738 lines
39 KiB
Diff
738 lines
39 KiB
Diff
From 3aae2f86f3d75b8bd931922152b9a6175ed18a6b Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Tue, 23 Jun 2020 22:27:47 +0200
|
|
Subject: [PATCH 1/5] Add check for zipl installed
|
|
|
|
Based and valid in RHEL, where zipl is part of s390utils-base.
|
|
---
|
|
rhel8/cpe/rhel8-cpe-dictionary.xml | 4 ++
|
|
.../oval/installed_env_has_zipl_package.xml | 37 +++++++++++++++++++
|
|
ssg/constants.py | 1 +
|
|
3 files changed, 42 insertions(+)
|
|
create mode 100644 shared/checks/oval/installed_env_has_zipl_package.xml
|
|
|
|
diff --git a/rhel8/cpe/rhel8-cpe-dictionary.xml b/rhel8/cpe/rhel8-cpe-dictionary.xml
|
|
index 694cbb5a4e..cccb3c5791 100644
|
|
--- a/rhel8/cpe/rhel8-cpe-dictionary.xml
|
|
+++ b/rhel8/cpe/rhel8-cpe-dictionary.xml
|
|
@@ -67,4 +67,8 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_yum_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:zipl">
|
|
+ <title xml:lang="en-us">System uses zipl</title>
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_zipl_package</check>
|
|
+ </cpe-item>
|
|
</cpe-list>
|
|
diff --git a/shared/checks/oval/installed_env_has_zipl_package.xml b/shared/checks/oval/installed_env_has_zipl_package.xml
|
|
new file mode 100644
|
|
index 0000000000..ab6545669d
|
|
--- /dev/null
|
|
+++ b/shared/checks/oval/installed_env_has_zipl_package.xml
|
|
@@ -0,0 +1,37 @@
|
|
+<def-group>
|
|
+ <definition class="inventory"
|
|
+ id="installed_env_has_zipl_package" version="1">
|
|
+ <metadata>
|
|
+ <title>System uses zIPL</title>
|
|
+ <affected family="unix">
|
|
+ <platform>multi_platform_all</platform>
|
|
+ </affected>
|
|
+ <description>Checks if system uses zIPL bootloader.</description>
|
|
+ <reference ref_id="cpe:/a:zipl" source="CPE" />
|
|
+ </metadata>
|
|
+ <criteria>
|
|
+ <criterion comment="Package s390utils-base is installed" test_ref="test_env_has_zipl_installed" />
|
|
+ </criteria>
|
|
+ </definition>
|
|
+
|
|
+{{% if pkg_system == "rpm" %}}
|
|
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
|
|
+ id="test_env_has_zipl_installed" version="1"
|
|
+ comment="system has package zipl installed">
|
|
+ <linux:object object_ref="obj_env_has_zipl_installed" />
|
|
+ </linux:rpminfo_test>
|
|
+ <linux:rpminfo_object id="obj_env_has_zipl_installed" version="1">
|
|
+ <linux:name>s390utils-base</linux:name>
|
|
+ </linux:rpminfo_object>
|
|
+{{% elif pkg_system == "dpkg" %}}
|
|
+ <linux:dpkginfo_test check="all" check_existence="all_exist"
|
|
+ id="test_env_has_zipl_installed" version="1"
|
|
+ comment="system has package zipl installed">
|
|
+ <linux:object object_ref="obj_env_has_zipl_installed" />
|
|
+ </linux:dpkginfo_test>
|
|
+ <linux:dpkginfo_object id="obj_env_has_zipl_installed" version="1">
|
|
+ <linux:name>s390utils-base</linux:name>
|
|
+ </linux:dpkginfo_object>
|
|
+{{% endif %}}
|
|
+
|
|
+</def-group>
|
|
diff --git a/ssg/constants.py b/ssg/constants.py
|
|
index fb20fe8107..f03aa87f09 100644
|
|
--- a/ssg/constants.py
|
|
+++ b/ssg/constants.py
|
|
@@ -506,6 +506,7 @@
|
|
"sssd": "cpe:/a:sssd",
|
|
"systemd": "cpe:/a:systemd",
|
|
"yum": "cpe:/a:yum",
|
|
+ "zipl": "cpe:/a:zipl",
|
|
}
|
|
|
|
# _version_name_map = {
|
|
|
|
From c70bdc89bf193f2fdf59cb8c3f06672fc43a0505 Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Tue, 23 Jun 2020 22:33:07 +0200
|
|
Subject: [PATCH 2/5] Set zipl and machine platforms for zipl content
|
|
|
|
Add zipl platform to bootloader-zipl and machine platform to all zipl
|
|
rules.
