From c705bbced074d5afb78ea8bad84531b5e72455bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 7 May 2024 13:12:12 +0200 Subject: [PATCH 1/9] Define path for chrony.d configuration directory --- products/debian10/product.yml | 1 + products/ubuntu1604/product.yml | 1 + products/ubuntu1804/product.yml | 1 + products/ubuntu2004/product.yml | 1 + products/ubuntu2204/product.yml | 1 + ssg/constants.py | 1 + ssg/products.py | 4 ++++ 7 files changed, 10 insertions(+) diff --git a/products/debian10/product.yml b/products/debian10/product.yml index 8d6f9937d65..e80b24de24d 100644 --- a/products/debian10/product.yml +++ b/products/debian10/product.yml @@ -19,6 +19,7 @@ init_system: "systemd" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" cpes_root: "../../shared/applicability" cpes: diff --git a/products/ubuntu1604/product.yml b/products/ubuntu1604/product.yml index d9c5676455f..2f67d0405b2 100644 --- a/products/ubuntu1604/product.yml +++ b/products/ubuntu1604/product.yml @@ -21,6 +21,7 @@ oval_feed_url: "https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.xe chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" aide_bin_path: "/usr/bin/aide.wrapper" aide_conf_path: "/etc/aide/aide.conf" diff --git a/products/ubuntu1804/product.yml b/products/ubuntu1804/product.yml index a517fc5d404..aac4a2d8a18 100644 --- a/products/ubuntu1804/product.yml +++ b/products/ubuntu1804/product.yml @@ -20,6 +20,7 @@ init_system: "systemd" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" aide_bin_path: "/usr/bin/aide.wrapper" aide_conf_path: "/etc/aide/aide.conf" diff --git a/products/ubuntu2004/product.yml b/products/ubuntu2004/product.yml index 441dcc54d6f..dcaf24773ac 100644 --- a/products/ubuntu2004/product.yml +++ b/products/ubuntu2004/product.yml @@ -26,6 +26,7 @@ aide_conf_path: "/etc/aide/aide.conf" aide_default_path: "/etc/default/aide" audisp_conf_path: "/etc/audisp" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" cpes_root: "../../shared/applicability" cpes: diff --git a/products/ubuntu2204/product.yml b/products/ubuntu2204/product.yml index b2500cd9958..e4095b77c37 100644 --- a/products/ubuntu2204/product.yml +++ b/products/ubuntu2204/product.yml @@ -25,6 +25,7 @@ aide_bin_path: "/usr/bin/aide" aide_conf_path: "/etc/aide/aide.conf" audisp_conf_path: "/etc/audit" chrony_conf_path: "/etc/chrony/chrony.conf" +chrony_d_path: "/etc/chrony/conf.d/" cpes_root: "../../shared/applicability" cpes: diff --git a/ssg/constants.py b/ssg/constants.py index c0285809683..14c6cb5d5f3 100644 --- a/ssg/constants.py +++ b/ssg/constants.py @@ -486,6 +486,7 @@ DEFAULT_SSH_DISTRIBUTED_CONFIG = 'false' DEFAULT_PRODUCT = 'example' DEFAULT_CHRONY_CONF_PATH = '/etc/chrony.conf' +DEFAULT_CHRONY_D_PATH = '/etc/chrony.d/' DEFAULT_AUDISP_CONF_PATH = '/etc/audit' DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE = 'false' diff --git a/ssg/products.py b/ssg/products.py index bf26d90e890..f01b09ab479 100644 --- a/ssg/products.py +++ b/ssg/products.py @@ -12,6 +12,7 @@ DEFAULT_AIDE_BIN_PATH, DEFAULT_SSH_DISTRIBUTED_CONFIG, DEFAULT_CHRONY_CONF_PATH, + DEFAULT_CHRONY_D_PATH, DEFAULT_AUDISP_CONF_PATH, DEFAULT_FAILLOCK_PATH, DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE, @@ -66,6 +67,9 @@ def _get_implied_properties(existing_properties): if "chrony_conf_path" not in existing_properties: result["chrony_conf_path"] = DEFAULT_CHRONY_CONF_PATH + if "chrony_d_path" not in existing_properties: + result["chrony_d_path"] = DEFAULT_CHRONY_D_PATH + if "audisp_conf_path" not in existing_properties: result["audisp_conf_path"] = DEFAULT_AUDISP_CONF_PATH From d5f992518d968490f3e08729c4568eacaf8b7733 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 7 May 2024 13:12:47 +0200 Subject: [PATCH 2/9] Fix Ansible in chronyd_or_ntpd_set_maxpoll The Ansible Tasks in this rule manipulate with many unrelated files such as /etc/sestatus.conf or /etc/krb5.conf. The reason is that they wrongly use the chrony_conf_path variable. They get the name of the parent directory and look for all .conf files there. This probably works nicely for Ubuntu products, where chrony_conf_path is set to /etc/chrony/chrony.conf, but creates harm in all other products