From 377ffdc4ad94d8714a1674f8d167af32d376153b Mon Sep 17 00:00:00 2001 From: Miha Purg Date: Fri, 13 Dec 2024 10:07:58 +0100 Subject: [PATCH] Remove unused parameter missing_file_pass from rules and docs The missing_file_pass parameter has had no function since it was removed from templates file_owner, file_groupowner and file_permissions in #8456. The parameter references were removed from the rules, documentation, and template preprocessing scripts to avoid confusion. --- .../file_owner_ovs_conf_db_lock/rule.yml | 1 - docs/templates/template_reference.md | 9 ----- .../file_groupowner_at_allow/rule.yml | 1 - .../file_groupowner_cron_allow/rule.yml | 1 - .../file_owner_at_allow/rule.yml | 1 - .../file_owner_cron_allow/rule.yml | 1 - .../file_permissions_at_allow/rule.yml | 1 - .../file_permissions_cron_allow/rule.yml | 1 - .../file_groupowner_etc_hosts_allow/rule.yml | 1 - .../file_groupowner_etc_hosts_deny/rule.yml | 1 - .../file_owner_etc_hosts_allow/rule.yml | 1 - .../file_owner_etc_hosts_deny/rule.yml | 1 - .../file_permissions_etc_hosts_allow/rule.yml | 1 - .../file_permissions_etc_hosts_deny/rule.yml | 1 - .../file_groupownership_sshd_pub_key/rule.yml | 1 - .../ssh/file_ownership_sshd_pub_key/rule.yml | 1 - .../file_permissions_sshd_pub_key/rule.yml | 1 - .../file_groupowner_etc_issue_net/rule.yml | 1 - .../file_groupowner_etc_motd/rule.yml | 1 - .../file_owner_etc_issue_net/rule.yml | 1 - .../file_owner_etc_motd/rule.yml | 1 - .../file_permissions_etc_issue_net/rule.yml | 1 - .../file_permissions_etc_motd/rule.yml | 1 - .../files/file_groupowner_systemmap/rule.yml | 1 - .../files/file_owner_systemmap/rule.yml | 1 - .../files/file_permissions_systemmap/rule.yml | 1 - .../file_groupowner_backup_etc_group/rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../file_owner_backup_etc_group/rule.yml | 1 - .../file_owner_backup_etc_gshadow/rule.yml | 1 - .../file_owner_backup_etc_passwd/rule.yml | 1 - .../file_owner_backup_etc_shadow/rule.yml | 1 - .../file_owner_etc_security_opasswd/rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../rule.yml | 1 - .../file_audit_tools_group_ownership/rule.yml | 1 - .../aide/file_audit_tools_ownership/rule.yml | 1 - .../file_audit_tools_permissions/rule.yml | 1 - shared/templates/file_groupowner/template.py | 3 -- .../tests/missing_file_test.pass.sh | 34 ------------------- shared/templates/file_owner/template.py | 3 -- .../tests/missing_file_test.pass.sh | 32 ----------------- shared/templates/file_permissions/template.py | 2 -- 52 files changed, 129 deletions(-) delete mode 100644 shared/templates/file_groupowner/tests/missing_file_test.pass.sh delete mode 100644 shared/templates/file_owner/tests/missing_file_test.pass.sh diff --git a/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml b/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml index 2da914a29e50..b12c38b566b1 100644 --- a/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml +++ b/applications/openshift/master/file_owner_ovs_conf_db_lock/rule.yml @@ -35,4 +35,3 @@ template: vars: filepath: /etc/openvswitch/.conf.db.~lock~ fileuid: '800' - missing_file_pass: "true" diff --git a/docs/templates/template_reference.md b/docs/templates/template_reference.md index 8677d64d5939..e2d253e9467a 100644 --- a/docs/templates/template_reference.md +++ b/docs/templates/template_reference.md @@ -292,9 +292,6 @@ - **filepath_is_regex** - If set to `"true"` the OVAL will consider the value of **filepath** as a regular expression. - - **missing_file_pass** - If set to `"true"` the OVAL check will - pass when file is absent. Default value is `"false"`. - - **file_regex** - Regular expression that matches file names in a directory specified by **filepath**. Can be set only if **filepath** parameter specifies a directory. Note: Applies to @@ -332,9 +329,6 @@ they must be of the same length. - **filepath_is_regex** - If set to `"true"` the OVAL will consider the value of **filepath** as a regular expression. - - **missing_file_pass** - If set to `"true"` the OVAL check will - pass when file is absent. Default value is `"false"`. - - **file_regex** - Regular expression that matches file names in a directory specified by **filepath**. Can be set only if **filepath** parameter specifies a directory. Note: Applies to @@ -369,9 +363,6 @@ they must be of the same length. - **filepath_is_regex** - If set to `"true"` the OVAL will consider the value of **filepath** as a regular expression. - - **missing_file_pass** - If set to `"true"` the OVAL check will - pass when file is absent. Default value is `"false"`. - - **file_regex** - Regular expression that matches file names in a directory specified by **filepath**. Can be set only if **filepath** parameter specifies a directory. Note: Applies to diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml index 8f733aa019dc..07db06b33ca6 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml @@ -36,5 +36,4 @@ template: name: file_groupowner vars: filepath: /etc/at.allow - missing_file_pass: 'true' gid_or_name: '0' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml index 611099abd1e6..d0590786f618 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml @@ -51,7 +51,6 @@ template: name: file_groupowner vars: filepath: /etc/cron.allow - missing_file_pass: 'true' {{% if "ubuntu" in product %}} gid_or_name: 'crontab' {{% else %}} diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml index 2cf0d40ad798..a36b945c3fbe 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml @@ -37,5 +37,4 @@ template: name: file_owner vars: filepath: /etc/at.allow - missing_file_pass: 'true' fileuid: '0' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml index 59cdcdd85384..78526c7da3ad 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml @@ -45,5 +45,4 @@ template: name: file_owner vars: filepath: /etc/cron.allow - missing_file_pass: 'true' fileuid: '0' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml index be2309d67664..8cb4b701059d 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml @@ -46,5 +46,4 @@ template: name: file_permissions vars: filepath: /etc/at.allow - missing_file_pass: 'true' filemode: '{{{ target_perms_octal }}}' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml index c3ab4860ef56..0a1cf6b72fba 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml @@ -46,5 +46,4 @@ template: name: file_permissions vars: filepath: /etc/cron.allow - missing_file_pass: 'true' filemode: "{{{ target_perms_octal }}}" diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_allow/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_allow/rule.yml index ef0434faf436..c8602f8cca04 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_allow/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_allow/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/hosts.allow gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_deny/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_deny/rule.yml index 279fcddd83b5..ea8825989517 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_deny/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_groupowner_etc_hosts_deny/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/hosts.deny gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_allow/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_allow/rule.yml index f401862f1d2a..fcdc03a77d0a 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_allow/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_allow/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/hosts.allow fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_deny/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_deny/rule.yml index 85000424e1fd..25d1c914b256 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_deny/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_owner_etc_hosts_deny/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/hosts.deny fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_allow/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_allow/rule.yml index fdee0ee131b4..ae6dad304629 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_allow/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_allow/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/hosts.allow filemode: '0644' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_deny/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_deny/rule.yml index e5b72bc9d1f2..594d4c404df1 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_deny/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/file_permissions_etc_hosts_deny/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/hosts.deny filemode: '0644' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml index 1876dadd94ab..5806b3e032d1 100644 --- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/rule.yml @@ -30,4 +30,3 @@ template: file_regex: - ^.*\.pub$ gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml index 4259bea35858..3a91527fdafb 100644 --- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/rule.yml @@ -30,4 +30,3 @@ template: file_regex: - ^.*\.pub$ fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml index c947fdef9caa..95eeb2d41941 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml @@ -55,6 +55,5 @@ template: name: file_permissions vars: filepath: /etc/ssh/ - missing_file_pass: 'true' file_regex: ^.*\.pub$ filemode: '0644' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml index bde2eff35ad8..c3b0361cecd9 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml @@ -40,4 +40,3 @@ template: vars: filepath: /etc/issue.net gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml index b40c6b690b43..bb75a97db924 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml @@ -40,4 +40,3 @@ template: vars: filepath: /etc/motd gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml index 16c56cf631de..95cd710d2e93 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml @@ -40,4 +40,3 @@ template: vars: filepath: /etc/issue.net fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml index afcaa965e33b..4ed30200757e 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml @@ -40,4 +40,3 @@ template: vars: filepath: /etc/motd fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml index f23acb892c4d..1917718e82e1 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml @@ -40,4 +40,3 @@ template: vars: filepath: /etc/issue.net filemode: '0644' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml index 9da50452396f..1a7abd22349f 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml @@ -40,4 +40,3 @@ template: vars: filepath: /etc/motd filemode: '0644' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml index 19337fcd36b9..0eed0cf52561 100644 --- a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml +++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml @@ -32,4 +32,3 @@ template: filepath: /boot/ file_regex: ^.*System\.map.*$ gid_or_name: root - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml b/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml index 62f98ca83cd7..dc143066ebb4 100644 --- a/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml +++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml @@ -32,4 +32,3 @@ template: filepath: /boot/ file_regex: ^.*System\.map.*$ fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml index cbcfa0d33976..20dca160b02c 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml @@ -33,4 +33,3 @@ template: file_regex: ^.*System\.map.*$ filemode: '0600' allow_stricter_permissions: 'true' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml index 163556a90a8d..b6110c8f9b83 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml @@ -44,4 +44,3 @@ template: vars: filepath: /etc/group- gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml index 015173051f0f..f3fab70d9f99 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml @@ -55,4 +55,3 @@ template: gid_or_name@ubuntu1804: '42' gid_or_name@ubuntu2004: '42' gid_or_name@ubuntu2204: '42' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml index b052d57aa4bf..0270f3d129ce 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml @@ -44,4 +44,3 @@ template: vars: filepath: /etc/passwd- gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml index 8569e02c8e73..68514709bc3f 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml @@ -55,4 +55,3 @@ template: {{% else %}} gid_or_name: '0' {{% endif %}} - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd/rule.yml index 06d80f8db9d7..5c0b1fd6c605 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd/rule.yml @@ -24,4 +24,3 @@ template: vars: filepath: /etc/security/opasswd gid_or_name: '0' - missing_file_pass: true diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd_old/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd_old/rule.yml index 73800af201b1..872e302192d0 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd_old/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_security_opasswd_old/rule.yml @@ -24,4 +24,3 @@ template: vars: filepath: /etc/security/opasswd.old gid_or_name: '0' - missing_file_pass: true diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml index 9fa6258a7475..ab40b467e41b 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml @@ -44,4 +44,3 @@ template: vars: filepath: /etc/group- fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml index 8dd27d54deba..d7785ebb700c 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml @@ -44,4 +44,3 @@ template: vars: filepath: /etc/gshadow- fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml index 3ebe7a196eef..e70960eed95d 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml @@ -44,4 +44,3 @@ template: vars: filepath: /etc/passwd- fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml index 689b28f56519..e02822ac9355 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml @@ -44,4 +44,3 @@ template: vars: filepath: /etc/shadow- fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd/rule.yml index 7f14481824f4..4604d9ac0fd3 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd/rule.yml @@ -24,4 +24,3 @@ template: vars: filepath: /etc/security/opasswd fileuid: '0' - missing_file_pass: true diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd_old/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd_old/rule.yml index 7b5d2c8611e6..12240298f120 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd_old/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_security_opasswd_old/rule.yml @@ -24,4 +24,3 @@ template: vars: filepath: /etc/security/opasswd.old fileuid: '0' - missing_file_pass: true diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml index aec3b76047da..9285a402442a 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml @@ -45,4 +45,3 @@ template: vars: filepath: /etc/group- filemode: '0644' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml index 4b89b84647ec..842f6f6c174a 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml @@ -58,4 +58,3 @@ template: filemode@ubuntu1804: '0640' filemode@ubuntu2004: '0640' filemode@ubuntu2204: '0640' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml index 2123406a2a1a..548022413791 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml @@ -46,4 +46,3 @@ template: vars: filepath: /etc/passwd- filemode: '0644' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml index 48c8a491d795..a571e4babfcc 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml @@ -62,4 +62,3 @@ template: filemode@ubuntu2204: '0640' filemode@sle12: '0640' filemode@sle15: '0640' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd/rule.yml index 827ad1e05fd7..7f837948496a 