Move product CPEs to their product.ymls

This should make management of product related CPEs easier.
ComplianceAsCode · Oct 29, 2020 · 892ee23 · 892ee23
1 parent a83a947
commit 892ee23
Show file tree

Hide file tree

Showing 30 changed files with 286 additions and 226 deletions.
diff --git a/chromium/product.yml b/chromium/product.yml
@@ -5,3 +5,9 @@ type: product
 benchmark_root: "./guide"
 
 profiles_root: "./profiles"
+
+cpes:
+  chromium:
+    name: "cpe:/a:google:chromium-browser"
+    title: "Google Chromium Browser"
+    check_id: installed_app_is_chromium
diff --git a/debian10/product.yml b/debian10/product.yml
@@ -10,6 +10,12 @@ pkg_manager: "apt_get"
 
 init_system: "systemd"
 
+cpes:
+  debian10:
+    name: "cpe:/o:debian:debian_linux:10"
+    title: "Debian Linux 10"
+    check_id: installed_OS_is_debian10
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   net-snmp: "snmp"
diff --git a/debian9/product.yml b/debian9/product.yml
@@ -10,6 +10,12 @@ pkg_manager: "apt_get"
 
 init_system: "systemd"
 
+cpes:
+  debian9:
+    name: "cpe:/o:debianproject:debian:9"
+    title: "Debian release 9 (Stretch)"
+    check_id: installed_OS_is_debian9
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   net-snmp: "snmp"
diff --git a/example/product.yml b/example/product.yml
@@ -9,3 +9,9 @@ profiles_root: "./profiles"
 pkg_manager: "dnf"
 
 init_system: "systemd"
+
+cpes:
+  example:
+    name: "cpe:/o:example"
+    title: "Example"
+    check_id: installed_OS_is_part_of_Unix_family
diff --git a/fedora/product.yml b/fedora/product.yml
@@ -10,6 +10,12 @@ pkg_manager: "dnf"
 
 init_system: "systemd"
 
+cpes:
+  fedora:
+    name: "cpe:/o:fedoraproject:fedora:32"
+    title: "Fedora 32"
+    check_id: installed_OS_is_fedora
+
 # The fingerprint and pkg_version are retrieved from https://getfedora.org/keys/
 future_version: 32
 future_release_fingerprint: "97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0"

diff --git a/firefox/product.yml b/firefox/product.yml
@@ -5,3 +5,9 @@ type: product
 benchmark_root: "./guide"
 
 profiles_root: "./profiles"
+
+cpes:
+  firefox:
+    name: "cpe:/a:mozilla:firefox"
+    title: "Mozilla Firefox"
+    check_id: installed_app_is_firefox
diff --git a/fuse6/product.yml b/fuse6/product.yml
@@ -5,3 +5,9 @@ type: product
 benchmark_root: "./guide"
 
 profiles_root: "./profiles"
+
+cpes:
+  fuse6:
+    name: "cpe:/a:redhat:jboss_fuse:6.0"
+    title: "JBoss Fuse 6.0"
+    check_id: installed_app_is_fuse6
diff --git a/jre/product.yml b/jre/product.yml
@@ -5,3 +5,24 @@ type: product
 benchmark_root: "./guide"
 
 profiles_root: "./profiles"
+
+cpes:
+  jre-oracle:
+    name: "cpe:/a:oracle:jre:"
+    title: "Oracle's Java Runtime Environment"
+    check_id: installed_app_is_java
+
+  jre-ibm:
+    name: "cpe:/a:ibm:jre:"
+    title: "IBM Java Runtime Environment"
+    check_id: installed_app_is_java
+
+  openjdk-redhat:
+    name: "cpe:/a:redhat:openjdk:"
+    title: "OpenJDK Java Runtime Environment<"
+    check_id: installed_app_is_java
+
+  jre-oracle:
+    name: "cpe:/a:sun:jre:"
+    title: "Sun Java Runtime Environment"
+    check_id: installed_app_is_java
diff --git a/macos1015/product.yml b/macos1015/product.yml
@@ -5,3 +5,9 @@ type: platform
 benchmark_root: "../apple_os/"
 
 profiles_root: "./profiles"
+
+cpes:
+  macos15:
+    name: "cpe:/o:apple:macos:10.15"
+    title: "Apple macOS 10.15"
+    check_id: installed_OS_is_macos1015
diff --git a/ocp4/product.yml b/ocp4/product.yml
@@ -10,5 +10,16 @@ pkg_system: "rpm"
 
 init_system: "systemd"
 
+cpes:
+  ocp4:
+    name: "cpe:/a:redhat:openshift_container_platform:4.1"
+    title: "Red Hat OpenShift Container Platform 4"
+    check_id: installed_app_is_ocp4
+
+  ocp4-node:
+    name: "cpe:/o:redhat:openshift_container_platform_node:4"
+    title: "Red Hat OpenShift Container Platform 4 Node"
+    check_id: installed_app_is_ocp4_node
+
 # Requirement string, see: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#requirements-parsing
 # requires: "openscap>=1.3.3"
diff --git a/ol7/product.yml b/ol7/product.yml
@@ -9,3 +9,9 @@ profiles_root: "./profiles"
 pkg_manager: "yum"
 
 init_system: "systemd"
+
+cpes:
+  ol7:
+    name: "cpe:/o:oracle:linux:7"
+    title: "Oracle Linux 7"
+    check_id: installed_OS_is_ol7_family
diff --git a/ol8/product.yml b/ol8/product.yml
@@ -9,3 +9,9 @@ profiles_root: "./profiles"
 pkg_manager: "yum"
 