|
|
Final applicability of zipl rules is equivalent to "machine and zipl"
|
|
CPE platform.
|
|
---
|
|
linux_os/guide/system/bootloader-zipl/group.yml | 2 +-
|
|
.../guide/system/bootloader-zipl/zipl_audit_argument/rule.yml | 2 ++
|
|
.../bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml | 2 ++
|
|
.../guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml | 2 ++
|
|
.../system/bootloader-zipl/zipl_page_poison_argument/rule.yml | 2 ++
|
|
.../guide/system/bootloader-zipl/zipl_pti_argument/rule.yml | 2 ++
|
|
.../system/bootloader-zipl/zipl_slub_debug_argument/rule.yml | 2 ++
|
|
.../system/bootloader-zipl/zipl_vsyscall_argument/rule.yml | 2 ++
|
|
8 files changed, 15 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/group.yml b/linux_os/guide/system/bootloader-zipl/group.yml
|
|
index 36da84530c..64c6c8dffb 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/group.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/group.yml
|
|
@@ -8,4 +8,4 @@ description: |-
|
|
options to it.
|
|
The default {{{ full_name }}} boot loader for s390x systems is called zIPL.
|
|
|
|
-platform: machine
|
|
+platform: zipl
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
|
|
index 16c0b3f89a..2d31ef8ee7 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
|
|
@@ -38,3 +38,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
|
|
index 47a532d50f..40db232257 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
|
|
@@ -39,3 +39,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
|
|
index 5aa91c16aa..8d28d5495f 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
|
|
@@ -35,3 +35,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
|
|
index 8546325752..0a8e9a41e2 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
|
|
@@ -39,3 +39,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
|
|
index eaef25ce40..20c1448cc8 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_pti_argument/rule.yml
|
|
@@ -38,3 +38,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
|
|
index 68e91a92d6..54ac688ea0 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
|
|
@@ -39,3 +39,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
|
|
index 9624b43349..c5979a2016 100644
|
|
--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
|
|
@@ -36,3 +36,5 @@ ocil: |-
|
|
and <tt>/etc/zipl.conf</tt>:
|
|
<pre>find /boot/loader/entries/*.conf /etc/zipl.conf -newer /boot/bootmap</pre>
|
|
No line should be returned, if a line is returned <tt>/boot/bootmap</tt> needs to be regenerated.
|
|
+
|
|
+platform: machine
|
|
|
|
From 02f961ecbe8bcafab72f544c2bc0f9141b9fa8fa Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Tue, 23 Jun 2020 23:02:44 +0200
|
|
Subject: [PATCH 3/5] Add check for grub2 installed
|
|
|
|
Apply new CPE grub2 to bootloader-grub2 group.
