<def-group>
  <definition class="compliance" id="sysctl_static_%SYSCTLID%" version="3">
    <metadata>
      <title>Kernel "%SYSCTLVAR%" Parameter Configuration Check</title>
      <affected family="unix">
        <platform>Ubuntu 1604</platform>
      </affected>
      <description>The kernel "%SYSCTLVAR%" parameter should be set to "%SYSCTLVAL%" in the system configuration.</description>
    </metadata>
    <criteria operator="OR">
      <criterion comment="kernel static parameter %SYSCTLVAR% set to %SYSCTLVAL% in /etc/sysctl.conf" test_ref="test_static_sysctl_%SYSCTLID%" />
      <!-- see sysctl.d(5) -->
      <criterion comment="kernel static parameter %SYSCTLVAR% set to %SYSCTLVAL% in /etc/sysctl.d/*.conf" test_ref="test_static_etc_sysctld_%SYSCTLID%" />
      <criterion comment="kernel static parameter %SYSCTLVAR% set to %SYSCTLVAL% in /run/sysctl.d/*.conf" test_ref="test_static_run_sysctld_%SYSCTLID%" />
      <criterion comment="kernel static parameter %SYSCTLVAR% set to %SYSCTLVAL% in /usr/lib/sysctl.d/*.conf" test_ref="test_static_usr_lib_sysctld_%SYSCTLID%" />
    </criteria>
  </definition>

  <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="%SYSCTLVAR% static configuration" id="test_static_sysctl_%SYSCTLID%" version="1">
    <ind:object object_ref="object_static_sysctl_%SYSCTLID%" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" comment="%SYSCTLVAR% static configuration in /etc/sysctl.d/*.conf" id="test_static_etc_sysctld_%SYSCTLID%" version="1">
    <ind:object object_ref="object_static_etc_sysctld_%SYSCTLID%" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" comment="%SYSCTLVAR% static configuration in /etc/sysctl.d/*.conf" id="test_static_run_sysctld_%SYSCTLID%" version="1">
    <ind:object object_ref="object_static_run_sysctld_%SYSCTLID%" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test check="all" comment="%SYSCTLVAR% static configuration in /etc/sysctl.d/*.conf" id="test_static_usr_lib_sysctld_%SYSCTLID%" version="1">
    <ind:object object_ref="object_static_usr_lib_sysctld_%SYSCTLID%" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_static_sysctl_%SYSCTLID%" version="1">
    <ind:filepath>/etc/sysctl.conf</ind:filepath>
    <ind:pattern operation="pattern match">^[\s]*%SYSCTLVAR%[\s]*=[\s]*%SYSCTLVAL%[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_static_etc_sysctld_%SYSCTLID%" version="1">
    <ind:path>/etc/sysctl.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^[\s]*%SYSCTLVAR%[\s]*=[\s]*%SYSCTLVAL%[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_static_run_sysctld_%SYSCTLID%" version="1">
    <ind:path>/run/sysctl.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^[\s]*%SYSCTLVAR%[\s]*=[\s]*%SYSCTLVAL%[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="object_static_usr_lib_sysctld_%SYSCTLID%" version="1">
    <ind:path>/usr/lib/sysctl.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^[\s]*%SYSCTLVAR%[\s]*=[\s]*%SYSCTLVAL%[\s]*$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

</def-group>
