Add script for generation of arf files for integration test
This commit is contained in:
Jan Rodak
parent
1cd0141169
commit
3f3367e781
92
generate_arf.sh
Executable file
92
generate_arf.sh
Executable file
@ -0,0 +1,92 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# This script generate ARF results.
|
||||||
|
# Requirements:
|
||||||
|
# - cmake
|
||||||
|
# - make
|
||||||
|
# - openscap-utils
|
||||||
|
# - openscap-scanner
|
||||||
|
# - python3-pyyaml
|
||||||
|
# - python3-jinja2
|
||||||
|
# - python3-setuptools
|
||||||
|
# - git
|
||||||
|
# - scap-security-guide
|
||||||
|
# Usage: ./generate_arf MODE FETCH PRODUCT ARF_FILE SKIP_BUILD
|
||||||
|
# MODE [latest, ssg] use scap-security-guide or latest content from github
|
||||||
|
# FETCH [yes, no] scanner fetch remote resources
|
||||||
|
# PRODUCT build or use security content for one specific product
|
||||||
|
# ARF_FILE Writes results to a given ARF_FILE.
|
||||||
|
# SKIP_BUILD [yes] Skip build of latest content(Have affect with mode latest).
|
||||||
|
|
||||||
|
|
||||||
|
set -e -o pipefail
|
||||||
|
|
||||||
|
|
||||||
|
build_content() {
|
||||||
|
product=$1
|
||||||
|
|
||||||
|
echo "Build - Start"
|
||||||
|
|
||||||
|
git clone https://github.com/ComplianceAsCode/content.git
|
||||||
|
cd content/
|
||||||
|
git checkout master
|
||||||
|
|
||||||
|
./build_product "${product}"
|
||||||
|
cd ..
|
||||||
|
echo "Build - Done"
|
||||||
|
}
|
||||||
|
|
||||||
|
run_oscap_scan() {
|
||||||
|
ds=$1
|
||||||
|
fetch=$2
|
||||||
|
file=$3
|
||||||
|
echo "Scans - Start"
|
||||||
|
oscap xccdf eval ${fetch} --profile "(all)" --results-arf ${file} ${ds} || EXIT_CODE=$?
|
||||||
|
echo $EXIT_CODE
|
||||||
|
if [ ! -f "$file" ]; then
|
||||||
|
echo "$file does not exist."
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$1" = "" ]; then
|
||||||
|
echo "ERROR: Missing MODE parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$2" = "" ]; then
|
||||||
|
echo "ERROR: Missing FETCH parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$3" = "" ]; then
|
||||||
|
echo "ERROR: Missing PRODUCT parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$4" = "" ]; then
|
||||||
|
echo "ERROR: Missing PRODUCT parameter!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
file=$4
|
||||||
|
product=$3
|
||||||
|
|
||||||
|
fetch="--fetch-remote-resources"
|
||||||
|
if [ "$2" = "no" ]; then
|
||||||
|
fetch=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$1" = "latest" ]; then
|
||||||
|
if [ "$5" != "yes" ]; then
|
||||||
|
build_content "${product}"
|
||||||
|
fi
|
||||||
|
run_oscap_scan "./content/build/ssg-${product}-ds.xml" "${fetch}" "${file}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = "ssg" ]; then
|
||||||
|
run_oscap_scan "/usr/share/xml/scap/ssg/content/ssg-${product}-ds.xml" "${fetch}" "${file}"
|
||||||
|
fi
|
||||||
Loading…
Reference in New Issue
Block a user