From d150eb049ef7ea964a8b2368adfdcc3d233f2ab7 Mon Sep 17 00:00:00 2001 From: Kaden Emley <104032811+kemley76@users.noreply.github.com> Date: Thu, 13 Jun 2024 15:09:03 -0400 Subject: [PATCH] added inputs to allow indication of operational requirements documented with ISSO (#45) Signed-off-by: kemley76 --- controls/SV-257792.rb | 20 ++++++--- controls/SV-257803.rb | 40 ++++++++++-------- controls/SV-257804.rb | 14 +++++-- controls/SV-257805.rb | 14 +++++-- controls/SV-257806.rb | 14 +++++-- controls/SV-257807.rb | 15 +++++-- controls/SV-257808.rb | 14 +++++-- controls/SV-257812.rb | 12 +++++- controls/SV-257813.rb | 12 +++++- controls/SV-257814.rb | 42 +++++++++++-------- controls/SV-257815.rb | 22 ++++++---- controls/SV-257836.rb | 10 ++++- controls/SV-257880.rb | 15 +++++-- controls/SV-257971.rb | 40 ++++++++++-------- controls/SV-257974.rb | 40 ++++++++++-------- controls/SV-257975.rb | 40 ++++++++++-------- controls/SV-258007.rb | 12 +++++- controls/SV-258014.rb | 5 +++ controls/SV-258016.rb | 22 ++++++---- controls/SV-258039.rb | 14 +++++-- inspec.yml | 94 +++++++++++++++++++++++++++++++++++++++++-- 21 files changed, 378 insertions(+), 133 deletions(-) diff --git a/controls/SV-257792.rb b/controls/SV-257792.rb index fc66133..f5a26ba 100644 --- a/controls/SV-257792.rb +++ b/controls/SV-257792.rb @@ -44,13 +44,21 @@ !virtualization.system.eql?('docker') } - grub_stdout = command('grubby --info=ALL').stdout - setting = /vsyscall\s*=\s*none/ + if input('vsyscall_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + grub_stdout = command('grubby --info=ALL').stdout + setting = /vsyscall\s*=\s*none/ - describe 'GRUB config' do - it 'should disable vsyscall' do - expect(parse_config(grub_stdout)['args']).to match(setting), 'Current GRUB configuration does not disable this setting' - expect(parse_config_file('/etc/default/grub')['GRUB_CMDLINE_LINUX']).to match(setting), 'Setting not configured to persist between kernel updates' + describe 'GRUB config' do + it 'should disable vsyscall' do + expect(parse_config(grub_stdout)['args']).to match(setting), 'Current GRUB configuration does not disable this setting' + expect(parse_config_file('/etc/default/grub')['GRUB_CMDLINE_LINUX']).to match(setting), 'Setting not configured to persist between kernel updates' + end end end end diff --git a/controls/SV-257803.rb b/controls/SV-257803.rb index 520a1c6..166d613 100644 --- a/controls/SV-257803.rb +++ b/controls/SV-257803.rb @@ -42,26 +42,34 @@ !virtualization.system.eql?('docker') } - parameter = 'kernel.core_pattern' - value = 1 - regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + if input('storing_core_dumps_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else - describe kernel_parameter(parameter) do - its('value') { should eq value } - end + parameter = 'kernel.core_pattern' + value = 1 + regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + + describe kernel_parameter(parameter) do + its('value') { should eq value } + end - search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") + search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") - correct_result = search_results.any? { |line| line.match(regexp) } - incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } + correct_result = search_results.any? { |line| line.match(regexp) } + incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } - describe 'Kernel config files' do - it "should configure '#{parameter}'" do - expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' - end - unless incorrect_results.nil? - it 'should not have incorrect or conflicting setting(s) in the config files' do - expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + describe 'Kernel config files' do + it "should configure '#{parameter}'" do + expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' + end + unless incorrect_results.nil? + it 'should not have incorrect or conflicting setting(s) in the config files' do + expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + end end end end diff --git a/controls/SV-257804.rb b/controls/SV-257804.rb index b49f992..670ab8a 100644 --- a/controls/SV-257804.rb +++ b/controls/SV-257804.rb @@ -28,8 +28,16 @@ !virtualization.system.eql?('docker') } - describe kernel_module('atm') do - it { should be_disabled } - it { should be_blacklisted } + if input('atm_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('atm') do + it { should be_disabled } + it { should be_blacklisted } + end end end diff --git a/controls/SV-257805.rb b/controls/SV-257805.rb index 0d765f7..9a8312f 100644 --- a/controls/SV-257805.rb +++ b/controls/SV-257805.rb @@ -28,8 +28,16 @@ !virtualization.system.eql?