Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict rule_auditd_data_retention_flush test scenarios to RHEL7. #4434

Merged
merged 1 commit into from
Jun 24, 2019
Merged

Restrict rule_auditd_data_retention_flush test scenarios to RHEL7. #4434

merged 1 commit into from
Jun 24, 2019

Conversation

ggbecker
Copy link
Member

Update test scenarios for rule_auditd_data_retention_flush and restrict to RHEL7.
Also change profile to be applicable.

@ggbecker ggbecker added this to the 0.1.45 milestone Jun 21, 2019
@jan-cerny
Copy link
Collaborator

@ggbecker What is the reason for restricting it to RHEL7?

@ggbecker
Copy link
Member Author

@ggbecker What is the reason for restricting it to RHEL7?

The main idea was because the test scenario uses variable which is different from the one selected in RHEL8 CC profile and RHEL8 OSPP profile doesn't select this rule. Maybe it is not enough to restrict the test to RHEL7. What do you think?

@jan-cerny
Copy link
Collaborator

RHEL7 OSPP selects data, RHEL7 CCC selects incremental_async, RHEL8 OSPP doesn't select this rule. #4405 proposes incremental async. It looks like that after RHEL8 CCC will get merged into RHEL8 OSPP there will be a different value in RHEL7 OSPP and RHEL8 OSPP.

@jan-cerny
Copy link
Collaborator

It looks like that after RHEL8 CCC will get merged into RHEL8 OSPP there will be a different value in RHEL7 OSPP and RHEL8 OSPP.

Based on this, adding RHEL 7 and OSPP to the headers seems to be a reasonable solution.

@jan-cerny jan-cerny self-assigned this Jun 24, 2019
@jan-cerny
Copy link
Collaborator

Works for me on an RHEL7 VM target

[jcerny@thinkpad tests{update-auditd_data_retention_flush-test}]$ test_rule auditd_data_retention_flush rhel7
Setting console output to log level INFO
INFO - The DataStream contains 2 Benchmarks
INFO - 0 - scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml
INFO - 1 - scap_org.open-scap_cref_ssg-rhel7-pcidss-xccdf-1.2.xml
INFO - Selected Benchmark is 0
INFO - To select a different Benchmark, use --xccdf-id-number option.
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/scap-security-guide/tests/logs/rule-custom-2019-06-24-1351/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_auditd_data_retention_flush
INFO - Script flush_incremental_async.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK
INFO - Script flush_not_there.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK
INFO - Script flush_incremental.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK
INFO - Script flush_data.pass.sh using profile xccdf_org.ssgproject.content_profile_ospp OK
INFO - Script flush_sync.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK
INFO - Script flush_none.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK

@jan-cerny jan-cerny merged commit e9b845f into ComplianceAsCode:master Jun 24, 2019
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jan-cerny jan-cerny

Labels
None yet
Projects
None yet
Milestone
0.1.45
Development

Successfully merging this pull request may close these issues.
2 participants
@ggbecker @jan-cerny