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/security/opasswd filemode: '0600' - missing_file_pass: true diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd_old/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd_old/rule.yml index ea4601905091..f3db313a14df 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd_old/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_security_opasswd_old/rule.yml @@ -23,4 +23,3 @@ template: vars: filepath: /etc/security/opasswd.old filemode: '0600' - missing_file_pass: true diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml index f48bbacf394d..71b834c02b2b 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml @@ -66,5 +66,4 @@ template: - /sbin/rsyslogd - /sbin/augenrules gid_or_name: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml index beffcd55d721..881a996aed7e 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml @@ -66,4 +66,3 @@ template: - /sbin/rsyslogd - /sbin/augenrules fileuid: '0' - missing_file_pass: 'true' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml index 774b1f44e220..163c88b45d2b 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml @@ -58,4 +58,3 @@ template: - /sbin/rsyslogd - /sbin/augenrules filemode: '0755' - missing_file_pass: 'true' diff --git a/shared/templates/file_groupowner/template.py b/shared/templates/file_groupowner/template.py index 54aabd94286a..fc595c1aac76 100644 --- a/shared/templates/file_groupowner/template.py +++ b/shared/templates/file_groupowner/template.py @@ -5,9 +5,6 @@ def preprocess(data, lang): ensure_file_paths_and_file_regexes_are_correctly_defined(data) - data["missing_file_pass"] = parse_template_boolean_value( - data, parameter="missing_file_pass", default_value=False) - data["recursive"] = parse_template_boolean_value(data, parameter="recursive", default_value=False) diff --git a/shared/templates/file_groupowner/tests/missing_file_test.pass.sh b/shared/templates/file_groupowner/tests/missing_file_test.pass.sh deleted file mode 100644 index 452fc8686801..000000000000 --- a/shared/templates/file_groupowner/tests/missing_file_test.pass.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -{{% for path in FILEPATH %}} - {{% if MISSING_FILE_PASS %}} -{{% if path.endswith("/") %}} -{{% if FILE_REGEX %}} - echo "Create specific tests for this rule because of regex" -{{% else %}} -rm -rf {{{ path }}} -{{% endif %}} -{{% else %}} - rm -f {{{ path }}} -{{% endif %}} - {{% else %}} - {{% if path.endswith("/") %}} -if [ ! -d {{{ path }}} ]; then - mkdir -p {{{ path }}} -fi -{{% if FILE_REGEX %}} - echo "Create specific tests for this rule because of regex" - {{% elif RECURSIVE %}} - find -L {{{ path }}} -type d -exec chgrp {{{ GID_OR_NAME }}} {} \; -{{% else %}} - chgrp {{{ GID_OR_NAME }}} {{{ path }}} -{{% endif %}} - {{% else %}} - if [ ! -f {{{ path }}} ]; then - mkdir -p "$(dirname '{{{ path }}}')" - touch {{{ path }}} - fi - chgrp {{{ GID_OR_NAME }}} {{{ path }}} - {{% endif %}} - {{% endif %}} -{{% endfor %}} diff --git a/shared/templates/file_owner/template.py b/shared/templates/file_owner/template.py index dcdae0916cbc..ed942288b74b 100644 --- a/shared/templates/file_owner/template.py +++ b/shared/templates/file_owner/template.py @@ -5,9 +5,6 @@ def preprocess(data, lang): ensure_file_paths_and_file_regexes_are_correctly_defined(data) - data["missing_file_pass"] = parse_template_boolean_value( - data, parameter="missing_file_pass", default_value=False) - data["recursive"] = parse_template_boolean_value(data, parameter="recursive", default_value=False) diff --git a/shared/templates/file_owner/tests/missing_file_test.pass.sh b/shared/templates/file_owner/tests/missing_file_test.pass.sh deleted file mode 100644 index a3a2b6553ef1..000000000000 --- a/shared/templates/file_owner/tests/missing_file_test.pass.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -{{% for path in FILEPATH %}} - {{% if MISSING_FILE_PASS %}} -{{% if path.endswith("/") %}} -{{% if FILE_REGEX %}} - echo "Create specific tests for this rule because of regex" -{{% else %}} -rm -rf {{{ path }}} -{{% endif %}} -{{% else %}} - rm -f {{{ path }}} - {{% endif %}} -{{% else %}} - {{% if path.endswith("/") %}} -if [ ! -d {{{ path }}} ]; then - mkdir -p {{{ path }}} -fi -{{% if RECURSIVE %}} - find -L {{{ path }}} -type d -exec chown {{{ FILEUID }}} {} \; -{{% else %}} - chown {{{ FILEUID }}} {{{ path }}} -{{%endif %}} - {{% else %}} - if [ ! -f {{{ path }}} ]; then - mkdir -p "$(dirname '{{{ path }}}')" - touch {{{ path }}} - fi - chown {{{ FILEUID }}} {{{ path }}} - {{% endif %}} - {{% endif %}} -{{% endfor %}} diff --git a/shared/templates/file_permissions/template.py b/shared/templates/file_permissions/template.py index 958616b9b672..791b6dd349d7 100644 --- a/shared/templates/file_permissions/template.py +++ b/shared/templates/file_permissions/template.py @@ -41,8 +41,6 @@ def preprocess(data, lang): data["allow_stricter_permissions"] = parse_template_boolean_value(data, parameter="allow_stricter_permissions", default_value=True) - data["missing_file_pass"] = parse_template_boolean_value(data, parameter="missing_file_pass", default_value=False) - data["recursive"] = parse_template_boolean_value(data, parameter="recursive", default_value=False)