Add cpe definitions and oval checks for AMZN2

This changes applies 0001-Add-cpe-definitions-and-oval-checks-for-AMZN2.patch. This patch was extracted from the following package, distributed as part of Amazon Linux 2: scap-security-guide-0.1.40-12.amzn2.0.1.1.src.rpm
ComplianceAsCode · Jun 24, 2024 · 3454e12 · 3454e12
1 parent 2a2658e
commit 3454e12
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 0 deletions.
diff --git a/shared/applicability/amzn2.yml b/shared/applicability/amzn2.yml
@@ -0,0 +1,3 @@
+name: cpe:/o:amazon:amazon_linux:2
+title: Amazon Linux 2
+check_id: installed_OS_is_amzn2
diff --git a/shared/checks/oval/installed_OS_is_amzn2.xml b/shared/checks/oval/installed_OS_is_amzn2.xml
@@ -0,0 +1,33 @@
+<def-group>
+  <definition class="inventory"
+  id="installed_OS_is_amzn2" version="2">
+    <metadata>
+      <title>Amazon Linux 2</title>
+      <affected family="unix">
+        <platform>multi_platform_all</platform>
+      </affected>
+      <reference ref_id="cpe:/o:amazon:amazon_linux:2"
+      source="CPE" />
+      <description>The operating system installed on the system is
+      Amazon Linux 2</description>
+    </metadata>
+    <criteria operator="AND">
+      <extend_definition comment="Installed OS is part of the Unix family"
+      definition_ref="installed_OS_is_part_of_Unix_family" />
+      <criterion comment="Amazon Linux 2 is installed"
+      test_ref="test_amzn2" />
+    </criteria>
+  </definition>
+
+  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="system-release is version 2" id="test_amzn2" version="1">
+    <linux:object object_ref="obj_amzn2" />
+    <linux:state state_ref="state_amzn2" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_state id="state_amzn2" version="1">
+    <linux:version operation="pattern match">^2</linux:version>
+  </linux:rpminfo_state>
+  <linux:rpminfo_object id="obj_amzn2" version="1">
+    <linux:name>system-release</linux:name>
+  </linux:rpminfo_object>
+
+</def-group>
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/applicability/derivatives.yml b/tests/unit/ssg-module/test_playbook_builder_data/applicability/derivatives.yml
@@ -15,3 +15,7 @@ cpes:
       title: "Scientific Linux 7"
       check_id: installed_OS_is_sl7
 
+  - amzn2:
+      name: "cpe:/o:amazon:amazon_linux:2"
+      title: "Amazon Linux 2"
+      check_id: installed_OS_is_amzn2