Fix rule audit_rules_networkconfig_modification for Ubuntu

[mpurg]

Description:

• Fix rule audit_rules_networkconfig_modification to use correct paths on Ubuntu platform

Rationale:

• The paths '/etc/networks' and /etc/network/' should be monitored by auditd in Ubuntu instead of '/etc/sysconfig/network'

[openshift-ci]

Hi @mpurg. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification'.
--- xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
@@ -13,6 +13,7 @@
 -w /etc/issue.net -p wa -k audit_rules_networkconfig_modification
 -w /etc/hosts -p wa -k audit_rules_networkconfig_modification
 -w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification
+
 If the auditd daemon is configured to use the auditctl
 utility to read audit rules during daemon startup, add the following lines to
 /etc/audit/audit.rules file, setting ARCH to either b32 or b64 as

OCIL for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification' differs.
--- ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1
+++ ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1
@@ -1,6 +1,7 @@
 To determine if the system is configured to audit changes to its network configuration,
 run the following command:
 auditctl -l | grep -E '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)'
+
 If the system is configured to watch for network configuration changes, a line should be returned for
 each file specified (and perm=wa should be indicated for each).
       Is it the case that the system is not configured to audit changes of the network configuration?

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
@@ -719,6 +719,7 @@
         echo "-w /etc/hosts -p wa -k audit_rules_networkconfig_modification" >> "$audit_rules_file"
     fi
 done
+
 # Create a list of audit *.rules files that should be inspected for presence and correctness
 # of a particular audit rule. The scheme is as follows:
 #

[codeclimate]

Code Climate has analyzed commit 4aa5b08 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.4% (0.0% change).

View more on Code Climate.

[dodys]

/packit retest-failed

[dodys]

lgtm, thanks!