scap-security-guide/SOURCES/scap-security-guide-0.1.49-update-crypto-policy-test-scenarios.patch

From 95ae3d5ca08f511ef40503f758dfb02feca29252 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 21 Jan 2020 13:42:35 +0100
Subject: [PATCH 1/2] Update configure_crypto_policy test scenarios

Update test scenarios for OSPP profile, it selects 'FIPS:OSPP' crypto policy,
not 'FIPS'.
---
 .../tests/dropin_file_and_symlink_exist.fail.sh               | 4 ++--
 .../tests/file_exists_but_no_file_in_local_d.fail.sh          | 2 +-
 .../configure_crypto_policy/tests/missing_nss_config.fail.sh  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
index 693cdb03a9..2de1cf4a3b 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
-# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+# profiles = xccdf_org.ssgproject.content_profile_ospp
 
 # using example of opensshserver
 DROPIN_FILE="/etc/crypto-policies/local.d/opensshserver-test.config"
 
-update-crypto-policies --set FIPS
+update-crypto-policies --set "FIPS:OSPP"
 
 echo "" > "$DROPIN_FILE"
 echo "CRYPTO_POLICY=" >> "$DROPIN_FILE"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
index 5935a38eac..428b76879a 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
@@ -5,7 +5,7 @@
 #using example of openssh server
 CRYPTO_POLICY_FILE="/etc/crypto-policies/back-ends/opensshserver.config"
 
-update-crypto-policies --set "FIPS"
+update-crypto-policies --set "FIPS:OSPP"
 
 rm -f /etc/crypto-policies/local.d/opensshserver-*.config
 rm -f "$CRYPTO_POLICY_FILE"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
index b165006a8d..97bc4b499c 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
@@ -2,6 +2,6 @@
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 
-update-crypto-policies --set "FIPS"
+update-crypto-policies --set "FIPS:OSPP"
 
 rm -f "/etc/crypto-policies/back-ends/nss.config"

From dbbd7ecc294ba86544fb96d5a1b06feba9458a28 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 21 Jan 2020 14:07:50 +0100
Subject: [PATCH 2/2] Remove configure_crypto_policy test scenarios

---
 .../tests/dropin_file_and_symlink_exist.fail.sh     | 11 -----------
 .../file_exists_but_no_file_in_local_d.fail.sh      | 13 -------------
 .../tests/override_policy.pass.sh                   | 11 -----------
 3 files changed, 35 deletions(-)
 delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
 delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
 delete mode 100644 linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh

diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
deleted file mode 100644
index 2de1cf4a3b..0000000000
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/dropin_file_and_symlink_exist.fail.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
-# profiles = xccdf_org.ssgproject.content_profile_ospp
-
-# using example of opensshserver
-DROPIN_FILE="/etc/crypto-policies/local.d/opensshserver-test.config"
-
-update-crypto-policies --set "FIPS:OSPP"
-
-echo "" > "$DROPIN_FILE"
-echo "CRYPTO_POLICY=" >> "$DROPIN_FILE"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
deleted file mode 100644
index 428b76879a..0000000000
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/file_exists_but_no_file_in_local_d.fail.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
-# profiles = xccdf_org.ssgproject.content_profile_ospp
-
-#using example of openssh server
-CRYPTO_POLICY_FILE="/etc/crypto-policies/back-ends/opensshserver.config"
-
-update-crypto-policies --set "FIPS:OSPP"
-
-rm -f /etc/crypto-policies/local.d/opensshserver-*.config
-rm -f "$CRYPTO_POLICY_FILE"
-
-echo "pretend that we overide the crrypto policy but no related file is in /etc/crypto-policies/local.d, smart, right?" > "$CRYPTO_POLICY_FILE"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh
deleted file mode 100644
index ce37abd7ff..0000000000
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/override_policy.pass.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
-# profiles = xccdf_org.ssgproject.content_profile_ospp
-
-#using openssh server as example
-CRYPTO_POLICY_OVERRIDE_FILE="/etc/crypto-policies/local.d/opensshserver-test.config"
-
-echo "" > "$CRYPTO_POLICY_OVERRIDE_FILE"
-echo "CRYPTO_POLICY=" >> "$CRYPTO_POLICY_OVERRIDE_FILE"
-
-update-crypto-policies --set FIPS:OSPP