where chrony_conf_path is set to /etc/chrony.conf, so the dirname is /etc and the search matches all *.conf files in /etc. We will fix this problem by explicit using the chrony_d_path content variable which defines path to the chrony configuration directory. --- .../ansible/shared.yml | 38 ++++++++++++------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml index e59b3edbea0..187f382a78b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml @@ -11,14 +11,14 @@ path: /etc/ntp.conf register: ntp_conf_exist_result -- name: "{{{ rule_title }}} - Update the Maxpoll Values in /etc/ntp.conf" +- name: "{{{ rule_title }}} - Update the maxpoll Values in /etc/ntp.conf" ansible.builtin.replace: path: /etc/ntp.conf regexp: '^(server.*maxpoll)[ ]+[0-9]+(.*)$' replace: '\1 {{ var_time_service_set_maxpoll }}\2' when: ntp_conf_exist_result.stat.exists -- name: "{{{ rule_title }}} - Set the Maxpoll Values in /etc/ntp.conf" +- name: "{{{ rule_title }}} - Set the maxpoll Values in /etc/ntp.conf" ansible.builtin.replace: path: /etc/ntp.conf regexp: '(^server\s+((?!maxpoll).)*)$' @@ -34,29 +34,39 @@ path: {{{ chrony_conf_path }}} register: chrony_conf_exist_result -- name: "{{{ rule_title }}} - Set Chrony Path Facts" - ansible.builtin.set_fact: - chrony_path: {{{ chrony_conf_path }}} +- name: "{{{ rule_title }}} - Update the maxpoll Values in {{{ chrony_conf_path }}}" + ansible.builtin.replace: + path: "{{{ chrony_conf_path }}}" + regexp: '^((?:server|pool|peer).*maxpoll)[ ]+[0-9]+(.*)$' + replace: '\1 {{ var_time_service_set_maxpoll }}\2' + when: chrony_conf_exist_result.stat.exists + +- name: "{{{ rule_title }}} - Set the maxpoll Values in {{{ chrony_conf_path }}}" + ansible.builtin.replace: + path: "{{{ chrony_conf_path }}}" + regexp: '(^(?:server|pool|peer)\s+((?!maxpoll).)*)$' + replace: '\1 maxpoll {{ var_time_service_set_maxpoll }}\n' + when: chrony_conf_exist_result.stat.exists -- name: "{{{ rule_title }}} - Get Conf Files from {{ chrony_path | dirname }}" +- name: "{{{ rule_title }}} - Get Conf Files from {{{ chrony_d_path }}}" ansible.builtin.find: - path: "{{ chrony_path | dirname }}" + path: "{{{ chrony_d_path }}}" patterns: '*.conf' file_type: file - register: chrony_conf_files + register: chrony_d_conf_files -- name: "{{{ rule_title }}} - Update the Maxpoll Values in {{{ chrony_conf_path }}}" +- name: "{{{ rule_title }}} - Update the maxpoll Values in {{{ chrony_d_path }}}" ansible.builtin.replace: path: "{{ item.path }}" regexp: '^((?:server|pool|peer).*maxpoll)[ ]+[0-9]+(.*)$' replace: '\1 {{ var_time_service_set_maxpoll }}\2' - loop: '{{ chrony_conf_files.files }}' - when: chrony_conf_files.matched + loop: '{{ chrony_d_conf_files.files }}' + when: chrony_d_conf_files.matched -- name: "{{{ rule_title }}} - Set the Maxpoll Values in {{{ chrony_conf_path }}}" +- name: "{{{ rule_title }}} - Set the maxpoll Values in {{{ chrony_d_path }}}" ansible.builtin.replace: path: "{{ item.path }}" regexp: '(^(?:server|pool|peer)\s+((?!maxpoll).)*)$' replace: '\1 maxpoll {{ var_time_service_set_maxpoll }}\n' - loop: '{{ chrony_conf_files.files }}' - when: chrony_conf_files.matched + loop: '{{ chrony_d_conf_files.files }}' + when: chrony_d_conf_files.matched From a75fa96c5926b2ded79b450ee7ba30e0b6ea4f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 7 May 2024 13:16:24 +0200 Subject: [PATCH 3/9] Add new test scenarios Adds scenarios testing the configuration in the .d directory. --- .../tests/chrony_d_one_pool_misconfigured.fail.sh | 12 ++++++++++++ .../chrony_d_one_server_misconfigured.fail.sh | 15 +++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh create mode 100644 linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh new file mode 100644 index 00000000000..fc35bbc3d6c --- /dev/null +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# packages = chrony + +{{{ bash_package_remove("ntp") }}} + +# Remove all server or pool options +sed -i "/^\(server\|pool\).*/d" {{{ chrony_d_path }}}/20-pools.conf + +echo "pool pool.ntp.org iburst maxpoll 18" >> {{{ chrony_d_path }}}/20-pools.conf + +systemctl enable chronyd.service + diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh new file mode 100644 index 00000000000..a55178973ca --- /dev/null +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# packages = chrony + +{{{ bash_package_remove("ntp") }}} + +# Remove all pool options +sed -i "/^pool.*/d" {{{ chrony_d_path }}}/10-servers.conf + +if ! grep "^server.*maxpoll 10" {{{ chrony_d_path }}}/10-servers.conf ; then + sed -i "s/^server.*/& maxpoll 10/" {{{ chrony_d_path }}}/10-servers.conf +fi + +echo "server test.ntp.org" >> {{{ chrony_d_path }}}/10-servers.conf + +systemctl enable chronyd.service From a8229925a57a216e2dc2647db2b658211d8aff4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 7 May 2024 14:07:12 +0200 Subject: [PATCH 4/9] Fix HTML tags in rule description --- .../guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml index 750b51871f4..f9635051cc0 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml @@ -8,9 +8,9 @@ description: |- {{{ xccdf_value("var_time_service_set_maxpoll") }}} in /etc/ntp.conf or {{{ chrony_conf_path }}} to continuously poll time servers. To configure maxpoll in /etc/ntp.conf or {{{ chrony_conf_path }}} - add the following after each `server`, `pool` or `peer` entry: + add the following after each server, pool or peer entry: 
maxpoll {{{ xccdf_value("var_time_service_set_maxpoll") }}}
- to 
server
directives. If using chrony any 
pool
directives + to server directives. If using chrony, any pool directives should be configured too. If no server or pool directives are configured, the rule evaluates to pass. From 9e2965908f469b403e4b531fa81a991d304b91f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 7 May 2024 15:12:33 +0200 Subject: [PATCH 5/9] Update products stability data --- tests/data/product_stability/alinux2.yml | 1 + tests/data/product_stability/alinux3.yml | 1 + tests/data/product_stability/anolis23.yml | 1 + tests/data/product_stability/anolis8.yml | 1 + tests/data/product_stability/chromium.yml | 1 + tests/data/product_stability/debian10.yml | 1 + tests/data/product_stability/debian11.yml | 1 + tests/data/product_stability/debian12.yml | 1 + tests/data/product_stability/eks.yml | 1 + tests/data/product_stability/example.yml | 1 + tests/data/product_stability/fedora.yml | 1 + tests/data/product_stability/firefox.yml | 1 + tests/data/product_stability/macos1015.yml | 1 + tests/data/product_stability/ocp4.yml | 1 + tests/data/product_stability/ol7.yml | 1 + tests/data/product_stability/ol8.yml | 1 + tests/data/product_stability/ol9.yml | 1 + tests/data/product_stability/openembedded.yml | 1 + tests/data/product_stability/opensuse.yml | 1 + tests/data/product_stability/rhcos4.yml | 1 + tests/data/product_stability/rhel7.yml | 1 + tests/data/product_stability/rhel8.yml | 1 + tests/data/product_stability/rhel9.yml | 1 + tests/data/product_stability/rhv4.yml | 1 + tests/data/product_stability/sle12.yml | 1 + tests/data/product_stability/sle15.yml | 1 + tests/data/product_stability/ubuntu1604.yml | 1 + tests/data/product_stability/ubuntu1804.yml | 1 + tests/data/product_stability/ubuntu2004.yml | 1 + tests/data/product_stability/ubuntu2204.yml | 1 + tests/data/product_stability/uos20.yml | 1 + 31 files changed, 31 insertions(+) diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml index f103c6db73f..39d49e6b72f 100644 --- a/tests/data/product_stability/alinux2.yml +++ b/tests/data/product_stability/alinux2.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ALINUX-2 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - alinux2: check_id: installed_OS_is_alinux2 diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml index dc06bced075..cde45fb3c1a 100644 --- a/tests/data/product_stability/alinux3.yml +++ b/tests/data/product_stability/alinux3.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ALINUX-3 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - alinux3: check_id: installed_OS_is_alinux3 diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml index e5088083033..01edaa2bfc1 100644 --- a/tests/data/product_stability/anolis23.yml +++ b/tests/data/product_stability/anolis23.