scap-security-guide/SOURCES/scap-security-guide-0.1.58-add_rhel_minor_check-PR_7251.patch

From b814fc94d0fb360ef53a6b735e9520df5b484589 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Wed, 14 Jul 2021 12:52:13 -0500
Subject: [PATCH 1/3] Add Jinja-based RHEL 8 minor check

---
 shared/checks/oval/installed_OS_is_rhel8.xml | 29 ++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/shared/checks/oval/installed_OS_is_rhel8.xml b/shared/checks/oval/installed_OS_is_rhel8.xml
index a9699411ce7..fdd3c870d43 100644
--- a/shared/checks/oval/installed_OS_is_rhel8.xml
+++ b/shared/checks/oval/installed_OS_is_rhel8.xml
@@ -44,6 +44,35 @@
     <linux:name>redhat-release</linux:name>
   </linux:rpminfo_object>
 
+  {{% for minorversion in range(0, 9) %}}
+  <definition class="inventory" id="installed_OS_is_rhel8_{{{ minorversion }}}" version="1">
+    <metadata>
+      <title>Red Hat Enterprise Linux 8.{{{ minorversion }}}</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 8.{{{ minorversion }}}</platform>
+      </affected>
+      <reference ref_id="cpe:/o:redhat:enterprise_linux:8.{{{ minorversion }}}" source="CPE" />
+      <description>The operating system installed on the system is Red Hat Enterprise Linux 8.{{{  minorversion}}}</description>
+    </metadata>
+  </definition>
+
+  <criteria>
+    <criterion comment="RHEL.{{{ minorversion }}} 8 is installed" test_ref="test_rhel8_{{{ minorversion }}}" />
+  </criteria>
+
+  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release is version 8.{{{ minorversion }}}"
+   id="test_rhel8_{{{ minorversion }}}" version="1">
+    <linux:object object_ref="obj_rhel8_{{{ minorversion }}}" />
+    <linux:state state_ref="state_rhel8_{{{ minorversion }}}" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_state id="state_rhel8_{{{ minorversion }}}" version="1">
+    <linux:version operation="pattern match">^8.{{{ minorversion }}}*$</linux:version>
+  </linux:rpminfo_state>
+  <linux:rpminfo_object id="obj_rhel8_{{{ minorversion }}}" version="1">
+    <linux:name>redhat-release</linux:name>
+  </linux:rpminfo_object>
+  {{% endfor %}}
+
   <ind:textfilecontent54_test check="all" comment="RHEVH base RHEL is version 8" id="test_rhevh_rhel8_version" version="1">
     <ind:object object_ref="obj_rhevh_rhel8_version" />
     <ind:state state_ref="state_rhevh_rhel8_version" />

From d37d303654be74758c19615ef027b3bafa2d7217 Mon Sep 17 00:00:00 2001
From: Carlos Matos <cmatos@redhat.com>
Date: Wed, 14 Jul 2021 15:30:02 -0400
Subject: [PATCH 2/3] Adding cpe's to product.yml

---
 products/rhel8/product.yml | 45 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/products/rhel8/product.yml b/products/rhel8/product.yml
index 3278207fcb4..14336bfddf1 100644
--- a/products/rhel8/product.yml
+++ b/products/rhel8/product.yml
@@ -27,6 +27,51 @@ cpes:
       title: "Red Hat Enterprise Linux 8"
       check_id: installed_OS_is_rhel8
 
+  - rhel8.0:
+      name: "cpe:/o:redhat:enterprise_linux:8.0"
+      title: "Red Hat Enterprise Linux 8.0"
+      check_id: installed_OS_is_rhel8_0
+
+  - rhel8.1:
+      name: "cpe:/o:redhat:enterprise_linux:8.1"
+      title: "Red Hat Enterprise Linux 8.1"
+      check_id: installed_OS_is_rhel8_1
+
+  - rhel8.2:
+      name: "cpe:/o:redhat:enterprise_linux:8.2"
+      title: "Red Hat Enterprise Linux 8.2"
+      check_id: installed_OS_is_rhel8_2
+
+  - rhel8.3:
+      name: "cpe:/o:redhat:enterprise_linux:8.3"
+      title: "Red Hat Enterprise Linux 8.3"
+      check_id: installed_OS_is_rhel8_3
+
+  - rhel8.4:
+      name: "cpe:/o:redhat:enterprise_linux:8.4"
+      title: "Red Hat Enterprise Linux 8.4"
+      check_id: installed_OS_is_rhel8_4
+
+  - rhel8.5:
+      name: "cpe:/o:redhat:enterprise_linux:8.5"
+      title: "Red Hat Enterprise Linux 8.5"
+      check_id: installed_OS_is_rhel8_5
+
+  - rhel8.6:
+      name: "cpe:/o:redhat:enterprise_linux:8.6"
+      title: "Red Hat Enterprise Linux 8.6"
+      check_id: installed_OS_is_rhel8_6
+
+  - rhel8.7:
+      name: "cpe:/o:redhat:enterprise_linux:8.7"
+      title: "Red Hat Enterprise Linux 8.7"
+      check_id: installed_OS_is_rhel8_7
+
+  - rhel8.8:
+      name: "cpe:/o:redhat:enterprise_linux:8.8"
+      title: "Red Hat Enterprise Linux 8.8"
+      check_id: installed_OS_is_rhel8_8
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"

