Skip to content
This repository has been archived by the owner on Aug 24, 2020. It is now read-only.

Contradicting rules for GRUB_CMDLINE_LINUX setting #4

Open
florath opened this issue Jun 21, 2019 · 1 comment
Open

Contradicting rules for GRUB_CMDLINE_LINUX setting #4

florath opened this issue Jun 21, 2019 · 1 comment
Assignees
@rascherm

Comments

@florath
Copy link

florath commented Jun 21, 2019
edited
Loading

req-030.1 and req-053.2 both change the GRUB_CMDLINE_LINUX parameter in /etc/default/grub - which obviously does not work.

Also the later one - setting the selinux - seams not to do the correct thing.
Shouldn't this be something like selinux=1 enforcing=1?

- name: req-030.1 enable logging before auditd starts
  lineinfile:
    path: '/etc/default/grub'
    regexp: "^GRUB_CMDLINE_LINUX=(.*)"
    line: GRUB_CMDLINE_LINUX="audit=1"
    state: present
  notify: update grub
  when: config_grub_logging

- name: req-053.2 enable selinux in grub
  lineinfile:
    dest: '/etc/default/grub'
    regexp: '^GRUB_CMDLINE_LINUX=(.*)'
    line: 'GRUB_CMDLINE_LINUX=""'
  notify: update grub
  when: mac_type == "selinux" and
      ( config_mac and config_selinux_grub )
splashx referenced this issue in pan-net-security/compliance-automation Oct 8, 2019
@dsvk
Merge pull request #4 from dsvk/master
1774f19 
Rebase
@rascherm rascherm self-assigned this Oct 30, 2019
@rascherm
Copy link
Collaborator

rascherm commented Oct 31, 2019
edited
Loading

Regex indeed was flawed and your hint regarding "selinux=1" seems to be correct. I have made changes accordingly, please test latest commit.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rascherm rascherm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@florath @rascherm