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ANOLIS-23 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - anolis23: check_id: installed_OS_is_anolis23 diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml index 7b5a1c31b4d..dd0abda59d4 100644 --- a/tests/data/product_stability/anolis8.yml +++ b/tests/data/product_stability/anolis8.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: ANOLIS-8 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - anolis8: check_id: installed_OS_is_anolis8 diff --git a/tests/data/product_stability/chromium.yml b/tests/data/product_stability/chromium.yml index 3f880c50d63..259552fbfe2 100644 --- a/tests/data/product_stability/chromium.yml +++ b/tests/data/product_stability/chromium.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: CHROMIUM benchmark_root: ./guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - chromium: check_id: installed_app_is_chromium diff --git a/tests/data/product_stability/debian10.yml b/tests/data/product_stability/debian10.yml index a6c6e60f653..667c3615c8e 100644 --- a/tests/data/product_stability/debian10.yml +++ b/tests/data/product_stability/debian10.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: DEBIAN-10 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - debian10: check_id: installed_OS_is_debian10 diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml index 94f6ea02d87..4c8d64ee576 100644 --- a/tests/data/product_stability/debian11.yml +++ b/tests/data/product_stability/debian11.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: DEBIAN-11 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - debian11: check_id: installed_OS_is_debian11 diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml index 0fd222b916b..a6dd2a017a0 100644 --- a/tests/data/product_stability/debian12.yml +++ b/tests/data/product_stability/debian12.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: DEBIAN-12 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - debian12: check_id: installed_OS_is_debian12 diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml index 824727f5613..135023ebf43 100644 --- a/tests/data/product_stability/eks.yml +++ b/tests/data/product_stability/eks.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: EKS benchmark_root: ../../applications chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - eks: check_id: installed_app_is_eks diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml index a60266bd692..f20e554e6de 100644 --- a/tests/data/product_stability/example.yml +++ b/tests/data/product_stability/example.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: EXAMPLE benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - example: diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml index 6e663307563..0002055e7ee 100644 --- a/tests/data/product_stability/fedora.yml +++ b/tests/data/product_stability/fedora.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: FEDORA benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - fedora_40: diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml index a78ebf03a09..562f3c85a88 100644 --- a/tests/data/product_stability/firefox.yml +++ b/tests/data/product_stability/firefox.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: FIREFOX benchmark_root: ./guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - firefox: check_id: installed_app_is_firefox diff --git a/tests/data/product_stability/macos1015.yml b/tests/data/product_stability/macos1015.yml index 6658057e400..0124fed6df5 100644 --- a/tests/data/product_stability/macos1015.yml +++ b/tests/data/product_stability/macos1015.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: macOS-1015 benchmark_root: ../../apple_os/ chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - macos15: check_id: installed_OS_is_macos1015 diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml index 7de4ce50e40..75c8888648a 100644 --- a/tests/data/product_stability/ocp4.yml +++ b/tests/data/product_stability/ocp4.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OCP-4 benchmark_root: ../../applications chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ocp4: check_id: installed_app_is_ocp4 diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml index 7cdb3d23c73..617a8f908cc 100644 --- a/tests/data/product_stability/ol7.yml +++ b/tests/data/product_stability/ol7.