From 40d7cdd994dd026040c64b1d940e29315a85b5ef Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Wed, 31 Jul 2024 11:49:17 -0500 Subject: [PATCH 1/2] Remove uos20 Closes #12135 --- .github/workflows/gate.yaml | 1 - .github/workflows/gate_fedora.yml | 1 - CMakeLists.txt | 5 - build_product | 1 - products/uos20/CMakeLists.txt | 6 - products/uos20/overlays/.gitkeep | 0 products/uos20/product.yml | 25 -- products/uos20/profiles/default.profile | 348 ------------------ products/uos20/profiles/standard.profile | 31 -- products/uos20/transforms/constants.xslt | 12 - .../uos20/transforms/shorthand2xccdf.xslt | 9 - products/uos20/transforms/table-srgmap.xslt | 11 - products/uos20/transforms/table-style.xslt | 5 - .../transforms/xccdf-apply-overlay-stig.xslt | 8 - .../uos20/transforms/xccdf2table-cce.xslt | 9 - .../xccdf2table-profileccirefs.xslt | 9 - .../oval/installed_OS_is_uos20.xml | 28 -- ssg/constants.py | 3 - tests/data/product_stability/uos20.yml | 76 ---- tests/unit/ssg-module/test_utils.py | 2 +- 20 files changed, 1 insertion(+), 589 deletions(-) delete mode 100644 products/uos20/CMakeLists.txt delete mode 100644 products/uos20/overlays/.gitkeep delete mode 100644 products/uos20/product.yml delete mode 100644 products/uos20/profiles/default.profile delete mode 100644 products/uos20/profiles/standard.profile delete mode 100644 products/uos20/transforms/constants.xslt delete mode 100644 products/uos20/transforms/shorthand2xccdf.xslt delete mode 100644 products/uos20/transforms/table-srgmap.xslt delete mode 100644 products/uos20/transforms/table-style.xslt delete mode 100644 products/uos20/transforms/xccdf-apply-overlay-stig.xslt delete mode 100644 products/uos20/transforms/xccdf2table-cce.xslt delete mode 100644 products/uos20/transforms/xccdf2table-profileccirefs.xslt delete mode 100644 shared/applicability/oval/installed_OS_is_uos20.xml delete mode 100644 tests/data/product_stability/uos20.yml diff --git a/.github/workflows/gate.yaml b/.github/workflows/gate.yaml index 97f996c72da..3850939c982 100644 --- a/.github/workflows/gate.yaml +++ b/.github/workflows/gate.yaml @@ -151,7 +151,6 @@ jobs: rhel8 \ rhel9 \ rhel10 \ - uos20 \ env: ADDITIONAL_CMAKE_OPTIONS: "-DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF" - name: Test diff --git a/.github/workflows/gate_fedora.yml b/.github/workflows/gate_fedora.yml index bb76acc6162..0b2555739ff 100644 --- a/.github/workflows/gate_fedora.yml +++ b/.github/workflows/gate_fedora.yml @@ -47,7 +47,6 @@ jobs: rhel9 \ rhel10 \ rhv4 \ - uos20 env: ADDITIONAL_CMAKE_OPTIONS: "-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED=ON -DSSG_OVAL_SCHEMATRON_VALIDATION_ENABLED=OFF" - name: Test diff --git a/CMakeLists.txt b/CMakeLists.txt index 1050f7a8095..95539eb0d96 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -114,7 +114,6 @@ option(SSG_PRODUCT_UBUNTU1604 "If enabled, the Ubuntu 16.04 SCAP content will be option(SSG_PRODUCT_UBUNTU1804 "If enabled, the Ubuntu 18.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_UBUNTU2004 "If enabled, the Ubuntu 20.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_UBUNTU2204 "If enabled, the Ubuntu 22.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -option(SSG_PRODUCT_UOS20 "If enabled, the Uos 20 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_AL2023 "If enabled, the AL2023 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) # Products derivatives option(SSG_CENTOS_DERIVATIVES_ENABLED "If enabled, CentOS derivative content will be built from the RHEL content" TRUE) @@ -341,7 +340,6 @@ message(STATUS "Ubuntu 16.04: ${SSG_PRODUCT_UBUNTU1604}") message(STATUS "Ubuntu 18.04: ${SSG_PRODUCT_UBUNTU1804}") message(STATUS "Ubuntu 20.04: ${SSG_PRODUCT_UBUNTU2004}") message(STATUS "Ubuntu 22.04: ${SSG_PRODUCT_UBUNTU2204}") -message(STATUS "Uos 20: ${SSG_PRODUCT_UOS20}") message(STATUS "AL 2023: ${SSG_PRODUCT_AL2023}") message(STATUS "OpenEmbedded: ${SSG_PRODUCT_OPENEMBEDDED}") message(STATUS " ") @@ -462,9 +460,6 @@ endif() if(SSG_PRODUCT_UBUNTU2204) add_subdirectory("products/ubuntu2204" "ubuntu2204") endif() -if(SSG_PRODUCT_UOS20) - add_subdirectory("products/uos20" "uos20") -endif() if(SSG_PRODUCT_OPENEMBEDDED) add_subdirectory("products/openembedded" "openembedded") endif() diff --git a/build_product b/build_product index b3246a268cd..b32cc48b163 100755 --- a/build_product +++ b/build_product @@ -377,7 +377,6 @@ all_cmake_products=( UBUNTU1804 UBUNTU2004 UBUNTU2204 - UOS20 MACOS1015 OPENEMBEDDED OPENEULER2203 diff --git a/products/uos20/CMakeLists.txt b/products/uos20/CMakeLists.txt deleted file mode 100644 index 85c94758654..00000000000 --- a/products/uos20/CMakeLists.txt +++ /dev/null @@ -1,6 +0,0 @@ -# Sometimes our users will try to do: "cd uos20; cmake ." That needs to error in a nice way. -if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") - message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") -endif() - -ssg_build_product("uos20") diff --git a/products/uos20/overlays/.gitkeep b/products/uos20/overlays/.gitkeep deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/products/uos20/product.yml b/products/uos20/product.yml deleted file mode 100644 index 504b9fe690f..00000000000 --- a/products/uos20/product.yml +++ /dev/null @@ -1,25 +0,0 @@ -product: uos20 -full_name: UnionTech OS Server 20 -type: platform - -benchmark_id: UOS-20 -benchmark_root: "../../linux_os/guide" - -profiles_root: "./profiles" - -pkg_manager: "yum" - -init_system: "systemd" - -cpes_root: "../../shared/applicability" -cpes: - - uos20: - name: "cpe:/o:uos:uniontech_os_server:20" - title: "UnionTech OS Server 20" - check_id: installed_OS_is_uos20 - -# Mapping of CPE platform to package -platform_package_overrides: - login_defs: "shadow-utils" - - diff --git a/products/uos20/profiles/default.profile b/products/uos20/profiles/default.profile deleted file mode 100644 index 73c3421107c..00000000000 --- a/products/uos20/profiles/default.profile +++ /dev/null @@ -1,348 +0,0 @@ -documentation_complete: true - -hidden: true - -title: Default Profile for UnionTech OS Server 20 - -description: |- - This profile contains all the rules that once belonged to the - uos20 product via 'prodtype'. This profile won't - be rendered into an XCCDF Profile entity, nor it will select any - of these rules by default. The only purpose of this profile - is to keep a rule in the product's XCCDF Benchmark. - -selections: - - grub2_enable_iommu_force - - gid_passwd_group_same - - auditd_data_disk_full_action - - kernel_config_debug_list - - audit_rules_sysadmin_actions - - audit_rules_media_export - - rsyslog_encrypt_offload_defaultnetstreamdriver - - file_ownership_library_dirs - - coredump_disable_storage - - kernel_config_seccomp - - auditd_data_retention_max_log_file_action_stig - - sudoers_no_command_negation - - file_owner_backup_etc_shadow - - file_groupowner_var_log - - set_ip6tables_default_rule - - sudo_require_authentication - - kernel_config_security - - audit_rules_dac_modification_umount2 - - kernel_config_security_dmesg_restrict - - accounts_umask_etc_profile - - sshd_set_max_sessions - - sudoers_no_root_target - - disable_host_auth - - file_owner_backup_etc_gshadow - - kernel_config_kexec - - file_owner_backup_etc_passwd - - package_chrony_installed - - package_ntpdate_removed - - file_groupownership_sshd_pub_key - - directory_permissions_var_log_audit - - file_groupowner_var_log_syslog - - service_netfs_disabled - - file_groupownership_audit_configuration - - file_ownership_sshd_pub_key - - package_ntp_installed - - sshd_disable_compression - - package_cron_installed - - sshd_print_last_log - - kernel_config_module_sig_hash - - grub2_nosmap_argument_absent - - mount_option_dev_shm_nodev - - sshd_disable_tcp_forwarding - - kernel_config_debug_notifiers - - auditd_overflow_action - - sshd_allow_only_protocol2 - - file_permissions_home_dirs - - no_netrc_files - - postfix_client_configure_mail_alias_postmaster - - accounts_password_minlen_login_defs - - account_unique_name - - sudo_add_use_pty - - kernel_config_bug - - file_groupowner_etc_passwd - - service_iptables_enabled - - file_permissions_backup_etc_group - - partition_for_home - - chronyd_server_directive - - partition_for_var_log_audit - - kernel_config_unmap_kernel_at_el0 - - audit_rules_time_adjtimex - - partition_for_srv - - auditd_log_format - - accounts_minimum_age_login_defs - - partition_for_var_log - - audit_rules_dac_modification_setxattr - - service_sshd_disabled - - sysctl_kernel_panic_on_oops - - file_permissions_audit_configuration - - sshd_disable_empty_passwords - - file_permissions_backup_etc_shadow - - package_audit_installed - - sshd_disable_pubkey_auth - - audit_privileged_commands_reboot - - sshd_set_idle_timeout - - auditd_freq - - kernel_module_tipc_disabled - - package_syslogng_installed - - kernel_config_module_sig_all - - kernel_config_ia32_emulation - - file_permissions_sshd_pub_key - - chronyd_specify_remote_server - - grub2_slab_nomerge_argument - - audit_rules_mac_modification_usr_share - - sysctl_kernel_randomize_va_space - - sshd_limit_user_access - - file_permissions_backup_etc_passwd - - accounts_umask_etc_login_defs - - kernel_config_module_sig_key - - accounts_polyinstantiated_var_tmp - - file_owner_etc_passwd - - kernel_config_module_sig_sha512 - - kernel_config_slub_debug - - kernel_config_page_poisoning_no_sanity - - file_permissions_library_dirs - - file_groupowner_etc_shadow - - sshd_set_loglevel_verbose - - package_bind_removed - - kernel_module_uvcvideo_disabled - - sshd_disable_user_known_hosts - - file_groupowner_etc_gshadow - - kernel_config_default_mmap_min_addr - - account_use_centralized_automated_auth - - partition_for_var - - audit_rules_dac_modification_lremovexattr - - sysctl_net_ipv6_conf_all_disable_ipv6 - - sudo_vdsm_nopasswd - - rsyslog_files_ownership - - package_rsyslog_installed - - file_permissions_etc_passwd - - file_groupowner_etc_group - - coredump_disable_backtraces - - package_inetutils-telnetd_removed - - auditd_data_retention_action_mail_acct - - avahi_disable_publishing - - sudo_custom_logfile - - account_passwords_pam_faillock_dir - - kernel_config_devkmem - - file_permissions_backup_etc_gshadow - - kernel_config_legacy_ptys - - audit_rules_dac_modification_fchmod - - file_permissions_etc_gshadow - - file_groupownership_sshd_private_key - - kernel_module_ipv6_option_disabled - - audit_rules_privileged_commands - - kernel_config_randomize_memory - - sshd_disable_gssapi_auth - - dir_ownership_library_dirs - - file_groupowner_backup_etc_shadow - - audit_rules_dac_modification_fremovexattr - - sysctl_net_ipv4_conf_default_shared_media - - audit_rules_immutable - - audit_rules_file_deletion_events_unlinkat - - kernel_config_x86_vsyscall_emulation - - kernel_config_proc_kcore - - service_systemd-journald_enabled - - auditd_data_retention_max_log_file_action - - grub2_spectre_v2_argument - - file_permissions_var_log_messages - - no_direct_root_logins - - package_nss-tools_installed - - sshd_enable_strictmodes - - sudo_remove_nopasswd - - kernel_config_page_poisoning_zero - - package_logrotate_installed - - audit_rules_dac_modification_fchmodat - - kernel_config_compat_vdso - - postfix_client_configure_relayhost - - audit_privileged_commands_init - - iptables_sshd_disabled - - auditd_data_retention_max_log_file - - sshd_disable_root_login - - accounts_no_uid_except_zero - - package_openssh-server_removed - - kernel_config_retpoline - - audit_rules_dac_modification_fchown - - sshd_set_maxstartups - - accounts_max_concurrent_login_sessions - - file_owner_var_log - - service_cron_enabled - - ensure_logrotate_activated - - file_permissions_etc_group - - no_all_squash_exports - - sshd_disable_kerb_auth - - service_ufw_enabled - - dir_permissions_binary_dirs - - file_groupowner_backup_etc_passwd - - package_nis_removed - - package_gnutls-utils_installed - - dhcp_client_restrict_options - - file_permissions_binary_dirs - - file_permissions_etc_shadow - - accounts_password_last_change_is_in_past - - accounts_password_all_shadowed - - file_permissions_var_log_syslog - - kernel_config_module_sig_force - - file_owner_var_log_syslog - - service_ip6tables_enabled - - rsyslog_files_permissions - - audit_rules_dac_modification_chown - - grub2_nosmep_argument_absent - - configure_user_data_backups - - dir_ownership_binary_dirs - - accounts_password_warn_age_login_defs - - audit_rules_dac_modification_fchownat - - sysctl_net_ipv6_conf_default_disable_ipv6 - - kernel_config_security_yama - - file_owner_backup_etc_group - - no_empty_passwords - - accounts_maximum_age_login_defs - - restrict_serial_port_logins - - auditd_local_events - - audit_rules_dac_modification_chmod - - kernel_config_seccomp_filter - - sshd_rekey_limit - - auditd_data_retention_space_left_action - - kernel_config_security_writable_hooks - - fapolicyd_prevent_home_folder_access - - kernel_config_binfmt_misc - - sysctl_net_ipv4_conf_all_accept_local - - sysctl_kernel_kptr_restrict - - audit_rules_file_deletion_events_unlink - - dir_perms_world_writable_sticky_bits - - rsyslog_remote_loghost - - kernel_module_rds_disabled - - audit_rules_time_settimeofday - - audit_rules_dac_modification_lsetxattr - - kernel_config_panic_timeout - - kernel_config_debug_credentials - - file_permissions_var_log - - file_ownership_sshd_private_key - - kernel_config_panic_on_oops - - grub2_systemd_debug-shell_argument_absent - - file_owner_etc_group - - auditd_data_disk_full_action_stig - - sudo_add_requiretty - - sysctl_fs_protected_hardlinks - - rsyslog_files_groupownership - - sshd_enable_gssapi_auth - - kernel_config_debug_sg - - partition_for_dev_shm - - grub2_l1tf_argument - - auditd_data_disk_error_action - - audit_rules_dac_modification_removexattr - - auditd_data_retention_admin_space_left_action - - file_permissions_systemmap - - kernel_config_ipv6 - - file_ownership_binary_dirs - - grub2_disable_recovery - - package_telnetd_removed - - service_auditd_enabled - - sshd_set_login_grace_time - - audit_rules_dac_modification_lchown - - sshd_enable_pubkey_auth - - postfix_client_configure_mail_alias - - no_empty_passwords_etc_shadow - - kernel_config_compat_brk - - sshd_enable_pam - - audit_rules_time_clock_settime - - grub2_spec_store_bypass_disable_argument - - partition_for_tmp - - service_syslogng_enabled - - account_passwords_pam_faillock_audit - - sudoers_explicit_command_args - - accounts_root_gid_zero - - auditd_data_retention_num_logs - - file_permissions_sshd_private_key - - mount_option_dev_shm_nosuid - - dhcp_server_minimize_served_info - - package_openssh-server_installed - - accounts_logon_fail_delay - - selinux_state - - file_groupowner_var_log_messages - - auditd_audispd_syslog_plugin_activated - - kernel_config_acpi_custom_method - - file_groupowner_backup_etc_group - - kernel_config_syn_cookies - - auditd_data_disk_error_action_stig - - file_owner_var_log_messages - - sshd_disable_root_password_login - - file_ownership_audit_configuration - - package_telnetd-ssl_removed - - service_chronyd_enabled - - grub2_rng_core_default_quality_argument - - gnome_gdm_disable_xdmcp - - package_MFEhiplsm_installed - - audit_rules_session_events - - kernel_config_page_table_isolation - - audit_rules_usergroup_modification - - sshd_set_keepalive - - audit_rules_dac_modification_umount - - audit_rules_file_deletion_events_rename - - file_groupowner_backup_etc_gshadow - - sysctl_net_ipv4_conf_all_arp_filter - - kernel_config_hibernation - - set_iptables_default_rule_forward - - display_login_attempts - - sshd_enable_warning_banner - - package_postfix_installed - - audit_privileged_commands_poweroff - - auditd_write_logs - - grub2_mce_argument - - audit_rules_time_stime - - file_owner_etc_gshadow - - sshd_do_not_permit_user_env - - accounts_polyinstantiated_tmp - - kernel_disable_entropy_contribution_for_solid_state_drives - - sshd_use_priv_separation - - audit_privileged_commands_shutdown - - dir_permissions_library_dirs - - file_ownership_var_log_audit - - sshd_enable_warning_banner_net - - sysctl_fs_protected_symlinks - - ftp_limit_users - - rsyslog_accept_remote_messages_tcp - - file_permissions_unauthorized_world_writable - - service_rsyslog_enabled - - kernel_config_randomize_base - - sshd_set_loglevel_info - - ftp_configure_firewall - - package_libreswan_installed - - audit_rules_file_deletion_events_rmdir - - audit_rules_networkconfig_modification - - sysctl_net_ipv4_conf_all_arp_ignore - - securetty_root_login_console_only - - sshd_set_keepalive_0 - - selinux_not_disabled - - accounts_root_path_dirs_no_write - - sysctl_net_ipv4_conf_all_shared_media - - file_owner_etc_shadow - - root_path_no_dot - - no_rsh_trust_files - - sudo_remove_no_authenticate - - sudo_add_noexec - - sysctl_net_ipv4_conf_all_route_localnet - - kernel_config_debug_fs - - disallow_bypass_password_sudo - - prefer_64bit_os - - sshd_disable_x11_forwarding - - sshd_enable_x11_forwarding - - sshd_disable_rhosts_rsa - - harden_ssh_client_crypto_policy - - sshd_set_max_auth_tries - - sshd_disable_rhosts - - audit_rules_file_deletion_events_renameat - - audit_rules_dac_modification_fsetxattr - - set_iptables_default_rule - - sysctl_fs_suid_dumpable - - accounts_passwords_pam_faillock_audit - - rsyslog_encrypt_offload_actionsendstreamdrivermode - - rsyslog_encrypt_offload_actionsendstreamdriverauthmode - - rsyslog_accept_remote_messages_udp - - kernel_config_module_sig - - audit_rules_mac_modification - - audit_rules_time_watch_localtime diff --git a/products/uos20/profiles/standard.profile b/products/uos20/profiles/standard.profile deleted file mode 100644 index 5a5c381eba1..00000000000 --- a/products/uos20/profiles/standard.profile +++ /dev/null @@ -1,31 +0,0 @@ -documentation_complete: true - -title: 'Standard System Security Profile for UnionTech OS Server 20' - -description: |- - This profile contains rules to ensure standard security baseline - of a UnionTech OS Server 20 system. Regardless of your system's workload - all of these checks should pass. - -selections: - - ensure_gpgcheck_globally_activated - - ensure_redhat_gpgkey_installed - - rpm_verify_permissions - - rpm_verify_hashes - - security_patches_up_to_date - - file_permissions_unauthorized_sgid - - file_permissions_unauthorized_suid - - audit_rules_file_deletion_events - - service_abrtd_disabled - - service_atd_disabled - - service_autofs_disabled - - service_ntpdate_disabled - - service_oddjobd_disabled - - service_qpidd_disabled - - service_rdisc_disabled - - configure_crypto_policy - - configure_bind_crypto_policy - - configure_openssl_crypto_policy - - configure_libreswan_crypto_policy - - configure_ssh_crypto_policy - - configure_kerberos_crypto_policy diff --git a/products/uos20/transforms/constants.xslt b/products/uos20/transforms/constants.xslt deleted file mode 100644 index aabfbf4cb71..00000000000 --- a/products/uos20/transforms/constants.xslt +++ /dev/null @@ -1,12 +0,0 @@ - - - - -UnionTech OS Server 20 -Uos 20 -empty -uos - - - - diff --git a/products/uos20/transforms/shorthand2xccdf.xslt b/products/uos20/transforms/shorthand2xccdf.xslt deleted file mode 100644 index 6ac64058028..00000000000 --- a/products/uos20/transforms/shorthand2xccdf.xslt +++ /dev/null @@ -1,9 +0,0 @@ - - - - - -unknown -unlinked-uos20-oval.xml - - diff --git a/products/uos20/transforms/table-srgmap.xslt b/products/uos20/transforms/table-srgmap.xslt deleted file mode 100644 index 23c2f60a2c2..00000000000 --- a/products/uos20/transforms/table-srgmap.xslt +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/products/uos20/transforms/table-style.xslt b/products/uos20/transforms/table-style.xslt deleted file mode 100644 index 218d0f75421..00000000000 --- a/products/uos20/transforms/table-style.xslt +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/products/uos20/transforms/xccdf-apply-overlay-stig.xslt b/products/uos20/transforms/xccdf-apply-overlay-stig.xslt deleted file mode 100644 index 4789419b80a..00000000000 --- a/products/uos20/transforms/xccdf-apply-overlay-stig.xslt +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - diff --git a/products/uos20/transforms/xccdf2table-cce.xslt b/products/uos20/transforms/xccdf2table-cce.xslt deleted file mode 100644 index 1ffb22215c2..00000000000 --- a/products/uos20/transforms/xccdf2table-cce.xslt +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - diff --git a/products/uos20/transforms/xccdf2table-profileccirefs.xslt b/products/uos20/transforms/xccdf2table-profileccirefs.xslt deleted file mode 100644 index 5a104d956f1..00000000000 --- a/products/uos20/transforms/xccdf2table-profileccirefs.xslt +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - diff --git a/shared/applicability/oval/installed_OS_is_uos20.xml b/shared/applicability/oval/installed_OS_is_uos20.xml deleted file mode 100644 index 0188bbadef9..00000000000 --- a/shared/applicability/oval/installed_OS_is_uos20.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - UnionTech OS Server 20 - - multi_platform_all - - - The operating system installed on the system is UnionTech OS Server 20 - - - - - - - - - - - - - ^20.*$ - - - uos-release - - - diff --git a/ssg/constants.py b/ssg/constants.py index 7f8910743f1..e4d8b937aab 100644 --- a/ssg/constants.py +++ b/ssg/constants.py @@ -60,7 +60,6 @@ 'rhv4', 'sle12', 'sle15', 'slmicro5', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004', 'ubuntu2204', - 'uos20', ] JINJA_MACROS_DIRECTORY = os.path.abspath(os.path.join(os.path.dirname(os.path.dirname( @@ -230,7 +229,6 @@ "Ubuntu 18.04": "ubuntu1804", "Ubuntu 20.04": "ubuntu2004", "Ubuntu 22.04": "ubuntu2204", - "UnionTech OS Server 20": "uos20", "OpenEmbedded": "openembedded", "Not Applicable": "example", } @@ -304,7 +302,6 @@ "multi_platform_sle": ["sle12", "sle15"], "multi_platform_slmicro": ["slmicro5"], "multi_platform_ubuntu": ["ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204"], - "multi_platform_uos": ["uos20"], "multi_platform_openembedded": ["openembedded"], "multi_platform_al": ["al2023"], } diff --git a/tests/data/product_stability/uos20.yml b/tests/data/product_stability/uos20.yml deleted file mode 100644 index 01c78e8ad3f..00000000000 --- a/tests/data/product_stability/uos20.yml +++ /dev/null @@ -1,76 +0,0 @@ -aide_also_checks_audispd: 'yes' -aide_also_checks_rsyslog: 'no' -aide_bin_path: /usr/sbin/aide -aide_conf_path: /etc/aide.conf -audisp_conf_path: /etc/audit -auid: 1000 -basic_properties_derived: true -benchmark_id: UOS-20 -benchmark_root: ../../linux_os/guide -chrony_conf_path: /etc/chrony.conf -chrony_d_path: /etc/chrony.d/ -cpes: -- uos20: - check_id: installed_OS_is_uos20 - name: cpe:/o:uos:uniontech_os_server:20 - title: UnionTech OS Server 20 -cpes_root: ../../shared/applicability -dconf_gdm_dir: gdm.d -faillock_path: /var/run/faillock -full_name: UnionTech OS Server 20 -gid_min: 1000 -groups: {} -grub2_boot_path: /boot/grub2 -grub2_uefi_boot_path: /boot/grub2 -grub_helper_executable: grubby -init_system: systemd -nobody_gid: 65534 -nobody_uid: 65534 -pkg_manager: yum -pkg_manager_config_file: /etc/yum.conf -pkg_system: rpm -platform_package_overrides: - aarch64_arch: null - grub2: grub2-common - login_defs: shadow-utils - no_ovirt: null - non-uefi: null - not_aarch64_arch: null - not_s390x_arch: null - ovirt: null - s390x_arch: null - sssd: sssd-common - sssd-ldap: null - uefi: null - zipl: s390utils-base -product: uos20 -profiles_root: ./profiles -reference_uris: - anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf - app-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers - app-srg-ctr: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=container-platform - bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf - cis-csc: https://www.cisecurity.org/controls/ - cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf - cobit5: https://www.isaca.org/resources/cobit - cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf - dcid: not_officially_available - disa: https://public.cyber.mil/stigs/cci/ - hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf - isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat - isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu - ism: https://www.cyber.gov.au/acsc/view-all-content/ism - iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html - nerc-cip: https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx - nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf - nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf - os-srg: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os - ospp: https://www.niap-ccevs.org/Profile/PP.cfm - pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf - pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf - stigid: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux - stigref: https://public.cyber.mil/stigs/srg-stig-tools/ -sshd_distributed_config: 'false' -sysctl_remediate_drop_in_file: 'false' -type: platform -uid_min: 1000 diff --git a/tests/unit/ssg-module/test_utils.py b/tests/unit/ssg-module/test_utils.py index 151827a565a..8073217aa89 100644 --- a/tests/unit/ssg-module/test_utils.py +++ b/tests/unit/ssg-module/test_utils.py @@ -12,7 +12,7 @@ def test_is_applicable(): assert not utils.is_applicable('fedora,multi_platform_ubuntu', 'rhel7') assert not utils.is_applicable('ol7', 'rhel7') - assert not utils.is_applicable('al2023,alinux2,alinux3,anolis8,anolis23,fedora,debian11,debian12,uos20', + assert not utils.is_applicable('al2023,alinux2,alinux3,anolis8,anolis23,fedora,debian11,debian12', 'rhel7') From b02453c27f8ffb0be5c61630180841ba56e15d54 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Thu, 1 Aug 2024 06:32:52 -0500 Subject: [PATCH 2/2] Remove more UOS references from the project --- .../updating/security_patches_up_to_date/ansible/shared.yml | 2 +- shared/checks/oval/sysctl_kernel_ipv6_disable.xml | 1 - ssg/constants.py | 3 +-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml index cf355e336fe..dc892e92010 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_al2023,multi_platform_alinux,multi_platform_anolis,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu,multi_platform_uos +# platform = multi_platform_al2023,multi_platform_alinux,multi_platform_anolis,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu # reboot = true # strategy = patch # complexity = low diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml index 14a64dbbd37..20328a83b2a 100644 --- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml @@ -18,7 +18,6 @@ multi_platform_sle multi_platform_slmicro5 multi_platform_ubuntu - multi_platform_uos Disables IPv6 for all network interfaces. diff --git a/ssg/constants.py b/ssg/constants.py index e4d8b937aab..34b7bf8b51e 100644 --- a/ssg/constants.py +++ b/ssg/constants.py @@ -282,7 +282,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", "openeuler", "opensuse", "sle", "ol", "ocp", "rhcos", - "example", "eks", "alinux", "uos", "anolis", "openembedded", "al", + "example", "eks", "alinux", "anolis", "openembedded", "al", "slmicro"] MULTI_PLATFORM_MAPPING = { @@ -419,7 +419,6 @@ 'rhv': 'Red Hat Virtualization', 'debian': 'Debian', 'ubuntu': 'Ubuntu', - 'uos': 'UnionTech OS Server', 'eap': 'JBoss Enterprise Application Platform', 'fuse': 'JBoss Fuse', 'openeuler': 'openEuler',