rpms / scap-security-guide

Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.53-fix-grub2-applicability-in-aarch64-ppc64le-PR_6153.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   973b04979f25b8681652f31e096ad6a32f1cb9e8
  2.   SOURCES
  3.   scap-security-guide-0.1.53-fix-grub2-applicability-in-aarch64-ppc64le-PR_6153.patch
Blob History Raw
973b04 
From cf1d85924b5945506e57f8701be066c83a894378 Mon Sep 17 00:00:00 2001
973b04 
From: Watson Sato <wsato@redhat.com>
973b04 
Date: Mon, 5 Oct 2020 16:40:39 +0200
973b04 
Subject: [PATCH 1/2] Check for grub2-common instead of grub2-pc
973b04
973b04 
Check for grub2 intallation based on grub2-common.
973b04 
grub2-pc is a x86_64 package, but other arches use grub2 as well.
973b04 
---
973b04 
 .../checks/oval/installed_env_has_grub2_package.xml  | 12 ++++++------
973b04 
 ssg/constants.py                                     |  2 +-
973b04 
 2 files changed, 7 insertions(+), 7 deletions(-)
973b04
973b04 
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
973b04 
index e83f45bc3b..2a170d668e 100644
973b04 
--- a/shared/checks/oval/installed_env_has_grub2_package.xml
973b04 
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
973b04 
@@ -6,31 +6,31 @@
973b04 
       <affected family="unix">
973b04 
         <platform>multi_platform_all</platform>
973b04 
       </affected>
973b04 
-      <description>Checks if package grub2-pc is installed.</description>
973b04 
+      <description>Checks if package grub2-common is installed.</description>
973b04 
       <reference ref_id="cpe:/a:grub2" source="CPE" />
973b04 
     </metadata>
973b04 
     <criteria>
973b04 
-      <criterion comment="Package grub2-pc is installed" test_ref="test_env_has_grub2_installed" />
973b04 
+      <criterion comment="Package grub2-common is installed" test_ref="test_env_has_grub2_installed" />
973b04 
     </criteria>
973b04 
   </definition>
973b04
973b04 
 {{% if pkg_system == "rpm" %}}
973b04
973b04 
   id="test_env_has_grub2_installed" version="1"
973b04 
-  comment="system has package grub2-pc installed">
973b04 
+  comment="system has package grub2-common installed">
973b04 
     <linux:object object_ref="obj_env_has_grub2_installed" />
973b04 
   </linux:rpminfo_test>
973b04 
   <linux:rpminfo_object id="obj_env_has_grub2_installed" version="1">
973b04 
-    <linux:name>grub2-pc</linux:name>
973b04 
+    <linux:name>grub2-common</linux:name>
973b04 
   </linux:rpminfo_object>
973b04 
 {{% elif pkg_system == "dpkg" %}}
973b04
973b04 
   id="test_env_has_grub2_installed" version="1"
973b04 
-  comment="system has package grub2-pc installed">
973b04 
+  comment="system has package grub2-common installed">
973b04 
     <linux:object object_ref="obj_env_has_grub2_installed" />
973b04 
   </linux:dpkginfo_test>
973b04 
   <linux:dpkginfo_object id="obj_env_has_grub2_installed" version="1">
973b04 
-    <linux:name>grub2-pc</linux:name>
973b04 
+    <linux:name>grub2-common</linux:name>
973b04 
   </linux:dpkginfo_object>
973b04 
 {{% endif %}}
973b04
973b04 
diff --git a/ssg/constants.py b/ssg/constants.py
973b04 
index b07fe5f0fe..88316374b5 100644
973b04 
--- a/ssg/constants.py
973b04 
+++ b/ssg/constants.py
973b04 
@@ -468,7 +468,7 @@
973b04
973b04 
 # Default platform to package mapping
973b04 
 XCCDF_PLATFORM_TO_PACKAGE = {
973b04 
-  "grub2": "grub2-pc",
973b04 
+  "grub2": "grub2-common",
973b04 
   "login_defs": "login",
973b04 
   "sssd": "sssd-common",
973b04 
   "zipl": "s390utils-base",
973b04
973b04 
From fba876cfc7f85f5b9a696d0f5fa1177299b7c6bb Mon Sep 17 00:00:00 2001
973b04 
From: Watson Sato <wsato@redhat.com>
973b04 
Date: Mon, 5 Oct 2020 16:49:15 +0200
973b04 
Subject: [PATCH 2/2] Handle exception of grub2-coomon in ppc64le
973b04
973b04 
ppc64le systems can use Grub2 or OPAL and the package set will be the
973b04 
same in both cases.
973b04 
Add a few more checks to make sure ppc64le arch is handled correctly.
973b04 
---
973b04 
 .../oval/installed_env_has_grub2_package.xml  | 19 ++++++++++++++++++-
973b04 
 1 file changed, 18 insertions(+), 1 deletion(-)
973b04
973b04 
diff --git a/shared/checks/oval/installed_env_has_grub2_package.xml b/shared/checks/oval/installed_env_has_grub2_package.xml
973b04 
index 2a170d668e..fb2c9cc784 100644
973b04 
--- a/shared/checks/oval/installed_env_has_grub2_package.xml
973b04 
+++ b/shared/checks/oval/installed_env_has_grub2_package.xml
973b04 
@@ -9,8 +9,18 @@
973b04 
       <description>Checks if package grub2-common is installed.</description>
973b04 
       <reference ref_id="cpe:/a:grub2" source="CPE" />
973b04 
     </metadata>
973b04 
-    <criteria>
973b04 
+    <criteria operator="AND">
973b04 
       <criterion comment="Package grub2-common is installed" test_ref="test_env_has_grub2_installed" />
973b04 
+      <criteria operator="OR">
973b04 
+
973b04 
+        and unfortunately the package set installed is the same in both cases.
973b04 
+        But when OPAL is used, /sys/firmware/opal exists.
973b04 
+        So the system uses grub when: -->
973b04 
+
973b04 
+        <criterion comment="Test for ppcle64 architecture" test_ref="test_system_info_architecture_ppcle_64" negate="true" />
973b04 
+
973b04 
+        <criterion comment="Test if OPAL is not used" test_ref="test_system_using_opal" negate="true" />
973b04 
+      </criteria>
973b04 
     </criteria>
973b04 
   </definition>
973b04
973b04 
@@ -34,4 +44,11 @@
973b04 
   </linux:dpkginfo_object>
973b04 
 {{% endif %}}
973b04
973b04 
+  <unix:file_test check="all" check_existence="all_exist" comment="Check if /sys/firware/opal exists" id="test_system_using_opal" version="1">
973b04 
+    <unix:object object_ref="object_system_using_opal" />
973b04 
+  </unix:file_test>
973b04 
+  <unix:file_object id="object_system_using_opal" version="1">
973b04 
+    <unix:filepath>/sys/firmware/opal</unix:filepath>
973b04 
+  </unix:file_object>
973b04 
+
973b04 
 </def-group>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation