scap-security-guide/SOURCES/scap-security-guide-0.1.58-add_missing_unit_test_playbook-PR_7431.patch

81 lines
2.5 KiB
Diff
Raw Normal View History

From 86dad83f4e6c5b823882ec736d27410570f5b69a Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 20 Aug 2021 16:03:33 +0200
Subject: [PATCH] Add missing unit test playbook
The playbook is used on
test-function-check_playbook_file_removed_and_added
---
.../file_block_removed_and_not_added.yml | 62 +++++++++++++++++++
1 file changed, 62 insertions(+)
create mode 100644 tests/ansible_file_removed_and_added/file_block_removed_and_not_added.yml
diff --git a/tests/ansible_file_removed_and_added/file_block_removed_and_not_added.yml b/tests/ansible_file_removed_and_added/file_block_removed_and_not_added.yml
new file mode 100644
index 0000000000..8391d1bc99
--- /dev/null
+++ b/tests/ansible_file_removed_and_added/file_block_removed_and_not_added.yml
@@ -0,0 +1,62 @@
+---
+
+- hosts: all
+ vars:
+ var_system_crypto_policy: !!str FUTURE
+ var_sudo_logfile: !!str /var/log/sudo.log
+
+ tasks:
+ - name: Modify the System Login Banner - add correct banner
+ lineinfile:
+ dest: /etc/issue
+ line: '{{ login_banner_text | regex_replace("^\^(.*)\$$", "\1") | regex_replace("^\((.*)\|.*\)$",
+ "\1") | regex_replace("\[\\s\\n\]\+"," ") | regex_replace("\(\?:\[\\n\]\+\|\(\?:\\\\n\)\+\)",
+ "\n") | regex_replace("\\", "") | wordwrap() }}'
+ create: true
+ when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ tags:
+ - banner_etc_issue
+ - low_complexity
+ - medium_disruption
+ - medium_severity
+ - no_reboot_needed
+ - unknown_strategy
+
+ - name: Test for existence /etc/issue
+ stat:
+ path: /etc/issue
+ register: file_exists
+ tags:
+ - configure_strategy
+ - file_permissions_etc_issue
+ - low_complexity
+ - low_disruption
+ - medium_severity
+ - no_reboot_needed
+
+ - name: Ensure permission 0644 on /etc/issue
+ file:
+ path: /etc/issue
+ mode: '0644'
+ when: file_exists.stat is defined and file_exists.stat.exists
+ tags:
+ - configure_strategy
+ - file_permissions_etc_issue
+ - low_complexity
+ - low_disruption
+ - medium_severity
+ - no_reboot_needed
+
+ - block:
+ - name: Remove Rsh Trust Files
+ file:
+ path: '/root/shosts.equiv'
+ state: absent
+ tags:
+ - high_severity
+ - low_complexity
+ - low_disruption
+ - no_reboot_needed
+ - no_rsh_trust_files
+ - restrict_strategy
+