Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OVAL applicability for RHV4 #5053

Merged
merged 6 commits into from Dec 6, 2019
Merged

Fix OVAL applicability for RHV4 #5053

merged 6 commits into from Dec 6, 2019

Conversation

yuumasato
Copy link
Member

@yuumasato yuumasato commented Dec 4, 2019
edited

Description:

  • Make OVAL checks for rules which already have prodtype: rhv4 applicable to rhv4
  • Add a few rules necessary to generate templated OVAL checks.

Rationale:

  • Rule with prodtype: rhv4 just enables part of the content. A lot of rules are evaluating to notchecked.

Notes:

Most of the <platform>Red Hat Virtualization 4</platform> was added via utils/mod_checks.py.
The process was as follows:

 . .pyenv.sh
python3 ./utils/rule_dir_json.py # generates build/rule_dirs.json
python3 ./utils/rule_dir_stats.py -p rhv4 -o -q rhv4 > rhv_oval.txt
# process rhv_oval.txt to contain list of one rule per line (the processed file is attached)

cat rhv_oval.txt | xargs -I {} python3 ./utils/mod_checks.py {} add "Red Hat Virtualization 4"

Processed rhv_oval.txt attached.

@yuumasato
Copy link
Member Author

Rebased after merge of #5049

@yuumasato
Mark these checks as applicable to RHV4
31b61e2 
The rule.yaml's already have the prodtype rhv4.
@yuumasato
Mark these extendedable shared checks as applicable to RHV4
dd6f07b 
These were missed by utils/rule_dir_json.py utils/rule_dir_stats.py and utils/mod_checks.py
@yuumasato
Generate extended checks by enable rules for RHV4
7ecc493 
These rules are templated and the OVAL checks are referenced as
extended_definitions.
@yuumasato
Copy link
Member Author

There were a few OVAL checks which already had <platform>multi_platform_all</platform> and the script added <platform>Red Hat Virtualization 4</platform> anyway.
Fixed those, and push forced.

@ggbecker ggbecker self-assigned this Dec 6, 2019
ggbecker
ggbecker requested changes Dec 6, 2019
View reviewed changes
Copy link
Member

@ggbecker ggbecker left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on statistics jenkins job and comparing some data around. I discovered that the OVAL from rule: https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32 should be updated

@yuumasato
Copy link
Member Author

Can you please address the minor issue with redundant identifier? Thank you.

Where? What do you mean?

@ggbecker
Copy link
Member

ggbecker commented Dec 6, 2019

Can you please address the minor issue with redundant identifier? Thank you.

Where? What do you mean?

OMG, I mixed pull requests. I meant the issue on remediation applicability from #5056. Please disregard this request. I will update

@ggbecker ggbecker self-requested a review December 6, 2019 10:37
@yuumasato
Copy link
Member Author

yuumasato commented Dec 6, 2019
edited

Based on statistics jenkins job and comparing some data around. I discovered that the OVAL from rule: https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32 should be updated

Nice catch, the - in the rule ID messed up the processing of the file, :)

@ggbecker ggbecker merged commit 8e25eaf into ComplianceAsCode:master Dec 6, 2019
@yuumasato yuumasato deleted the rhv4_content_applicability branch December 6, 2019 12:58
@yuumasato yuumasato added this to the 0.1.48 milestone Dec 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggbecker ggbecker ggbecker approved these changes

Assignees

@ggbecker ggbecker

Labels
None yet
Projects
None yet
Milestone
0.1.48
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yuumasato @ggbecker