('docker') } - describe kernel_module('can') do - it { should be_disabled } - it { should be_blacklisted } + if input('can_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('can') do + it { should be_disabled } + it { should be_blacklisted } + end end end diff --git a/controls/SV-257806.rb b/controls/SV-257806.rb index b135490..2f5bb77 100644 --- a/controls/SV-257806.rb +++ b/controls/SV-257806.rb @@ -28,8 +28,16 @@ !virtualization.system.eql?('docker') } - describe kernel_module('firewire_core') do - it { should be_disabled } - it { should be_blacklisted } + if input('firewire_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('firewire_core') do + it { should be_disabled } + it { should be_blacklisted } + end end end diff --git a/controls/SV-257807.rb b/controls/SV-257807.rb index a9d2b99..e21607d 100644 --- a/controls/SV-257807.rb +++ b/controls/SV-257807.rb @@ -38,8 +38,17 @@ only_if('This control is Not Applicable to containers', impact: 0.0) { !virtualization.system.eql?('docker') } - describe kernel_module('sctp') do - it { should be_disabled } - it { should be_blacklisted } + + if input('sctp_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('sctp') do + it { should be_disabled } + it { should be_blacklisted } + end end end diff --git a/controls/SV-257808.rb b/controls/SV-257808.rb index 1063940..62ae0f3 100644 --- a/controls/SV-257808.rb +++ b/controls/SV-257808.rb @@ -32,8 +32,16 @@ !virtualization.system.eql?('docker') } - describe kernel_module('tipc') do - it { should be_disabled } - it { should be_blacklisted } + if input('tipc_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('tipc') do + it { should be_disabled } + it { should be_blacklisted } + end end end diff --git a/controls/SV-257812.rb b/controls/SV-257812.rb index 19c2a0b..c57fb8d 100644 --- a/controls/SV-257812.rb +++ b/controls/SV-257812.rb @@ -32,7 +32,15 @@ !virtualization.system.eql?('docker') } - describe parse_config_file('/etc/systemd/coredump.conf') do - its('Coredump.ProcessSizeMax') { should cmp '0' } + if input('core_dumps_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe parse_config_file('/etc/systemd/coredump.conf') do + its('Coredump.ProcessSizeMax') { should cmp '0' } + end end end diff --git a/controls/SV-257813.rb b/controls/SV-257813.rb index c5af858..7fc6695 100644 --- a/controls/SV-257813.rb +++ b/controls/SV-257813.rb @@ -30,7 +30,15 @@ !virtualization.system.eql?('docker') } - describe parse_config_file('/etc/systemd/coredump.conf') do - its('Coredump.Storage') { should cmp 'none' } + if input('storing_core_dumps_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe parse_config_file('/etc/systemd/coredump.conf') do + its('Coredump.Storage') { should cmp 'none' } + end end end diff --git a/controls/SV-257814.rb b/controls/SV-257814.rb index 96ffd4a..e3b332a 100644 --- a/controls/SV-257814.rb +++ b/controls/SV-257814.rb @@ -32,27 +32,35 @@ !virtualization.system.eql?('docker') } - setting = 'core' - expected_value = input('core_dump_expected_value') + if input('core_dumps_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + setting = 'core' + expected_value = input('core_dump_expected_value') - limits_files = command('ls /etc/security/limits.d/*.conf').stdout.strip.split - limits_files.append('/etc/security/limits.conf') + limits_files = command('ls /etc/security/limits.d/*.conf').stdout.strip.split + limits_files.append('/etc/security/limits.conf') - # make sure that at least one limits.conf file has the correct setting - globally_set = limits_files.any? { |lf| !limits_conf(lf).read_params['*'].nil? && limits_conf(lf).read_params['*'].include?(['hard', setting.to_s, expected_value.to_s]) } + # make sure that at least one limits.conf file has the correct setting + globally_set = limits_files.any? { |lf| !limits_conf(lf).read_params['*'].nil? && limits_conf(lf).read_params['*'].include?(['hard', setting.to_s, expected_value.to_s]) } - # make sure that no limits.conf file has a value that contradicts the global set - failing_files = limits_files.select { |lf| - limits_conf(lf).read_params.values.flatten(1).any? { |l| - l[1].eql?(setting) && !l[2].to_i.eql?(expected_value) + # make sure that no limits.conf file has a value that contradicts the global set + failing_files = limits_files.select { |lf| + limits_conf(lf).read_params.values.flatten(1).any? { |l| + l[1].eql?(setting) && !l[2].to_i.eql?(expected_value) + } } - } - describe 'Limits files' do - it 'should disallow core dumps by default' do - expect(globally_set).to eq(true), "No correct global ('*') setting found" - end - it 'should not have any conflicting settings' do - expect(failing_files).to be_empty, "Files with incorrect '#{setting}' settings:\n\t- #{failing_files.join("\n\t- ")}" + describe 'Limits files' do + it 'should disallow core dumps by default' do + expect(globally_set).to eq(true), "No correct global ('*') setting found" + end + it 'should not have any conflicting settings' do + expect(failing_files).to be_empty, "Files with incorrect '#{setting}' settings:\n\t- #{failing_files.join("\n\t- ")}" + end end end end diff --git a/controls/SV-257815.rb b/controls/SV-257815.rb index 98bb7ca..66a0e1f 100644 --- a/controls/SV-257815.rb +++ b/controls/SV-257815.rb @@ -36,14 +36,22 @@ !virtualization.system.eql?