From afd67d73f46076470f577f04f438583df8f2bf01 Mon Sep 17 00:00:00 2001 From: Nicolas SAID Date: Thu, 29 Aug 2024 11:44:33 +0200 Subject: [PATCH] Should fix #12349 --- .../sudo/sudoers_explicit_command_args/oval/shared.xml | 2 +- .../tests/defaults_entries.pass.sh | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 linux_os/guide/system/software/sudo/sudoers_explicit_command_args/tests/defaults_entries.pass.sh diff --git a/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/oval/shared.xml b/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/oval/shared.xml index 94a0cb4210b..734a934269b 100644 --- a/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/oval/shared.xml +++ b/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/oval/shared.xml @@ -19,7 +19,7 @@ - ',' is a command delimiter, while The last capturing group holds the offending command without args. --> - ^(?:\s*[^#=]+)=(?:\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,\s]+(?:[ \t]+[^,\s]+)+[ \t]*,)*(\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,\s]+[ \t]*(?:,|$)) + ^(?!\s*Defaults)(?:\s*[^#=]+)=(?:\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,\s]+(?:[ \t]+[^,\s]+)+[ \t]*,)*(\s*(?:\([^\)]+\))?\s*(?!\s*\()[^,\s]+[ \t]*(?:,|$)) 1 diff --git a/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/tests/defaults_entries.pass.sh b/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/tests/defaults_entries.pass.sh new file mode 100644 index 00000000000..655ecee6dca --- /dev/null +++ b/linux_os/guide/system/software/sudo/sudoers_explicit_command_args/tests/defaults_entries.pass.sh @@ -0,0 +1,6 @@ +# platform = multi_platform_all +# remediation = none +# packages = sudo + +echo 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/usr/local/go/bin"' > /etc/sudoers +echo 'root ALL=(root) /bin/bash -c test' >> /etc/sudoers