make comments optional for every rule and fix whitespace

2021-09-20 19:08:24 +02:00
parent 5fe4b14d2a
commit 191411b9da
1 changed files with 5 additions and 5 deletions
--- a/templates/custom.rules.j2
+++ b/templates/custom.rules.j2
@@ -13,16 +13,16 @@
 {% if auditd_custom_rules is defined %}
 {% for rule in auditd_custom_rules %}
 {% if rule.type == 'filesystem' %}
-w {{ rule.file }} -p {{ rule.permissions }} -k {{ rule.comment }}
+-w {{ rule.file }} -p {{ rule.permissions }} {% if rule.comment is defined %} -k {{ rule.comment }}{% endif %}{{''}}
 {% endif %}
 {% if rule.type == 'syscall' %}
-a {{ rule.action }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %}{% if rule.syscalls is defined %}{% for syscall in rule.syscalls %} -S {{ syscall }}{% endfor %}{% endif %} -k {{ rule.comment }}
+-a {{ rule.action }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %}{% if rule.syscalls is defined %}{% for syscall in rule.syscalls %} -S {{ syscall }}{% endfor %}{% endif %} {% if rule.comment is defined %} -k {{ rule.comment }}{% endif %}{{''}}
 {% endif %}
 {% if rule.type == 'executable' %}
-a {{ rule.action }} -F exe={{ rule.executable }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %} -S execve -k {{ rule.comment }}
+-a {{ rule.action }} -F exe={{ rule.executable }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %} -S execve {% if rule.comment is defined %} -k {{ rule.comment }}{% endif %}{{''}}
 {% endif %}
 {% if rule.type == 'global_filter' %}
-a {{ rule.action }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %}{{''}}
+-a {{ rule.action }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %}{% if rule.comment is defined %} -k {{ rule.comment }}{% endif %}{{''}}
 {% endif %}
 {% endfor %}
 {% endif %}