search

dev-sec / cis-dil-benchmark

CIS Distribution Independent Linux Benchmark - InSpec Profile
Apache License 2.0
146 stars 92 forks source link

CIS4.1.5 fix 64 bit support #131

Closed spencer-cdw closed 1 year ago

spencer-cdw commented 1 year ago

This fixes the logic so that 32 bit checks only run on 32 bit sytems and 64 bit checks run on 64 bit systems.

Before this change, the 32 bit check would always run, even on 64 bit systems and would give false failures.

Screen Shot 2022-11-01 at 9 14 22 PM Screen Shot 2022-11-01 at 9 15 28 PM

Note: I'm not sure how to test this on non x86 systems. Any guidance about how to raise a failure appreciated.

OSX: 

uname -m
arm64

Ubuntu

uname -m
aarch64
spencer-cdw commented 1 year ago

This actually might be intentional. According to this stack overflow question you may want both 32 and 64 bit checks on 64 bit systems incase you use any 32 bit libraries.

spencer-cdw commented 1 year ago

Confirmed, on 64 bit systems, both arch=b32 and arch=b64 should be set.

Screen Shot 2022-11-01 at 10 32 30 PM Screen Shot 2022-11-01 at 10 31 52 PM

schurzi commented 1 year ago

This actually might be intentional. According to this stack overflow question you may want both 32 and 64 bit checks on 64 bit systems incase you use any 32 bit libraries.

Yes, exactly this! Do you want to add a comment with this information so nobody else has to discover this? ;)

spencer-cdw commented 1 year ago

Yes, documented here: https://github.com/dev-sec/cis-dil-benchmark/pull/132