Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for multiple STIG id assignments #10846

Merged
merged 1 commit into from Jul 18, 2023

Conversation

ggbecker
Copy link
Member

@ggbecker ggbecker commented Jul 14, 2023

Description:

  • Add support for multiple STIG id assignments.

Rationale:

  • Ability to assign multiple STIG ids to stigid reference, comma separated.
  • Help with testing of the feature is appreciated.

Review Hints:

  • oscap xccdf eval --profile stig --rule xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval --results results.xml --stig-viewer results-stig.xml ssg-rhel8-ds.xml
  • results-stig.xml should contain two results such as:
  <rule-result idref="SV-230334r627750_rule" role="full" time="2023-07-14T07:37:00-05:00" severity="medium" weight="1.000000">
    <result>fail</result>
    <ident system="https://ncp.nist.gov/cce">CCE-80669-5</ident>
    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:ssg-var_accounts_passwords_pam_faillock_fail_interval:var:1" value-id="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval"/>
      <check-content-ref name="oval:ssg-accounts_passwords_pam_faillock_interval:def:1" href="ssg-rhel8-oval.xml"/>
    </check>
  </rule-result>
  <rule-result idref="SV-230335r743969_rule" role="full" time="2023-07-14T07:37:00-05:00" severity="medium" weight="1.000000">
    <result>fail</result>
    <ident system="https://ncp.nist.gov/cce">CCE-80669-5</ident>
    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:ssg-var_accounts_passwords_pam_faillock_fail_interval:var:1" value-id="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval"/>
      <check-content-ref name="oval:ssg-accounts_passwords_pam_faillock_interval:def:1" href="ssg-rhel8-oval.xml"/>
    </check>
  </rule-result>

After that you can import https://github.com/ComplianceAsCode/content/raw/master/shared/references/disa-stig-rhel8-v1r10-xccdf-manual.xml into STIG viewer, create a checklist and then you can import the results-stig.xml file.

STIG viewer can be found on: https://public.cyber.mil/stigs/srg-stig-tools/

@ggbecker ggbecker added the STIG STIG Benchmark related. label Jul 14, 2023
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Jul 14, 2023
@openshift-ci
Copy link

openshift-ci bot commented Jul 14, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@jan-cerny jan-cerny changed the title Add support for multiple STIG id assignments. Add support for multiple STIG id assignments Jul 14, 2023
@ggbecker ggbecker marked this pull request as ready for review July 14, 2023 12:09
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Jul 14, 2023
@vojtapolasek vojtapolasek self-assigned this Jul 14, 2023
@ggbecker
Copy link
Member Author

rebased on latest master

@codeclimate
Copy link

codeclimate bot commented Jul 14, 2023

Code Climate has analyzed commit 2ee7547 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 0.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.3% (-0.1% change).

View more on Code Climate.

@Mab879
Copy link
Member

Mab879 commented Jul 17, 2023

I can confirm that this works correctly in STIG Viewer 2.17.

Copy link
Collaborator

@vojtapolasek vojtapolasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the changes, they look good to me.

@vojtapolasek vojtapolasek merged commit 9dfe74e into ComplianceAsCode:master Jul 18, 2023
31 of 34 checks passed
@vojtapolasek vojtapolasek added this to the 0.1.69 milestone Jul 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
STIG STIG Benchmark related.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants