Skip to content

Commit

Permalink
🧹 Syntax: Removes superfluous white space before comma (#463)
Browse files Browse the repository at this point in the history 
## Old

```
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]` 
```

## New
```
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
```

Signed-off-by: Manuel Weber <manuel@mondoo.com>
  • Loading branch information
@mm-weber
mm-weber authored Dec 24, 2024
1 parent c704c63 commit 6c189c3
Showing 1 changed file with 14 additions and 14 deletions.
28 changes: 14 additions & 14 deletions core/mondoo-linux-security.mql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1318,7 +1318,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-w\s+\/etc\/sudoers\.d(\/?)\s+\-p\s+wa\s+\-k\s+scope(\s+)?$/))
Expand Down Expand Up @@ -1358,7 +1358,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
variants:
- uid: mondoo-linux-security-login-and-logout-events-are-collected-debian
Expand Down Expand Up @@ -1447,7 +1447,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-w\s+\/var\/run\/utmp\s+\-p\s+wa\s+\-k\s+session(\s+)?$/))
Expand Down Expand Up @@ -1490,7 +1490,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.flat.unique.any(_ == /settimeofday/)
Expand Down Expand Up @@ -1560,7 +1560,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
appArmorSys = props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-w\s+\/etc\/apparmor(\/?)\s+\-p\s+wa\s+\-k\s+MAC-policy(\s+)?$/))
Expand Down Expand Up @@ -1611,7 +1611,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
variants:
- uid: mondoo-linux-security-events-that-modify-the-systems-network-environment-are-collected-debian-rhel
Expand Down Expand Up @@ -1736,7 +1736,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.flat.unique.any(_ == /chmod/)
Expand Down Expand Up @@ -1824,7 +1824,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.flat.unique.any(_ == / creat /)
Expand Down Expand Up @@ -1904,7 +1904,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-w\s+\/etc\/group\s+\-p\s+wa\s+\-k\s+identity(\s+)?$/))
Expand Down Expand Up @@ -1950,7 +1950,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-a\s+always\,exit\s+\-F\s+arch\=b64\s+\-S\s+mount\s+\-F\s+auid\>\=1000\s+\-F\s+auid\!\=(4294967295|unset|-1)\s+\-k\s+mounts(\s+)?$/)) || props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-a\s+always\,exit\s+\-F\s+arch\=b32\s+\-S\s+mount\s+\-F\s+auid\>\=1000\s+\-F\s+auid\!\=(4294967295|unset|-1)\s+\-k\s+mounts(\s+)?$/))
Expand Down Expand Up @@ -1999,7 +1999,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.flat.unique.any(_ == /unlink/)
Expand Down Expand Up @@ -2071,7 +2071,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-w\s+\/sbin\/insmod\s+\-p\s+x\s+\-k\s+modules(\s+)?$/))
Expand Down Expand Up @@ -2128,7 +2128,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/^(\s+)?\-w\s+\/var\/log\/sudo\.log\s+\-p\s+wa\s+\-k\s+actions(\s+)?$/))
Expand Down Expand Up @@ -2170,7 +2170,7 @@ queries:
- uid: mondooLinuxSecurityAuditFiles
title: Return the content from all /etc/audit/rules.d and /etc/audit/audit.rules
mql: |
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$' , type: "file").list.map(path) + ["/etc/audit/audit.rules"]
mondooLinuxSecurityAuditFiles = files.find(from: "/etc/audit/rules.d",regex:'.*\.rules$', type: "file").list.map(path) + ["/etc/audit/audit.rules"]
return mondooLinuxSecurityAuditFiles.map(file(_).content.lines.where( _ == /^[^#]/ ))
mql: |
props.mondooLinuxSecurityAuditFiles.any(_.contains(/(\s+)?\-e\s+2(\s+)?$/))
Expand Down

0 comments on commit 6c189c3

Please sign in to comment.