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OL-7 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ol7: check_id: installed_OS_is_ol7 diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml index 34260388e81..955a324cc73 100644 --- a/tests/data/product_stability/ol8.yml +++ b/tests/data/product_stability/ol8.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OL-8 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ol8: check_id: installed_OS_is_ol8 diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml index 0afdd93bade..4e9241d8b96 100644 --- a/tests/data/product_stability/ol9.yml +++ b/tests/data/product_stability/ol9.yml @@ -11,6 +11,7 @@ basic_properties_derived: true benchmark_id: OL-9 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - ol9: check_id: installed_OS_is_ol9 diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml index 64b54240b24..ad8a3798dbb 100644 --- a/tests/data/product_stability/openembedded.yml +++ b/tests/data/product_stability/openembedded.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OPENEMBEDDED benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - openembedded: check_id: installed_OS_is_openembedded diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml index 175f386cb7a..c7214c7d51a 100644 --- a/tests/data/product_stability/opensuse.yml +++ b/tests/data/product_stability/opensuse.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: OPENSUSE benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - opensuse-42.1: check_id: installed_OS_is_opensuse_leap42 diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml index f3095b39d9c..4f242c6f2f8 100644 --- a/tests/data/product_stability/rhcos4.yml +++ b/tests/data/product_stability/rhcos4.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: RHCOS-4 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - rhcos4: check_id: installed_OS_is_rhcos4 diff --git a/tests/data/product_stability/rhel7.yml b/tests/data/product_stability/rhel7.yml index 1556143b580..15b6418f67d 100644 --- a/tests/data/product_stability/rhel7.yml +++ b/tests/data/product_stability/rhel7.yml @@ -14,6 +14,7 @@ centos_major_version: '7' centos_pkg_release: 53a7ff4b centos_pkg_version: f4a80eb5 chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - rhel7: diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml index 94d07042df5..a3647a9df47 100644 --- a/tests/data/product_stability/rhel8.yml +++ b/tests/data/product_stability/rhel8.yml @@ -14,6 +14,7 @@ centos_major_version: '8' centos_pkg_release: 5ccc5b19 centos_pkg_version: 8483c65d chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - rhel8: diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml index 722b08800ee..e9e0fe03b58 100644 --- a/tests/data/product_stability/rhel9.yml +++ b/tests/data/product_stability/rhel9.yml @@ -14,6 +14,7 @@ centos_major_version: '9' centos_pkg_release: 5ccc5b19 centos_pkg_version: 8483c65d chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ components_root: ../../components cpes: - rhel9: diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml index 9832193adcd..59f81d865f7 100644 --- a/tests/data/product_stability/rhv4.yml +++ b/tests/data/product_stability/rhv4.yml @@ -11,6 +11,7 @@ basic_properties_derived: true benchmark_id: RHV-4 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - rhel8-host: check_id: installed_OS_is_rhv4 diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml index 2c9f07084d3..db5526ea7b1 100644 --- a/tests/data/product_stability/sle12.yml +++ b/tests/data/product_stability/sle12.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: SLE-12 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - sle12-server: check_id: installed_OS_is_sle12 diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml index 169a6b4d729..7a82d1a09b5 100644 --- a/tests/data/product_stability/sle15.yml +++ b/tests/data/product_stability/sle15.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: SLE-15 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - sle15-server: check_id: installed_OS_is_sle15 diff --git a/tests/data/product_stability/ubuntu1604.yml b/tests/data/product_stability/ubuntu1604.yml index dc58218aed0..954a108c7c1 100644 --- a/tests/data/product_stability/ubuntu1604.yml +++ b/tests/data/product_stability/ubuntu1604.