diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml index e59b3edbea0..187f382a78b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml @@ -11,14 +11,14 @@ path: /etc/ntp.conf register: ntp_conf_exist_result -- name: "{{{ rule_title }}} - Update the Maxpoll Values in /etc/ntp.conf" +- name: "{{{ rule_title }}} - Update the maxpoll Values in /etc/ntp.conf" ansible.builtin.replace: path: /etc/ntp.conf regexp: '^(server.*maxpoll)[ ]+[0-9]+(.*)$' replace: '\1 {{ var_time_service_set_maxpoll }}\2' when: ntp_conf_exist_result.stat.exists -- name: "{{{ rule_title }}} - Set the Maxpoll Values in /etc/ntp.conf" +- name: "{{{ rule_title }}} - Set the maxpoll Values in /etc/ntp.conf" ansible.builtin.replace: path: /etc/ntp.conf regexp: '(^server\s+((?!maxpoll).)*)$' @@ -34,29 +34,39 @@ path: {{{ chrony_conf_path }}} register: chrony_conf_exist_result -- name: "{{{ rule_title }}} - Set Chrony Path Facts" - ansible.builtin.set_fact: - chrony_path: {{{ chrony_conf_path }}} +- name: "{{{ rule_title }}} - Update the maxpoll Values in {{{ chrony_conf_path }}}" + ansible.builtin.replace: + path: "{{{ chrony_conf_path }}}" + regexp: '^((?:server|pool|peer).*maxpoll)[ ]+[0-9]+(.*)$' + replace: '\1 {{ var_time_service_set_maxpoll }}\2' + when: chrony_conf_exist_result.stat.exists + +- name: "{{{ rule_title }}} - Set the maxpoll Values in {{{ chrony_conf_path }}}" + ansible.builtin.replace: + path: "{{{ chrony_conf_path }}}" + regexp: '(^(?:server|pool|peer)\s+((?!maxpoll).)*)$' + replace: '\1 maxpoll {{ var_time_service_set_maxpoll }}\n' + when: chrony_conf_exist_result.stat.exists -- name: "{{{ rule_title }}} - Get Conf Files from {{ chrony_path | dirname }}" +- name: "{{{ rule_title }}} - Get Conf Files from {{{ chrony_d_path }}}" ansible.builtin.find: - path: "{{ chrony_path | dirname }}" + path: "{{{ chrony_d_path }}}" patterns: '*.conf' file_type: file - register: chrony_conf_files + register: chrony_d_conf_files -- name: "{{{ rule_title }}} - Update the Maxpoll Values in {{{ chrony_conf_path }}}" +- name: "{{{ rule_title }}} - Update the maxpoll Values in {{{ chrony_d_path }}}" ansible.builtin.replace: path: "{{ item.path }}" regexp: '^((?:server|pool|peer).*maxpoll)[ ]+[0-9]+(.*)$' replace: '\1 {{ var_time_service_set_maxpoll }}\2' - loop: '{{ chrony_conf_files.files }}' - when: chrony_conf_files.matched + loop: '{{ chrony_d_conf_files.files }}' + when: chrony_d_conf_files.matched -- name: "{{{ rule_title }}} - Set the Maxpoll Values in {{{ chrony_conf_path }}}" +- name: "{{{ rule_title }}} - Set the maxpoll Values in {{{ chrony_d_path }}}" ansible.builtin.replace: path: "{{ item.path }}" regexp: '(^(?:server|pool|peer)\s+((?!maxpoll).)*)$' replace: '\1 maxpoll {{ var_time_service_set_maxpoll }}\n' - loop: '{{ chrony_conf_files.files }}' - when: chrony_conf_files.matched + loop: '{{ chrony_d_conf_files.files }}' + when: chrony_d_conf_files.matched diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh index 4bfae45b85a..8a803512670 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh @@ -11,22 +11,19 @@ pof="/usr/sbin/pidof" CONFIG_FILES="/etc/ntp.conf" $pof ntpd || { - CHRONY_NAME={{{ chrony_conf_path }}} - CHRONY_PATH=${CHRONY_NAME%%.*} - CONFIG_FILES=$(find ${CHRONY_PATH}.* -type f -name '*.conf') + CHRONY_D_PATH={{{ chrony_d_path }}} + mapfile -t CONFIG_FILES < <(find ${CHRONY_D_PATH}.* -type f -name '*.conf') + CONFIG_FILES+=({{{ chrony_conf_path }}}) } # get list of ntp files -for config_file in $CONFIG_FILES; do +for config_file in "${CONFIG_FILES[@]}" ; do # Set maxpoll values to var_time_service_set_maxpoll sed -i "s/^\(\(server\|pool\|peer\).*maxpoll\) [0-9][0-9]*\(.*\)$/\1 $var_time_service_set_maxpoll \3/" "$config_file" done - - - -for config_file in $CONFIG_FILES; do +for config_file in "${CONFIG_FILES[@]}" ; do # Add maxpoll to server, pool or peer entries without maxpoll grep "^\(server\|pool\|peer\)" "$config_file" | grep -v maxpoll | while read -r line ; do sed -i "s/$line/& maxpoll $var_time_service_set_maxpoll/" "$config_file" diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml index 5fdac981dc4..38f7c29893e 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml @@ -2,26 +2,18 @@ {{{ oval_metadata("Configure the maxpoll setting in /etc/ntp.conf or chrony.conf to continuously poll the time source servers.") }}} - - - - - + + - - - - - - + - - @@ -38,14 +30,16 @@ 1 +{{% set filepath_regex = "^(" + chrony_conf_path | replace(".", "\.") + "|" + chrony_d_path | replace(".", "\.") + ".+\.conf)$" %}} + - ^/etc/chrony\.(conf|d/.+\.conf)$ + {{{ filepath_regex }}} ^(?:server|pool|peer)[\s]+[\S]+.*maxpoll[\s]+(\d+) 1 @@ -70,13 +64,13 @@ - ^/etc/chrony\.(conf|d/.+\.conf)$ + {{{ filepath_regex }}} ^(?:server|pool|peer)[\s]+[\S]+[\s]+(.