('docker') } - s = systemd_service('systemd-coredump.socket') - - describe.one do - describe s do - its('params.LoadState') { should eq 'masked' } + if input('core_dumps_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" end - describe s do - its('params.LoadState') { should eq 'not-found' } + else + + s = systemd_service('systemd-coredump.socket') + + describe.one do + describe s do + its('params.LoadState') { should eq 'masked' } + end + describe s do + its('params.LoadState') { should eq 'not-found' } + end end end end diff --git a/controls/SV-257836.rb b/controls/SV-257836.rb index ec25f25..b55120b 100644 --- a/controls/SV-257836.rb +++ b/controls/SV-257836.rb @@ -27,7 +27,13 @@ tag nist: ['CM-6 b'] tag 'host', 'container' - describe package('quagga') do - it { should_not be_installed } + if input('quagga_required') + describe package('quagga') do + it { should be_installed } + end + else + describe package('quagga') do + it { should_not be_installed } + end end end diff --git a/controls/SV-257880.rb b/controls/SV-257880.rb index b5a893f..b6e4020 100644 --- a/controls/SV-257880.rb +++ b/controls/SV-257880.rb @@ -38,8 +38,17 @@ only_if('This control is Not Applicable to containers', impact: 0.0) { !virtualization.system.eql?('docker') } - describe kernel_module('cramfs') do - it { should be_disabled } - it { should be_blacklisted } + + if input('cramfs_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('cramfs') do + it { should be_disabled } + it { should be_blacklisted } + end end end diff --git a/controls/SV-257971.rb b/controls/SV-257971.rb index 7a68308..be40ffa 100644 --- a/controls/SV-257971.rb +++ b/controls/SV-257971.rb @@ -45,26 +45,34 @@ !virtualization.system.eql?('docker') } - parameter = 'net.ipv6.conf.all.accept_ra' - value = 0 - regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + if input('accept_ra_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else - describe kernel_parameter(parameter) do - its('value') { should eq value } - end + parameter = 'net.ipv6.conf.all.accept_ra' + value = 0 + regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + + describe kernel_parameter(parameter) do + its('value') { should eq value } + end - search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") + search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") - correct_result = search_results.any? { |line| line.match(regexp) } - incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } + correct_result = search_results.any? { |line| line.match(regexp) } + incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } - describe 'Kernel config files' do - it "should configure '#{parameter}'" do - expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' - end - unless incorrect_results.nil? - it 'should not have incorrect or conflicting setting(s) in the config files' do - expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + describe 'Kernel config files' do + it "should configure '#{parameter}'" do + expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' + end + unless incorrect_results.nil? + it 'should not have incorrect or conflicting setting(s) in the config files' do + expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + end end end end diff --git a/controls/SV-257974.rb b/controls/SV-257974.rb index 92a7d0f..8af4ccf 100644 --- a/controls/SV-257974.rb +++ b/controls/SV-257974.rb @@ -45,26 +45,34 @@ !virtualization.system.eql?('docker') } - parameter = 'net.ipv6.conf.all.forwarding' - value = 0 - regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + if input('forwarding') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else - describe kernel_parameter(parameter) do - its('value') { should eq value } - end + parameter = 'net.ipv6.conf.all.forwarding' + value = 0 + regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + + describe kernel_parameter(parameter) do + its('value') { should eq value } + end - search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") + search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") - correct_result = search_results.any? { |line| line.match(regexp) } - incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } + correct_result = search_results.any? { |line| line.match(regexp) } + incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } - describe 