Fixes #16983: display openscap report in node details

openscap-policies/Makefile

@@ -6,10 +6,10 @@ PROXY_ENV = $(if $(PROXY), http_proxy=$(PROXY) ftp_proxy=$(PROXY))
 GET=get() { $(PROXY_ENV) curl -s -L -o "$$1.part" "$$2" && { openssl dgst -sha256 "$$1.part" | grep -q "$$3" || { echo "Wrong checksum, aborting"; exit 1; }; } && mv "$$1.part" "$$1"; }; get
 
 RUDDER_SYNCHRONIZE_SHA256 = e0ba357886ac4b5c6a5856db191371922685a981af0c06596bd4adb8bcbefda1
-FILES = remove_configuration rudder_synchronize.py openscap-policies.json techniques
+FILES = remove_configuration rudder_synchronize.py openscap-policies.json antisamy.xml openscap-policies.properties techniques
 SCRIPTS = postinst prerm
-OTHER_ARCHIVES = target/external-report.txz
 
+#include ../makefiles/common-plugin.mk
 include ../makefiles/common-scala-plugin.mk
 
 target/techniques:
@@ -24,9 +24,11 @@ target/openscap-policies.json:
 target/rudder_synchronize.py:
 	$(GET) target/rudder_synchronize.py https://repository.rudder.io/tools/rudder-synchronize $(RUDDER_SYNCHRONIZE_SHA256)
 
-target/external-report.txz:
-	cp -a src/node-external-reports.properties target/
-	tar cJ -C target -f target/external-report.txz node-external-reports.properties
+target/antisamy.xml:
+	cp src/main/resources/antisamy.xml target/antisamy.xml
+
+target/openscap-policies.properties:
+	cp src/main/resources/openscap-policies.properties target/openscap-policies.properties
 
 clean:
 	rm -f $(FULL_NAME)-*.rpkg pom.xml

openscap-policies/README.adoc

@@ -1,4 +1,4 @@
-# Rudder plugin: OpenSCAP-report
+# Rudder plugin: OpenSCAP-policies
 
 This project is part of Rudder - IT infrastructure Automation and Compliance.
 See: http://rudder.io for more information.
@@ -22,7 +22,7 @@ As most of the Rudder plugins, you must install the plugin with the rudder-pkg t
 /opt/rudder/bin/rudder-pkg install-file <path to the rpkg>
 ....
 
-This will *add one Rudder technique to your Rudder Server*.
+This will add one Rudder technique to your Rudder Server, two API enpoints and a new tab on Node Details.
 
 
 === Usage
@@ -51,7 +51,9 @@ The technique will take care of the openSCAP agent installation and will by defa
 
 == Rudder Webapp integration
 
-With the Rudder plugin `Node external reports` which allows to add external, static documents and reports in a new tab in the `node details` webpage, this plugin will display the reports directly in the web interface.
-A compatible configuration file is distributed with the `OpenSCAP-report` plugin, you can find it in `/var/rudder/packages/rudder-plugin-openscap-report/node-external-reports.properties`
+A new tab in Node Details called OpenScap is added by this plugin. If the node already sent its OpenScap report, it is
+available, in an iframe in this tab, in a sanitized version (no scripts)
 
-The complete documentation of the `Node-external-reports` plugin is available https://docs.rudder.io/reference/5.0/plugins/node-external-reports.html#_documents_naming_convention[here].
+Two news API endpoints are also available:
+*  /latest/openscap/report/{nodeId}    : the OpenScap report
+*  /latest/openscap/sanitized/{nodeId} : the OpenScap report as displayed in the web interface (sanitized)

openscap-policies/configuration/techniques/plugin_openscap_report.json

@@ -6,9 +6,9 @@
       "profile",
       "scap_file"
     ],
-    "category": "OpenSCAP_Policies_plugin",
     "bundle_name": "plugin_openscap_policies",
-    "description": "This technique will trigger an openscap audit every hour on the agent.",
+    "category": "OpenSCAP_Policies_plugin",
+    "description": "This technique triggers an OpenSCAP audit every day, between 2:00 and 8:00 by default, and sends the report to the Rudder Server to be displayed on the Node Details.This Technique takes 2 parameters: - profile: the name of the profile to check (e.g. RHEL6-Default) - scap_file: the XCCDF Checklist file (e.g XCCDF Checklist)",
     "name": "plugin_openscap_policies",
     "version": "1.0",
     "parameter": [
@@ -37,15 +37,15 @@
       {
         "args": [
           "openscap",
-          "5",
-          "5",
+          "${system_common.agent_run_interval}",
           "0",
-          "10",
-          "15",
-          "1",
+          "6",
           "0",
-          "1",
+          "2",
           "0",
+          "0",
+          "0",
+          "1",
           "nodups"
         ],
         "class_context": "any",

openscap-policies/packaging/metadata

@@ -8,8 +8,8 @@
     "apt": [ "rudder-api-client" ],
     "rpm": [ "rudder-api-client" ]
   },
+  "jar-files": [ "/opt/rudder/share/plugins/${plugin-name}/${plugin-name}/${plugin-name}.jar" ],
   "content": {
-    "files.txz": "/var/rudder/packages/${plugin-id}",
-    "external-report.txz": "/var/rudder/packages/${plugin-id}"
+    "files.txz": "/opt/rudder/share/plugins/${plugin-name}/"
   }
 }

openscap-policies/packaging/postinst

@@ -1,8 +1,8 @@
 #!/bin/bash
 set -x
-PLUGIN_FULL_NAME="rudder-plugin-openscap-policies"
+PLUGIN_NAME="openscap-policies"
 PRETTY_NAME="OpenSCAP Policies"
-CONFIGURATION_PATH=/var/rudder/packages/$PLUGIN_FULL_NAME
+CONFIGURATION_PATH=/opt/rudder/share/plugins/$PLUGIN_NAME
 
 # Code below should be mostly comon between the plugins
 SOURCE_DIR=${CONFIGURATION_PATH}/techniques

openscap-policies/pom-template.xml

@@ -40,6 +40,11 @@
 
   <dependencies>
     <!-- Add other plugin specific dependencies -->
+    <dependency>
+      <groupId>org.owasp.antisamy</groupId>
+      <artifactId>antisamy</artifactId>
+      <version>1.5.9</version>
+    </dependency>
   </dependencies>
 
   <!-- Below is an horrible if/then/else in maven. You shouldn't have anything to change here -->