ctest - add references check test

[mildas]

Description:

Extend test suite to check missing references of rules in profiles.

Now, the test will check:

• rhel7 product - stig cis anssi_nt28_high hipaa
• rhel8 product - cis anssi_bp28_high hipaa

Desired state of the test - check ospp, cui, stig, cis, anssi, and hipaa profiles. However, a lot of rules from ospp, from cui, and from stig (in rhel8) profile miss references. To not block this, those profiles have been excluded and reported - #6842, #6843, and #6844. The profiles will be added to the test when the issues are fixed.

Failure of the test is expected because rules from hipaa and from rhel7 stig miss few references (1, 3, and 11). With this, I want speed up reference completion of those profile and not to create more issues.

Do not merge until this PR ctest passes

Rationale:

To prevent adding rules without references to profiles.

Blocked by #6849

[mildas]

List of rules missing references, output from the test:

rhel7

   audit_rules_login_events_tallylog            
   audit_rules_privileged_commands_sudoedit     
   configure_firewalld_rate_limiting               dconf_db_up_to_date                          
   dconf_gnome_disable_automount                
   dconf_gnome_disable_automount_open           
   dconf_gnome_disable_autorun                  
   mount_option_dev_shm_nodev                   
   mount_option_dev_shm_nosuid                     package_aide_installed                       
   xwindows_runlevel_target                     
*** rules of 'hipaa' profile missing HIPAA Refs: 142 of 143 have them [0% missing]
   dconf_db_up_to_date            

rhel8

*** rules of 'hipaa' profile missing HIPAA Refs: 134 of 137 have them [2% missing]
   configure_crypto_policy                      
   configure_ssh_crypto_policy                     dconf_db_up_to_date          

[mildas]

PR is ready for review and merge. #6849 has been merged, HIPAA missing references has been resolved, and rhel7 stig profile is removed for now.

When other profiles have all references or we have option to filter out rules where we know about missing references and we can do nothing about that, then the profiles can be easily added to the ctest in future.

[jan-cerny]

@mildas I have removed hipaa reference from a rule (grub2_password) which is a part of RHEL 7 HIPAA profile and I have rebuilt the RHEL 7 content but the test missing-references-ssg-rhel7-xccdf.xml still passes for me. I expected that it will start to fail. Can you help me?

[mildas]

@jan-cerny Yes. Have you removed whole row with hipaa: from grub2_password? I tried that and ctest started to fail.
What I did:

1. From linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml, removed

hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)

2. ./build_product rhel7
3. ctest -j 2 --output-on-failure -L quick
   And the test failed:

1/14 Test #40: missing-references-ssg-rhel7-xccdf.xml ..............................***Failed    1.30 sec
*** rules of 'hipaa' profile missing HIPAA Refs: 142 of 143 have them [0% missing]
   grub2_password                               

[jan-cerny]

@mildas OK thanks, I think that make rhel7 just doesn't rebuild everything that's needed to be rebuilt. When rebuilding the whole product it works as expected.