|
|
---
|
|
.../file_groupowner_efi_grub2_cfg/rule.yml | 2 +
|
|
.../file_groupowner_grub2_cfg/rule.yml | 2 +
|
|
.../file_owner_efi_grub2_cfg/rule.yml | 2 +
|
|
.../file_owner_grub2_cfg/rule.yml | 2 +
|
|
.../guide/system/bootloader-grub2/group.yml | 2 +-
|
|
.../grub2_admin_username/rule.yml | 2 +
|
|
.../grub2_enable_iommu_force/rule.yml | 2 +
|
|
.../grub2_no_removeable_media/rule.yml | 2 +
|
|
.../bootloader-grub2/grub2_password/rule.yml | 2 +
|
|
.../grub2_uefi_admin_username/rule.yml | 2 +
|
|
.../grub2_uefi_password/rule.yml | 2 +
|
|
.../uefi_no_removeable_media/rule.yml | 2 +
|
|
.../oval/installed_env_has_grub2_package.xml | 37 +++++++++++++++++++
|
|
ssg/constants.py | 1 +
|
|
14 files changed, 61 insertions(+), 1 deletion(-)
|
|
create mode 100644 shared/checks/oval/installed_env_has_grub2_package.xml
|
|
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
|
|
index b5b583bd28..a6ac6f7b6b 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/file_groupowner_efi_grub2_cfg/rule.yml
|
|
@@ -51,6 +51,8 @@ ocil: |-
|
|
{{{ ocil_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
|
|
{{%- endif %}}
|
|
|
|
+platform: machine
|
|
+
|
|
template:
|
|
name: file_groupowner
|
|
vars:
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
|
|
index 9d89ff5755..93dbf5222d 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/file_groupowner_grub2_cfg/rule.yml
|
|
@@ -39,6 +39,8 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/boot/grub2/grub.cfg", grou
|
|
|
|
ocil: '{{{ ocil_file_group_owner(file="/boot/grub2/grub.cfg", group="root") }}}'
|
|
|
|
+platform: machine
|
|
+
|
|
template:
|
|
name: file_groupowner
|
|
vars:
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
|
|
index ed17987478..e2c118cf0a 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/file_owner_efi_grub2_cfg/rule.yml
|
|
@@ -49,6 +49,8 @@ ocil: |-
|
|
{{{ ocil_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
|
|
{{%- endif %}}
|
|
|
|
+platform: machine
|
|
+
|
|
template:
|
|
name: file_owner
|
|
vars:
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
|
|
index 9ce4c3d60b..5086553921 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/file_owner_grub2_cfg/rule.yml
|
|
@@ -37,6 +37,8 @@ ocil_clause: '{{{ ocil_clause_file_owner(file="/boot/grub2/grub.cfg", owner="roo
|
|
|
|
ocil: '{{{ ocil_file_owner(file="/boot/grub2/grub.cfg", owner="root") }}}'
|
|
|
|
+platform: machine
|
|
+
|
|
template:
|
|
name: file_owner
|
|
vars:
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/group.yml b/linux_os/guide/system/bootloader-grub2/group.yml
|
|
index 69489bc0c2..4ffb40c0e8 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/group.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/group.yml
|
|
@@ -15,4 +15,4 @@ description: |-
|
|
with a password and ensure its configuration file's permissions
|
|
are set properly.
|
|
|
|
-platform: machine
|
|
+platform: grub2
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
|
|
index 63a6a7a83c..15db01a75f 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml
|
|
@@ -68,3 +68,5 @@ warnings:
|
|
|
|
Also, do NOT manually add the superuser account and password to the
|
|
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
|
|
index baade9c13e..d4f455e66a 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml
|
|
@@ -17,3 +17,5 @@ identifiers:
|
|
|
|
references:
|
|
anssi: NT28(R11)
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
|
|
index 113726d34f..c8956c2f34 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_no_removeable_media/rule.yml
|
|
@@ -37,3 +37,5 @@ ocil: |-
|
|
<tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable
|
|
media which should not exist in the line:
|
|
<pre>set root='hd0,msdos1'</pre>
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
|
|
index 985b8727d7..b6e9774608 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml
|
|
@@ -72,3 +72,5 @@ warnings:
|
|
|
|
Also, do NOT manually add the superuser account and password to the
|
|
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
|
|
index 1926837db7..5abd86b9d9 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
|
|
@@ -75,3 +75,5 @@ warnings:
|
|
|
|
Also, do NOT manually add the superuser account and password to the
|
|
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
|
|
index 3ce5a2df13..3114d2d27c 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
|
|
@@ -73,3 +73,5 @@ warnings:
|
|
|
|
Also, do NOT manually add the superuser account and password to the
|
|
<tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
|
|
+
|
|
+platform: machine
|
|
diff --git a/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
|
|
index c94185f3f4..5de05c057a 100644
|
|
--- a/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
|
|
+++ b/linux_os/guide/system/bootloader-grub2/uefi_no_removeable_media/rule.yml
|
|
@@ -35,3 +35,5 @@ ocil: |-
|
|
<tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable
|
|
media which should not exist in the line:
|
|
<pre>set root='hd0,msdos1'</pre>
|
|
+
|
|
+platform: machine
|
|
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
new file mode 100644
|
|
index 0000000000..e83f45bc3b
|
|
--- /dev/null
|
|
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
|
|
@@ -0,0 +1,37 @@
|
|
+<def-group>
|
|
+ <definition class="inventory"
|
|
+ id="installed_env_has_grub2_package" version="1">
|
|
+ <metadata>
|
|
+ <title>Package grub2 is installed</title>
|
|
+ <affected family="unix">
|
|
+ <platform>multi_platform_all</platform>
|
|
+ </affected>
|
|
+ <description>Checks if package grub2-pc is installed.</description>
|
|
+ <reference ref_id="cpe:/a:grub2" source="CPE" />
|
|
+ </metadata>
|
|
+ <criteria>
|
|
+ <criterion comment="Package grub2-pc is installed" test_ref="test_env_has_grub2_installed" />
|
|
+ </criteria>
|
|
+ </definition>
|
|
+
|
|
+{{% if pkg_system == "rpm" %}}
|
|
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
|
|
+ id="test_env_has_grub2_installed" version="1"
|
|
+ comment="system has package grub2-pc installed">
|
|
+ <linux:object object_ref="obj_env_has_grub2_installed" />
|
|
+ </linux:rpminfo_test>
|
|
+ <linux:rpminfo_object id="obj_env_has_grub2_installed" version="1">
|
|
+ <linux:name>grub2-pc</linux:name>
|
|
+ </linux:rpminfo_object>
|
|
+{{% elif pkg_system == "dpkg" %}}
|
|
+ <linux:dpkginfo_test check="all" check_existence="all_exist"
|
|
+ id="test_env_has_grub2_installed" version="1"
|
|
+ comment="system has package grub2-pc installed">
|
|
+ <linux:object object_ref="obj_env_has_grub2_installed" />
|
|
+ </linux:dpkginfo_test>
|
|
+ <linux:dpkginfo_object id="obj_env_has_grub2_installed" version="1">
|
|
+ <linux:name>grub2-pc</linux:name>
|
|
+ </linux:dpkginfo_object>
|
|
+{{% endif %}}
|
|
+
|
|
+</def-group>
|
|
diff --git a/ssg/constants.py b/ssg/constants.py
|
|
index f03aa87f09..318763b219 100644
|
|
--- a/ssg/constants.py
|
|
+++ b/ssg/constants.py
|
|
@@ -498,6 +498,7 @@
|
|
"container": "cpe:/a:container",
|
|
"chrony": "cpe:/a:chrony",
|
|
"gdm": "cpe:/a:gdm",
|
|
+ "grub2": "cpe:/a:grub2",
|
|
"libuser": "cpe:/a:libuser",
|
|
"nss-pam-ldapd": "cpe:/a:nss-pam-ldapd",
|
|
"ntp": "cpe:/a:ntp",
|
|
|
|
From 8bb44ebe9c32b7916a7291b1fa5735b381494cfb Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Thu, 2 Jul 2020 16:58:14 +0200
|
|
Subject: [PATCH 4/5] Move grub2_disable_interactive_boot to grub2 platform
|
|
|
|
It should have both platforms machine and grub2.
|
|
But as the parent group is very broad, I cannot put parent group as
|
|
machine.
|
|
|
|
As a side effect this change makes this rules applicable in containers.
|
|
---
|
|
.../accounts-physical/grub2_disable_interactive_boot/rule.yml | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
|
|
index 3080470aa8..44ea1aa49a 100644
|
|
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
|
|
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
|
|
@@ -48,4 +48,4 @@ ocil: |-
|
|
Presence of a <tt>systemd.confirm_spawn=(1|yes|true|on)</tt> indicates
|
|
that interactive boot is enabled at boot time.
|
|
|
|
-platform: machine
|
|
+platform: grub2
|
|
|
|
From 17ba5bc9ecc955911b7a3ab30bcd221283472b3f Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Tue, 23 Jun 2020 23:20:18 +0200
|
|
Subject: [PATCH 5/5] Update CPE Dictionaries
|
|
|
|
Again, whenever a package CPE is added, all CPE dictionaries need to be
|
|
updated.