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UBUNTU-XENIAL benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu1604: check_id: installed_OS_is_ubuntu1604 diff --git a/tests/data/product_stability/ubuntu1804.yml b/tests/data/product_stability/ubuntu1804.yml index 14e83226358..f5159a1cb5c 100644 --- a/tests/data/product_stability/ubuntu1804.yml +++ b/tests/data/product_stability/ubuntu1804.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UBUNTU-BIONIC benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu1804: check_id: installed_OS_is_ubuntu1804 diff --git a/tests/data/product_stability/ubuntu2004.yml b/tests/data/product_stability/ubuntu2004.yml index ff620f66e69..a4ac65be7c8 100644 --- a/tests/data/product_stability/ubuntu2004.yml +++ b/tests/data/product_stability/ubuntu2004.yml @@ -9,6 +9,7 @@ basic_properties_derived: true benchmark_id: UBUNTU_20-04 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu2004: check_id: installed_OS_is_ubuntu2004 diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml index d8c60dd2f3c..75f0653b333 100644 --- a/tests/data/product_stability/ubuntu2204.yml +++ b/tests/data/product_stability/ubuntu2204.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UBUNTU_22-04 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony/chrony.conf +chrony_d_path: /etc/chrony/conf.d/ cpes: - ubuntu2204: check_id: installed_OS_is_ubuntu2204 diff --git a/tests/data/product_stability/uos20.yml b/tests/data/product_stability/uos20.yml index e0a6763ddfe..01c78e8ad3f 100644 --- a/tests/data/product_stability/uos20.yml +++ b/tests/data/product_stability/uos20.yml @@ -8,6 +8,7 @@ basic_properties_derived: true benchmark_id: UOS-20 benchmark_root: ../../linux_os/guide chrony_conf_path: /etc/chrony.conf +chrony_d_path: /etc/chrony.d/ cpes: - uos20: check_id: installed_OS_is_uos20 From 37713b8964d8e07a49a7d109a0fd0871efcd3c25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Fri, 10 May 2024 12:58:23 +0200 Subject: [PATCH 6/9] Update chronyd_or_ntpd_set_maxpoll - consistent support for the configuration directory - always use product properties `chrony_conf_path` and `chrony_d_path` for the configuration file and configuration directory instead of using hard-coded path - do not pass if no server is set, this align the behavior with RHEL and Ubuntu STIGs --- .../bash/shared.sh | 9 ++-- .../oval/shared.xml | 54 +++++-------------- .../ntp/chronyd_or_ntpd_set_maxpoll/rule.yml | 9 ++-- ....sh => chrony_no_pool_nor_servers.fail.sh} | 2 +- 4 files changed, 21 insertions(+), 53 deletions(-) rename linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/{chrony_no_pool_nor_servers.pass.sh => chrony_no_pool_nor_servers.fail.sh} (93%) diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh index 4bfae45b85a..2943fb12ba4 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh @@ -11,9 +11,9 @@ pof="/usr/sbin/pidof" CONFIG_FILES="/etc/ntp.conf" $pof ntpd || { - CHRONY_NAME={{{ chrony_conf_path }}} - CHRONY_PATH=${CHRONY_NAME%%.*} - CONFIG_FILES=$(find ${CHRONY_PATH}.* -type f -name '*.conf') + CHRONY_D_PATH={{{ chrony_d_path }}} + CONFIG_FILES=($(find ${CHRONY_D_PATH}.* -type f -name '*.conf')) + CONFIG_FILES+=({{{ chrony_conf_path }}}) } # get list of ntp files @@ -23,9 +23,6 @@ for config_file in $CONFIG_FILES; do sed -i "s/^\(\(server\|pool\|peer\).*maxpoll\) [0-9][0-9]*\(.*\)$/\1 $var_time_service_set_maxpoll \3/" "$config_file" done - - - for config_file in $CONFIG_FILES; do # Add maxpoll to server, pool or peer entries without maxpoll grep "^\(server\|pool\|peer\)" "$config_file" | grep -v maxpoll | while read -r line ; do diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml index 5fdac981dc4..38f7c29893e 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/oval/shared.xml @@ -2,26 +2,18 @@ {{{ oval_metadata("Configure the maxpoll setting in /etc/ntp.conf or chrony.conf to continuously poll the time source servers.") }}} - - - - - + + - - - - - - + - - @@ -38,14 +30,16 @@ 1 +{{% set filepath_regex = "^(" + chrony_conf_path | replace(".", "\.") + "|" + chrony_d_path | replace(".", "\.") + ".