Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove support for external Audit files and cleanup test scenarios #9073

Merged
merged 5 commits into from
Jun 30, 2022
Merged

remove support for external Audit files and cleanup test scenarios #9073

merged 5 commits into from
Jun 30, 2022

Conversation

vojtapolasek
Copy link
Collaborator

Description:

  • stop mentioning configuration files provided in /usr/share/audit/sample-rules
  • delete tests for this case
  • start using templated tests for audit_file_content templated rules

Rationale:

  • we no longer suggest to remediate rules which use audit_file_contents (most of rules in the "policy_rules" group) by copying over files provided by Audit package. The SCAP content should be the authoritative source of those files. These files also caused problems because of inconsistent new lines.
  • converting to templated test scenarios is a step which removes duplicate code

@vojtapolasek vojtapolasek added RHEL9 Red Hat Enterprise Linux 9 product related. Update Rule Issues or pull requests related to Rules updates. RHEL8 Red Hat Enterprise Linux 8 product related. labels Jun 30, 2022
@vojtapolasek vojtapolasek added this to the 0.1.63 milestone Jun 30, 2022
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@jan-cerny jan-cerny self-assigned this Jun 30, 2022
@codeclimate
Copy link

codeclimate bot commented Jun 30, 2022

Code Climate has analyzed commit 78b200f and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.7% (0.0% change).

View more on Code Climate.

@openshift-ci
Copy link

openshift-ci bot commented Jun 30, 2022

@vojtapolasek: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ocp4-pci-dss 78b200f link true /test e2e-aws-ocp4-pci-dss
ci/prow/e2e-aws-ocp4-moderate 78b200f link true /test e2e-aws-ocp4-moderate
ci/prow/e2e-aws-ocp4-stig 78b200f link true /test e2e-aws-ocp4-stig
ci/prow/e2e-aws-ocp4-cis-node 78b200f link true /test e2e-aws-ocp4-cis-node
ci/prow/e2e-aws-ocp4-pci-dss-node 78b200f link true /test e2e-aws-ocp4-pci-dss-node
ci/prow/e2e-aws-ocp4-e8 78b200f link true /test e2e-aws-ocp4-e8
ci/prow/e2e-aws-rhcos4-e8 78b200f link true /test e2e-aws-rhcos4-e8
ci/prow/e2e-aws-rhcos4-moderate 78b200f link true /test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-ocp4-stig-node 78b200f link true /test e2e-aws-ocp4-stig-node
ci/prow/e2e-aws-rhcos4-high 78b200f link true /test e2e-aws-rhcos4-high
ci/prow/e2e-aws-ocp4-cis 78b200f link true /test e2e-aws-ocp4-cis
ci/prow/e2e-aws-ocp4-moderate-node 78b200f link true /test e2e-aws-ocp4-moderate-node
ci/prow/e2e-aws-ocp4-high 78b200f link true /test e2e-aws-ocp4-high
ci/prow/e2e-aws-ocp4-high-node 78b200f link true /test e2e-aws-ocp4-high-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

jan-cerny
jan-cerny approved these changes Jun 30, 2022
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

[jcerny@thinkpad scap-security-guide{pr/9073}]$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 audit_ospp_general
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2022-06-30-1513/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_audit_ospp_general
INFO - Script file_not_identical.fail.sh using profile (all) OK
INFO - Script correct_rules.pass.sh using profile (all) OK
INFO - Script file_missing.fail.sh using profile (all) OK
[jcerny@thinkpad scap-security-guide{pr/9073}]$ python3 tests/automatus.py rule --remediate-using ansible --libvirt qemu:///system ssgts_rhel9 audit_ospp_general
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2022-06-30-1517/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_audit_ospp_general
INFO - Script file_missing.fail.sh using profile (all) OK
INFO - Script file_not_identical.fail.sh using profile (all) OK
INFO - Script correct_rules.pass.sh using profile (all) OK
[jcerny@thinkpad scap-security-guide{pr/9073}]$ 
[jcerny@thinkpad scap-security-guide{pr/9073}]$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel8 audit_ospp_general
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2022-06-30-1521/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_audit_ospp_general
INFO - Script file_not_identical.fail.sh using profile (all) OK
INFO - Script correct_rules.pass.sh using profile (all) OK
INFO - Script file_missing.fail.sh using profile (all) OK
[jcerny@thinkpad scap-security-guide{pr/9073}]$ python3 tests/automatus.py rule --remediate-using ansible --libvirt qemu:///system ssgts_rhel8 audit_ospp_general
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2022-06-30-1533/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_audit_ospp_general
INFO - Script file_missing.fail.sh using profile (all) OK
INFO - Script file_not_identical.fail.sh using profile (all) OK
INFO - Script correct_rules.pass.sh using profile (all) OK

@jan-cerny jan-cerny merged commit 0c2ef54 into ComplianceAsCode:master Jun 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.63
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vojtapolasek @jan-cerny