Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSG content for McAfee VSEL #5864

Merged
merged 2 commits into from
Jun 23, 2020
Merged

Add SSG content for McAfee VSEL #5864

merged 2 commits into from
Jun 23, 2020

Conversation

cyarbrough76
Copy link
Contributor

Description:

  • Add new content dir with checks and remediations. edit makelists, buil.product and constance.py

Rationale:

  • Add content to identify and remediate non compliance with VSEL STIG requirements in

@cyarbrough76
Add SSG content for McAfee VSEL
221839e 
Add new content dir with checks and remediations. edit makelists, buil.product and constance.py
@openshift-ci-robot
Copy link
Collaborator

Hi @cyarbrough76. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the needs-ok-to-test Used by openshift-ci bot. label Jun 22, 2020
@redhatrises
Copy link
Contributor

@openscap-ci test this please

redhatrises
redhatrises reviewed Jun 22, 2020
View reviewed changes
CMakeLists.txt Outdated Show resolved Hide resolved
redhatrises
redhatrises reviewed Jun 22, 2020
View reviewed changes
CMakeLists.txt Outdated Show resolved Hide resolved
@redhatrises
Copy link
Contributor

@openscap-ci test this please

@redhatrises
Copy link
Contributor

@cyarbrough76 are you also going to maintain this profile?

@cyarbrough76
Update CMakeLists.txt
66ab9a3 
Shortening "Viruscan Enterprise for Linux" to VSEL.
@mildas
Copy link
Contributor

mildas commented Jun 22, 2020

Changes identified:
Rule checks:
 The rule doesn't occur in any profile nor product.
 OVAL check is newly added.
Rule virus_notification:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule web_client_disabled:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_action_app_primary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_action_app_secondary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_action_default_primary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_action_default_secondary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_action_error:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_action_timeout:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_allFiles:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_decompArchive:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_enabled:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_heuristicAnalysis:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_macroAnalysis:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_program:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_scanMaxTmo:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_scanNWFiles:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_scanOnRead:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule oas_scanOnWrite:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_action_app_primary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_action_app_secondary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_action_default_primary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_action_default_secondary:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_allFiles:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_decompArchive:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_extensions:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_heuristicAnalysis:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_macroAnalysis:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_mime:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_program:
 OVAL check is newly added.
 Bash remediation is newly added.
Rule ods_scanNWFiles_local:
 OVAL check is newly added.
 Bash remediation is newly added.
Profile stig on vsel:
 Newly added profile.
Others:
 Python abstract syntax tree change found in ssg/constants.py.

Recommended tests to execute:
 build_product vsel
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml virus_notification
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml web_client_disabled
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_action_app_primary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_action_app_secondary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_action_default_primary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_action_default_secondary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_action_error
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_action_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_allFiles
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_decompArchive
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_enabled
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_heuristicAnalysis
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_macroAnalysis
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_program
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_scanMaxTmo
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_scanNWFiles
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_scanOnRead
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml oas_scanOnWrite
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_action_app_primary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_action_app_secondary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_action_default_primary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_action_default_secondary
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_allFiles
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_decompArchive
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_extensions
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_heuristicAnalysis
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_macroAnalysis
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_mime
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_program
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-vsel-ds.xml ods_scanNWFiles_local
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-vsel-ds.xml stig
 (cd build && cmake ../ && ctest -j4)

@cyarbrough76
Copy link
Contributor Author

@cyarbrough76 are you also going to maintain this profile?

We intend to apply and test this content quarterly for the foreseeable future and will certainly submit any issues we find.

@redhatrises
Copy link
Contributor

@cyarbrough76 are you also going to maintain this profile?

We intend to apply and test this content quarterly for the foreseeable future and will certainly submit any issues we find.

Sweet! I'll merge, but always think about enhancing the content further for readability and multiple use applications. For example, the titles can be broadly readable that aren't STIG specific for submitting to NIST for review in the NCP program, etc.

@redhatrises redhatrises merged commit 2da39f4 into ComplianceAsCode:master Jun 23, 2020
@redhatrises redhatrises added this to the 0.1.51 milestone Jun 23, 2020
@yuumasato yuumasato added the Highlight This PR/Issue should make it to the featured changelog. label Jun 24, 2020
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redhatrises redhatrises redhatrises left review comments

Assignees
No one assigned
Labels
Highlight This PR/Issue should make it to the featured changelog. needs-ok-to-test Used by openshift-ci bot.
Projects
None yet
Milestone
0.1.51
Development

Successfully merging this pull request may close these issues.
5 participants
@cyarbrough76 @openshift-ci-robot @redhatrises @mildas @yuumasato