From c27f39d538be79f944e3004dae98ae07f4349fca Mon Sep 17 00:00:00 2001 From: crk Date: Mon, 15 May 2023 13:08:56 +0800 Subject: [PATCH] Added benchmark,remediation-kits,scanners for rule 5.9-ensure-setroubleshoot-is-not-installed Signed-off-by: crk --- ...-ensure-setroubleshoot-is-not-installed.md | 36 +++++++++++++++++++ docs/summary-of-rules.md | 3 +- ...-ensure-setroubleshoot-is-not-installed.sh | 1 + ...-ensure-setroubleshoot-is-not-installed.sh | 10 ++++++ 4 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md create mode 100644 remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh create mode 100644 scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh diff --git a/benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md b/benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md new file mode 100644 index 0000000..1876f51 --- /dev/null +++ b/benchmarks/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.md @@ -0,0 +1,36 @@ +# 5.9 确保SETroubleshoot被卸载 + +## 安全等级 + +- Level 1 + +## 描述 + +SETroubleshoot服务通过用户友好的界面通知桌面用户SELinux拒绝服务。该服务提供关于配置错误的重要信息以及未经授权的入侵和其他潜在错误。 + +## 修复建议 + +目标:确保SETroubleshoot被卸载 + +1. 运行以下命令卸载setroubleshoot。 + +```bash +# dnf remove setroubleshoot -y +``` + +## 扫描检测 + +验证setroubleshoot是否安装 + +1. 运行以下命令以检测是否安装 setroubleshoot。 + +```bash +# rpm -q setroubleshoot +package setroubleshoot is not installed +``` + +输出结果为`package setroubleshoot is not installed`则表示未安装setroubleshoot。 + +## 参考 + +- cis: \ No newline at end of file diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md index 5d6a607..0c20f36 100644 --- a/docs/summary-of-rules.md +++ b/docs/summary-of-rules.md @@ -183,4 +183,5 @@ | 5.5 | 5.5-ensure-no-unconfined-services-exist.md | 5.5 确保没有未限制的服务存在 | benchmarks/mandatory-access-control | 4 | | 5.6 | 5.6-use-selinux-for-separation-of-powers-user-created.md | 5.6 使用SELinux实现三权分离-用户创建 | benchmarks/mandatory-access-control | 4 | | 5.7 | 5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration.md | 5.7 使用SELinux实现三权分离-系统管理员登录权限配置 | benchmarks/mandatory-access-control | 4 | -| 5.8 | 5.8-create-common-audit-and-security-users.md | 5.8 创建普通、审计、安全用户 | benchmarks/mandatory-access-control | 2 | \ No newline at end of file +| 5.8 | 5.8-create-common-audit-and-security-users.md | 5.8 创建普通、审计、安全用户 | benchmarks/mandatory-access-control | 2 | +| 5.9 | 5.9-ensure-setroubleshoot-is-not-installed.md | 5.9 确保setroubleshoot被卸载 | benchmarks/mandatory-access-control | 1 | \ No newline at end of file diff --git a/remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh b/remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh new file mode 100644 index 0000000..9f67a73 --- /dev/null +++ b/remediation-kits/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh @@ -0,0 +1 @@ +dnf remove -y setroubleshoot diff --git a/scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh b/scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh new file mode 100644 index 0000000..4476320 --- /dev/null +++ b/scanners/mandatory-access-control/5.9-ensure-setroubleshoot-is-not-installed.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +result=false + +rpm -q setroubleshoot | grep -Psiq "^package\s+setroubleshoot\s+is\s+not\s+installed$" && result=true + +if [ "$result" = true ]; then + echo "pass" +else + echo "fail" +fi -- Gitee