|
7 | 7 | <criterion comment="Superuser is defined in {{{ grub2_uefi_boot_path }}}/grub.cfg and it |
8 | 8 | isn't root, admin, administrator nor equal to any system username" |
9 | 9 | test_ref="test_bootloader_uefi_superuser_differ_from_other_users"/> |
| 10 | +{{% if product in ["rhel8"] %}} |
| 11 | +<!-- In RHEL 8 cloud images (eg. AWS) the /boot/efi/EFI/redhat/grub.cfg contains a stub pointing to /boot/grub2/grub.cfg --> |
| 12 | + <criteria operator="AND" comment="check if {{{ grub2_uefi_boot_path }}}/grub.cfg is a stub pointing to {{{ grub2_boot_path }}}/grub.cfg"> |
| 13 | + <criterion comment="check if {{{ grub2_uefi_boot_path }}}/grub.cfg contains a configfile directive" test_ref="test_grub2_uefi_admin_username_stub" /> |
| 14 | + <criterion comment="Superuser is defined in {{{ grub2_boot_path }}}/grub.cfg and it |
| 15 | + isn't root, admin, administrator nor equal to any system username" |
| 16 | + test_ref="test_bootloader_uefi_boot_superuser_differ_from_other_users"/> |
| 17 | + </criteria> |
| 18 | +{{% endif %}} |
10 | 19 | </criteria> |
11 | 20 | </definition> |
12 | 21 |
|
|
33 | 42 | <ind:state state_ref="state_bootloader_uefi_superuser_differ_from_other_users" /> |
34 | 43 | </ind:textfilecontent54_test> |
35 | 44 |
|
| 45 | +{{% set superusers_regex = '^[\\s]*set[\\s]+superusers="(?i)\\b(?!(?:root|admin|administrator)\\b)(\\w+)".*\\n[\\s]*export[\\s]+superusers[\\s]*$' %}} |
| 46 | + |
36 | 47 | <ind:textfilecontent54_object id="object_bootloader_uefi_unique_superuser" version="1"> |
37 | 48 | <ind:filepath>{{{ grub2_uefi_boot_path }}}/grub.cfg</ind:filepath> |
38 | | - <ind:pattern operation="pattern match" |
39 | | - >^[\s]*set[\s]+superusers="(?i)\b(?!(?:root|admin|administrator)\b)(\w+)".*\n[\s]*export[\s]+superusers[\s]*$</ind:pattern> |
| 49 | + <ind:pattern operation="pattern match">{{{ superusers_regex }}}</ind:pattern> |
| 50 | + <ind:instance datatype="int">1</ind:instance> |
| 51 | + </ind:textfilecontent54_object> |
| 52 | +{{% if product in ["rhel8"] %}} |
| 53 | + <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check if {{{ grub2_uefi_boot_path }}}/grub.cfg contains a configfile directive" id="test_grub2_uefi_admin_username_stub" version="1"> |
| 54 | + <ind:object object_ref="object_grub2_uefi_admin_username_stub" /> |
| 55 | + </ind:textfilecontent54_test> |
| 56 | + <ind:textfilecontent54_object id="object_grub2_uefi_admin_username_stub" version="1"> |
| 57 | + <ind:filepath>{{{ grub2_uefi_boot_path }}}/grub.cfg</ind:filepath> |
| 58 | + <ind:pattern operation="pattern match">^[\s]*configfile\b.*$</ind:pattern> |
| 59 | + <ind:instance datatype="int">1</ind:instance> |
| 60 | + </ind:textfilecontent54_object> |
| 61 | + |
| 62 | + <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="superuser |
| 63 | + is defined in {{{ grub2_boot_path }}}/grub.cfg. Superuser is not |
| 64 | + equal to other system account nor root, admin, administrator" |
| 65 | + id="test_bootloader_uefi_boot_superuser_differ_from_other_users" version="1"> |
| 66 | + <ind:object object_ref="object_bootloader_uefi_boot_unique_superuser" /> |
| 67 | + <ind:state state_ref="state_bootloader_uefi_superuser_differ_from_other_users" /> |
| 68 | + </ind:textfilecontent54_test> |
| 69 | + |
| 70 | + <ind:textfilecontent54_object id="object_bootloader_uefi_boot_unique_superuser" version="1"> |
| 71 | + <ind:filepath>{{{ grub2_boot_path }}}/grub.cfg</ind:filepath> |
| 72 | + <ind:pattern operation="pattern match">{{{ superusers_regex }}}</ind:pattern> |
40 | 73 | <ind:instance datatype="int">1</ind:instance> |
41 | 74 | </ind:textfilecontent54_object> |
| 75 | +{{% endif %}} |
| 76 | + |
42 | 77 | </def-group> |
0 commit comments