From c4e4fd7b0449ba4655020fc0dc99ae3c4523b8cc Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Mon, 19 Jul 2021 08:12:34 -0500
Subject: [PATCH 3/3] Add checks to go up to RHEL 8.10

This also makes the checks work.
---
 products/rhel8/product.yml                   | 10 ++++++++++
 shared/checks/oval/installed_OS_is_rhel8.xml | 10 +++++-----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/products/rhel8/product.yml b/products/rhel8/product.yml
index 14336bfddf1..78c987b2457 100644
--- a/products/rhel8/product.yml
+++ b/products/rhel8/product.yml
@@ -72,6 +72,16 @@ cpes:
       title: "Red Hat Enterprise Linux 8.8"
       check_id: installed_OS_is_rhel8_8
 
+  - rhel8.9:
+      name: "cpe:/o:redhat:enterprise_linux:8.9"
+      title: "Red Hat Enterprise Linux 8.9"
+      check_id: installed_OS_is_rhel8_9
+
+  - rhel8.10:
+      name: "cpe:/o:redhat:enterprise_linux:8.10"
+      title: "Red Hat Enterprise Linux 8.10"
+      check_id: installed_OS_is_rhel8_10
+
 # Mapping of CPE platform to package
 platform_package_overrides:
   login_defs: "shadow-utils"
diff --git a/shared/checks/oval/installed_OS_is_rhel8.xml b/shared/checks/oval/installed_OS_is_rhel8.xml
index fdd3c870d43..feab963b941 100644
--- a/shared/checks/oval/installed_OS_is_rhel8.xml
+++ b/shared/checks/oval/installed_OS_is_rhel8.xml
@@ -44,7 +44,7 @@
     <linux:name>redhat-release</linux:name>
   </linux:rpminfo_object>
 
-  {{% for minorversion in range(0, 9) %}}
+  {{% for minorversion in range(0, 11) %}}
   <definition class="inventory" id="installed_OS_is_rhel8_{{{ minorversion }}}" version="1">
     <metadata>
       <title>Red Hat Enterprise Linux 8.{{{ minorversion }}}</title>
@@ -52,13 +52,13 @@
         <platform>Red Hat Enterprise Linux 8.{{{ minorversion }}}</platform>
       </affected>
       <reference ref_id="cpe:/o:redhat:enterprise_linux:8.{{{ minorversion }}}" source="CPE" />
-      <description>The operating system installed on the system is Red Hat Enterprise Linux 8.{{{  minorversion}}}</description>
+      <description>The operating system installed on the system is Red Hat Enterprise Linux 8.{{{ minorversion }}}</description>
     </metadata>
+    <criteria>
+      <criterion comment="RHEL 8.{{{ minorversion }}} is installed" test_ref="test_rhel8_{{{ minorversion }}}" />
+    </criteria>
   </definition>
 
-  <criteria>
-    <criterion comment="RHEL.{{{ minorversion }}} 8 is installed" test_ref="test_rhel8_{{{ minorversion }}}" />
-  </criteria>
 
   <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release is version 8.{{{ minorversion }}}"
    id="test_rhel8_{{{ minorversion }}}" version="1">
import scap-security-guide-0.1.57-3.el8 2021-08-24 22:41:12 +00:00			`From b814fc94d0fb360ef53a6b735e9520df5b484589 Mon Sep 17 00:00:00 2001`
			`From: Matthew Burket <mburket@redhat.com>`
			`Date: Wed, 14 Jul 2021 12:52:13 -0500`
			`Subject: [PATCH 1/3] Add Jinja-based RHEL 8 minor check`

			`---`
			`shared/checks/oval/installed_OS_is_rhel8.xml \| 29 ++++++++++++++++++++`
			`1 file changed, 29 insertions(+)`

