rpms / scap-security-guide

Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.54-update_grub2_enable_fips_mode-PR_6418.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   fe0dde01a42673c3eda1933c38a8f78dbff6c1de
  2.   SOURCES
  3.   scap-security-guide-0.1.54-update_grub2_enable_fips_mode-PR_6418.patch
Blob History Raw
fe0dde 
From 48e3c05ea2bdf769700aa1059293e61122cc3798 Mon Sep 17 00:00:00 2001
fe0dde 
From: Gabriel Becker <ggasparb@redhat.com>
fe0dde 
Date: Wed, 25 Nov 2020 12:27:50 +0100
fe0dde 
Subject: [PATCH] Add test to grub2_enable_fips_mode to check if
fe0dde 
 /etc/system-fips exists.
fe0dde
fe0dde 
---
fe0dde 
 .../software/integrity/fips/etc_system_fips_exists/rule.yml     | 2 +-
fe0dde 
 .../integrity/fips/grub2_enable_fips_mode/oval/shared.xml       | 1 +
fe0dde 
 2 files changed, 2 insertions(+), 1 deletion(-)
fe0dde
fe0dde 
diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
fe0dde 
index 2bc0abb631..7b2076df40 100644
fe0dde 
--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
fe0dde 
+++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
fe0dde 
@@ -1,6 +1,6 @@
fe0dde 
 documentation_complete: true
fe0dde
fe0dde 
-prodtype: fedora,rhcos4,ol8,rhel8,rhv4
fe0dde 
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
fe0dde
fe0dde 
 title: Ensure '/etc/system-fips' exists
fe0dde
fe0dde 
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/oval/shared.xml
fe0dde 
index dcd668d97c..31997d844e 100644
fe0dde 
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/oval/shared.xml
fe0dde 
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/oval/shared.xml
fe0dde 
@@ -6,6 +6,7 @@
fe0dde 
       <extend_definition comment="prelink disabled" definition_ref="disable_prelink" />
fe0dde 
       <extend_definition comment="package dracut-fips installed" definition_ref="package_dracut-fips_installed" />
fe0dde 
       <extend_definition comment="package dracut-fips-aesni installed" definition_ref="package_dracut-fips-aesni_installed" />
fe0dde 
+      <extend_definition comment="check /etc/system-fips exists" definition_ref="etc_system_fips_exists" />
fe0dde 
       <criteria operator="OR">
fe0dde 
         <criterion test_ref="test_grub2_enable_fips_mode" comment="check for fips=1 in /etc/default/grub via GRUB_CMDLINE_LINUX" />
fe0dde 
         <criteria operator="AND">

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation