File _service:obs_scm:secureguardian-1.0-Fix-the-bug... of Package secureguardian

File _service:obs_scm:secureguardian-1.0-Fix-the-bug-in-grep-parsing-error.patch of Package secureguardian

From 2d7a964c82d7bcc8e3ee08e42b1d9ff4686cec32 Mon Sep 17 00:00:00 2001
From: mengchaoming <mengchaoming@kylinos.cn>
Date: Mon, 9 Sep 2024 17:16:48 +0800
Subject: [PATCH] Fix the bug in grep parsing error

---
 conf/all_checks.json          |  6 +++---
 scripts/checks/4/4.1/4.1.4.sh | 10 ++++++----
 tools/run_checks.sh           |  6 ++++++
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/conf/all_checks.json b/conf/all_checks.json
index a43912d..201b070 100644
--- a/conf/all_checks.json
+++ b/conf/all_checks.json
@@ -793,10 +793,10 @@
       "parameters": []
     },
     {
-      "id": "3.2.12",
-      "description": "应当配置nftables默认拒绝策略",
+      "id": "3.2.11",
+      "description": "应当启用nftables服务",
       "level": "建议",
-      "script": "scripts/checks/3/3.2/3.2.12.sh",
+      "script": "scripts/checks/3/3.2/3.2.11.sh",
       "enabled": true,
       "parameters": []
     },
diff --git a/scripts/checks/4/4.1/4.1.4.sh b/scripts/checks/4/4.1/4.1.4.sh
index 1550ca5..a76fa20 100755
--- a/scripts/checks/4/4.1/4.1.4.sh
+++ b/scripts/checks/4/4.1/4.1.4.sh
@@ -23,15 +23,17 @@ function check_audit_rules_for_important_files() {
     local files=("/etc/passwd" "/etc/group" "/etc/shadow" "/etc/gshadow" "/etc/security/opasswd")
     local fail_flag=0
 
+    # 读取 auditctl 输出
+    auditctl_output=$(auditctl -l)
+
     for file in "${files[@]}"; do
-        # 使用宽松的正则表达式来匹配可能存在的空格和其他字符
-        local audit_rule=$(auditctl -l | grep -iE "\-w\s*$file\s*\-p\s*wa")
-        if [[ -z "$audit_rule" ]]; then
+        # 正则表达式匹配 "-w 文件 -p wa"，考虑到可能的多余空格
+        local regex="-w\s+$file\s+-p\s+wa"
+        if [[ ! "$auditctl_output" =~ $regex ]]; then
             echo "检测失败: 审计规则未正确配置或未配置用于监控文件 $file 的规则。"
             fail_flag=1
         else
             echo "检测成功: 已正确配置监控文件 $file 的审计规则。"
-            echo "当前规则: $audit_rule"
         fi
     done
 
diff --git a/tools/run_checks.sh b/tools/run_checks.sh
index 00a1a13..c3bdd10 100755
--- a/tools/run_checks.sh
+++ b/tools/run_checks.sh
@@ -346,8 +346,14 @@ execute_checks() {
 	output=$(echo "$output" | sed 's/\r//g')  # 去除所有CR字符	
 
         echo "{\"id\":\"$id\",\"description\":\"$description\",\"level\": \"$level\",\"status\":\"$status\",\"details\":\"$output\",\"link\":\"$BASELINE_DIR/$id.md\"}" >> "$json_output"
+
     done
     echo "]" >> "$json_output"
+    jq . "$json_output" > /dev/null 2>&1
+    if [[ $? -ne 0 ]]; then
+    	echo "生成的JSON文件无效，请检查输出格式。" >&2
+        exit 1
+    fi
 
     echo "所有检查执行完成。"
     generate_html_report "$json_output"
-- 
2.33.0