Skip to content

Group system calls in audit_rules_kernel_module_loading template #14059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 30, 2025
Merged

Group system calls in audit_rules_kernel_module_loading template #14059

merged 1 commit into from
Oct 30, 2025

Conversation

@jan-cerny
Copy link
Collaborator

@jan-cerny jan-cerny commented Oct 29, 2025
edited
Loading

Add a new parameter syscall_grouping that contains a list of system calls for which audit rules can be grouped together in a single audit rule.

This commit also fixes missing documentation for the syscall_grouping parameter of other templates that have this parameter.

Fixes: #14055

Review Hints:

Run Contest test "/scanning/audit-rules-syscalls-grouping" with master and with this PR. For example:

./autocontest.sh test --content-path /home/jcerny/work/git/scap-security-guide/ -t "/scanning/audit-rules-syscalls-grouping" -c qemu:///system -n ac_rhel96

Also, run automatus tests for any of the rules that use this template, eg.

python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 audit_rules_kernel_module_loading_create

@jan-cerny
Group system calls in audit_rules_kernel_module_loading template
df8dde0 
Add a new parameter `syscall_grouping` that contains a list of system
calls for which audit rules can be grouped together in a single audit
rule.

This commit also fixes missing documentation for the syscall_grouping
parameter of other templates that have this parameter.

Fixes: ComplianceAsCode#14055
@jan-cerny jan-cerny added this to the 0.1.79 milestone Oct 29, 2025
@jan-cerny jan-cerny added the productization-issue Issue found in upstream stabilization process. label Oct 29, 2025
@openshift-ci
Copy link

openshift-ci bot commented Oct 29, 2025

@jan-cerny: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance df8dde0 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ggbecker ggbecker self-assigned this Oct 30, 2025
ggbecker
ggbecker approved these changes Oct 30, 2025
View reviewed changes
Copy link
Member

@ggbecker ggbecker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I've run automatus tests locally and they all pass.

@ggbecker ggbecker merged commit 72e9da6 into ComplianceAsCode:master Oct 30, 2025
137 of 140 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggbecker ggbecker ggbecker approved these changes

Assignees

@ggbecker ggbecker

Labels

productization-issue Issue found in upstream stabilization process.

Projects

None yet

Milestone

0.1.79

Development

Successfully merging this pull request may close these issues.

query_module audit syscall is not part of the right grouping /scanning/audit-rules-syscalls-grouping

2 participants

@jan-cerny @ggbecker