Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate the Lynis scanner into OpenQA - phase 2 #11998

Merged
merged 1 commit into from Mar 2, 2021
Merged

Integrate the Lynis scanner into OpenQA - phase 2 #11998

merged 1 commit into from Mar 2, 2021

Conversation

lilyeyes
Copy link
Contributor

@lilyeyes lilyeyes commented Feb 22, 2021
edited

Support lynis on other architectures;
Support both text and gnome images for all architectures;
Supprot lynis on TW for x86_64 arches.
Revised code to allow some exceptions.

NOTE:

@lilyeyes lilyeyes changed the title (wip) Integrate the Lynis scanner into OpenQA - phase 2 Integrate the Lynis scanner into OpenQA - phase 2 Feb 24, 2021
okurz
okurz requested changes Feb 24, 2021
View reviewed changes
lib/lynis/lynistest.pm Show resolved Hide resolved
okurz
okurz requested changes Feb 25, 2021
View reviewed changes
tests/security/lynis/lynis_setup.pm Outdated Show resolved Hide resolved
tests/security/lynis/lynis_setup.pm Outdated Show resolved Hide resolved
tests/security/lynis/lynis_setup.pm Outdated Show resolved Hide resolved
@lilyeyes lilyeyes changed the title Integrate the Lynis scanner into OpenQA - phase 2 (wip) Integrate the Lynis scanner into OpenQA - phase 2 Feb 25, 2021
@lilyeyes lilyeyes changed the title (wip) Integrate the Lynis scanner into OpenQA - phase 2 Integrate the Lynis scanner into OpenQA - phase 2 Feb 26, 2021
@rfan1
Copy link
Contributor

rfan1 commented Mar 2, 2021
edited

Minor comments:

Support lynis on other architectures, support both text and gnome mode image on all architectures.
Supprot lynis on TW on x86_64 arches.

To

Support lynis on other architectures;
Support both text and gnome images for all architectures;
Supprot lynis on TW for x86_64 arches.

@lilyeyes
Copy link
Contributor Author

lilyeyes commented Mar 2, 2021

Minor comments:

Support lynis on other architectures, support both text and gnome mode image on all architectures.
Supprot lynis on TW on x86_64 arches.

To

Support lynis on other architectures;
Support both text and gnome images for all architectures;
Supprot lynis on TW for x86_64 arches.

Done.

@jouyingbin
Copy link
Contributor

jouyingbin commented Mar 2, 2021
edited

Support lynis on other architectures;
Support both text and gnome images for all architectures;
Supprot lynis on TW for x86_64 arches.
Revised code to allow some exceptions.

NOTE:

* Please ignore the soft fails. I will open a low priority poo to track the unstable exceptions later;

* The baselines will be reviewed/approved by developer, if you want to check them it is very cool too.

* Related ticket: https://progress.opensuse.org/issues/88894

* Needles: NA

* Verification run:
  x86-64-textmode: https://openqa.suse.de/tests/5519434
  ppc64le-textmode: https://openqa.suse.de/tests/5519505
  s390x-textmode: https://openqa.suse.de/tests/5519433
  aarch64-textmode: https://openqa.suse.de/tests/5519431
  x86-64-gnome: https://openqa.suse.de/tests/5519439
  ppc64le-gnome: https://openqa.suse.de/tests/5519436
  s390x-gnome: https://openqa.suse.de/tests/5548992 (wip)
  aarch64-gnome: https://openqa.suse.de/tests/5519435
  x86-64-textmode TW: https://openqa.opensuse.org/tests/1644460
  x86-64-gnome TW: https://openqa.opensuse.org/tests/1644459

For the VR content. It would be more readable for reviewer. such as:

SLE text mode (all arches):
x86-64: https://openqa.suse.de/tests/5519434
ppc64le: https://openqa.suse.de/tests/5519505
s390x: https://openqa.suse.de/tests/5519433
aarch64: https://openqa.suse.de/tests/5519431

SLE gnome mode (all arches):
x86-64: https://openqa.suse.de/tests/5519439
ppc64le: https://openqa.suse.de/tests/5519436
s390x: https://openqa.suse.de/tests/5548992 (wip)
aarch64: https://openqa.suse.de/tests/5519435

openSUSE TW (x86-64 only):
textmode: https://openqa.opensuse.org/tests/1644460
gnome: https://openqa.opensuse.org/tests/1644459

how do you think about it? :)

@lilyeyes
Copy link
Contributor Author

lilyeyes commented Mar 2, 2021

how do you think about it? :)
Done.

@jouyingbin
Copy link
Contributor

jouyingbin commented Mar 2, 2021
edited

I just check the baseline is empty, am I right? or it is only renamed and without baseline update?
....system-nocolors-15-SP3-x86_64-textmode

@lilyeyes
Copy link
Contributor Author

lilyeyes commented Mar 2, 2021
edited

I just check the baseline is empty, am I right? or it is only renamed and without baseline update?
....system-nocolors-15-SP3-x86_64-textmode
It is renamed.
It is not empty, I just checked, please double check.

@jouyingbin
Copy link
Contributor

jouyingbin commented Mar 2, 2021
edited

I just check the baseline is empty, am I right? or it is only renamed and without baseline update?
....system-nocolors-15-SP3-x86_64-textmode
It is renamed.
It is not empty, I just checked, please double check.

okay, I got it. because it show 0 in github, but it is fine if it's just renamed only.

jouyingbin
jouyingbin reviewed Mar 2, 2021
View reviewed changes
lib/lynis/lynistest.pm Outdated Show resolved Hide resolved
@jouyingbin
Copy link
Contributor

Further questitons,

  1. The new baseline you commit will be replaced the original baseline you created last time, right?
  2. Will the baseline will be changed regularly? or it is already fixed version for 15 SP3 & TW now?

@lilyeyes
Copy link
Contributor Author

lilyeyes commented Mar 2, 2021

Further questitons,

1. The new baseline you commit will be replaced the original baseline you created last time, right?

Correct.

2. Will the baseline will be changed regularly? or it is already fixed version for 15 SP3 & TW now?

. Depends on the testing results later on, e.g., if the baselines need to be revised according to OS's changing (not fixed IMO)

@jouyingbin
Copy link
Contributor

Further questitons,

1. The new baseline you commit will be replaced the original baseline you created last time, right?

Correct.

2. Will the baseline will be changed regularly? or it is already fixed version for 15 SP3 & TW now?

. Depends on the testing results later on, e.g., if the baselines need to be revised according to OS's changing (not fixed IMO)

okay I got it. thanks for information.

@lilyeyes
Integrate the Lynis scanner into OpenQA - phase 2
6915b6f 
poo#88894 -  [sle][security][sle15sp3] Integrate the Lynis scanner into OpenQA - phase 2
Support lynis on other architectures;
Support both text and gnome mode image for all architectures
Support lynis on TW for x86_64 arches.
Also revise code to support some exceptions allowed in baselines.
rfan1
rfan1 approved these changes Mar 2, 2021
View reviewed changes
Copy link
Contributor

@rfan1 rfan1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jouyingbin
jouyingbin approved these changes Mar 2, 2021
View reviewed changes
Copy link
Contributor

@jouyingbin jouyingbin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the changes.

@lilyeyes
Copy link
Contributor Author

lilyeyes commented Mar 2, 2021

@okurz I have revised code according to your comments, please help to check again.

@lemon-suse lemon-suse merged commit 9919be6 into os-autoinst:master Mar 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@okurz okurz okurz approved these changes

@jouyingbin jouyingbin jouyingbin approved these changes

@lemon-suse lemon-suse lemon-suse approved these changes

@rfan1 rfan1 rfan1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@lilyeyes @rfan1 @jouyingbin @okurz @lemon-suse