Initial support for SUSE SLE-15

[brett060102]

Enable development for SUSE SLE-15

Description:

• Enable development work for SUSE SLE-15 STIGS

Rationale:

• Need to get started on SUSE SLE-15

[openshift-ci-robot]

Hi @brett060102. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openscap-ci]

Changes identified:
Rules:
 susefirewall2_ddos_protection
Profiles:
 stig on sle15

Show details

Rule susefirewall2_ddos_protection:
 New node inserted to OVAL check.
 Node moved within OVAL check.
 Text added outsite tags in OVAL check.
 Attribute value changed in OVAL check.
 Node deleted from OVAL check.
 Text changed in OVAL check.
 Deleted attribute from OVAL check.
Profile stig on sle15:
 Newly added profile.

Recommended tests to execute:
 build_product sle15
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-sle15-ds.xml stig
 build_product sle12
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-sle12-ds.xml susefirewall2_ddos_protection

[brett060102]

@ggbecker Hate to ping you on this one, but is there an issue with it that I am missing above?

[ggbecker]

@ggbecker Hate to ping you on this one, but is there an issue with it that I am missing above?

I don't think so. But as a suggestion, I would enable the STIG table and add the STIG id for this one rule you are adding to create a proof of concept.

See this PR: https://github.com/ComplianceAsCode/content/pull/6513/files
and this generates the table:
https://jenkins.complianceascode.io/job/scap-security-guide-stats/HTML_20Mapping_20Tables/table-rhel7-stig.html

I have also noticed that sle12 does not generate the table. So I suggest doing the same for sle12.

[brett060102]

@ggbecker thank you and will do.

[brett060102]

@ggbecker Updated and I hope I followed the desired process this time.

[ggbecker]

@ggbecker Updated and I hope I followed the desired process this time.

You still have to include the stig_overlay file. Check how to generate it here: https://complianceascode.readthedocs.io/en/latest/manual/developer/04_updating_reference_and_overlay.html?highlight=create-stig-overlay#stig-overlay-content

[brett060102]

@ggbecker sorry, I had tagged that as separate task. OK to do that for bothe sle12 and sle15 in this review? Do you know why the CaC Jenkins build and unit tests failed? It is not related right.

[brett060102]

May have figured out test failure.

[ggbecker]

So, I've added a couple of commits to the pull request. Mainly it was missing the stig_overlay.xml files and there was an issue with one of the xslt files, see: 988e841

I think it should be ok now.

[brett060102]

@ggbecker Thank you very much. And I can now build the overlays as well.

[brett060102]

@ggbecker changes look great to me. Not approving, since that would mean approving my own changes as well.

[ggbecker]

Everything seems to be ok. Let's merge it. Any further issues can be resolved in future PRs.

[brett060102]

@ggbecker Thank you.