update omsbaseline

microsoft · Apr 28, 2021 · 4221c55 · 4221c55
1 parent e6b6f7c
commit 4221c55
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 7 deletions.
diff --git a/Makefile b/Makefile
@@ -541,7 +541,7 @@ nxOMSGenerateInventoryMof:
 
 nxOMSPlugin:
 	rm -rf output/staging; \
-	VERSION="3.57"; \
+	VERSION="3.58"; \
 	PROVIDERS="nxOMSPlugin"; \
 	STAGINGDIR="output/staging/$@/DSCResources"; \
 	cat Providers/Modules/$@.psd1 | sed "s@<MODULE_VERSION>@$${VERSION}@" > intermediate/Modules/$@.psd1; \

diff --git a/Providers/Modules/Plugins/SecurityBaseline/plugin/oms_audits.xml b/Providers/Modules/Plugins/SecurityBaseline/plugin/oms_audits.xml
@@ -556,8 +556,8 @@
       remediation="Add a boot loader password to the file '/boot/grub/grub.cfg'"
       ruleId="8a4f5ce8-41c4-710c-631e-fbc36a2fa53e">
       <check distro="*" command="CheckMatchingLinesIfExists" regex="^password\s+--encrypted\s+\S+" path="/boot/grub/grub.conf"/>
-      <check distro="*" command="CheckMatchingLinesIfExists" regex="^password\s+--encrypted\s+\S+" path="/boot/grub/grub.cfg"/>
-      <check distro="*" command="CheckMatchingLinesIfExists" regex="^password\s+--encrypted\s+\S+" path="/boot/grub2/grub.cfg"/>
+      <check distro="*" command="CheckMatchingLinesIfExists" regex="^[\s]*password(?:(?:_pbkdf2\s+\S+)|(?:\s+--encrypted))\s+\S+" path="/boot/grub/grub.cfg"/>
+      <check distro="*" command="CheckMatchingLinesIfExists" regex="^[\s]*password(?:(?:_pbkdf2\s+\S+)|(?:\s+--encrypted))\s+\S+" path="/boot/grub2/grub.cfg"/>
     </audit>
     <audit
       description="Ensure permissions on bootloader config are configured"
@@ -1206,7 +1206,7 @@
       impact="An attacker could use this system to send emails with malicious content to other users"
       remediation="Add the line 'inet_interfaces localhost' to the file '/etc/postfix/main.cf'"
       ruleId="d0cc4e35-70a1-4ee5-b572-3b969201562e">
-      <check distro="*" command="CheckMatchingLinesIfExists" regex="^[\s\t]*inet_interfaces\s+localhost\s*$" path="/etc/postfix/main.cf" />
+      <check distro="*" command="CheckMatchingLinesIfExists" regex="^[\s\t]*inet_interfaces\s*=\s*localhost\s*$" path="/etc/postfix/main.cf" />
     </audit>
     <audit
       description="The ldap service should be disabled."

diff --git a/Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsbaseline b/Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsbaseline
diff --git a/Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsremediate b/Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsremediate
diff --git a/Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsbaseline b/Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsbaseline
diff --git a/Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsremediate b/Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsremediate
diff --git a/installbuilder/datafiles/Base_DSC.data b/installbuilder/datafiles/Base_DSC.data
@@ -98,7 +98,7 @@ SHLIB_EXT: 'so'
 /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip; release/nxOMSContainers_1.0.zip; 755; ${{RUN_AS_USER}}; root
 /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip; release/nxOMSCustomLog_1.0.zip; 755; ${{RUN_AS_USER}}; root
 /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip; release/nxOMSGenerateInventoryMof_1.5.zip; 755; ${{RUN_AS_USER}}; root
-/opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.57.zip; release/nxOMSPlugin_3.57.zip; 755; ${{RUN_AS_USER}}; root
+/opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.57.zip; release/nxOMSPlugin_3.58.zip; 755; ${{RUN_AS_USER}}; root
 /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip; release/nxOMSWLI_1.46.zip; 755; ${{RUN_AS_USER}}; root
 #endif
 
@@ -379,7 +379,7 @@ if [ "$pythonVersion" = "python3" ]; then
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0"
-	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.57.zip 0"
+	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.58.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip 0"
 else
   echo "Running python2 python version is ", $pythonVersion
@@ -389,7 +389,7 @@ else
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0"
-	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.57.zip 0"
+	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.58.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip 0"
 #endif