 init_system: "systemd"
+
+cpes:
+  ol8:
+    name: "cpe:/o:oracle:linux:8"
+    title: "Oracle Linux 8"
+    check_id: installed_OS_is_ol8_family
diff --git a/opensuse/product.yml b/opensuse/product.yml
@@ -9,3 +9,24 @@ profiles_root: "./profiles"
 pkg_manager: "zypper"
 
 init_system: "systemd"
+
+cpes:
+  opensuse-42.1:
+    name: "cpe:/o:opensuse:leap:42.1"
+    title: "openSUSE Leap 42.1"
+    check_id: installed_OS_is_opensuse_leap42
+
+  opensuse-42.2:
+    name: "cpe:/o:opensuse:leap:42.2"
+    title: "openSUSE Leap 42.2"
+    check_id: installed_OS_is_opensuse_leap42
+
+  opensuse-42.3:
+    name: "cpe:/o:opensuse:leap:42.3"
+    title: "openSUSE Leap 42.3"
+    check_id: installed_OS_is_opensuse_leap42
+
+  opensuse-15:
+    name: "cpe:/o:opensuse:leap:15.0"
+    title: "openSUSE Leap 15.0"
+    check_id: installed_OS_is_opensuse_leap15
diff --git a/rhcos4/product.yml b/rhcos4/product.yml
@@ -10,6 +10,12 @@ pkg_system: "rpm"
 
 init_system: "systemd"
 
+cpes:
+  rhcos4:
+    name: "cpe:/o:redhat:enterprise_linux_coreos:4"
+    title: "Red Hat Enterprise Linux CoreOS 4"
+    check_id: installed_OS_is_rhcos4
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"

diff --git a/rhel6/product.yml b/rhel6/product.yml
@@ -21,6 +21,22 @@ aux_pkg_version: "2fa658e0"
 release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
 auxiliary_key_fingerprint: "43A6E49C4A38F4BE9ABF2A5345689C882FA658E0"
 
+cpes:
+  rhel6:
+    name: "cpe:/o:redhat:enterprise_linux:6"
+    title: "Red Hat Enterprise Linux 6"
+    check_id: installed_OS_is_rhel6
+
+  rhel6-client:
+    name: "cpe:/o:redhat:enterprise_linux:6::client"
+    title: "Red Hat Enterprise Linux 6 Client"
+    check_id: installed_OS_is_rhel6
+
+  rhel6-computenode:
+    name: "cpe:/o:redhat:enterprise_linux:6::computenode"
+    title: "Red Hat Enterprise Linux 6 ComputeNode"
+    check_id: installed_OS_is_rhel6
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"

diff --git a/rhel7/product.yml b/rhel7/product.yml
@@ -19,6 +19,32 @@ aux_pkg_version: "2fa658e0"
 release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
 auxiliary_key_fingerprint: "43A6E49C4A38F4BE9ABF2A5345689C882FA658E0"
 
+cpes:
+  rhel7:
+    name: "cpe:/o:redhat:enterprise_linux:7"
+    title: "Red Hat Enterprise Linux 7"
+    check_id: installed_OS_is_rhel7
+
+  rhel7-server:
+    name: "cpe:/o:redhat:enterprise_linux:7::server"
+    title: "Red Hat Enterprise Linux 7 Server"
+    check_id: installed_OS_is_rhel7
+
+  rhel7-client:
+    name: "cpe:/o:redhat:enterprise_linux:7::client"
+    title: "Red Hat Enterprise Linux 7 Client"
+    check_id: installed_OS_is_rhel7
+
+  rhel7-computenode:
+    name: "cpe:/o:redhat:enterprise_linux:7::computenode"
+    title: "Red Hat Enterprise Linux 7 ComputeNode"
+    check_id: installed_OS_is_rhel7
+
+  rhel7-workstation:
+    name: "cpe:/o:redhat:enterprise_linux:7::workstation"
+    title: "red hat enterprise linux 7 workstation"
+    check_id: installed_OS_is_rhel7
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"

diff --git a/rhel8/product.yml b/rhel8/product.yml
@@ -19,6 +19,12 @@ aux_pkg_version: "d4082792"
 release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
 auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
 
+cpes:
+  rhel8:
+    name: "cpe:/o:redhat:enterprise_linux:8"
+    title: "Red Hat Enterprise Linux 8"
+    check_id: installed_OS_is_rhel8
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"

diff --git a/rhosp10/product.yml b/rhosp10/product.yml
@@ -10,6 +10,12 @@ pkg_manager: "yum"
 
 init_system: "systemd"
 
+cpes:
+  rhosp10:
+    name: "cpe:/a:redhat:openstack:10"
+    title: "Red Hat OpenStack Platform 10"
+    check_id: installed_app_is_rhosp10
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"
diff --git a/rhosp13/product.yml b/rhosp13/product.yml
@@ -10,6 +10,12 @@ pkg_manager: "yum"
 
 init_system: "systemd"
 
+cpes:
+  rhosp13:
+    name: "cpe:/a:redhat:openstack:13"
+    title: "Red Hat OpenStack Platform 13"
+    check_id: installed_app_is_rhosp13
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"
diff --git a/rhv4/product.yml b/rhv4/product.yml
@@ -19,6 +19,18 @@ aux_pkg_version: "d4082792"
 release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
 auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
 
+cpes:
+  rhel8-host:
+    name: "cpe:/o:redhat:enterprise_linux:8::hypervisor"
+    title: "Red Hat Virtualization 4 Host"
+    check_id: installed_OS_is_rhv4
+
+  rhvm4:
+    name: "cpe:/a:redhat:enterprise_virtualization_manager:4"
+    title: "Red Hat Virtualization 4 Manager"
+    check_id: installed_app_is_rhv4
+
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"