*) 1 @@ -85,26 +79,4 @@ maxpoll \d+ - - - - - ^/etc/chrony\.(conf|d/.+\.conf)$ - ^(?:server|pool).* - 1 - - - - - - - /etc/ntp.conf - ^server.* - 1 - - diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml index 750b51871f4..467e730bb32 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml @@ -6,14 +6,13 @@ title: 'Configure Time Service Maxpoll Interval' description: |- The maxpoll should be configured to {{{ xccdf_value("var_time_service_set_maxpoll") }}} in /etc/ntp.conf or - {{{ chrony_conf_path }}} to continuously poll time servers. To configure - maxpoll in /etc/ntp.conf or {{{ chrony_conf_path }}} - add the following after each `server`, `pool` or `peer` entry: + {{{ chrony_conf_path }}} (or {{{ chrony_d_path }}}) to continuously poll time servers. To configure + maxpoll in /etc/ntp.conf or {{{ chrony_conf_path }}} (or {{{ chrony_d_path }}}) + add the following after each server, pool or peer entry: 
maxpoll {{{ xccdf_value("var_time_service_set_maxpoll") }}}
- to 
server
directives. If using chrony any 
pool
directives + to server directives. If using chrony, any pool directives should be configured too. - If no server or pool directives are configured, the rule evaluates - to pass. + {{% if product == "rhcos4" %}}

Note that if the remediation shipping with this content is being used, the @@ -104,7 +103,7 @@ ocil_clause: '"maxpoll" has not been set to the value of "{{{ xccdf_value("var_t ocil: |- Verify {{{ full_name }}} is securely comparing internal information system clocks at a regular interval with an NTP server with the following command: - 

$ sudo grep maxpoll /etc/ntp.conf {{{ chrony_conf_path }}}
+ 
$ sudo grep maxpoll /etc/ntp.conf {{{ chrony_conf_path }}} {{{ chrony_d_path }}}
server [ntp.server.name] iburst maxpoll {{{ xccdf_value("var_time_service_set_maxpoll") }}}
. fixtext: |- diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh index f4c1be98e5c..89bb6c2446f 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh new file mode 100644 index 00000000000..a7d29191615 --- /dev/null +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# packages = chrony +# variables = var_time_service_set_maxpoll=16 +# platform = multi_platform_rhel + +{{{ bash_package_remove("ntp") }}} + +# Remove all server or pool options +sed -i "/^\(server\|pool\).*/d" {{{ chrony_d_path }}}/20-pools.conf + +echo "pool pool.ntp.org iburst maxpoll 18" >> {{{ chrony_d_path }}}/20-pools.conf + +systemctl enable chronyd.service + diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh new file mode 100644 index 00000000000..f6da9d51f38 --- /dev/null +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# packages = chrony +# variables = var_time_service_set_maxpoll=16 +# platform = multi_platform_rhel + +{{{ bash_package_remove("ntp") }}} + +# Remove all pool options +sed -i "/^pool.*/d" {{{ chrony_d_path }}}/10-servers.conf + +if ! grep "^server.*maxpoll 10" {{{ chrony_d_path }}}/10-servers.conf ; then + sed -i "s/^server.*/& maxpoll 10/" {{{ chrony_d_path }}}/10-servers.conf +fi + +echo "server test.ntp.org" >> {{{ chrony_d_path }}}/10-servers.conf + +systemctl enable chronyd.service diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh similarity index 77% rename from linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.pass.sh rename to linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh index 93ee2b1dbab..71ff623a12b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# remediation = none +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh index d91c98f3695..14bcb756d00 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh index beb59cfe61f..02b74f78606 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh index 147a56974f2..6df92bad4aa 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh index 62a5dc849cb..0c557db5f69 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh index c083cd44865..9c9d5559137 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh index 34baa27540c..292814fd64e 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = ntp -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("chrony") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh index 6f5310c3417..48085bcc547 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = ntp -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("chrony") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh index 504e69d0561..e716cf4d4ad 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = ntp -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("chrony") }}} diff --git a/products/debian10/product.yml b/products/debian10/product.yml index 8d6f9937d65..e80b24de24d 100644 --- a/products/debian10/product.yml +++ b/products/debian10/product.yml @@ -19,6 +19,7 @@ init_system: "systemd" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" cpes_root: "../../shared/applicability" cpes: diff --git a/products/ubuntu1604/product.yml b/products/ubuntu1604/product.yml index d9c5676455f..2f67d0405b2 100644 --- a/products/ubuntu1604/product.yml +++ b/products/ubuntu1604/product.yml @@ -21,6 +21,7 @@ oval_feed_url: "https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.xe chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" aide_bin_path: "/usr/bin/aide.wrapper" aide_conf_path: "/etc/aide/aide.conf" diff --git a/products/ubuntu1804/product.yml b/products/ubuntu1804/product.yml index a517fc5d404..aac4a2d8a18 100644 --- a/products/ubuntu1804/product.yml +++ b/products/ubuntu1804/product.yml @@ -20,6 +20,7 @@ init_system: "systemd" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" aide_bin_path: "/usr/bin/aide.wrapper" aide_conf_path: "/etc/aide/aide.conf" diff --git a/products/ubuntu2004/product.yml b/products/ubuntu2004/product.yml index 441dcc54d6f..dcaf24773ac 100644 --- a/products/ubuntu2004/product.yml +++ b/products/ubuntu2004/product.yml @@ -26,6 +26,7 @@ aide_conf_path: "/etc/aide/aide.conf" aide_default_path: "/etc/default/aide" audisp_conf_path: "/etc/audisp" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" cpes_root: "../../shared/applicability" cpes: diff --git a/products/ubuntu2204/product.yml b/products/ubuntu2204/product.yml index b2500cd9958..e4095b77c37 100644 --- a/products/ubuntu2204/product.yml +++ b/products/ubuntu2204/product.yml @@ -25,6 +25,7 @@ aide_bin_path: "/usr/bin/aide" aide_conf_path: "/etc/aide/aide.conf" audisp_conf_path: "/etc/audit" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" cpes_root: "../../shared/applicability" cpes: diff --git a/ssg/constants.py b/ssg/constants.py index c0285809683..14c6cb5d5f3 100644 --- a/ssg/constants.py +++ b/ssg/constants.py @@ -486,6 +486,7 @@ DEFAULT_SSH_DISTRIBUTED_CONFIG = 'false' DEFAULT_PRODUCT = 'example' DEFAULT_CHRONY_CONF_PATH = '/etc/chrony.conf' +DEFAULT_CHRONY_D_PATH = '/etc/chrony.d/' DEFAULT_AUDISP_CONF_PATH = '/etc/audit' DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE = 'false' diff --git a/ssg/products.py b/ssg/products.py index bf26d90e890..f01b09ab479 100644 --- a/ssg/products.py +++ b/ssg/products.py @@ -12,6 +12,7 @@ DEFAULT_AIDE_BIN_PATH, DEFAULT_SSH_DISTRIBUTED_CONFIG, DEFAULT_CHRONY_CONF_PATH, + DEFAULT_CHRONY_D_PATH, DEFAULT_AUDISP_CONF_PATH, DEFAULT_FAILLOCK_PATH, DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE, @@ -66,6 +67,9 @@ def _get_implied_properties(existing_properties): if "chrony_conf_path" not in existing_properties: result["chrony_conf_path"] = DEFAULT_CHRONY_CONF_PATH + if "chrony_d_path" not in existing_properties: + result["chrony_d_path"] = DEFAULT_CHRONY_D_PATH + if "audisp_conf_path" not in existing_properties: result["audisp_conf_path"] = DEFAULT_AUDISP_CONF_PATH diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml index f103c6db73f..39d49e6b72f 100644 --- a/tests/data/product_stability/alinux2.yml +++ b/tests/data/product_stability/alinux2.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ALINUX-2 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - alinux2: check_id: installed_OS_is_alinux2 diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml index dc06bced075..cde45fb3c1a 100644 --- a/tests/data/product_stability/alinux3.yml +++ b/tests/data/product_stability/alinux3.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ALINUX-3 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - alinux3: check_id: installed_OS_is_alinux3 diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml index e5088083033..01edaa2bfc1 100644 --- a/tests/data/product_stability/anolis23.yml +++ b/tests/data/product_stability/anolis23.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ANOLIS-23 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - anolis23: check_id: installed_OS_is_anolis23 diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml index 7b5a1c31b4d..dd0abda59d4 100644 --- a/tests/data/product_stability/anolis8.yml +++ b/tests/data/product_stability/anolis8.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ANOLIS-8 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - anolis8: check_id: installed_OS_is_anolis8 diff --git a/tests/data/product_stability/chromium.yml b/tests/data/product_stability/chromium.yml index 3f880c50d63..259552fbfe2 100644 --- a/tests/data/product_stability/chromium.yml +++ b/tests/data/product_stability/chromium.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: CHROMIUM benchmark_root: ./guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - chromium: check_id: installed_app_is_chromium diff --git a/tests/data/product_stability/debian10.yml b/tests/data/product_stability/debian10.yml index a6c6e60f653..667c3615c8e 100644 --- a/tests/data/product_stability/debian10.yml +++ b/tests/data/product_stability/debian10.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: DEBIAN-10 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - debian10: check_id: installed_OS_is_debian10 diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml index 94f6ea02d87..4c8d64ee576 100644 --- a/tests/data/product_stability/debian11.yml +++ b/tests/data/product_stability/debian11.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: DEBIAN-11 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - debian11: check_id: installed_OS_is_debian11 diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml index 0fd222b916b..a6dd2a017a0 100644 --- a/tests/data/product_stability/debian12.yml +++ b/tests/data/product_stability/debian12.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: DEBIAN-12 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - debian12: check_id: installed_OS_is_debian12 diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml index 824727f5613..135023ebf43 100644 --- a/tests/data/product_stability/eks.yml +++ b/tests/data/product_stability/eks.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: EKS benchmark_root: ../../applications chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - eks: check_id: installed_app_is_eks diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml index a60266bd692..f20e554e6de 100644 --- a/tests/data/product_stability/example.yml +++ b/tests/data/product_stability/example.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: EXAMPLE benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - example: diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml index 6e663307563..0002055e7ee 100644 --- a/tests/data/product_stability/fedora.yml +++ b/tests/data/product_stability/fedora.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: FEDORA benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - fedora_40: diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml index a78ebf03a09..562f3c85a88 100644 --- a/tests/data/product_stability/firefox.yml +++ b/tests/data/product_stability/firefox.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: FIREFOX benchmark_root: ./guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - firefox: check_id: installed_app_is_firefox diff --git a/tests/data/product_stability/macos1015.yml b/tests/data/product_stability/macos1015.yml index 6658057e400..0124fed6df5 100644 --- a/tests/data/product_stability/macos1015.yml +++ b/tests/data/product_stability/macos1015.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: macOS-1015 benchmark_root: ../../apple_os/ chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - macos15: check_id: installed_OS_is_macos1015 diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml index 7de4ce50e40..75c8888648a 100644 --- a/tests/data/product_stability/ocp4.yml +++ b/tests/data/product_stability/ocp4.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OCP-4 benchmark_root: ../../applications chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ocp4: check_id: installed_app_is_ocp4 diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml index 7cdb3d23c73..617a8f908cc 100644 --- a/tests/data/product_stability/ol7.yml +++ b/tests/data/product_stability/ol7.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OL-7 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ol7: check_id: installed_OS_is_ol7 diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml index 34260388e81..955a324cc73 100644 --- a/tests/data/product_stability/ol8.yml +++ b/tests/data/product_stability/ol8.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OL-8 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ol8: check_id: installed_OS_is_ol8 diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml index 0afdd93bade..4e9241d8b96 100644 --- a/tests/data/product_stability/ol9.yml +++ b/tests/data/product_stability/ol9.yml @@ -11,6 +11,7 @@ basic_properties_derived: true benchmark_id: OL-9 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ol9: check_id: installed_OS_is_ol9 diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml index 64b54240b24..ad8a3798dbb 100644 --- a/tests/data/product_stability/openembedded.yml +++ b/tests/data/product_stability/openembedded.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OPENEMBEDDED benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - openembedded: check_id: installed_OS_is_openembedded diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml index 175f386cb7a..c7214c7d51a 100644 --- a/tests/data/product_stability/opensuse.yml +++ b/tests/data/product_stability/opensuse.