Merge pull request #172 from dev-sec/protected_fifos

fix handling of sysctl fs.protected_fifos and fs.protected_regular
dev-sec · Jul 11, 2022 · 81ce2ab · 81ce2ab
2 parents 34b215b + 5247b07
commit 81ce2ab
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
@@ -414,13 +414,13 @@
   desc 'Protects against common exploits in regards to links, fifos and regular files created or controlled by attackers'
   only_if { !container_execution }
   describe kernel_parameter('fs.protected_fifos') do
-    its(:value) { should match cmp(/(1|2)/) }
+    its(:value) { should eq(1).or eq(2).or eq(nil) } # include nil because RHEL7 does not have this parameter
   end
   describe kernel_parameter('fs.protected_hardlinks') do
     its(:value) { should eq 1 }
   end
   describe kernel_parameter('fs.protected_regular') do
-    its(:value) { should eq 2 }
+    its(:value) { should eq(2).or eq(nil) } # include nil because RHEL7 does not have this parameter
   end
   describe kernel_parameter('fs.protected_symlinks') do
     its(:value) { should eq 1 }