'Kernel config files' do - it "should configure '#{parameter}'" do - expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' - end - unless incorrect_results.nil? - it 'should not have incorrect or conflicting setting(s) in the config files' do - expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + describe 'Kernel config files' do + it "should configure '#{parameter}'" do + expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' + end + unless incorrect_results.nil? + it 'should not have incorrect or conflicting setting(s) in the config files' do + expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + end end end end diff --git a/controls/SV-257975.rb b/controls/SV-257975.rb index 928e330..aadce4c 100644 --- a/controls/SV-257975.rb +++ b/controls/SV-257975.rb @@ -45,26 +45,34 @@ !virtualization.system.eql?('docker') } - parameter = 'net.ipv6.conf.default.accept_ra' - value = 0 - regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + if input('accept_ra_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else - describe kernel_parameter(parameter) do - its('value') { should eq value } - end + parameter = 'net.ipv6.conf.default.accept_ra' + value = 0 + regexp = /^\s*#{parameter}\s*=\s*#{value}\s*$/ + + describe kernel_parameter(parameter) do + its('value') { should eq value } + end - search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") + search_results = command("/usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F #{parameter}").stdout.strip.split("\n") - correct_result = search_results.any? { |line| line.match(regexp) } - incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } + correct_result = search_results.any? { |line| line.match(regexp) } + incorrect_results = search_results.map(&:strip).reject { |line| line.match(regexp) } - describe 'Kernel config files' do - it "should configure '#{parameter}'" do - expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' - end - unless incorrect_results.nil? - it 'should not have incorrect or conflicting setting(s) in the config files' do - expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + describe 'Kernel config files' do + it "should configure '#{parameter}'" do + expect(correct_result).to eq(true), 'No config file was found that correctly sets this action' + end + unless incorrect_results.nil? + it 'should not have incorrect or conflicting setting(s) in the config files' do + expect(incorrect_results).to be_empty, "Incorrect or conflicting setting(s) found:\n\t- #{incorrect_results.join("\n\t- ")}" + end end end end diff --git a/controls/SV-258007.rb b/controls/SV-258007.rb index caab63d..7265c5e 100644 --- a/controls/SV-258007.rb +++ b/controls/SV-258007.rb @@ -34,7 +34,15 @@ !(virtualization.system.eql?('docker') && !file('/etc/ssh/sshd_config').exist?) } - describe sshd_config do - its('X11Forwarding') { should cmp 'no' } + if input('x11_forwarding_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe sshd_config do + its('X11Forwarding') { should cmp 'no' } + end end end diff --git a/controls/SV-258014.rb b/controls/SV-258014.rb index d6896e0..9e2bf60 100644 --- a/controls/SV-258014.rb +++ b/controls/SV-258014.rb @@ -50,6 +50,11 @@ describe 'The system does not have a GUI Desktop is installed, this control is Not Applicable' do skip 'A GUI desktop is not installed, this control is Not Applicable.' end + elsif input('gui_automount_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end else describe command('gsettings get org.gnome.desktop.media-handling automount-open') do its('stdout.strip') { should cmp 'false' } diff --git a/controls/SV-258016.rb b/controls/SV-258016.rb index 017c168..1c1baa4 100644 --- a/controls/SV-258016.rb +++ b/controls/SV-258016.rb @@ -40,16 +40,24 @@ !virtualization.system.eql?('docker') } - no_gui = command('ls /usr/share/xsessions/*').stderr.match?(/No such file or directory/) - - if no_gui + if input('gui_autorun_required') impact 0.0 - describe 'The system does not have a GUI Desktop is installed, this control is Not Applicable' do - skip 'A GUI desktop is not installed, this control is Not Applicable.' + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" end else - describe command('gsettings get org.gnome.desktop.media-handling autorun-never') do - its('stdout.strip') { should cmp 'true' } + + no_gui = command('ls /usr/share/xsessions/*').stderr.match?