rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
21b368fa76
scap-security-guide/scap-security-guide-0.1.60-centos_stream_9_content-PR_7878.patch
Gabriel Becker 21b368fa76 Enable Centos Stream 9 content 
Resolves: rhbz#2021284
2021-12-15 14:31:02 +01:00

159 lines
6.6 KiB
Diff
Raw Blame History

From bc5b337584131ab33eb7a770400df484d5fea271 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 15 Nov 2021 15:28:09 +0100
Subject: [PATCH 1/2] Add CentOS Stream 9 derivative product from RHEL9.
---
build-scripts/enable_derivatives.py | 3 +-
products/rhel9/CMakeLists.txt | 4 ++
products/rhel9/product.yml | 4 ++
shared/applicability/derivatives.yml | 5 ++
.../checks/oval/installed_OS_is_centos9.xml | 47 +++++++++++++++++++
ssg/constants.py | 1 +
6 files changed, 63 insertions(+), 1 deletion(-)
create mode 100644 shared/checks/oval/installed_OS_is_centos9.xml
diff --git a/build-scripts/enable_derivatives.py b/build-scripts/enable_derivatives.py
index 3d9f10a2160..867520b758d 100755
--- a/build-scripts/enable_derivatives.py
+++ b/build-scripts/enable_derivatives.py
@@ -97,7 +97,8 @@ def main():
raise RuntimeError("No Benchmark found!")
for namespace, benchmark in benchmarks:
- ssg.build_derivatives.profile_handling(benchmark, namespace)
+ if args[1] != "cs9":
+ ssg.build_derivatives.profile_handling(benchmark, namespace)
if not ssg.build_derivatives.add_cpes(benchmark, namespace, mapping):
raise RuntimeError(
"Could not add derivative OS CPEs to Benchmark '%s'."
diff --git a/products/rhel9/CMakeLists.txt b/products/rhel9/CMakeLists.txt
index 47efb8b6625..65402ca1dfd 100644
--- a/products/rhel9/CMakeLists.txt
+++ b/products/rhel9/CMakeLists.txt
@@ -15,3 +15,7 @@ ssg_build_html_srgmap_tables(${PRODUCT} "stig" ${DISA_SRG_TYPE})
# ssg_build_html_stig_tables(${PRODUCT} "stig")
#ssg_build_html_stig_tables(${PRODUCT} "ospp")
+
+if (SSG_CENTOS_DERIVATIVES_ENABLED)
+ ssg_build_derivative_product(${PRODUCT} "centos" "cs9")
+endif()
diff --git a/products/rhel9/product.yml b/products/rhel9/product.yml
index b4f80662616..ce0667fa9c2 100644
--- a/products/rhel9/product.yml
+++ b/products/rhel9/product.yml
@@ -42,3 +42,7 @@ platform_package_overrides:
reference_uris:
cis: 'https://www.cisecurity.org/benchmark/red_hat_linux/'
+
+centos_pkg_release: "5ccc5b19"
+centos_pkg_version: "8483c65d"
+centos_major_version: "9"
diff --git a/shared/applicability/derivatives.yml b/shared/applicability/derivatives.yml
index e980f9c1c5c..a5701bc8d66 100644
--- a/shared/applicability/derivatives.yml
+++ b/shared/applicability/derivatives.yml
@@ -10,6 +10,11 @@ cpes:
title: "CentOS 8"
check_id: installed_OS_is_centos8
+ - cs9:
+ name: "cpe:/o:centos:centos:9"
+ title: "CentOS Stream 9"
+ check_id: installed_OS_is_centos9
+
- sl7:
name: "cpe:/o:scientificlinux:scientificlinux:7"
title: "Scientific Linux 7"
diff --git a/shared/checks/oval/installed_OS_is_centos9.xml b/shared/checks/oval/installed_OS_is_centos9.xml
new file mode 100644
index 00000000000..65f3b42d8ac
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_centos9.xml
@@ -0,0 +1,47 @@
+<def-group>
+ <definition class="inventory"
+ id="installed_OS_is_centos9" version="2">
+ <metadata>
+ <title>CentOS Stream 9</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <reference ref_id="cpe:/o:centos:centos:9"
+ source="CPE" />
+ <description>The operating system installed on the system is
+ CentOS Stream 9</description>
+ </metadata>
+ <criteria operator="AND">
+ <extend_definition comment="Installed OS is part of the Unix family"
+ definition_ref="installed_OS_is_part_of_Unix_family" />
+ <criterion comment="OS is CentOS Stream" test_ref="test_centos9_name" />
+ <criterion comment="OS version is 9" test_ref="test_centos9_version" />
+ </criteria>
+ </definition>
+
+ <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check os-release ID" id="test_centos9_name" version="1">
+ <ind:object object_ref="obj_name_centos9" />
+ <ind:state state_ref="state_name_centos9" />
+ </ind:textfilecontent54_test>
+ <ind:textfilecontent54_object id="obj_name_centos9" version="1" comment="Check os-release ID">
+ <ind:filepath>/etc/os-release</ind:filepath>
+ <ind:pattern operation="pattern match">^ID=&quot;(\w+)&quot;$</ind:pattern>
+ <ind:instance datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+ <ind:textfilecontent54_state id="state_name_centos9" version="1">
+ <ind:subexpression>centos</ind:subexpression>
+ </ind:textfilecontent54_state>
+
+ <ind:textfilecontent54_test check="all" comment="Check os-release VERSION_ID" id="test_centos9_version" version="1">
+ <ind:object object_ref="obj_version_centos9" />
+ <ind:state state_ref="state_version_centos9" />
+ </ind:textfilecontent54_test>
+ <ind:textfilecontent54_object id="obj_version_centos9" version="1" comment="Check os-release VERSION_ID">
+ <ind:filepath>/etc/os-release</ind:filepath>
+ <ind:pattern operation="pattern match">^VERSION_ID=&quot;(\d)&quot;$</ind:pattern>
+ <ind:instance datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+ <ind:textfilecontent54_state id="state_version_centos9" version="1">
+ <ind:subexpression>9</ind:subexpression>
+ </ind:textfilecontent54_state>
+</def-group>
diff --git a/ssg/constants.py b/ssg/constants.py
index 982c8c64f7a..66c72665b34 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -282,6 +282,7 @@
"cpe:/o:redhat:enterprise_linux:6": "cpe:/o:centos:centos:6",
"cpe:/o:redhat:enterprise_linux:7": "cpe:/o:centos:centos:7",
"cpe:/o:redhat:enterprise_linux:8": "cpe:/o:centos:centos:8",
+ "cpe:/o:redhat:enterprise_linux:9": "cpe:/o:centos:centos:9",
}
RHEL_SL_CPE_MAPPING = {
From f6e90ef5846ebc11fd4fe2b4d350b86f9470aacf Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Tue, 16 Nov 2021 17:39:20 +0100
Subject: [PATCH 2/2] Add comment explaining why profiles are kept in CentOS
Stream 9.
---
build-scripts/enable_derivatives.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/build-scripts/enable_derivatives.py b/build-scripts/enable_derivatives.py
index 867520b758d..48a2379ea69 100755
--- a/build-scripts/enable_derivatives.py
+++ b/build-scripts/enable_derivatives.py
@@ -98,6 +98,8 @@ def main():
for namespace, benchmark in benchmarks:
if args[1] != "cs9":
+ # In CentOS Stream 9 profiles are kept because it is a system
+ # intended to test content that will get into RHEL
ssg.build_derivatives.profile_handling(benchmark, namespace)
if not ssg.build_derivatives.add_cpes(benchmark, namespace, mapping):
raise RuntimeError(
Reference in New Issue View Git Blame Copy Permalink