconf_lock_settings

Human readable text for how to lock dconf settings

Parameters

section (str) – Section on the value to be locked

fixtext_dconf_lock_settings(section)

TEMPLATE fixtext_sshd_lineinfile

Describe how to fix an ssh configure

Parameters

parameter (str) – parameter to set

value (str) – Value to set

config_is_distributed – Should the value go in 00-complianceascode-hardening.conf vs the main sshd config file

fixtext_sshd_lineinfile(parameter, value, config_is_distributed)

TEMPLATE fixtext_service_enabled

Describe how to enable a service

Parameters

parameter (str) – service to enable

fixtext_service_enabled(service)

TEMPLATE fixtext_sysctl

Macro describing fix for sysctl rules.

Parameters

sysctl (str) – The kernel parameter to be changed.

value (str) – The value of the kernel parameter.

fixtext_sysctl(sysctl, value)

TEMPLATE fixtext_grub2_bootloader_argument

Describe fix for GRUB 2 bootloader kernel argument This can be used for rules that use grub2_bootloader_argument template or have macro grub2_bootloader_argument_remediation in their remediation.

Parameters

argument (str) – Kernel argument

value (str) – The argument’s value

fixtext_grub2_bootloader_argument(argument, value)

TEMPLATE fixtext_grub2_bootloader_argument_absent

Describe fix for removal of a GRUB 2 bootloader kernel argument This can be used for rules that use grub2_bootloader_argument_absent template or have macro grub2_bootloader_argument_remediation in their remediation.

Parameters

argument (str) – Kernel argument

fixtext_grub2_bootloader_argument_absent(argument)

TEMPLATE fixtext_audit_configuration

Macro describing fix for audit configuration.

Parameters

param (str) – The audit configuration to be changed.

value (str) – The value of the audit configuration.

fixtext_audit_configuration(param, value)

TEMPLATE fixtext_mount_option

Fixtext macro describing configuration of mount option, for rules using the mount_option template.

Parameters

mountpoint (str) – mount point on the filesystem eg. /dev/shm

mountoption (str) – mount option, eg. nosuid, logdev=device or hidepid

fixtext_mount_option(mountpoint, mountoption)