|
|
Because the project doesn't share CPEs among the products.
|
|
---
|
|
debian10/cpe/debian10-cpe-dictionary.xml | 5 +++++
|
|
debian8/cpe/debian8-cpe-dictionary.xml | 5 +++++
|
|
debian9/cpe/debian9-cpe-dictionary.xml | 5 +++++
|
|
fedora/cpe/fedora-cpe-dictionary.xml | 5 +++++
|
|
ol7/cpe/ol7-cpe-dictionary.xml | 5 +++++
|
|
ol8/cpe/ol8-cpe-dictionary.xml | 5 +++++
|
|
opensuse/cpe/opensuse-cpe-dictionary.xml | 5 +++++
|
|
rhel7/cpe/rhel7-cpe-dictionary.xml | 5 +++++
|
|
rhel8/cpe/rhel8-cpe-dictionary.xml | 5 +++++
|
|
rhv4/cpe/rhv4-cpe-dictionary.xml | 5 +++++
|
|
sle11/cpe/sle11-cpe-dictionary.xml | 5 +++++
|
|
sle12/cpe/sle12-cpe-dictionary.xml | 5 +++++
|
|
sle15/cpe/sle15-cpe-dictionary.xml | 5 +++++
|
|
ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml | 5 +++++
|
|
ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml | 5 +++++
|
|
ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml | 5 +++++
|
|
wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml | 5 +++++
|
|
wrlinux8/cpe/wrlinux8-cpe-dictionary.xml | 5 +++++
|
|
18 files changed, 90 insertions(+)
|
|
|
|
diff --git a/debian10/cpe/debian10-cpe-dictionary.xml b/debian10/cpe/debian10-cpe-dictionary.xml
|
|
index 5cc27ceb79..f2dbd09cfc 100644
|
|
--- a/debian10/cpe/debian10-cpe-dictionary.xml
|
|
+++ b/debian10/cpe/debian10-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/debian8/cpe/debian8-cpe-dictionary.xml b/debian8/cpe/debian8-cpe-dictionary.xml
|
|
index 38d490138a..f385709052 100644
|
|
--- a/debian8/cpe/debian8-cpe-dictionary.xml
|
|
+++ b/debian8/cpe/debian8-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/debian9/cpe/debian9-cpe-dictionary.xml b/debian9/cpe/debian9-cpe-dictionary.xml
|
|
index f01770b044..bc90a12bae 100644
|
|
--- a/debian9/cpe/debian9-cpe-dictionary.xml
|
|
+++ b/debian9/cpe/debian9-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/fedora/cpe/fedora-cpe-dictionary.xml b/fedora/cpe/fedora-cpe-dictionary.xml
|
|
index 2964e320c2..ff7cebc322 100644
|
|
--- a/fedora/cpe/fedora-cpe-dictionary.xml
|
|
+++ b/fedora/cpe/fedora-cpe-dictionary.xml
|
|
@@ -62,6 +62,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/ol7/cpe/ol7-cpe-dictionary.xml b/ol7/cpe/ol7-cpe-dictionary.xml
|
|
index c153272121..613f853a6d 100644
|
|
--- a/ol7/cpe/ol7-cpe-dictionary.xml
|
|
+++ b/ol7/cpe/ol7-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/ol8/cpe/ol8-cpe-dictionary.xml b/ol8/cpe/ol8-cpe-dictionary.xml
|
|
index 3fd74e53ca..912fe01346 100644
|
|
--- a/ol8/cpe/ol8-cpe-dictionary.xml
|
|
+++ b/ol8/cpe/ol8-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/opensuse/cpe/opensuse-cpe-dictionary.xml b/opensuse/cpe/opensuse-cpe-dictionary.xml
|
|
index 1ab4e85ea8..7f485b800e 100644
|
|
--- a/opensuse/cpe/opensuse-cpe-dictionary.xml
|
|
+++ b/opensuse/cpe/opensuse-cpe-dictionary.xml
|
|
@@ -42,6 +42,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/rhel7/cpe/rhel7-cpe-dictionary.xml b/rhel7/cpe/rhel7-cpe-dictionary.xml
|
|
index a5214e36f0..f232b7ed29 100644
|
|
--- a/rhel7/cpe/rhel7-cpe-dictionary.xml
|
|
+++ b/rhel7/cpe/rhel7-cpe-dictionary.xml
|
|
@@ -57,6 +57,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/rhel8/cpe/rhel8-cpe-dictionary.xml b/rhel8/cpe/rhel8-cpe-dictionary.xml
|
|
index cccb3c5791..eab827291f 100644
