SV-257792

mitre · Oct 13, 2023 · 13e9146 · 13e9146
1 parent 297d43b
commit 13e9146
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/controls/SV-257792.rb b/controls/SV-257792.rb
@@ -11,7 +11,7 @@
 
 If any output is returned, this is a finding.
 
-Check that virtual system calls are disabled by default to persist in kernel updates with the following command: 
+Check that virtual system calls are disabled by default to persist in kernel updates with the following command:
 
 $ sudo grep vsyscall /etc/default/grub
 
@@ -34,8 +34,23 @@
   tag stig_id: 'RHEL-09-212035'
   tag gtitle: 'SRG-OS-000480-GPOS-00227'
   tag fix_id: 'F-61457r925362_fix'
-  tag satisfies: ['SRG-OS-000480-GPOS-00227', 'SRG-OS-000134-GPOS-00068']
+  tag satisfies: %w(SRG-OS-000480-GPOS-00227 SRG-OS-000134-GPOS-00068)
   tag 'documentable'
-  tag cci: ['CCI-000366', 'CCI-001084']
+  tag cci: %w(CCI-000366 CCI-001084)
   tag nist: ['CM-6 b', 'SC-3']
+
+  if virtualization.system.eql?('docker')
+    impact 0.0
+    describe 'Control not applicable within a container' do
+      skip 'Control not applicable within a container'
+    end
+  else
+    describe parse_config(command('grub2-editenv - list').stdout) do
+      its('kernelopts') { should match /vsyscall=none/ }
+    end
+
+    describe parse_config_file('/etc/default/grub') do
+      its('GRUB_CMDLINE_LINUX') { should match /vsyscall=none/ }
+    end
+  end
 end