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OPENSUSE benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - opensuse-42.1: check_id: installed_OS_is_opensuse_leap42 diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml index f3095b39d9c..4f242c6f2f8 100644 --- a/tests/data/product_stability/rhcos4.yml +++ b/tests/data/product_stability/rhcos4.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: RHCOS-4 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - rhcos4: check_id: installed_OS_is_rhcos4 diff --git a/tests/data/product_stability/rhel7.yml b/tests/data/product_stability/rhel7.yml index 1556143b580..15b6418f67d 100644 --- a/tests/data/product_stability/rhel7.yml +++ b/tests/data/product_stability/rhel7.yml @@ -14,6 +14,7 @@ centos_major_version: '7' centos_pkg_release: 53a7ff4b centos_pkg_version: f4a80eb5 chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - rhel7: diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml index 94d07042df5..a3647a9df47 100644 --- a/tests/data/product_stability/rhel8.yml +++ b/tests/data/product_stability/rhel8.yml @@ -14,6 +14,7 @@ centos_major_version: '8' centos_pkg_release: 5ccc5b19 centos_pkg_version: 8483c65d chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - rhel8: diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml index 722b08800ee..e9e0fe03b58 100644 --- a/tests/data/product_stability/rhel9.yml +++ b/tests/data/product_stability/rhel9.yml @@ -14,6 +14,7 @@ centos_major_version: '9' centos_pkg_release: 5ccc5b19 centos_pkg_version: 8483c65d chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - rhel9: diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml index 9832193adcd..59f81d865f7 100644 --- a/tests/data/product_stability/rhv4.yml +++ b/tests/data/product_stability/rhv4.yml @@ -11,6 +11,7 @@ basic_properties_derived: true benchmark_id: RHV-4 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - rhel8-host: check_id: installed_OS_is_rhv4 diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml index 2c9f07084d3..db5526ea7b1 100644 --- a/tests/data/product_stability/sle12.yml +++ b/tests/data/product_stability/sle12.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: SLE-12 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - sle12-server: check_id: installed_OS_is_sle12 diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml index 169a6b4d729..7a82d1a09b5 100644 --- a/tests/data/product_stability/sle15.yml +++ b/tests/data/product_stability/sle15.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: SLE-15 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - sle15-server: check_id: installed_OS_is_sle15 diff --git a/tests/data/product_stability/ubuntu1604.yml b/tests/data/product_stability/ubuntu1604.yml index dc58218aed0..954a108c7c1 100644 --- a/tests/data/product_stability/ubuntu1604.yml +++ b/tests/data/product_stability/ubuntu1604.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UBUNTU-XENIAL benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu1604: check_id: installed_OS_is_ubuntu1604 diff --git a/tests/data/product_stability/ubuntu1804.yml b/tests/data/product_stability/ubuntu1804.yml index 14e83226358..f5159a1cb5c 100644 --- a/tests/data/product_stability/ubuntu1804.yml +++ b/tests/data/product_stability/ubuntu1804.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UBUNTU-BIONIC benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu1804: check_id: installed_OS_is_ubuntu1804 diff --git a/tests/data/product_stability/ubuntu2004.yml b/tests/data/product_stability/ubuntu2004.yml index ff620f66e69..a4ac65be7c8 100644 --- a/tests/data/product_stability/ubuntu2004.yml +++ b/tests/data/product_stability/ubuntu2004.yml @@ -9,6 +9,7 @@ basic_properties_derived: true benchmark_id: UBUNTU_20-04 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu2004: check_id: installed_OS_is_ubuntu2004 diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml index d8c60dd2f3c..75f0653b333 100644 --- a/tests/data/product_stability/ubuntu2204.yml +++ b/tests/data/product_stability/ubuntu2204.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UBUNTU_22-04 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu2204: check_id: installed_OS_is_ubuntu2204 diff --git a/tests/data/product_stability/uos20.yml b/tests/data/product_stability/uos20.yml index e0a6763ddfe..01c78e8ad3f 100644 --- a/tests/data/product_stability/uos20.yml +++ b/tests/data/product_stability/uos20.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UOS-20 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - uos20: check_id: installed_OS_is_uos20