SRG Requirement
- TEMPLATE srg_requirement_audit_file_watch_rule
Generate a SRG requirement text for audit file watch rules.
- Parameters:
path (str) – Full path of file to watch
srg_requirement_audit_file_watch_rule(path)
- TEMPLATE srg_requirement_audit_syscall
Generate a SRG requirement text for auditing all calls to a syscall.
- Parameters:
event (str) – Name of the syscall
srg_requirement_audit_syscall(event)
- TEMPLATE srg_requirement_audit_unsuccessful_syscall
Generate a SRG requirement text for auditing unsuccessful calls to a syscall.
- Parameters:
event (str) – Name of the syscall
srg_requirement_audit_unsuccessful_syscall(event)
- TEMPLATE srg_requirement_audit_command
Generate a SRG requirement text for auditing a command.
- Parameters:
command (str) – Name of the command
srg_requirement_audit_command(command)
- TEMPLATE srg_requirement_package_removed
Generate a SRG requirement text for package removal.
- Parameters:
package (str) – Name of the package to be removed
srg_requirement_package_removed(package)
- TEMPLATE srg_requirement_kernel_module_disable
Generate a SRG requirement text for package removal.
- Parameters:
module (str) – Name of the kernel module to be disabled
srg_requirement_kernel_module_disable(module)
- TEMPLATE srg_requirement_package_installed
Generate a SRG requirement text for package installed.
- Parameters:
package (str) – Name of the package to be installed
srg_requirement_package_installed(package)
- TEMPLATE srg_requirement_service_enabled
Generate a SRG requirement text for service enabled.
- Parameters:
service (str) – Name of the service to be enabled
srg_requirement_service_enabled(service)
- TEMPLATE srg_requirement_file_owner
SRG requirement for setting the owner on a file.
- Parameters:
file (str) – The file to set the owner on
owner (str) – The owner to be set
srg_requirement_file_owner(file, owner)
- TEMPLATE srg_requirement_file_group_owner
SRG requirement for setting the group owner on a file.
- Parameters:
file (str) – The file to set the group owner on
group (str) – The group to be set
srg_requirement_file_group_owner(file, group)
- TEMPLATE srg_requirement_directory_owner
SRG requirement for setting the owner on a directory.
- Parameters:
file (str) – The directory to set the owner on
owner (str) – The owner to be set
srg_requirement_directory_owner(file, owner)
- TEMPLATE srg_requirement_directory_group_owner
SRG requirement for setting the group owner on a directory.
- Parameters:
file (str) – The directory to set the group owner on
group (str) – The group to be set
srg_requirement_directory_group_owner(file, group)
- TEMPLATE srg_requirement_file_permission
SRG requirement for setting permissions on a file
- Parameters:
file (str) – The file to set permissions on
mode (str) – The mode to be set
srg_requirement_file_permission(file, mode)
- TEMPLATE srg_requirement_directory_permission
SRG requirement for setting permissions on a directory
- Parameters:
file (str) – The directory to set permissions on
mode (str) – The mode to be set
srg_requirement_directory_permission(file, mode)
- TEMPLATE srg_requirement_mount_option
SRG requirement for mount point options
- Parameters:
path (str) – The path to check
option (str) – The mount option to use
srg_requirement_mount_option(path, option)
- TEMPLATE srg_requirement_service_disabled
Generate a SRG requirement text for disabling services.
- Parameters:
service (str) – Name of the service to be disabled
srg_requirement_service_disabled(service)
- TEMPLATE srg_requirement_separate_partition
SRG requirement for separate filesystems
- Parameters:
part (str) – The path to check
srg_requirement_separate_partition(part)