From 0e1fec5fcaca2c9030815a02cb75a8eac24386d0 Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Tue, 10 Dec 2024 16:41:47 +0800
Subject: [PATCH] the ssg is modified to be consistent with the specifications

---
 ...ied-to-be-consistent-with-the-specif.patch | 72 +++++++++++++++++++
 scap-security-guide.spec                      |  6 +-
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 scap-is-modified-to-be-consistent-with-the-specif.patch

diff --git a/scap-is-modified-to-be-consistent-with-the-specif.patch b/scap-is-modified-to-be-consistent-with-the-specif.patch
new file mode 100644
index 0000000..b8d02e4
--- /dev/null
+++ b/scap-is-modified-to-be-consistent-with-the-specif.patch
@@ -0,0 +1,72 @@
+From 34a439703a12363e348329db2cc1145a7084fe4d Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 10 Dec 2024 19:25:41 +0800
+Subject: [PATCH] the ssg is modified to be consistent with the specifications
+
+---
+ controls/std_openeuler.yml                                  | 1 +
+ .../bash/shared.sh                                          | 6 ++++++
+ .../oval/shared.xml                                         | 4 ++++
+ .../var_auditd_space_left.var                               | 1 +
+ 4 files changed, 12 insertions(+)
+
+diff --git a/controls/std_openeuler.yml b/controls/std_openeuler.yml
+index 6985d6d..3068afb 100644
+--- a/controls/std_openeuler.yml
++++ b/controls/std_openeuler.yml
+@@ -1752,6 +1752,7 @@ controls:
+     rules:
+       - auditd_data_retention_space_left
+       - auditd_data_retention_space_left.severity=low
++      - var_auditd_space_left=75MB
+       - auditd_data_retention_space_left_action
+       - auditd_data_retention_space_left_action.severity=low
+       - var_auditd_space_left_action=syslog
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
+index 4233f10..293dc77 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/bash/shared.sh
+@@ -2,6 +2,12 @@
+ 
+ {{{ bash_instantiate_variables("var_auditd_admin_space_left_percentage") }}}
+ 
++{{% if "openeuler" in product %}}
++grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \
++  sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage/g" /etc/audit/auditd.conf || \
++  echo "admin_space_left = $var_auditd_admin_space_left_percentage" >> /etc/audit/auditd.conf
++{{% else %}}
+ grep -q "^admin_space_left[[:space:]]*=.*$" /etc/audit/auditd.conf && \
+   sed -i "s/^admin_space_left[[:space:]]*=.*$/admin_space_left = $var_auditd_admin_space_left_percentage%/g" /etc/audit/auditd.conf || \
+   echo "admin_space_left = $var_auditd_admin_space_left_percentage%" >> /etc/audit/auditd.conf
++{{% endif %}}
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
+index 16d7433..b2acd8f 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/oval/shared.xml
+@@ -17,7 +17,11 @@
+     <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
+     <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
+     <!-- Require at least one space before and after the equal sign -->
++{{% if "openeuler" in product %}}
++    <ind:pattern operation="pattern match">^[\s]*admin_space_left[\s]+=[\s]+(\d+)[\s]*$</ind:pattern>
++{{% else %}}
+     <ind:pattern operation="pattern match">^[\s]*admin_space_left[\s]+=[\s]+(\d+)%[\s]*$</ind:pattern>
++{{% endif %}}
+     <ind:instance datatype="int">1</ind:instance>
+   </ind:textfilecontent54_object>
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
+index 4a3acba..3d86ed4 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_auditd_space_left.var
+@@ -10,6 +10,7 @@ interactive: false
+ 
+ options:
+     1000MB: 1000
++    75MB: 75
+     100MB: 100
+     250MB: 250
+     500MB: 500
+-- 
+2.33.0
+
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index 83df731..b3f14ae 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -1,6 +1,6 @@
 Name:		scap-security-guide
 Version:	0.1.68
-Release:	8
+Release:	9
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
@@ -10,6 +10,7 @@ Patch0001: add-openeuler-support.patch
 Patch0002: add-openeuler-control-rules.patch
 Patch0003: optimize-rules-for-openEuler.patch
 Patch0004: add-openeuler-automatic-hardening.patch
+Patch0005: scap-is-modified-to-be-consistent-with-the-specif.patch
 
 BuildArch:	noarch
 BuildRequires: 	libxslt, expat, python3, openscap-scanner >= 1.2.5, cmake >= 3.8, python3-jinja2, python3-PyYAML
@@ -65,6 +66,9 @@ cd build
 %doc %{_docdir}/%{name}/tables/*.html
 
 %changelog
+* Tue Dec 10 2024 jinlun <jinlun@huawei.com> - 0.1.68-9
+- the ssg is modified to be consistent with the specifications
+
 * Thu Dec 5 2024 xuce <xuce10@h-partners.com> - 0.1.68-8
 - fix strong MACs and permission of cron.allow and at.allow
 
-- 
Gitee