Made the rule sshd_rekey_limit parametrized.

[matejak]

Introduce the rekey_limit_size and rekey_limit_time XCCDF values to make the rule more flexible.

There is one problem: The rule uses two XCCDF values, and I think that this is not supported at least for Bash remediations. The remediation code is a wild jungle, is anybody here who knows what buttons to push to make it work? The solution is probably to edit https://github.com/ComplianceAsCode/content/blob/master/ssg/build_remediations.py#L671, but I don't want to mash another hack into a nested-nested-nested if block.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1813066

[yuumasato]

The remediation code is a wild jungle, is anybody here who knows what buttons to push to make it work? The solution is probably to edit https://github.com/ComplianceAsCode/content/blob/master/ssg/build_remediations.py#L671, but I don't want to mash another hack into a nested-nested-nested if block.

You are on the spot.
I remember looking at this code ages ago and wondering why does the fixparts are 2 stepped.
Never got to change it and see how the code works. And without proper tests in place, I'd be reluctant to change it.

What happens is that the parser does not recognize two function names one after the other.
A workaround is to add a new line between the populate calls. (Worked for me locally)

[matejak]

Thanks a lot @yuumasato, your answer was exactly what I dreamt of. I have introduced macros that make sure that there are blank lines.

[matejak]

test this please

[mildas]

Changes identified:
Rule sshd_rekey_limit:
 Ansible remediation newly added.
 Templatization usage changed.
 OVAL check is newly added.
 Bash remediation is newly added.
 Templatazation usage changed.
Profile ospp on rhel8:
 Rule added to ospp profile.
Profile cui on rhel8:
 CUI profile extends changed OSPP profile.
Profile stig on rhel8:
 STIG profile extends changed OSPP profile.
Profile rhelh-stig on rhel8:
 RHELH-STIG profile extends changed STIG profile.
Profile rhelh-vpp on rhel8:
 RHELH-VPP profile extends changed OSPP profile.
Profile ospp-mls on rhel8:
 OSPP-MLS profile extends changed OSPP profile.
Profile ospp on tests:
 Rule added to ospp profile.
Profile stig on tests:
 Rule added to stig profile.
 New key in profile.
Macro ansible_instantiate_variables:
 In Ansible remediation for sshd_rekey_limit.
Macro bash_instantiate_variables:
 In Bash remediation for sshd_rekey_limit.

Recommended tests to execute:
 build_product tests
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-tests-ds.xml ospp
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-tests-ds.xml stig
 build_product rhel8
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml ospp
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml stig
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml rhelh-vpp
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml ospp-mls
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml cui
 test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml rhelh-stig
 build_product ol8
 test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate ansible --datastream build/ssg-ol8-ds.xml sshd_rekey_limit
 test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate bash --datastream build/ssg-ol8-ds.xml sshd_rekey_limit