For Issue #18 ( Fix issue for Rocky Linux 8.4 #18 )

Author: Kazuki Omo

ComplianceAsCode/content_for_supporting_rocky8/files/diff_content_for_supporting_rocky8

@@ -1,37 +1,38 @@
 diff -Nru content.org/CMakeLists.txt content/CMakeLists.txt
 --- content.org/CMakeLists.txt	2021-05-03 07:27:49.961754374 +0900
 +++ content/CMakeLists.txt	2021-05-03 07:29:29.739430343 +0900
-@@ -88,6 +88,7 @@
+@@ -92,6 +92,7 @@
  option(SSG_PRODUCT_VSEL "If enabled, the McAfee VSEL SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_WRLINUX8 "If enabled, the WRLinux8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_WRLINUX1019 "If enabled, the WRLinux1019 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 +option(SSG_PRODUCT_ROCKY8 "If enabled, the ROCKY8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 
  option(SSG_CENTOS_DERIVATIVES_ENABLED "If enabled, CentOS derivative content will be built from the RHEL content" TRUE)
  option(SSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED "If enabled, Scientific Linux derivative content will be built from the RHEL content" TRUE)
-@@ -277,6 +278,7 @@
+@@ -285,6 +286,7 @@
  message(STATUS "McAfee VSEL: ${SSG_PRODUCT_VSEL}")
  message(STATUS "WRLinux 8: ${SSG_PRODUCT_WRLINUX8}")
  message(STATUS "WRLinux 1019: ${SSG_PRODUCT_WRLINUX1019}")
 +message(STATUS "ROCKY 8: ${SSG_PRODUCT_ROCKY8}")
 
 
 
-@@ -399,6 +401,10 @@
+@@ -407,6 +409,10 @@
  if (SSG_PRODUCT_WRLINUX1019)
-     add_subdirectory("wrlinux1019")
+     add_subdirectory("products/wrlinux1019" "wrlinux1019")
  endif()
 +if (SSG_PRODUCT_ROCKY8)
-+    add_subdirectory("rocky8")
++    add_subdirectory("products/rocky8" "rocky8")
 +endif()
 +
 
  # ZIP only contains source datastreams and kickstarts, people who
  # want sources to build from should get the tarball instead.
+
 diff -Nru content.org/build_product content/build_product
 --- content.org/build_product	2021-05-03 07:27:50.029755540 +0900
 +++ content/build_product	2021-05-03 07:29:29.739430343 +0900
-@@ -295,6 +295,7 @@
+@@ -309,6 +309,7 @@
  	VSEL
  	WRLINUX8
  	WRLINUX1019

ComplianceAsCode/content_for_supporting_rocky8/files/installed_OS_is_rocky8.xml

@@ -38,10 +38,10 @@
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="obj_version_rocky8" version="1" comment="Check os-release VERSION_ID">
     <ind:filepath>/etc/os-release</ind:filepath>
-    <ind:pattern operation="pattern match">^VERSION_ID=&quot;(\d)&quot;$</ind:pattern>
+    <ind:pattern operation="pattern match">^VERSION_ID=&quot;(\d.*)&quot;$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_state id="state_version_rocky8" version="1">
-    <ind:subexpression>8</ind:subexpression>
+    <ind:subexpression operation="pattern match">^8.*$</ind:subexpression>
   </ind:textfilecontent54_state>
 </def-group>

ComplianceAsCode/content_for_supporting_rocky8/files/rocky8/product.yml

@@ -2,7 +2,7 @@ product: rocky8
 full_name: Rocky Linux 8
 type: platform
 
-benchmark_root: "../linux_os/guide"
+benchmark_root: "../../linux_os/guide"
 
 profiles_root: "./profiles"
 
@@ -19,7 +19,7 @@ rocky_major_version: "8"
 
 oval_feed_url: "https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml"
 
-cpes_root: "../shared/applicability"
+cpes_root: "../../shared/applicability"
 cpes:
   - rocky8:
       name: "cpe:/o:rocky:rocky:8"

ComplianceAsCode/content_for_supporting_rocky8/files/rocky8/profiles/anssi_bp28_enhanced.profile

@@ -3,7 +3,7 @@ documentation_complete: true
 title: 'ANSSI-BP-028 (enhanced)'
 
 description: |-
-    This profile contains configurations that align to ANSSI-BP-028 at the enhanced hardening level.
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.
 
     ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
     ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

ComplianceAsCode/content_for_supporting_rocky8/files/rocky8/profiles/anssi_bp28_high.profile

@@ -1,9 +1,9 @@
 documentation_complete: true
 
-title: 'DRAFT - ANSSI-BP-028 (high)'
+title: 'ANSSI-BP-028 (high)'
 
 description: |-
-    This profile contains configurations that align to ANSSI-BP-028 at the high hardening level.
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.
 
     ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
     ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

ComplianceAsCode/content_for_supporting_rocky8/files/rocky8/profiles/anssi_bp28_intermediary.profile

@@ -3,7 +3,7 @@ documentation_complete: true
 title: 'ANSSI-BP-028 (intermediary)'
 
 description: |-
-    This profile contains configurations that align to ANSSI-BP-028 at the intermediary hardening level.
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.
 
     ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
     ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

ComplianceAsCode/content_for_supporting_rocky8/files/rocky8/profiles/anssi_bp28_minimal.profile

@@ -3,7 +3,7 @@ documentation_complete: true
 title: 'ANSSI-BP-028 (minimal)'
 
 description: |-
-    This profile contains configurations that align to ANSSI-BP-028 at the minimal hardening level.
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.
 
     ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
     ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.

ComplianceAsCode/content_for_supporting_rocky8/files/rocky8/profiles/cis.profile

@@ -128,10 +128,10 @@ selections:
     - package_sudo_installed
 
     ### 1.3.2 Ensure sudo commands use pty (Scored)
-    # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5220
+    - sudo_add_use_pty
 
     ### 1.3.3 Ensure sudo log file exists (Scored)
-    # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5221
+    - sudo_custom_logfile
 
     ## 1.4 Filesystem Integrity Checking