			`diff --git a/shared/checks/oval/installed_OS_is_rhel8.xml b/shared/checks/oval/installed_OS_is_rhel8.xml`
			`index a9699411ce7..fdd3c870d43 100644`
			`--- a/shared/checks/oval/installed_OS_is_rhel8.xml`
			`+++ b/shared/checks/oval/installed_OS_is_rhel8.xml`
			`@@ -44,6 +44,35 @@`
			`<linux:name>redhat-release</linux:name>`
			`</linux:rpminfo_object>`

			`+ {{% for minorversion in range(0, 9) %}}`
			`+ <definition class="inventory" id="installed_OS_is_rhel8_{{{ minorversion }}}" version="1">`
			`+ <metadata>`
			`+ <title>Red Hat Enterprise Linux 8.{{{ minorversion }}}</title>`
			`+ <affected family="unix">`
			`+ <platform>Red Hat Enterprise Linux 8.{{{ minorversion }}}</platform>`
			`+ </affected>`
			`+ <reference ref_id="cpe:/o:redhat:enterprise_linux:8.{{{ minorversion }}}" source="CPE" />`
			`+ <description>The operating system installed on the system is Red Hat Enterprise Linux 8.{{{ minorversion}}}</description>`
			`+ </metadata>`
			`+ </definition>`
			`+`
			`+ <criteria>`
			`+ <criterion comment="RHEL.{{{ minorversion }}} 8 is installed" test_ref="test_rhel8_{{{ minorversion }}}" />`
			`+ </criteria>`
			`+`
			`+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release is version 8.{{{ minorversion }}}"`
			`+ id="test_rhel8_{{{ minorversion }}}" version="1">`
			`+ <linux:object object_ref="obj_rhel8_{{{ minorversion }}}" />`
			`+ <linux:state state_ref="state_rhel8_{{{ minorversion }}}" />`
			`+ </linux:rpminfo_test>`
			`+ <linux:rpminfo_state id="state_rhel8_{{{ minorversion }}}" version="1">`
			`+ <linux:version operation="pattern match">^8.{{{ minorversion }}}*$</linux:version>`
			`+ </linux:rpminfo_state>`
			`+ <linux:rpminfo_object id="obj_rhel8_{{{ minorversion }}}" version="1">`
			`+ <linux:name>redhat-release</linux:name>`
			`+ </linux:rpminfo_object>`
			`+ {{% endfor %}}`
			`+`
			`<ind:textfilecontent54_test check="all" comment="RHEVH base RHEL is version 8" id="test_rhevh_rhel8_version" version="1">`
			`<ind:object object_ref="obj_rhevh_rhel8_version" />`
			`<ind:state state_ref="state_rhevh_rhel8_version" />`

			`From d37d303654be74758c19615ef027b3bafa2d7217 Mon Sep 17 00:00:00 2001`
			`From: Carlos Matos <cmatos@redhat.com>`
			`Date: Wed, 14 Jul 2021 15:30:02 -0400`
			`Subject: [PATCH 2/3] Adding cpe's to product.yml`

			`---`
			`products/rhel8/product.yml \| 45 ++++++++++++++++++++++++++++++++++++++`
			`1 file changed, 45 insertions(+)`

			`diff --git a/products/rhel8/product.yml b/products/rhel8/product.yml`
			`index 3278207fcb4..14336bfddf1 100644`
			`--- a/products/rhel8/product.yml`
			`+++ b/products/rhel8/product.yml`
			`@@ -27,6 +27,51 @@ cpes:`
			`title: "Red Hat Enterprise Linux 8"`
			`check_id: installed_OS_is_rhel8`