|
|
--- a/rhel8/cpe/rhel8-cpe-dictionary.xml
|
|
+++ b/rhel8/cpe/rhel8-cpe-dictionary.xml
|
|
@@ -32,6 +32,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/rhv4/cpe/rhv4-cpe-dictionary.xml b/rhv4/cpe/rhv4-cpe-dictionary.xml
|
|
index ce9b06dcae..db1b4b239b 100644
|
|
--- a/rhv4/cpe/rhv4-cpe-dictionary.xml
|
|
+++ b/rhv4/cpe/rhv4-cpe-dictionary.xml
|
|
@@ -32,6 +32,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/sle11/cpe/sle11-cpe-dictionary.xml b/sle11/cpe/sle11-cpe-dictionary.xml
|
|
index c732ecb48a..1b6b3e2518 100644
|
|
--- a/sle11/cpe/sle11-cpe-dictionary.xml
|
|
+++ b/sle11/cpe/sle11-cpe-dictionary.xml
|
|
@@ -32,6 +32,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/sle12/cpe/sle12-cpe-dictionary.xml b/sle12/cpe/sle12-cpe-dictionary.xml
|
|
index 79daa31412..b1b66e1294 100644
|
|
--- a/sle12/cpe/sle12-cpe-dictionary.xml
|
|
+++ b/sle12/cpe/sle12-cpe-dictionary.xml
|
|
@@ -32,6 +32,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/sle15/cpe/sle15-cpe-dictionary.xml b/sle15/cpe/sle15-cpe-dictionary.xml
|
|
index 91d3d78b19..0ee5a1b817 100644
|
|
--- a/sle15/cpe/sle15-cpe-dictionary.xml
|
|
+++ b/sle15/cpe/sle15-cpe-dictionary.xml
|
|
@@ -32,6 +32,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml b/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
|
|
index df5abff723..7f3ce4271b 100644
|
|
--- a/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
|
|
+++ b/ubuntu1404/cpe/ubuntu1404-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml b/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
|
|
index 6269344376..83f0c8c516 100644
|
|
--- a/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
|
|
+++ b/ubuntu1604/cpe/ubuntu1604-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml b/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
|
|
index ccb285768e..77b78d74ec 100644
|
|
--- a/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
|
|
+++ b/ubuntu1804/cpe/ubuntu1804-cpe-dictionary.xml
|
|
@@ -27,6 +27,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml b/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
|
|
index 73e419c9ab..cc4e806a4d 100644
|
|
--- a/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
|
|
+++ b/wrlinux1019/cpe/wrlinux1019-cpe-dictionary.xml
|
|
@@ -26,6 +26,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
diff --git a/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml b/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
|
|
index 8449ea1416..824c575a6a 100644
|
|
--- a/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
|
|
+++ b/wrlinux8/cpe/wrlinux8-cpe-dictionary.xml
|
|
@@ -26,6 +26,11 @@
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|
|
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_gdm_package</check>
|
|
</cpe-item>
|
|
+ <cpe-item name="cpe:/a:grub2">
|
|
+ <title xml:lang="en-us">Package grub2 is installed</title>
|
|
+ <!-- the check references an OVAL file that contains an inventory definition -->
|
|
+ <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_grub2_package</check>
|
|
+ </cpe-item>
|
|
<cpe-item name="cpe:/a:libuser">
|
|
<title xml:lang="en-us">Package libuser is installed</title>
|
|
<!-- the check references an OVAL file that contains an inventory definition -->
|