Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduced macros for working with XCCDF values into the wide content #6048

Merged
merged 3 commits into from
Sep 15, 2020
Merged

Introduced macros for working with XCCDF values into the wide content #6048

merged 3 commits into from
Sep 15, 2020

Conversation

matejak
Copy link
Member

@matejak matejak commented Sep 4, 2020
edited
Loading

Those macros always were there, and this PR makes sure that they are used, so they make the content less cryptic, and they navigate content authors that create new content based on the existing one.

  • The xccdf_value macro: This macro hides the actual implementation of the substitution, it "just works", and it opens ways how to support variables even outside of the SCAP content, where there is no scanner to do the acutal substitution.
  • The Bash macro: The former populate ... mechanism is not Bash, it is a special trick perforemd by our build system.
    This trick is confusing, its support in the build system is implemented as a complex code, and it doesnt support multiple values per remediation intuitively.
    This makes the build system involvement explicit, and it opens possibilities to perform implementation changes without breaking backward compatibility.
  • The Ansible macro: The former - (xccdf-var ...) mechanism is not Ansible, and jinja is well-established in our project as an interface between user input and final content.

There is no OVAL macro for external_variable. On one hand, it's quite a lot of typing that could be performed automatically, but at the same time, unlike the previous cases, that construct is a legitimate way of using external variables, so I have decided to keep it that way.

@openshift-ci-robot
Copy link
Collaborator

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Sep 4, 2020
@matejak matejak force-pushed the value_macros branch 2 times, most recently from a927ce7 to dd3b43a Compare September 4, 2020 12:14
@openshift-ci-robot openshift-ci-robot added the needs-rebase Used by openshift-ci bot. label Sep 6, 2020
yuumasato
yuumasato reviewed Sep 7, 2020
View reviewed changes
Copy link
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@matejak matejak marked this pull request as ready for review September 7, 2020 11:06
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Sep 7, 2020
@openshift-ci-robot openshift-ci-robot removed the needs-rebase Used by openshift-ci bot. label Sep 7, 2020
@matejak
Copy link
Member Author

matejak commented Sep 9, 2020

/retest

@matejak matejak added this to the 0.1.53 milestone Sep 9, 2020
@matejak
Copy link
Member Author

matejak commented Sep 10, 2020

/retest

@jan-cerny jan-cerny self-assigned this Sep 11, 2020
jan-cerny
jan-cerny requested changes Sep 14, 2020
View reviewed changes
linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml Outdated
@@ -46,6 +46,6 @@ ocil: |-
configured for all users on the system:
<pre># grep "maxlogins" /etc/security/limits.conf</pre>
You should receive output similar to the following:
<pre>*\t\thard\tmaxlogins\t<sub idref="var_accounts_max_concurrent_login_sessions" /></pre>
<pre>*\t\thard\tmaxlogins\tsub_var_value("var_accounts_max_concurrent_login_sessions")</pre>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks wrong.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great catch!

@matejak
Replace XCCDF value substitution code by a macro.
da0a661 
The macro hides the actual implementation of the substitution,
it "just works", and it opens ways how to support variables
even outside of the SCAP content, where there is no scanner
to do the acutal substitution.

Renamed the macro to xccdf_value, kept the old one for backward compatibility.
@matejak
Replaced XCCDF value instantiation in Bash by a macro call.
b3d3c26 
The former populate ... mechanism is not Bash, it is a special trick perforemd by our build system.
This trick is confusing, its support in the build system is implemented as a complex code, and
it doesnt support multiple values per remediation intuitively.

This makes the build system involvement explicit, and it opens possibilities to perform implementation
changes without breaking backward compatibility.
@matejak
Replaced XCCDF value instantiation in Ansible by a macro call.
359c54f 
The former - (xccdf-var ...) mechanism is not Ansible, and jinja is well-established
in our project as an interface between user input and final content.
@mildas
Copy link
Contributor