			`+ - rhel8.0:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.0"`
			`+ title: "Red Hat Enterprise Linux 8.0"`
			`+ check_id: installed_OS_is_rhel8_0`
			`+`
			`+ - rhel8.1:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.1"`
			`+ title: "Red Hat Enterprise Linux 8.1"`
			`+ check_id: installed_OS_is_rhel8_1`
			`+`
			`+ - rhel8.2:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.2"`
			`+ title: "Red Hat Enterprise Linux 8.2"`
			`+ check_id: installed_OS_is_rhel8_2`
			`+`
			`+ - rhel8.3:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.3"`
			`+ title: "Red Hat Enterprise Linux 8.3"`
			`+ check_id: installed_OS_is_rhel8_3`
			`+`
			`+ - rhel8.4:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.4"`
			`+ title: "Red Hat Enterprise Linux 8.4"`
			`+ check_id: installed_OS_is_rhel8_4`
			`+`
			`+ - rhel8.5:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.5"`
			`+ title: "Red Hat Enterprise Linux 8.5"`
			`+ check_id: installed_OS_is_rhel8_5`
			`+`
			`+ - rhel8.6:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.6"`
			`+ title: "Red Hat Enterprise Linux 8.6"`
			`+ check_id: installed_OS_is_rhel8_6`
			`+`
			`+ - rhel8.7:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.7"`
			`+ title: "Red Hat Enterprise Linux 8.7"`
			`+ check_id: installed_OS_is_rhel8_7`
			`+`
			`+ - rhel8.8:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.8"`
			`+ title: "Red Hat Enterprise Linux 8.8"`
			`+ check_id: installed_OS_is_rhel8_8`
			`+`
			`# Mapping of CPE platform to package`
			`platform_package_overrides:`
			`login_defs: "shadow-utils"`

			`From c4e4fd7b0449ba4655020fc0dc99ae3c4523b8cc Mon Sep 17 00:00:00 2001`
			`From: Matthew Burket <mburket@redhat.com>`
			`Date: Mon, 19 Jul 2021 08:12:34 -0500`
			`Subject: [PATCH 3/3] Add checks to go up to RHEL 8.10`

			`This also makes the checks work.`
			`---`
			`products/rhel8/product.yml \| 10 ++++++++++`
			`shared/checks/oval/installed_OS_is_rhel8.xml \| 10 +++++-----`
			`2 files changed, 15 insertions(+), 5 deletions(-)`

			`diff --git a/products/rhel8/product.yml b/products/rhel8/product.yml`
			`index 14336bfddf1..78c987b2457 100644`
			`--- a/products/rhel8/product.yml`
			`+++ b/products/rhel8/product.yml`
			`@@ -72,6 +72,16 @@ cpes:`
			`title: "Red Hat Enterprise Linux 8.8"`
			`check_id: installed_OS_is_rhel8_8`

			`+ - rhel8.9:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.9"`
			`+ title: "Red Hat Enterprise Linux 8.9"`
			`+ check_id: installed_OS_is_rhel8_9`
			`+`
			`+ - rhel8.10:`
			`+ name: "cpe:/o:redhat:enterprise_linux:8.10"`
			`+ title: "Red Hat Enterprise Linux 8.10"`
			`+ check_id: installed_OS_is_rhel8_10`
			`+`
			`# Mapping of CPE platform to package`
			`platform_package_overrides:`
			`login_defs: "shadow-utils"`
			`diff --git a/shared/checks/oval/installed_OS_is_rhel8.xml b/shared/checks/oval/installed_OS_is_rhel8.xml`
			`index fdd3c870d43..feab963b941 100644`
			`--- a/shared/checks/oval/installed_OS_is_rhel8.xml`
			`+++ b/shared/checks/oval/installed_OS_is_rhel8.xml`
			`@@ -44,7 +44,7 @@`
			`<linux:name>redhat-release</linux:name>`
			`</linux:rpminfo_object>`

			`- {{% for minorversion in range(0, 9) %}}`
			`+ {{% for minorversion in range(0, 11) %}}`
			`<definition class="inventory" id="installed_OS_is_rhel8_{{{ minorversion }}}" version="1">`
			`<metadata>`
			`<title>Red Hat Enterprise Linux 8.{{{ minorversion }}}</title>`
			`@@ -52,13 +52,13 @@`
			`<platform>Red Hat Enterprise Linux 8.{{{ minorversion }}}</platform>`
			`</affected>`
			`<reference ref_id="cpe:/o:redhat:enterprise_linux:8.{{{ minorversion }}}" source="CPE" />`
			`- <description>The operating system installed on the system is Red Hat Enterprise Linux 8.{{{ minorversion}}}</description>`
			`+ <description>The operating system installed on the system is Red Hat Enterprise Linux 8.{{{ minorversion }}}</description>`
			`</metadata>`
			`+ <criteria>`
			`+ <criterion comment="RHEL 8.{{{ minorversion }}} is installed" test_ref="test_rhel8_{{{ minorversion }}}" />`
			`+ </criteria>`
			`</definition>`

			`- <criteria>`
			`- <criterion comment="RHEL.{{{ minorversion }}} 8 is installed" test_ref="test_rhel8_{{{ minorversion }}}" />`
			`- </criteria>`

			`<linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release is version 8.{{{ minorversion }}}"`
			`id="test_rhel8_{{{ minorversion }}}" version="1">`