+\.conf)$" %}} + - ^/etc/chrony\.(conf|d/.+\.conf)$ + {{{ filepath_regex }}} ^(?:server|pool|peer)[\s]+[\S]+.*maxpoll[\s]+(\d+) 1 @@ -70,13 +64,13 @@ - ^/etc/chrony\.(conf|d/.+\.conf)$ + {{{ filepath_regex }}} ^(?:server|pool|peer)[\s]+[\S]+[\s]+(.*) 1 @@ -85,26 +79,4 @@ maxpoll \d+ - - - - - ^/etc/chrony\.(conf|d/.+\.conf)$ - ^(?:server|pool).* - 1 - - - - - - - /etc/ntp.conf - ^server.* - 1 - - diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml index f9635051cc0..467e730bb32 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml @@ -6,14 +6,13 @@ title: 'Configure Time Service Maxpoll Interval' description: |- The maxpoll should be configured to {{{ xccdf_value("var_time_service_set_maxpoll") }}} in /etc/ntp.conf or - {{{ chrony_conf_path }}} to continuously poll time servers. To configure - maxpoll in /etc/ntp.conf or {{{ chrony_conf_path }}} + {{{ chrony_conf_path }}} (or {{{ chrony_d_path }}}) to continuously poll time servers. To configure + maxpoll in /etc/ntp.conf or {{{ chrony_conf_path }}} (or {{{ chrony_d_path }}}) add the following after each server, pool or peer entry: 
maxpoll {{{ xccdf_value("var_time_service_set_maxpoll") }}}
to server directives. If using chrony, any pool directives should be configured too. - If no server or pool directives are configured, the rule evaluates - to pass. + {{% if product == "rhcos4" %}}

Note that if the remediation shipping with this content is being used, the @@ -104,7 +103,7 @@ ocil_clause: '"maxpoll" has not been set to the value of "{{{ xccdf_value("var_t ocil: |- Verify {{{ full_name }}} is securely comparing internal information system clocks at a regular interval with an NTP server with the following command: - 

$ sudo grep maxpoll /etc/ntp.conf {{{ chrony_conf_path }}}
+ 
$ sudo grep maxpoll /etc/ntp.conf {{{ chrony_conf_path }}} {{{ chrony_d_path }}}
server [ntp.server.name] iburst maxpoll {{{ xccdf_value("var_time_service_set_maxpoll") }}}
. fixtext: |- diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh similarity index 93% rename from linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.pass.sh rename to linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh index 93ee2b1dbab..f12b413a3d3 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# +# remediation = none # profiles = xccdf_org.ssgproject.content_profile_stig {{{ bash_package_remove("ntp") }}} From 8526b4eeabafd0ca77bc5c431018089ac1b1ed34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Fri, 10 May 2024 14:29:58 +0200 Subject: [PATCH 7/9] Fix ShellCheck problems --- .../services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh index 2943fb12ba4..8a803512670 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh @@ -12,18 +12,18 @@ pof="/usr/sbin/pidof" CONFIG_FILES="/etc/ntp.conf" $pof ntpd || { CHRONY_D_PATH={{{ chrony_d_path }}} - CONFIG_FILES=($(find ${CHRONY_D_PATH}.* -type f -name '*.conf')) + mapfile -t CONFIG_FILES < <(find ${CHRONY_D_PATH}.* -type f -name '*.conf') CONFIG_FILES+=({{{ chrony_conf_path }}}) } # get list of ntp files -for config_file in $CONFIG_FILES; do +for config_file in "${CONFIG_FILES[@]}" ; do # Set maxpoll values to var_time_service_set_maxpoll sed -i "s/^\(\(server\|pool\|peer\).*maxpoll\) [0-9][0-9]*\(.*\)$/\1 $var_time_service_set_maxpoll \3/" "$config_file" done -for config_file in $CONFIG_FILES; do +for config_file in "${CONFIG_FILES[@]}" ; do # Add maxpoll to server, pool or peer entries without maxpoll grep "^\(server\|pool\|peer\)" "$config_file" | grep -v maxpoll | while read -r line ; do sed -i "s/$line/& maxpoll $var_time_service_set_maxpoll/" "$config_file" From 24eb0c36c43abdd67136ad25cd0c35934538bcd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Mon, 13 May 2024 15:36:51 +0200 Subject: [PATCH 8/9] Update test scenarios headers Use the "variables" keyword in the test scenario headers instead of the "profiles" keyword. These test scenarios aren't a regression test special to STIG. The profile was set in order to set the XCCDF Value value. This is legacy usage of the "profiles" keyword and we recommend using "variables" for this situation. --- .../ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh | 3 +-- .../tests/chrony_d_one_pool_misconfigured.fail.sh | 1 + .../tests/chrony_d_one_server_misconfigured.fail.sh | 1 + .../tests/chrony_no_pool_nor_servers.fail.sh | 2 +- .../tests/chrony_nothing_done.fail.sh | 3 +-- .../tests/chrony_one_pool_configured.pass.sh | 3 +-- .../tests/chrony_one_pool_misconfigured.fail.sh | 3 +-- .../tests/chrony_one_pool_missing_parameter.fail.sh | 3 +-- .../tests/chrony_one_server_misconfigured.fail.sh | 3 +-- .../services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh | 3 +-- .../tests/ntp_multiple_misconfigured.fail.sh | 3 +-- .../tests/ntp_wrong_maxpoll.fail.sh | 3 +-- 12 files changed, 12 insertions(+), 19 deletions(-) diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh index f4c1be98e5c..89bb6c2446f 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony.pass.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh index fc35bbc3d6c..eee6108e5c7 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh @@ -1,5 +1,6 @@ #!/bin/bash # packages = chrony +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh index a55178973ca..77949431752 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh @@ -1,5 +1,6 @@ #!/bin/bash # packages = chrony +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh index f12b413a3d3..71ff623a12b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_no_pool_nor_servers.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = chrony # remediation = none -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh index d91c98f3695..14bcb756d00 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_nothing_done.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh index beb59cfe61f..02b74f78606 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_configured.pass.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh index 147a56974f2..6df92bad4aa 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_misconfigured.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh index 62a5dc849cb..0c557db5f69 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_pool_missing_parameter.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh index c083cd44865..9c9d5559137 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_one_server_misconfigured.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = chrony -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh index 34baa27540c..292814fd64e 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp.pass.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = ntp -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("chrony") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh index 6f5310c3417..48085bcc547 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_multiple_misconfigured.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = ntp -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("chrony") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh index 504e69d0561..e716cf4d4ad 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/ntp_wrong_maxpoll.fail.sh @@ -1,7 +1,6 @@ #!/bin/bash # packages = ntp -# -# profiles = xccdf_org.ssgproject.content_profile_stig +# variables = var_time_service_set_maxpoll=16 # platform = Oracle Linux 7,Red Hat Enterprise Linux 7 {{{ bash_package_remove("chrony") }}} From ec9c0f7a24d1b22432eda27f21efcbc78e99f0ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Thu, 23 May 2024 09:30:16 +0200 Subject: [PATCH 9/9] Mark platform specific test scenarios --- .../tests/chrony_d_one_pool_misconfigured.fail.sh | 1 + .../tests/chrony_d_one_server_misconfigured.fail.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh index eee6108e5c7..a7d29191615 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh @@ -1,6 +1,7 @@ #!/bin/bash # packages = chrony # variables = var_time_service_set_maxpoll=16 +# platform = multi_platform_rhel {{{ bash_package_remove("ntp") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh index 77949431752..f6da9d51f38 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh @@ -1,6 +1,7 @@ #!/bin/bash # packages = chrony # variables = var_time_service_set_maxpoll=16 +# platform = multi_platform_rhel {{{ bash_package_remove("ntp") }}}