(/No such file or directory/) + + if no_gui + impact 0.0 + describe 'The system does not have a GUI Desktop is installed, this control is Not Applicable' do + skip 'A GUI desktop is not installed, this control is Not Applicable.' + end + else + describe command('gsettings get org.gnome.desktop.media-handling autorun-never') do + its('stdout.strip') { should cmp 'true' } + end end end end diff --git a/controls/SV-258039.rb b/controls/SV-258039.rb index 7ea95b2..2365696 100644 --- a/controls/SV-258039.rb +++ b/controls/SV-258039.rb @@ -33,9 +33,17 @@ } if input('bluetooth_installed') - describe kernel_module('bluetooth') do - it { should be_disabled } - it { should be_blacklisted } + if input('bluetooth_required') + impact 0.0 + describe 'N/A' do + skip "Profile inputs indicate that this parameter's setting is a documented operational requirement" + end + else + + describe kernel_module('bluetooth') do + it { should be_disabled } + it { should be_blacklisted } + end end else impact 0.0 diff --git a/inspec.yml b/inspec.yml index 5443a9e..fc43bc8 100644 --- a/inspec.yml +++ b/inspec.yml @@ -829,20 +829,24 @@ inputs: type: Boolean value: false - # SV-230560 # SV-257833 - name: iprutils_required description: Set to true if there is a documented requirement for the target system to use iprutils type: Boolean value: false - # SV-230561 # SV-257834 - name: tuned_required description: Set to true if there is a documented requirement for the target system to use tuned type: Boolean value: false + # SV-257836 + - name: quagga_required + description: Set to true if there is a documented requirement for the target system to use quagga + type: Boolean + value: false + # SV-230640 # SV-257935 - name: alternate_firewall_tool @@ -1023,8 +1027,92 @@ inputs: type: Boolean value: false - # SV-257970 + # SV-257970, SV-257974 - name: forwarding description: Set to true if there is a requirement for this system to be able forward packets that is documented with the ISSO type: Boolean + value: false + + # SV-257792 + - name: vsyscall_required + description: Set to true if there is a requirement for this system to allow virtual system calls that is documented with the ISSO + type: Boolean + value: false + + # SV-257803 + - name: storing_core_dumps_required + description: Set to true if there is a requirement for this system to store core dumps that is documented with the ISSO + type: Boolean + value: false + + # SV-257812 + - name: core_dumps_required + description: Set to true if there is a requirement for this system to enable core dumps that is documented with the ISSO + type: Boolean + value: false + + # SV-257804 + - name: atm_required + description: Set to true if there is a requirement for this system to enable the Asynchronous Transfer Mode kernel module that is documented with the ISSO + type: Boolean + value: false + + # SV-257805 + - name: can_required + description: Set to true if there is a requirement for this system to enable the Controller Area Network kernel module that is documented with the ISSO + type: Boolean + value: false + + # SV-257806 + - name: firewire_required + description: Set to true if there is a requirement for this system to enable the FireWire kernel module that is documented with the ISSO + type: Boolean + value: false + + # SV-257807 + - name: sctp_required + description: Set to true if there is a requirement for this system to enable the Stream Control Transmission Protocol (SCTP) kernel module that is documented with the ISSO + type: Boolean + value: false + + # SV-257808 + - name: tipc_required + description: Set to true if there is a requirement for this system to enable the Transparent Inter Process Communication (TIPC) kernel module that is documented with the ISSO + type: Boolean + value: false + + # SV-257880 + - name: cramfs_required + description: Set to true if there is a requirement for this system to enable the Compressed ROM/RAM file system (cramfs) that is documented with the ISSO + type: Boolean + value: false + + # SV-258039 + - name: bluetooth_required + description: Set to true if there is a requirement for this system to enable Bluetooth that is documented with the ISSO + type: Boolean + value: false + + # SV-257971, SV-257975 + - name: accept_ra_required + description: Set to true if there is a requirement for this system to accept router advertisements that is documented with the ISSO + type: Boolean + value: false + + # SV-258007 + - name: x11_forwarding_required + description: Set to true if there is a requirement for this system to enable X11 forwarding that is documented with the ISSO + type: Boolean + value: false + + # SV-258014 + - name: gui_automount_required + description: Set to true if there is a requirement for this system to enable graphical user interface automount function that is documented with the ISSO + type: Boolean + value: false + + # SV-258014 + - name: gui_autorun_required + description: Set to true if there is a requirement for this system to enable graphical user interface autorun function that is documented with the ISSO + type: Boolean value: false \ No newline at end of file