Add false negative test scenario

In this scenario, the test should return fail, but returns pass. The smallest unit of time in OVAL is one second, there is no way to differentiate files that were changed less than one second appart from each other.
ComplianceAsCode · Dec 4, 2020 · 48e2b97 · 48e2b97
1 parent 3df3833
commit 48e2b97
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/...tware/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/...tware/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8
+
+# IMPORTANT: This is a false negative scenario.
+# File /etc/crypto-policies/config is newer than /etc/crypto-policies/state/current, thus incompliant,
+# but the OVAL evaluation restuls in pass.
+# With a precision of seconds in OVAL, there is not really much we can do to detect this.
+update-crypto-policies --set "DEFAULT"
+touch /etc/crypto-policies/config