Merge pull request #11224 from Mab879/make_selinux_context_elevation_for_sudo_more_flexaible

jan-cerny · web-flow · commit 97399d997047 · 2023-10-26T14:36:36.000+02:00
Make selinux context elevation for sudo more flexible
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/oval/shared.xml b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/oval/shared.xml
@@ -26,13 +26,13 @@
 
   <ind:textfilecontent54_object id="obj_sudo_selinux_elevation_type" version="1">
     <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
-    <ind:pattern operation="pattern match">^\s*%wheel.*TYPE=(\w+).*$</ind:pattern>
+    <ind:pattern operation="pattern match">^\s*%\w+.*TYPE=(\w+).*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 
   <ind:textfilecontent54_object id="obj_sudo_selinux_elevation_role" version="1">
     <ind:filepath operation="pattern match">^/etc/sudoers(\.d/.*)?$</ind:filepath>
-    <ind:pattern operation="pattern match">^\s*%wheel.*ROLE=(\w+).*$</ind:pattern>
+    <ind:pattern operation="pattern match">^\s*%\w+.*ROLE=(\w+).*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/conflicting_value.fail.sh b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/conflicting_value.fail.sh
@@ -1,4 +1,6 @@
-# platform = multi_platform_ol
+#!/bin/bash
+
+# platform = multi_platform_all
 # packages = sudo
 # remediation = none
 
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/correct_value_multiple_files.pass.sh b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/correct_value_multiple_files.pass.sh
@@ -1,4 +1,6 @@
-# platform = multi_platform_ol
+#!/bin/bash
+
+# platform = multi_platform_all
 # packages = sudo
 
 echo '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL' >> /etc/sudoers
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/correct_value_single_file.pass.sh b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/correct_value_single_file.pass.sh
@@ -1,4 +1,6 @@
-# platform = multi_platform_ol
+#!/bin/bash
+
+# platform = multi_platform_all
 # packages = sudo
 
 echo '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL' >> /etc/sudoers.d/01-complianceascode.conf
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/custom_group_name.pass.sh b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/custom_group_name.pass.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# platform = multi_platform_all
+# packages = sudo
+
+group_add sudoers
+
+echo '%sudoers ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL' >> /etc/sudoers.d/01-complianceascode.conf
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/missing_role.fail.sh b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/missing_role.fail.sh
@@ -1,4 +1,6 @@
-# platform = multi_platform_ol
+#!/bin/bash
+
+# platform = multi_platform_all
 # packages = sudo
 # remediation = none
 
diff --git a/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/missing_type.fail.sh b/linux_os/guide/system/selinux/selinux_context_elevation_for_sudo/tests/missing_type.fail.sh
@@ -1,4 +1,6 @@
-# platform = multi_platform_ol
+#!/bin/bash
+
+# platform = multi_platform_all
 # packages = sudo
 # remediation = none
 
