Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(Stabilization) enhance OVAL for enable_fips_mode #10900

Merged
merged 3 commits into from
Jul 25, 2023
Merged

(Stabilization) enhance OVAL for enable_fips_mode #10900

merged 3 commits into from
Jul 25, 2023

Conversation

vojtapolasek
Copy link
Collaborator

Description:

#10897 proposed against stabilization branch

@vojtapolasek
add OVAL tests to test for fips=1 in /boot/loader/entries and in kern…
7002c67 
…el command line
@vojtapolasek
rewrite criteria in OVAL
e73fb02 
rewritten according to grub2_argument template
if RHEL8 or OL8, then the grubenv file is checked
if RHEL9 or OL9, then expanded /boot/loader/entries are checked
@vojtapolasek
remove duplicate oval state
db053ac
@vojtapolasek vojtapolasek added bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments. backported-into-stabilization PRs which were cherry-picked during stabilization process. OSPP OSPP benchmark related. labels Jul 25, 2023
@vojtapolasek vojtapolasek added this to the 0.1.69 milestone Jul 25, 2023
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions
Copy link

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
OVAL for rule 'xccdf_org.ssgproject.content_rule_enable_fips_mode' differs.
--- oval:ssg-enable_fips_mode:def:1
+++ oval:ssg-enable_fips_mode:def:1
@@ -4,6 +4,12 @@
 extend_definition oval:ssg-enable_dracut_fips_module:def:1
 extend_definition oval:ssg-configure_crypto_policy:def:1
 criterion oval:ssg-test_system_crypto_policy_value:tst:1
+criterion oval:ssg-test_fips_1_argument_in_etc_kernel_cmdline:tst:1
 criteria OR
+criteria AND
+extend_definition oval:ssg-system_info_architecture_s390_64:def:1
+criterion oval:ssg-test_fips_1_argument_in_boot_loader_entries_conf:tst:1
+criteria AND
+criteria None
 extend_definition oval:ssg-system_info_architecture_s390_64:def:1
 criterion oval:ssg-test_grubenv_fips_mode:tst:1

@marcusburghardt marcusburghardt self-assigned this Jul 25, 2023
@marcusburghardt marcusburghardt merged commit ad3964e into ComplianceAsCode:stabilization-v0.1.69 Jul 25, 2023
27 of 28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

@marcusburghardt marcusburghardt

Labels
backported-into-stabilization PRs which were cherry-picked during stabilization process. bugfix Fixes to reported bugs. OSPP OSPP benchmark related. OVAL OVAL update. Related to the systems assessments.
Projects
None yet
Milestone
0.1.69
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vojtapolasek @marcusburghardt