mildas commented Sep 14, 2020

Changes identified:
Rule postfix_client_configure_mail_alias:
 Found change in bash remediation.
Rule postfix_network_listening_disabled:
 Ansible remediation changed.
Rule chronyd_or_ntpd_set_maxpoll:
 Found change in bash remediation.
Rule chronyd_or_ntpd_specify_multiple_servers:
 Found change in bash remediation.
Rule chronyd_or_ntpd_specify_remote_server:
 Found change in bash remediation.
Rule chronyd_specify_remote_server:
 Ansible remediation changed.
 Found change in bash remediation.
Rule firewalld_sshd_port_enabled:
 Ansible remediation changed.
Rule sshd_disable_compression:
 Found change in bash remediation.
Rule sshd_set_idle_timeout:
 Templatization usage changed.
 Found change in bash remediation.
Rule sshd_set_keepalive:
 Templatization usage changed.
 Found change in bash remediation.
Rule sshd_set_max_auth_tries:
 Templatization usage changed.
 Found change in bash remediation.
Rule sshd_set_max_sessions:
 Templatization usage changed.
 Found change in bash remediation.
Rule sshd_use_approved_ciphers:
 Templatization usage changed.
 Found change in bash remediation.
Rule sshd_use_approved_macs:
 Templatization usage changed.
 Found change in bash remediation.
Rule sshd_use_priv_separation:
 Found change in bash remediation.
Rule sssd_memcache_timeout:
 Ansible remediation changed.
 Found change in bash remediation.
Rule sssd_ssh_known_hosts_timeout:
 Ansible remediation changed.
 Found change in bash remediation.
Rule banner_etc_issue:
 Ansible remediation changed.
 Found change in bash remediation.
Rule banner_etc_motd:
 Ansible remediation changed.
 Found change in bash remediation.
Rule dconf_gnome_login_banner_text:
 Ansible remediation changed.
 Found change in bash remediation.
Rule rhel6:
 The rule doesn't occur in any profile nor product.
 Found change in bash remediation.
Rule accounts_password_pam_unix_remember:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_passwords_pam_faillock_deny:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_passwords_pam_faillock_interval:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_passwords_pam_faillock_unlock_time:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_password_pam_retry:
 Ansible remediation changed.
 Found change in bash remediation.
Rule configure_opensc_card_drivers:
 Ansible remediation changed.
 Found change in bash remediation.
Rule force_opensc_card_drivers:
 Ansible remediation changed.
 Found change in bash remediation.
Rule account_disable_post_pw_expiration:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_maximum_age_login_defs:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_minimum_age_login_defs:
 Ansible remediation changed.
 Found change in bash remediation.
Rule fedora:
 The rule doesn't occur in any profile nor product.
 Found change in bash remediation.
Rule accounts_password_minlen_login_defs:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_password_warn_age_login_defs:
 Ansible remediation changed.
 Found change in bash remediation.
Rule wrlinux:
 The rule doesn't occur in any profile nor product.
 Found change in bash remediation.
Rule accounts_logon_fail_delay:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_max_concurrent_login_sessions:
 Found change in bash remediation.
Rule accounts_tmout:
 Templatization usage changed.
 Found change in bash remediation.
Rule accounts_umask_etc_bashrc:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_umask_etc_csh_cshrc:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_umask_etc_login_defs:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_umask_etc_profile:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_audispd_configure_remote_server:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_disk_error_action:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_disk_full_action:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_action_mail_acct:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_admin_space_left_action:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_flush:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_max_log_file:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_max_log_file_action:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_num_logs:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_space_left:
 Ansible remediation changed.
 Found change in bash remediation.
Rule auditd_data_retention_space_left_action:
 Ansible remediation changed.
 Found change in bash remediation.
Rule rsyslog_remote_loghost:
 Ansible remediation changed.
 Found change in bash remediation.
Rule configure_firewalld_ports:
 Found change in bash remediation.
Rule umask_for_daemons:
 Found change in bash remediation.
Rule selinux_policytype:
 Found change in bash remediation.
Rule selinux_state:
 Found change in bash remediation.
Rule dconf_gnome_screensaver_idle_delay:
 Ansible remediation changed.
 Found change in bash remediation.
Rule dconf_gnome_screensaver_lock_delay:
 Found change in bash remediation.
Rule configure_crypto_policy:
 Ansible remediation changed.
 Found change in bash remediation.
Rule accounts_authorized_local_users:
 The rule doesn't occur in any profile nor product.
 Found change in bash remediation.
Rule accounts_authorized_local_users_sidadm_orasid:
 Found change in bash remediation.
Macro openshift_cluster_setting:

Macro sub_var_value:

Macro xccdf_value:

Recommended tests to execute:
 build_product rhel8
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml sshd_set_max_sessions
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel8-ds.xml sshd_set_max_sessions
 build_product debian10
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-debian10-ds.xml sshd_set_idle_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-debian10-ds.xml sshd_set_idle_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-debian10-ds.xml sshd_set_keepalive
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-debian10-ds.xml sshd_set_keepalive
 build_product rhcos4
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhcos4-ds.xml auditd_data_disk_error_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhcos4-ds.xml auditd_data_disk_error_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhcos4-ds.xml auditd_data_disk_full_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhcos4-ds.xml auditd_data_disk_full_action
 build_product ol8
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml firewalld_sshd_port_enabled
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml accounts_umask_etc_bashrc
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol8-ds.xml accounts_umask_etc_bashrc
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml accounts_umask_etc_csh_cshrc
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol8-ds.xml accounts_umask_etc_csh_cshrc
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml accounts_umask_etc_profile
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol8-ds.xml accounts_umask_etc_profile
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml auditd_data_retention_flush
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol8-ds.xml auditd_data_retention_flush
 build_product ol7
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml chronyd_or_ntpd_set_maxpoll
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml sshd_disable_compression
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol7-ds.xml sshd_use_approved_ciphers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml sshd_use_approved_ciphers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol7-ds.xml sshd_use_approved_macs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml sshd_use_approved_macs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml sshd_use_priv_separation
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol7-ds.xml accounts_logon_fail_delay
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml accounts_logon_fail_delay
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml accounts_max_concurrent_login_sessions
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol7-ds.xml accounts_umask_etc_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml accounts_umask_etc_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol7-ds.xml auditd_data_retention_space_left
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml auditd_data_retention_space_left
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml configure_firewalld_ports
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-ol7-ds.xml accounts_authorized_local_users_sidadm_orasid
 build_product rhel6
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel6-ds.xml postfix_client_configure_mail_alias
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel6-ds.xml postfix_network_listening_disabled
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel6-ds.xml umask_for_daemons
 build_product fedora
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml chronyd_or_ntpd_specify_multiple_servers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml chronyd_or_ntpd_specify_remote_server
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml banner_etc_issue
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml banner_etc_issue
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml dconf_gnome_login_banner_text
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml dconf_gnome_login_banner_text
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_password_pam_unix_remember
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_password_pam_unix_remember
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_passwords_pam_faillock_deny
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_passwords_pam_faillock_deny
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_passwords_pam_faillock_interval
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_passwords_pam_faillock_interval
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_passwords_pam_faillock_unlock_time
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_passwords_pam_faillock_unlock_time
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_password_pam_retry
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_password_pam_retry
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml configure_opensc_card_drivers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml configure_opensc_card_drivers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml force_opensc_card_drivers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml force_opensc_card_drivers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml account_disable_post_pw_expiration
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml account_disable_post_pw_expiration
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_maximum_age_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_maximum_age_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_minimum_age_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_minimum_age_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_password_minlen_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_password_minlen_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_password_warn_age_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_password_warn_age_login_defs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml accounts_tmout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml accounts_tmout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_audispd_configure_remote_server
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_audispd_configure_remote_server
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_data_retention_action_mail_acct
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_data_retention_action_mail_acct
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_data_retention_admin_space_left_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_data_retention_admin_space_left_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_data_retention_max_log_file
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_data_retention_max_log_file
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_data_retention_max_log_file_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_data_retention_max_log_file_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_data_retention_num_logs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_data_retention_num_logs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml auditd_data_retention_space_left_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml auditd_data_retention_space_left_action
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml rsyslog_remote_loghost
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml rsyslog_remote_loghost
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml selinux_policytype
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml selinux_state
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml dconf_gnome_screensaver_idle_delay
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml dconf_gnome_screensaver_idle_delay
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml dconf_gnome_screensaver_lock_delay
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-fedora-ds.xml configure_crypto_policy
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-fedora-ds.xml configure_crypto_policy
 build_product rhel7
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel7-ds.xml chronyd_specify_remote_server
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel7-ds.xml chronyd_specify_remote_server
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel7-ds.xml sshd_set_max_auth_tries
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel7-ds.xml sshd_set_max_auth_tries
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel7-ds.xml sssd_memcache_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel7-ds.xml sssd_memcache_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel7-ds.xml sssd_ssh_known_hosts_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel7-ds.xml sssd_ssh_known_hosts_timeout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel7-ds.xml banner_etc_motd
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel7-ds.xml banner_etc_motd

@jan-cerny jan-cerny changed the title Introduced macros for working with XCCDF values into the wide content. Introduced macros for working with XCCDF values into the wide content Sep 14, 2020
@JAORMX
Copy link
Contributor

JAORMX commented Sep 14, 2020

/test e2e-aws-rhcos4-e8

@jan-cerny jan-cerny merged commit d4a97d8 into ComplianceAsCode:master Sep 15, 2020
@jan-cerny
Copy link
Collaborator

Thank you, this is a big improvement.

This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuumasato yuumasato yuumasato left review comments

@jan-cerny jan-cerny jan-cerny requested changes

Assignees

@jan-cerny jan-cerny

Labels
None yet
Projects
None yet
Milestone
0.1.53
Development

Successfully merging this pull request may close these issues.
6 participants
@matejak @openshift-ci-robot @mildas @JAORMX @jan-cerny @yuumasato