Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust kernel_module_disabled/missing_blacklist.fail.sh #12898

Merged
merged 1 commit into from
Jan 27, 2025
Merged

Adjust kernel_module_disabled/missing_blacklist.fail.sh #12898

merged 1 commit into from
Jan 27, 2025
+1 −1

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Jan 24, 2025

Description:

The might some default config that disables a kernel module. To ensure we're testing this correctly remove the "blacklist" line from all .conf files under /etc/modprobe.d/*.conf.

Rationale:

Fixes #12877

Review Hints:

Run the Automatus tests for kernel_module_sctp_disabled (the one failing in the linked issue) and then some other module like kernel_module_can_disabled.

@Mab879
Adjust kernel_module_disabled/missing_blacklist.fail.sh
f5c6ed6 
The might some default config that disables a kernel module.
To ensure we're testing this correctly remove the "blacklist" line
from all .conf files under /etc/modprobe.d/*.conf.
@Mab879 Mab879 added bugfix Fixes to reported bugs. Test Suite Update in Test Suite. labels Jan 24, 2025
@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 24, 2025

Code Climate has analyzed commit f5c6ed6 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@jan-cerny jan-cerny self-assigned this Jan 27, 2025
@jan-cerny jan-cerny added this to the 0.1.76 milestone Jan 27, 2025
jan-cerny
jan-cerny approved these changes Jan 27, 2025
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change has fixed the failing test scenario missing_blacklist.fail.sh for me.

jcerny@fedora:~/work/git/scap-security-guide (pr/12898)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel10 kernel_module_sctp_disabled
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2025-01-27-0927/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled
INFO - Script wrong_value.fail.sh using profile (all) OK
INFO - Script empty.fail.sh using profile (all) OK
INFO - Script correct_value_modules_load_d.pass.sh using profile (all) OK
INFO - Script correct_value_run_modules_load_d.pass.sh using profile (all) OK
INFO - Script file_not_there.fail.sh using profile (all) OK
INFO - Script correct_value_run_modprobe_d.pass.sh using profile (all) OK
INFO - Script correct_value_modprobe_d.pass.sh using profile (all) OK
INFO - Script correct_value_usr_lib_modprobe_d.pass.sh using profile (all) OK
INFO - Script correct_value_usr_lib_modules_load_d.pass.sh using profile (all) OK
INFO - Script comment.fail.sh using profile (all) OK
INFO - Script missing_blacklist.fail.sh using profile (all) OK
jcerny@fedora:~/work/git/scap-security-guide (pr/12898)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel10 kernel_module_can_disabled
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2025-01-27-0931/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_kernel_module_can_disabled
INFO - Script correct_value_usr_lib_modprobe_d.pass.sh using profile (all) OK
INFO - Script correct_value_modprobe_d.pass.sh using profile (all) OK
INFO - Script correct_value_usr_lib_modules_load_d.pass.sh using profile (all) OK
INFO - Script missing_blacklist.fail.sh using profile (all) OK
INFO - Script correct_value_run_modules_load_d.pass.sh using profile (all) OK
INFO - Script comment.fail.sh using profile (all) OK
INFO - Script correct_value_run_modprobe_d.pass.sh using profile (all) OK
INFO - Script wrong_value.fail.sh using profile (all) OK
INFO - Script file_not_there.fail.sh using profile (all) OK
INFO - Script empty.fail.sh using profile (all) OK
INFO - Script correct_value_modules_load_d.pass.sh using profile (all) OK

@jan-cerny jan-cerny merged commit 4680a0c into ComplianceAsCode:master Jan 27, 2025
108 of 109 checks passed
@Mab879 Mab879 deleted the fix_12877 branch January 27, 2025 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
bugfix Fixes to reported bugs. Test Suite Update in Test Suite.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.

Automatus kernel_module_sctp_disabled/missing_blacklist.fail fails on RHEL-10
2 participants
@Mab879 @jan-cerny