Fix for OVAL in grub2_bootloader_argument on Ubuntu

This fixes a regression introduced in commit 62dafb1. The check passed even if the grub2 argument was not defined in /etc/default/grub nor in /etc/default/grub.d/*cfg. The correct behavior is to pass if it is defined in at least one configuration file.
ComplianceAsCode · Apr 4, 2024 · 73028d1 · 73028d1
1 parent e742b68
commit 73028d1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/shared/templates/grub2_bootloader_argument/oval.template b/shared/templates/grub2_bootloader_argument/oval.template
@@ -128,7 +128,7 @@
 {{% if system_with_kernel_options_in_etc_default_grub_d -%}}
   <ind:textfilecontent54_test id="test_grub2_{{{ SANITIZED_ARG_NAME }}}_argument_configdir"
   comment="check for {{{ ARG_NAME_VALUE }}} in /etc/default/grub.d/*cfg via GRUB_CMDLINE_LINUX"
-  check="all" check_existence="any_exist" version="1">
+  check="at least one" check_existence="all_exist" version="1">
     <ind:object object_ref="object_grub2_{{{ SANITIZED_ARG_NAME }}}_argument_configdir" />
     <ind:state state_ref="state_grub2_{{{ SANITIZED_ARG_NAME }}}_argument" />
   </ind:textfilecontent54_test>
@@ -141,7 +141,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_grub2_{{{ SANITIZED_ARG_NAME }}}_argument_configdir" version="1">
-    <ind:filepath>/etc/default/grub.d/*.cfg</ind:filepath>
+    <ind:filepath operation="pattern match">/etc/default/grub.d/[^/]+\.cfg</ind:filepath>
     <ind:pattern operation="pattern match">^\s*GRUB_CMDLINE_LINUX="(.*)"$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>