ShellShockPolicy.yaml

---
- MiqPolicySet:
    name: dd1698b0-e59d-11e3-96d8-001a4ab4f909
    description: Linux Security Check
    set_type: MiqPolicySet
    guid: dd1698b0-e59d-11e3-96d8-001a4ab4f909
    read_only:
    set_data:
    mode: control
    owner_type:
    owner_id:
    MiqPolicy:
    - name: b03a4e74-473e-11e4-b745-005056b3585a
      description: Shell-Shock Vulnerability
      expression: !ruby/object:MiqExpression
        exp:
          INCLUDES:
            field: Vm-os_image_name
            value: linux
        context_type:
      towhat: Vm
      guid: b03a4e74-473e-11e4-b745-005056b3585a
      created_by: admin
      updated_by: admin
      notes: ! 'This policy is based on https://access.redhat.com/articles/1200223.

        Red Hat Enterprise Linux 6

        bash-4.1.2-15.el6_5.2

        bash-4.1.2-15.el6_5.1.sjis.2

        bash-4.1.2-9.el6_2.2

        bash-4.1.2-15.el6_4.2'
      active: true
      mode: compliance
      MiqPolicyContent:
      - qualifier: failure
        failure_sequence: 1
        failure_synchronous: true
        MiqEvent:
          name: vm_compliance_check
          description: VM Compliance Check
          guid: 42b1bd96-317e-11e3-88e1-005056b80000
          event_type: Default
          definition:
          default:
          enabled:
        MiqAction:
          name: log
          description: Generate log message
          guid: e800c9aa-d60f-11e3-85b2-001a4ab4f909
          action_type: default
          options: {}
      - qualifier: failure
        failure_sequence: 2
        failure_synchronous: true
        MiqEvent:
          name: vm_compliance_check
          description: VM Compliance Check
          guid: 42b1bd96-317e-11e3-88e1-005056b80000
          event_type: Default
          definition:
          default:
          enabled:
        MiqAction:
          name: compliance_failed
          description: Mark as Non-Compliant
          guid: 339f0cc8-317e-11e3-88e1-005056b80000
          action_type: default
          options: {}
      - qualifier: failure
        failure_sequence: 3
        failure_synchronous: true
        MiqEvent:
          name: vm_compliance_check
          description: VM Compliance Check
          guid: 42b1bd96-317e-11e3-88e1-005056b80000
          event_type: Default
          definition:
          default:
          enabled:
        MiqAction:
          name: d4ea28d8-f051-11e2-97c5-000c297e26aa
          description: Send Email to Security Team
          guid: d4ea28d8-f051-11e2-97c5-000c297e26aa
          action_type: email
          options:
            :from: cloudforms_noreply@redhat.com
            :to: john@jhardy.co.uk
      Condition:
      - name: 20a8dc70-e245-11e3-9d65-005056b80000
        description: Vulnerable bash Package (ShellShock)
        modifier: allow
        expression: !ruby/object:MiqExpression
          exp:
            and:
            - CONTAINS:
                field: Vm.guest_applications-name
                value: bash
            - FIND:
                search:
                  =:
                    field: Vm.guest_applications-version
                    value: 4.1.2
                checkall:
                  REGULAR EXPRESSION MATCHES:
                    field: Vm.guest_applications-release
                    value: 1[5]\.(el6_5.2\b|el6_5.1.sjis.2(?!\.)|el6_4.2)
          context_type:
        towhat: Vm
        file_mtime:
        guid: 20a8dc70-e245-11e3-9d65-005056b80000
        filename:
        applies_to_exp:
        miq_policy_id:
        notes: