From f0bd3356e406daf75d09ff58fa39825dfb75b56b Mon Sep 17 00:00:00 2001 From: David Fernandez Gonzalez Date: Mon, 28 Nov 2022 15:31:11 +0100 Subject: [PATCH 1/3] Check packages against platform_package_overrides before installing in tests --- tests/ssg_test_suite/rule.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/ssg_test_suite/rule.py b/tests/ssg_test_suite/rule.py index e7a055dfa2e..2afcf5718f3 100644 --- a/tests/ssg_test_suite/rule.py +++ b/tests/ssg_test_suite/rule.py @@ -238,15 +238,31 @@ def _rule_matches_rule_spec(self, rule_short_id): def _rule_matches_template_spec(self, template): return True + def _replace_platform_specific_packages(self, packages): + """ Returns the provided package list with names + updated according to the platform alternatives + listed in platform_package_overrides product field """ + product_yaml = common.get_product_context(self.test_env.product) + platform_package_overrides = product_yaml["platform_package_overrides"] + packages_with_alternatives = set() + for package in packages: + if package in platform_package_overrides and platform_package_overrides[package]: + packages_with_alternatives.add(platform_package_overrides[package]) + else: + packages_with_alternatives.add(package) + return packages_with_alternatives + def _ensure_package_present_for_all_scenarios( self, test_content_by_rule_id): packages_required = set() + for rule_test_content in test_content_by_rule_id.values(): for s in rule_test_content.scenarios: scenario_packages = s.script_params["packages"] packages_required.update(scenario_packages) if packages_required: - common.install_packages(self.test_env, packages_required) + packages_to_install = self._replace_platform_specific_packages(packages_required) + common.install_packages(self.test_env, packages_to_install) def _prepare_environment(self, test_content_by_rule_id): try: From 795f076c3b56a184d019a49a0c6e67b6a0ab96fa Mon Sep 17 00:00:00 2001 From: David Fernandez Gonzalez Date: Mon, 28 Nov 2022 15:34:09 +0100 Subject: [PATCH 2/3] Update rule tests to rely on platform_package_overrides + add needed alternatives to products --- .../tests/commented.fail.sh | 6 ------ .../smartcard_configure_cert_checking/tests/correct.pass.sh | 6 ------ .../tests/missing_ocsp.fail.sh | 6 ------ .../tests/correct_rules.pass.sh | 4 ---- .../tests/rules_not_there.fail.sh | 4 ---- .../tests/wrong_list_action.fail.sh | 4 ---- .../tests/wrong_syscall.fail.sh | 4 ---- .../tests/correct_rules.pass.sh | 4 ---- .../tests/default.fail.sh | 4 ---- .../tests/correct_rules.pass.sh | 4 ---- .../tests/default.fail.sh | 4 ---- .../tests/correct_value.pass.sh | 4 ---- .../tests/correct_value_default_file.pass.sh | 4 ---- .../tests/correct_value_non-root_group.pass.sh | 4 ---- .../tests/wrong_value.fail.sh | 4 ---- .../tests/wrong_value_default_file.fail.sh | 4 ---- .../tests/wrong_value_non-root_group.fail.sh | 4 ---- .../auditd_data_disk_error_action/tests/wrong_value.fail.sh | 4 ---- .../tests/correct_and_wrong_value_multiple_possible.fail.sh | 4 ---- .../tests/correct_and_wrong_value_one_possible.fail.sh | 4 ---- .../tests/correct_value_multiple_possible.pass.sh | 4 ---- .../tests/correct_value_one_possible.pass.sh | 4 ---- .../auditd_data_disk_full_action/tests/no_value.fail.sh | 4 ---- .../auditd_data_disk_full_action/tests/wrong_value.fail.sh | 4 ---- products/ol7/product.yml | 1 + products/rhel7/product.yml | 1 + products/ubuntu1604/product.yml | 2 ++ products/ubuntu1804/product.yml | 2 ++ products/ubuntu2004/product.yml | 1 + 29 files changed, 7 insertions(+), 102 deletions(-) diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh index f114f6800b0..c2afecc19a9 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh @@ -1,12 +1,6 @@ #!/bin/bash # platform = multi_platform_ubuntu,multi_platform_rhel -{{% if "ubuntu" in product %}} -# packages = libpam-pkcs11 -{{% elif "rhel7" == product %}} -# packages = pam_pkcs11 -{{% else %}} # packages = openssl-pkcs11 -{{% endif %}} if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then cp /usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example /etc/pam_pkcs11/pam_pkcs11.conf diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh index 84f1a642870..d7103cc0ae8 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh @@ -1,12 +1,6 @@ #!/bin/bash # platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -{{% if "ubuntu" in product %}} -# packages = libpam-pkcs11 -{{% elif product in ["ol7", "rhel7"] %}} -# packages = pam_pkcs11 -{{% else %}} # packages = openssl-pkcs11 -{{% endif %}} if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then cp /usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example /etc/pam_pkcs11/pam_pkcs11.conf diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh index 0565c3d7618..c0cc3c94f15 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh @@ -1,12 +1,6 @@ #!/bin/bash # platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -{{% if "ubuntu" in product %}} -# packages = libpam-pkcs11 -{{% elif product in ["ol7", "rhel7"] %}} -# packages = pam_pkcs11 -{{% else %}} # packages = openssl-pkcs11 -{{% endif %}} if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then cp /usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example /etc/pam_pkcs11/pam_pkcs11.conf diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh index 6bcf4e26764..dbe8187604d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/rules_not_there.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/rules_not_there.fail.sh index 18f644426d1..6e368f8d321 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/rules_not_there.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/rules_not_there.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh index 11ea25d5009..0149c8323f3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_list_action.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules\ diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh index af1231bbc3b..743064cb578 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/wrong_syscall.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh index 0dfdd5c88c5..16dfe248063 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} {{% if product in ["ol7", "ol8"] or 'rhel' in product %}} echo "-a always,exit -F arch=b32 -S finit_module -F auid>=1000 -F auid!=unset -k modules" >> /etc/audit/rules.d/modules.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/default.fail.sh index 04ffd4fc0e9..6d0cf84e52e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/default.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/default.fail.sh @@ -1,10 +1,6 @@ #!/bin/bash # remediation = bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh index 9d97f056c83..546f057d073 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} {{% if product in ["ol7", "ol8"] or 'rhel' in product %}} echo "-a always,exit -F arch=b32 -S init_module -F auid>=1000 -F auid!=unset -k modules" >> /etc/audit/rules.d/modules.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/default.fail.sh index 04ffd4fc0e9..6d0cf84e52e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/default.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/default.fail.sh @@ -1,10 +1,6 @@ #!/bin/bash # remediation = bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value.pass.sh index 967c9194485..2055219dbdb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product %}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_default_file.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_default_file.pass.sh index 35682937f2c..597b128c52e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_default_file.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_default_file.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product %}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh index 8639ae24a53..6f19e15c6ca 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product %}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} # platform = multi_platform_rhel if grep -iwq "log_file" /etc/audit/auditd.conf; then diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value.fail.sh index 5d21df6f213..bf109a674fa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product %}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_default_file.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_default_file.fail.sh index 448c18f5c39..55e2bdd4bc9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_default_file.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_default_file.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product %}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh index 7e6a2a01553..cf4b02b905e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product %}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} # platform = multi_platform_rhel if grep -iwq "log_file" /etc/audit/auditd.conf; then diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/tests/wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/tests/wrong_value.fail.sh index 753678b9cc6..6405d447a4e 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/tests/wrong_value.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_multiple_possible.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_multiple_possible.fail.sh index b3f1bbcb928..90bd308001c 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_multiple_possible.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_multiple_possible.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} # variables = var_auditd_disk_full_action=action1|action2|action3 source common.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_one_possible.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_one_possible.fail.sh index 2cf269aa7ac..f2b8b5bf5c4 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_one_possible.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_and_wrong_value_one_possible.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} # variables = var_auditd_disk_full_action=action1 source common.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_multiple_possible.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_multiple_possible.pass.sh index a45de079a48..05272f8bc3e 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_multiple_possible.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_multiple_possible.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} # variables = var_auditd_disk_full_action=action1|action2|action3 source common.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_one_possible.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_one_possible.pass.sh index a83e1a3bb6e..2b0018771de 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_one_possible.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/correct_value_one_possible.pass.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} # variables = var_auditd_disk_full_action=halt source common.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/no_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/no_value.fail.sh index c029da6e576..ff8698d1b42 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/no_value.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/no_value.fail.sh @@ -1,8 +1,4 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/wrong_value.fail.sh index b01d384310b..5297742f979 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/tests/wrong_value.fail.sh @@ -1,9 +1,5 @@ #!/bin/bash -{{% if "ubuntu" in product%}} -# packages = auditd -{{% else %}} # packages = audit -{{% endif %}} source common.sh diff --git a/products/ol7/product.yml b/products/ol7/product.yml index b21f1c5b914..9f703a2f863 100644 --- a/products/ol7/product.yml +++ b/products/ol7/product.yml @@ -37,6 +37,7 @@ cpes: # Mapping of CPE platform to package platform_package_overrides: login_defs: "shadow-utils" + openssl-pkcs11: "pam_pkcs11" reference_uris: cis: 'https://www.cisecurity.org/benchmark/oracle_linux/' diff --git a/products/rhel7/product.yml b/products/rhel7/product.yml index 49ed431a7be..83c9f17e43a 100644 --- a/products/rhel7/product.yml +++ b/products/rhel7/product.yml @@ -58,6 +58,7 @@ cpes: # Mapping of CPE platform to package platform_package_overrides: login_defs: "shadow-utils" + openssl-pkcs11: "pam_pkcs11" centos_pkg_release: "53a7ff4b" centos_pkg_version: "f4a80eb5" diff --git a/products/ubuntu1604/product.yml b/products/ubuntu1604/product.yml index 51dda69dcfc..06dfe5dee54 100644 --- a/products/ubuntu1604/product.yml +++ b/products/ubuntu1604/product.yml @@ -28,6 +28,7 @@ cpes: check_id: installed_OS_is_ubuntu1604 platform_package_overrides: + audit: auditd gdm: gdm3 grub2: grub2-common net-snmp: snmp @@ -35,6 +36,7 @@ platform_package_overrides: pam: libpam-runtime shadow: login sssd: sssd-common + openssl-pkcs11: libpam-pkcs11 reference_uris: cis: 'https://www.cisecurity.org/benchmark/ubuntu_linux/' diff --git a/products/ubuntu1804/product.yml b/products/ubuntu1804/product.yml index 6f4f90307bb..345626b1e4a 100644 --- a/products/ubuntu1804/product.yml +++ b/products/ubuntu1804/product.yml @@ -27,6 +27,7 @@ cpes: check_id: installed_OS_is_ubuntu1804 platform_package_overrides: + audit: auditd gdm: gdm3 grub2: grub2-common net-snmp: snmp @@ -34,6 +35,7 @@ platform_package_overrides: pam: libpam-runtime shadow: login sssd: sssd-common + openssl-pkcs11: libpam-pkcs11 reference_uris: cis: 'https://www.cisecurity.org/benchmark/ubuntu_linux/' diff --git a/products/ubuntu2004/product.yml b/products/ubuntu2004/product.yml index c0659d4f96e..04454d7015c 100644 --- a/products/ubuntu2004/product.yml +++ b/products/ubuntu2004/product.yml @@ -35,6 +35,7 @@ platform_package_overrides: pam: libpam-runtime shadow: login sssd: sssd-common + openssl-pkcs11: libpam-pkcs11 reference_uris: cis: 'https://www.cisecurity.org/benchmark/ubuntu_linux/' From 8787b0256cd94533fb4b6faa1ca8620dbfd8440d Mon Sep 17 00:00:00 2001 From: David Fernandez Gonzalez Date: Mon, 28 Nov 2022 16:01:36 +0100 Subject: [PATCH 3/3] Provide documentation for automatic detection of platform_package_overrides in tests --- tests/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/README.md b/tests/README.md index 365a857e31b..d9784701354 100644 --- a/tests/README.md +++ b/tests/README.md @@ -165,7 +165,11 @@ test runs. After the header, arbitrary Bash commands can follow. The header consists of comments (starting by `#`). Possible keys are: -- `packages` is a comma-separated list of packages to install. +- `packages` is a comma-separated list of packages to install. Note that each + package can be overridden by its platform-specific alternative if listed + under `platform_package_overrides` in the product YAML. You should use + the most common package names in this field and provide an alternative + for any platform-specific names in the `platform_package_overrides` field. - `platform` is a comma-separated list of platforms where the test scenario can be run. This is similar to `platform` used in our remediations. Examples of values: `multi_platform_rhel`, `Red Hat Enterprise Linux 7`,